Page 1 of 4 123 ... LastLast
Results 1 to 10 of 40
  1. #1
    Member
    Join Date
    Apr 2012
    Posts
    50
    Points
    9

    Default Windows Warding Module

    Hello Folks,

    I seem to be stuck with this particular virus which blocks me from doing anything which threatens its existence !

    It calls itself "Windows Warding Module" and it will not allow me to..... access the internet....run any anti malware programs....enter the registry.

    I have tried various methods found by "Googling" its name , one by entering a "Product Key..0W000-000B0-00T00-E0020... however this only allows me to close the viruses home screen and access my desktop..... even in Safe Mode w/ networking

    Another suggests to turn off its Proxy.....but when I looked in Internet Options the proxy box is not checked ??

    I also downloaded RKill onto a usb flash ...but it terminates that as well

    I am running XP SP2 ......I do have two hard drives.....the other has a similar OS but as yet have not tried to boot from there for fear of corrupting that system if it is not already !

    I know that you guys specify to include Logs..... sorry... it just won't me!

    CAN YOU HELP ME

    Mick Warren

  2. #2
    Member
    Join Date
    Apr 2012
    Posts
    50
    Points
    9

    Default

    Hi

    I just rebooted in Safe Mode and tried Malwarebytes chameleon tool .....but the virus recognised all 12

    Mick

  3. #3
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi mick warren,

    I do apologize for the delay in responding.

    Please read this post completely before beginning the fix. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

    Please take note of the guidelines for this fix:
    • Please note that I am a volunteer. I do have a family, a career, and other endeavors just as you do that may prevent immediate responses that meet your schedule. Your patience and understanding will be greatly appreciated.
    • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
    • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
    • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
    • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
    • Continue to read and follow my instructions until I tell you that your machine is clean.
    • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
    • Scanning with programs and reading the logs do take a fair amount of time, your patience will be necessary.


    Let's try this:


    On the clean computer:

    Please download Panda USB Vaccine and save it to the desktop.
    • Double click the Panda USB Vaccine setup file icon and choose Run.
    • Choose English as the language and click OK.
    • Close all other applications and click Next> to continue.
    • Click the dial button to the left of I accept the agreement and click Next>
    • Ensure that the location for installing is C:\Program Files\Panda USB Vaccine and click Next>
    • Ensure that the box to the left of Run Panda USB Vaccine automatically when computer boots is marked and place a check in Automatically vaccinate any new inserted USB Key then click Next>.
    • Ensure there is a check placed in the box to the left of Launch Panda USB Vaccine and click Finish.
    • Click on Vaccinate USB.



    Next:


    • Download RogueKiller and save it to the desktop of the clean computer.
    • Drag and drop onto the USB Flash drive.
    • Boot the infected computer into Safe Mode.
    • Transfer RogueKiller file to the infected computer.[b]
      If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.com

      NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan




    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.



    • The report has been created on the desktop.


    • Next click on the ShortcutsFix



    • The report has been created on the desktop.

    Please post: All RKreport.txt text files located on your desktop.

    Thank you,
    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  4. #4
    Member
    Join Date
    Apr 2012
    Posts
    50
    Points
    9

    Default

    Hello Donna,

    My appologies for bieng a little impatient......i have managed to free up the infected computer by running a boot scan..a funny thing happened though, after scanning Avast decided my trial period was over...i have managed to re install.

    I am not sure wether you still want me to run through those same fixes or not ?.... in the mean time i will run the std logsand post those shortly.

    Mick

  5. #5
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Don't you just love Avast?

    Go ahead and run Malwarebytes before running the following scan. Post all 3 logs (4 if you still have the Avast scan log) mentioned at the end of this post. I suppose that since you reinstalled Avast there is no Avast scan log saved anywhere so I could view what was found, correct?

    Please download OTL to your Desktop
    • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox
      and
    • Check the option for All under the Extra Registry section
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

    Please post the contents of both OTL.txt and Extras.txt files in your next reply.

    Please post the following logs:
    MBAM
    OTL.txt
    Extras.txt
    Avast ( if there is one)


    Thank you,
    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  6. #6
    Member
    Join Date
    Apr 2012
    Posts
    50
    Points
    9

    Default

    Thanks Donna'

    I'm working through it

    Mick

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:45:37 AM, on 07/12/13
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
    O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.6.2.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

    --
    End of file - 6243 bytes


    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 12/07/2013 at 09:52 AM

    Application Version : 5.6.1042

    Core Rules Database Version : 10849
    Trace Rules Database Version: 8661

    Scan type : Complete Scan
    Total Scan Time : 01:33:44

    Operating System Information
    Windows XP Professional 32-bit, Service Pack 2 (Build 5.01.2600)
    Administrator

    Memory items scanned : 511
    Memory threats detected : 0
    Registry items scanned : 35571
    Registry threats detected : 0
    File items scanned : 85227
    File threats detected : 228

    Adware.Tracking Cookie
    C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt [ /2o7 ]
    C:\Documents and Settings\Administrator\Cookies\administrator@accounts.google[2].txt [ /accounts.google ]
    C:\Documents and Settings\Administrator\Cookies\administrator@ad.360yield[1].txt [ /ad.360yield ]
    C:\Documents and Settings\Administrator\Cookies\administrator@ad.auditude[2].txt [ /ad.auditude ]
    C:\Documents and Settings\Administrator\Cookies\administrator@ad.mlnadvertising[1].txt [ /ad.mlnadvertising ]
    C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
    C:\Documents and Settings\Administrator\Cookies\administrator@adform[1].txt [ /adform ]
    C:\Documents and Settings\Administrator\Cookies\administrator@adinterax[2].txt [ /adinterax ]
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.advertdigital[2].txt [ /ads.advertdigital ]
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.cartoonnetwork[1].txt [ /ads.cartoonnetwork ]
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.domainoptions[1].txt [ /ads.domainoptions ]
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.p161[2].txt [ /ads.p161 ]
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt [ /ads.pointroll ]
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.pubmatic[2].txt [ /ads.pubmatic ]
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.undertone[2].txt [ /ads.undertone ]
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.verticalscope[1].txt [ /ads.verticalscope ]
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.wannacorp[1].txt [ /ads.wannacorp ]
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.yahoo[2].txt [ /ads.yahoo ]
    C:\Documents and Settings\Administrator\Cookies\administrator@adserver.tguhost[1].txt [ /adserver.tguhost ]
    C:\Documents and Settings\Administrator\Cookies\administrator@adserving[1].txt [ /adserving ]
    C:\Documents and Settings\Administrator\Cookies\administrator@adtechus[1].txt [ /adtechus ]
    C:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt [ /adtech ]
    C:\Documents and Settings\Administrator\Cookies\administrator@adultfriendfinder[1].txt [ /adultfriendfinder ]
    C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt [ /advertising ]
    C:\Documents and Settings\Administrator\Cookies\administrator@adverts.creativemark.co[1].txt [ /adverts.creativemark.co ]
    C:\Documents and Settings\Administrator\Cookies\administrator@amazon-adsystem[1].txt [ /amazon-adsystem ]
    C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt [ /apmebf ]
    C:\Documents and Settings\Administrator\Cookies\administrator@ar.atwola[1].txt [ /ar.atwola ]
    C:\Documents and Settings\Administrator\Cookies\administrator@at.atwola[2].txt [ /at.atwola ]
    C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt [ /atdmt ]
    C:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt [ /atwola ]
    C:\Documents and Settings\Administrator\Cookies\administrator@australiapost.122.2o7[1].txt [ /australiapost.122.2o7 ]
    C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt [ /bs.serving-sys ]
    C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt [ /burstnet ]
    C:\Documents and Settings\Administrator\Cookies\administrator@c.atdmt[1].txt [ /c.atdmt ]
    C:\Documents and Settings\Administrator\Cookies\administrator@c1.atdmt[1].txt [ /c1.atdmt ]
    C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[1].txt [ /casalemedia ]
    C:\Documents and Settings\Administrator\Cookies\administrator@cba.122.2o7[2].txt [ /cba.122.2o7 ]
    C:\Documents and Settings\Administrator\Cookies\administrator@chitika[1].txt [ /chitika ]
    C:\Documents and Settings\Administrator\Cookies\administrator@clickbank[2].txt [ /clickbank ]
    C:\Documents and Settings\Administrator\Cookies\administrator@clickbooth[1].txt [ /clickbooth ]
    C:\Documents and Settings\Administrator\Cookies\administrator@clickfuse[2].txt [ /clickfuse ]
    C:\Documents and Settings\Administrator\Cookies\administrator@collective-media[2].txt [ /collective-media ]
    C:\Documents and Settings\Administrator\Cookies\administrator@columbussearchd.122.2o7[2].txt [ /columbussearchd.122.2o7 ]
    C:\Documents and Settings\Administrator\Cookies\administrator@creafi-online-media[1].txt [ /creafi-online-media ]
    C:\Documents and Settings\Administrator\Cookies\administrator@cts.lipixeltrack[1].txt [ /cts.lipixeltrack ]
    C:\Documents and Settings\Administrator\Cookies\administrator@demandmedia.trc.taboola[2].txt [ /demandmedia.trc.taboola ]
    C:\Documents and Settings\Administrator\Cookies\administrator@demandmedia.trc.taboola[3].txt [ /demandmedia.trc.taboola ]
    C:\Documents and Settings\Administrator\Cookies\administrator@dishtracking[1].txt [ /dishtracking ]
    C:\Documents and Settings\Administrator\Cookies\administrator@dishtracking[2].txt [ /dishtracking ]
    C:\Documents and Settings\Administrator\Cookies\administrator@dmtracker[1].txt [ /dmtracker ]
    C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt [ /doubleclick ]
    C:\Documents and Settings\Administrator\Cookies\administrator@dxpmedia[1].txt [ /dxpmedia ]
    C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6aelikpdjwfo.stats.esomniture[2].txt [ /e-2dj6aelikpdjwfo.stats.esomniture ]
    C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgl4ojdjclo.stats.esomniture[2].txt [ /e-2dj6wgl4ojdjclo.stats.esomniture ]
    C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkoolcpmkp.stats.esomniture[2].txt [ /e-2dj6wjkoolcpmkp.stats.esomniture ]
    C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjl4cldpseo.stats.esomniture[2].txt [ /e-2dj6wjl4cldpseo.stats.esomniture ]
    C:\Documents and Settings\Administrator\Cookies\administrator@ero-advertising[2].txt [ /ero-advertising ]
    C:\Documents and Settings\Administrator\Cookies\administrator@etargetnet[2].txt [ /etargetnet ]
    C:\Documents and Settings\Administrator\Cookies\administrator@exoclick[2].txt [ /exoclick ]
    C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt [ /fastclick ]
    C:\Documents and Settings\Administrator\Cookies\administrator@flagcounter[2].txt [ /flagcounter ]
    C:\Documents and Settings\Administrator\Cookies\administrator@imrworldwide[2].txt [ /imrworldwide ]
    C:\Documents and Settings\Administrator\Cookies\administrator@in.getclicky[1].txt [ /in.getclicky ]
    C:\Documents and Settings\Administrator\Cookies\administrator@interclick[2].txt [ /interclick ]
    C:\Documents and Settings\Administrator\Cookies\administrator@invitemedia[1].txt [ /invitemedia ]
    C:\Documents and Settings\Administrator\Cookies\administrator@kontera[1].txt [ /kontera ]
    C:\Documents and Settings\Administrator\Cookies\administrator@legolas-media[1].txt [ /legolas-media ]
    C:\Documents and Settings\Administrator\Cookies\administrator@lfstmedia[1].txt [ /lfstmedia ]
    C:\Documents and Settings\Administrator\Cookies\administrator@linksynergy[1].txt [ /linksynergy ]
    C:\Documents and Settings\Administrator\Cookies\administrator@liveperson[1].txt [ /liveperson ]
    C:\Documents and Settings\Administrator\Cookies\administrator@liveperson[3].txt [ /liveperson ]
    C:\Documents and Settings\Administrator\Cookies\administrator@lucidmedia[2].txt [ /lucidmedia ]
    C:\Documents and Settings\Administrator\Cookies\administrator@media.smh.com[2].txt [ /media.smh.com ]
    C:\Documents and Settings\Administrator\Cookies\administrator@media.smh.com[3].txt [ /media.smh.com ]
    C:\Documents and Settings\Administrator\Cookies\administrator@media6degrees[1].txt [ /media6degrees ]
    C:\Documents and Settings\Administrator\Cookies\administrator@mediacorp.112.2o7[1].txt [ /mediacorp.112.2o7 ]
    C:\Documents and Settings\Administrator\Cookies\administrator@mediafire[1].txt [ /mediafire ]
    C:\Documents and Settings\Administrator\Cookies\administrator@mediaforge[2].txt [ /mediaforge ]
    C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt [ /mediaplex ]
    C:\Documents and Settings\Administrator\Cookies\administrator@media[1].txt [ /media ]
    C:\Documents and Settings\Administrator\Cookies\administrator@microsoftinternetexplorer.112.2o7[1].txt [ /microsoftinternetexplorer.112.2o7 ]
    C:\Documents and Settings\Administrator\Cookies\administrator@mm.chitika[1].txt [ /mm.chitika ]
    C:\Documents and Settings\Administrator\Cookies\administrator@monk.sitescoutadserver[2].txt [ /monk.sitescoutadserver ]
    C:\Documents and Settings\Administrator\Cookies\administrator@mshakers.rotator.hadj7.adjuggler[1].txt [ /mshakers.rotator.hadj7.adjuggler ]
    C:\Documents and Settings\Administrator\Cookies\administrator@overture[1].txt [ /overture ]
    C:\Documents and Settings\Administrator\Cookies\administrator@pcworldcommunication.122.2o7[1].txt [ /pcworldcommunication.122.2o7 ]
    C:\Documents and Settings\Administrator\Cookies\administrator@pointroll[2].txt [ /pointroll ]
    C:\Documents and Settings\Administrator\Cookies\administrator@pro-market[2].txt [ /pro-market ]
    C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt [ /questionmarket ]
    C:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt [ /revsci ]
    C:\Documents and Settings\Administrator\Cookies\administrator@ru4[1].txt [ /ru4 ]
    C:\Documents and Settings\Administrator\Cookies\administrator@serials[1].txt [ /serials ]
    C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt [ /serving-sys ]
    C:\Documents and Settings\Administrator\Cookies\administrator@smartadserver[2].txt [ /smartadserver ]
    C:\Documents and Settings\Administrator\Cookies\administrator@solvemedia[2].txt [ /solvemedia ]
    C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt [ /statcounter ]
    C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[1].txt [ /statse.webtrendslive ]
    C:\Documents and Settings\Administrator\Cookies\administrator@t.afftrackr[1].txt [ /t.afftrackr ]
    C:\Documents and Settings\Administrator\Cookies\administrator@tacoda.at.atwola[2].txt [ /tacoda.at.atwola ]
    C:\Documents and Settings\Administrator\Cookies\administrator@topclicktrack[2].txt [ /topclicktrack ]
    C:\Documents and Settings\Administrator\Cookies\administrator@track.adform[2].txt [ /track.adform ]
    C:\Documents and Settings\Administrator\Cookies\administrator@track.quizzmaster[2].txt [ /track.quizzmaster ]
    C:\Documents and Settings\Administrator\Cookies\administrator@tracking.cmjump.com[1].txt [ /tracking.cmjump.com ]
    C:\Documents and Settings\Administrator\Cookies\administrator@tracking.websitealive[1].txt [ /tracking.websitealive ]
    C:\Documents and Settings\Administrator\Cookies\administrator@tracksat[2].txt [ /tracksat ]
    C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt [ /tribalfusion ]
    C:\Documents and Settings\Administrator\Cookies\administrator@warnerbros.112.2o7[1].txt [ /warnerbros.112.2o7 ]
    C:\Documents and Settings\Administrator\Cookies\administrator@weborama[1].txt [ /weborama ]
    C:\Documents and Settings\Administrator\Cookies\administrator@windowsmediaguide[2].txt [ /windowsmediaguide ]
    C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[1].txt [ /www.googleadservices ]
    C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[2].txt [ /www.googleadservices ]
    C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[3].txt [ /www.googleadservices ]
    C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[4].txt [ /www.googleadservices ]
    C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[5].txt [ /www.googleadservices ]
    C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[6].txt [ /www.googleadservices ]
    C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[7].txt [ /www.googleadservices ]
    C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[8].txt [ /www.googleadservices ]
    C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[9].txt [ /www.googleadservices ]
    C:\Documents and Settings\Administrator\Cookies\administrator@www.qsstats[1].txt [ /www.qsstats ]
    C:\Documents and Settings\Administrator\Cookies\administrator@www.qsstats[2].txt [ /www.qsstats ]
    C:\Documents and Settings\Administrator\Cookies\administrator@xiti[2].txt [ /xiti ]
    C:\Documents and Settings\Administrator\Cookies\administrator@yadro[1].txt [ /yadro ]
    C:\Documents and Settings\Administrator\Cookies\administrator@fr.sitestat[2].txt [ /fr.sitestat.com ]
    C:\Documents and Settings\Administrator\Cookies\administrator@cnzz.mmstat[1].txt [ /cnzz.mmstat.com ]
    C:\Documents and Settings\Administrator\Cookies\administrator@fr.sitestat[1].txt [ /fr.sitestat.com ]
    C:\Documents and Settings\Administrator\Cookies\administrator@mmstat[1].txt [ /mmstat.com ]
    C:\Documents and Settings\Administrator\Cookies\administrator@estat[1].txt [ /estat.com ]
    C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@adsonar[4].txt [ Cookie:administrator@adsonar.com/adserving ]
    C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@auspost.com[1].txt [ Cookie:administrator@auspost.com.au/track/ ]
    cdn1.static.youporn.phncdn.com [ F:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L2LQAFSE ]
    content.yieldmanager.edgesuite.net [ F:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L2LQAFSE ]
    www.naiadsystems.com [ F:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L2LQAFSE ]
    cloudfront.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XY7EYXUP ]
    content.yieldmanager.edgesuite.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XY7EYXUP ]
    objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XY7EYXUP ]
    video.findmysoft.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XY7EYXUP ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtechus.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .australiapost.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c1.atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tracking.servebom.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tracking.servebom.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .microsoftsto.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .yadro.ru [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .cba.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    fastclicknow.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    fastclicknow.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    mycounter.tinycounter.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .myroitracking.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clicksor.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clicksor.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediafire.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clickbooth.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .www.media970.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .www.media970.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clicksor.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clicksor.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clicksor.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediafire.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediafire.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediafire.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    media.edmgateway.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    pulse-analytics-beacon.reutersmedia.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tracking.dc-storm.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tracking.dc-storm.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .overtons.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mytrackersoftware.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mytrackersoftware.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .warnerbros.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    cts.lipixeltrack.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    cts.lipixeltrack.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .cannedbanners.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .kontera.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

    Trojan.Agent/Gen-FakeDefender
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{65F8F758-24D8-4CB6-9FE1-02D84A49E0C3}\RP24\A0002044.EXE

    Trojan.Agent/Gen-BHO
    C:\WINDOWS\TEMP\DTS3D4\UPDATE.SERVICE.EXE

  7. #7
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    When you scan with Malwarebytes, make sure to click Quick scan NOT Full scan.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  8. #8
    Member
    Join Date
    Apr 2012
    Posts
    50
    Points
    9

    Default

    Donna

    I had already started the full scan so i decided to let it go and run a quick just for a comparison i'll post both also OTL, and yes your correct "no avast log for that Boot scan" I'm sorry ...i can try for thye same infection if you'd like...you know ..take one in the name of research

    OTL logfile created on: 07/12/13 11:51:29 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yy

    1022.07 Mb Total Physical Memory | 467.76 Mb Available Physical Memory | 45.77% Memory free
    2.50 Gb Paging File | 0.74 Gb Available in Paging File | 29.56% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 931.50 Gb Total Space | 910.23 Gb Free Space | 97.72% Space Free | Partition Type: NTFS
    Drive D: | 96.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 40.01 Gb Total Space | 2.60 Gb Free Space | 6.51% Space Free | Partition Type: NTFS
    Drive G: | 192.77 Gb Total Space | 131.45 Gb Free Space | 68.19% Space Free | Partition Type: NTFS

    Computer Name: SECOND-77229CA4 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/12/07 10:29:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
    PRC - [2013/12/06 14:04:58 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2013/12/06 14:04:58 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/11/29 12:32:20 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
    PRC - [2013/11/07 15:06:20 | 005,717,272 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2013/10/11 06:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    PRC - [2006/05/08 18:52:04 | 000,204,800 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    PRC - [2005/03/22 17:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
    PRC - [2004/08/04 20:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2004/04/07 01:36:14 | 001,298,542 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCD.exe
    PRC - [2004/04/06 19:35:10 | 000,929,904 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\incdsrv.exe
    PRC - [2003/12/08 17:35:14 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/12/07 03:20:28 | 002,152,448 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13120601\algo.dll
    MOD - [2013/12/06 14:05:01 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
    MOD - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    MOD - [2010/09/17 21:13:36 | 002,826,240 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll
    MOD - [2010/09/17 21:07:18 | 000,733,184 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll
    MOD - [2010/08/03 16:47:12 | 008,351,744 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll
    MOD - [2010/08/03 16:47:12 | 002,244,608 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
    MOD - [2010/08/03 16:47:12 | 000,978,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
    MOD - [2010/08/03 16:47:12 | 000,364,544 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll
    MOD - [2010/08/03 16:47:12 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll
    MOD - [2002/11/26 13:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\Program Files\glindorus\bin\utilglindorus.exe -- (Util glindorus)
    SRV - File not found [Disabled | Stopped] -- C:\Program Files\glindorus\updateglindorus.exe -- (Update glindorus)
    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - [2013/12/06 14:04:58 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2013/10/26 08:31:57 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/10/11 06:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
    SRV - [2004/04/06 19:35:10 | 000,929,904 | ---- | M] (Ahead Software AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\incdsrv.exe -- (InCDsrv)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2013/12/06 14:05:02 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2013/12/06 14:05:02 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
    DRV - [2013/12/06 14:05:02 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2013/12/06 14:05:02 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2013/12/06 14:05:02 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2013/12/06 14:05:02 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2013/12/06 14:05:02 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2013/12/06 14:05:02 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2013/12/06 14:03:29 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\azbjlqep.sys -- (azbjlqep)
    DRV - [2013/10/23 17:04:37 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
    DRV - [2013/09/30 16:26:46 | 000,015,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
    DRV - [2013/09/30 16:26:44 | 000,010,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
    DRV - [2011/07/23 00:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/13 05:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2004/04/06 19:43:22 | 000,005,504 | ---- | M] (Ahead Software AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\incdrec.sys -- (InCDrec)
    DRV - [2004/04/06 19:40:10 | 000,025,600 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
    DRV - [2004/04/06 19:39:20 | 000,089,472 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs)
    DRV - [2003/12/05 17:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
    DRV - [2001/08/17 20:12:32 | 000,016,074 | ---- | M] (NETGEAR Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FA312nd5.sys -- (FA312)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
    IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?publisher=DownloadXYB&dpid=DownloadXYB&co=AU&userid=bc6ff48f-55a6-5757-2177-2b171b9abbb2&searchtype=ds&q={searchTerms}&installDate=24/10/2013
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://start.qone8.com/web/?utm_source=b&utm_medium=testyac&utm_campaign=rg&utm_content=ds&from=testyac&uid=WDCXWD10EZEX-00KUWA0_WD-WCC1S610783007830&ts=1383618596&type=default&q={searchTerms}
    IE - HKLM\..\SearchScopes\{BB9FF1F7-D670-4ED8-9B6E-6567CA88BC7F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=DownloadXYB&dpid=DownloadXYB&co=AU&userid=bc6ff48f-55a6-5757-2177-2b171b9abbb2&searchtype=ds&q={searchTerms}&installDate=24/10/2013
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=DownloadXYB&dpid=DownloadXYB&co=AU&userid=bc6ff48f-55a6-5757-2177-2b171b9abbb2&searchtype=ds&q={searchTerms}&installDate=24/10/2013
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=DownloadXYB&dpid=DownloadXYB&co=AU&userid=bc6ff48f-55a6-5757-2177-2b171b9abbb2&searchtype=ds&q={searchTerms}&installDate=24/10/2013
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=DownloadXYB&dpid=DownloadXYB&co=AU&userid=bc6ff48f-55a6-5757-2177-2b171b9abbb2&searchtype=ds&q={searchTerms}&installDate=24/10/2013
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKU\S-1-5-19\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?publisher=DownloadXYB&dpid=DownloadXYB&co=AU&userid=bc6ff48f-55a6-5757-2177-2b171b9abbb2&searchtype=ds&q={searchTerms}&installDate=24/10/2013

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=DownloadXYB&dpid=DownloadXYB&co=AU&userid=bc6ff48f-55a6-5757-2177-2b171b9abbb2&searchtype=ds&q={searchTerms}&installDate=24/10/2013
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=DownloadXYB&dpid=DownloadXYB&co=AU&userid=bc6ff48f-55a6-5757-2177-2b171b9abbb2&searchtype=ds&q={searchTerms}&installDate=24/10/2013
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=DownloadXYB&dpid=DownloadXYB&co=AU&userid=bc6ff48f-55a6-5757-2177-2b171b9abbb2&searchtype=ds&q={searchTerms}&installDate=24/10/2013
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=DownloadXYB&dpid=DownloadXYB&co=AU&userid=bc6ff48f-55a6-5757-2177-2b171b9abbb2&searchtype=ds&q={searchTerms}&installDate=24/10/2013
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKU\S-1-5-20\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?publisher=DownloadXYB&dpid=DownloadXYB&co=AU&userid=bc6ff48f-55a6-5757-2177-2b171b9abbb2&searchtype=ds&q={searchTerms}&installDate=24/10/2013

    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google
    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google
    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google
    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\..\SearchScopes,DefaultScope = {BB9FF1F7-D670-4ED8-9B6E-6567CA88BC7F}
    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?publisher=DownloadXYB&dpid=DownloadXYB&co=AU&userid=bc6ff48f-55a6-5757-2177-2b171b9abbb2&searchtype=ds&q={searchTerms}&installDate=24/10/2013
    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\..\SearchScopes\{BB9FF1F7-D670-4ED8-9B6E-6567CA88BC7F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7NDKB_enAU559
    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=144969702922789022217427917639424216893&crg=3.5000006.10065&ppd=&did=10727&st=23
    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\Program Files\Updater By Sweetpacks\Firefox


    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - Extension: Google Wallet = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

    O1 HOSTS File: ([2004/08/04 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-515967899-1972579041-1801674531-500\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKU\S-1-5-21-515967899-1972579041-1801674531-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-515967899-1972579041-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O15 - HKU\S-1-5-21-515967899-1972579041-1801674531-500\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanage...ex-2.2.6.2.cab (DLM Control)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{541DA9FC-81C8-4495-A078-446CA9A43C52}: DhcpNameServer = 10.1.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O27 - HKLM IFEO\MpUXSrv.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2013/10/22 19:59:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2013/10/08 21:25:17 | 000,000,061 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{3a96f7d8-3b1b-11e3-9512-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{3a96f7d8-3b1b-11e3-9512-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{3a96f7d8-3b1b-11e3-9512-806d6172696f}\Shell\AutoRun\command - "" = D:\setup32.exe -- [2013/10/02 17:38:27 | 011,240,523 | R--- | M] ()
    O33 - MountPoints2\{6ed88f84-4d90-11e3-900e-000fb5850f3d}\Shell\AutoRun\command - "" = L:\Setup_FlipShare.exe
    O33 - MountPoints2\{6ed88f84-4d90-11e3-900e-000fb5850f3d}\Shell\Setup FlipShare\command - "" = L:\Setup_FlipShare.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/12/06 22:57:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\BAS
    [2013/12/06 14:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
    [2013/12/06 14:05:09 | 000,057,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2013/12/06 14:05:08 | 000,403,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2013/12/06 14:05:07 | 000,774,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2013/12/06 14:05:07 | 000,070,384 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
    [2013/12/06 14:05:06 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2013/12/06 14:05:06 | 000,035,656 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2013/12/06 14:05:01 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2013/12/06 14:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2013/12/06 14:03:29 | 000,403,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\azbjlqep.sys
    [2013/12/05 09:21:28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
    [2013/11/19 13:55:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FLV Media Player
    [2013/11/19 13:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\FLV Media Player
    [2013/11/19 13:53:51 | 004,953,944 | ---- | C] (FLVMPlayer ) -- C:\Documents and Settings\Administrator\Desktop\FLVMPlayer.exe
    [2013/11/19 13:52:58 | 000,000,000 | ---D | C] -- C:\Program Files\glindorus
    [2013/11/17 11:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
    [2013/11/17 11:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Flip Video
    [2013/11/17 11:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Flip Video
    [2013/11/11 10:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
    [2013/11/07 15:51:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Application Data\Brother
    [2013/11/07 13:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
    [2013/11/07 13:18:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
    [2013/11/07 13:17:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Spitronics ECU Software
    [2013/11/07 13:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spitronics ECU Software
    [2013/11/01 19:56:13 | 004,216,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\vcredist.exe
    [2013/10/24 12:00:05 | 006,286,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/12/07 11:37:50 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/12/07 11:05:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/12/07 10:58:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2013/12/07 10:34:07 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to OTL.lnk
    [2013/12/07 08:43:57 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
    [2013/12/07 02:05:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2013/12/06 22:56:56 | 000,000,181 | ---- | M] () -- C:\WINDOWS\MYOBP.INI
    [2013/12/06 22:56:22 | 000,000,041 | ---- | M] () -- C:\WINDOWS\MYOB.INI
    [2013/12/06 14:24:36 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/12/06 14:23:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/12/06 14:05:21 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2013/12/06 14:05:02 | 000,774,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2013/12/06 14:05:02 | 000,403,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2013/12/06 14:05:02 | 000,178,304 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2013/12/06 14:05:02 | 000,070,384 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
    [2013/12/06 14:05:02 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2013/12/06 14:05:02 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2013/12/06 14:05:02 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
    [2013/12/06 14:05:02 | 000,035,656 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2013/12/06 14:05:01 | 000,269,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2013/12/06 14:05:01 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2013/12/06 14:03:29 | 000,403,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\azbjlqep.sys
    [2013/12/05 14:46:57 | 000,002,763 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\connector.swf
    [2013/12/05 12:08:17 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2013/12/05 12:05:12 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/12/05 10:26:04 | 000,000,515 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\result1.db
    [2013/11/20 12:03:48 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
    [2013/11/19 13:54:47 | 004,953,944 | ---- | M] (FLVMPlayer ) -- C:\Documents and Settings\Administrator\Desktop\FLVMPlayer.exe
    [2013/11/17 11:31:59 | 000,001,015 | R--- | M] () -- C:\logFile.xsl
    [2013/11/17 11:31:34 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
    [2013/11/15 08:28:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/11/11 10:36:58 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2013/11/07 13:17:31 | 000,001,884 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spitronics ECU manual.lnk
    [2013/11/07 13:17:31 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spitronics v2,5.lnk
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/12/07 10:34:07 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to OTL.lnk
    [2013/12/06 22:46:00 | 000,000,181 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
    [2013/12/06 22:46:00 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MYOB.INI
    [2013/12/06 14:05:21 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2013/12/06 14:05:17 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2013/12/06 14:05:08 | 000,178,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2013/12/06 14:05:08 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
    [2013/12/05 12:05:11 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2013/12/05 09:29:15 | 000,002,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\connector.swf
    [2013/12/05 08:55:28 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\result1.db
    [2013/11/20 12:03:48 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
    [2013/11/20 12:03:48 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
    [2013/11/17 11:31:59 | 000,001,015 | R--- | C] () -- C:\logFile.xsl
    [2013/11/17 11:31:34 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\FlipShare.lnk
    [2013/11/17 11:31:34 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
    [2013/11/11 10:36:58 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2013/11/10 13:48:32 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/11/07 13:17:31 | 000,001,884 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spitronics ECU manual.lnk
    [2013/11/07 13:17:31 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spitronics v2,5.lnk
    [2013/10/24 23:21:44 | 002,881,848 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
    [2013/10/24 23:21:43 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
    [2013/10/24 23:21:43 | 000,010,320 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
    [2013/10/24 17:39:47 | 000,073,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2013/10/24 10:44:44 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
    [2013/10/23 17:04:37 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
    [2013/10/23 16:45:59 | 000,000,304 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2013/10/23 03:26:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2013/10/23 03:24:51 | 000,174,672 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/10/22 23:25:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2013/10/22 22:18:23 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2013/10/22 22:18:23 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
    [2013/10/22 22:18:02 | 000,000,226 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
    [2013/10/22 22:18:02 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
    [2013/10/22 22:18:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat
    [2013/10/22 22:17:27 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
    [2013/10/22 22:17:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
    [2013/10/22 22:10:43 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
    [2013/10/22 21:28:10 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2013/10/22 20:01:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2013/10/22 19:56:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

    ========== ZeroAccess Check ==========

    [2013/10/24 17:37:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2009/01/07 18:20:52 | 001,497,088 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004/08/04 20:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/04 20:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373E1720

    < End of report >


    OTL Extras logfile created on: 07/12/13 11:51:29 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yy

    1022.07 Mb Total Physical Memory | 467.76 Mb Available Physical Memory | 45.77% Memory free
    2.50 Gb Paging File | 0.74 Gb Available in Paging File | 29.56% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 931.50 Gb Total Space | 910.23 Gb Free Space | 97.72% Space Free | Partition Type: NTFS
    Drive D: | 96.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 40.01 Gb Total Space | 2.60 Gb Free Space | 6.51% Space Free | Partition Type: NTFS
    Drive G: | 192.77 Gb Total Space | 131.45 Gb Free Space | 68.19% Space Free | Partition Type: NTFS

    Computer Name: SECOND-77229CA4 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    .inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver UltraDev 4\UltraDev.exe (Macromedia, Inc.)
    .jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-515967899-1972579041-1801674531-500\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
    hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver UltraDev 4\UltraDev.exe" "%1" (Macromedia, Inc.)
    jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\WINDOWS\system32\dmwu.exe" = C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu
    "C:\WINDOWS\system32\ARFC\wrtc.exe" = C:\WINDOWS\system32\ARFC\wrtc.exe:*:Enabled:wrtc
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
    "C:\Documents and Settings\All Users\Application Data\eSafe\eGdpSvc.exe" = C:\Documents and Settings\All Users\Application Data\eSafe\eGdpSvc.exe:*:Enabled:WsysSvc


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 8.1.1
    "{0E08BAC8-845B-4327-8CDB-4B0F8C9857A5}_is1" = FLV Media Player version 1.3
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
    "{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
    "{67A5D171-4C74-4075-A492-0E480FA4B944}" = Brother BRAdmin Professional 2.74
    "{67D15B01-9A6B-0397-002A-D2A015212748}" = FlipShare
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver UltraDev 4
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
    "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
    "{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{DE730F37-A198-4112-A3B6-97786F34354A}" = ECI Client v6.0
    "{DEDAF650-12B8-48f5-A843-BBA100716106}_is1" = Updater By Sweetpacks 2.0.0.605
    "{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Photoshop 6.0" = Adobe Photoshop 6.0
    "Avast" = avast! Free Antivirus
    "CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1" = DownloadX ActiveX Download Control 1.6.7
    "D680DEE0F68D64EC53D0C5769879D15D387054CC" = Windows Driver Package - Silicon Laboratories (silabenm) Ports (12/10/2012 6.6.1.0)
    "Google Chrome" = Google Chrome
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "ie8" = Windows Internet Explorer 8
    "InCD!UninstallKey" = InCD
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
    "Nero - Burning Rom!UninstallKey" = Nero OEM
    "PartitionMagic SE 6.0" = PartitionMagic SE 6.0
    "Spitronics ECU Software2.5" = Spitronics ECU Software
    "WIC" = Windows Imaging Component
    "WinRAR archiver" = WinRAR 5.00 (32-bit)
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 12/11/13 4:49:39 AM | Computer Name = SECOND-77229CA4 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 12/11/13 4:53:05 AM | Computer Name = SECOND-77229CA4 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 13/11/13 5:01:31 AM | Computer Name = SECOND-77229CA4 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 16/11/13 11:30:55 PM | Computer Name = SECOND-77229CA4 | Source = MsiInstaller | ID = 10005
    Description = Product: FlipShare -- To setup FlipShare, exit this dialog and click
    "Finish", then run "Setup_FlipShare.exe".

    Error - 18/11/13 7:16:15 AM | Computer Name = SECOND-77229CA4 | Source = Application Error | ID = 1000
    Description = Faulting application brccmctl.exe, version 3.0.89.89, faulting module
    brccmctl.exe, version 3.0.89.89, fault address 0x000022b0.

    Error - 18/11/13 7:15:09 PM | Computer Name = SECOND-77229CA4 | Source = Application Error | ID = 1001
    Description = Fault bucket 329117265.

    Error - 22/11/13 10:55:11 AM | Computer Name = SECOND-77229CA4 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 25/11/13 7:10:07 AM | Computer Name = SECOND-77229CA4 | Source = Application Error | ID = 1000
    Description = Faulting application brccmctl.exe, version 3.0.89.89, faulting module
    brccmctl.exe, version 3.0.89.89, fault address 0x000022b0.

    Error - 26/11/13 10:02:12 PM | Computer Name = SECOND-77229CA4 | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module mshtml.dll, version 8.0.6001.18702, fault address 0x00265067.

    Error - 03/12/13 7:20:21 AM | Computer Name = SECOND-77229CA4 | Source = Application Hang | ID = 1002
    Description = Hanging application msimn.exe, version 6.0.2900.2180, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 06/12/13 12:51:46 AM | Computer Name = SECOND-77229CA4 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Fips intelppm SASDIFSV SASKUTIL

    Error - 06/12/13 1:16:48 AM | Computer Name = SECOND-77229CA4 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 06/12/13 1:19:19 AM | Computer Name = SECOND-77229CA4 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Fips intelppm SASDIFSV SASKUTIL

    Error - 06/12/13 1:21:55 AM | Computer Name = SECOND-77229CA4 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 06/12/13 1:26:47 AM | Computer Name = SECOND-77229CA4 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 06/12/13 1:28:18 AM | Computer Name = SECOND-77229CA4 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 06/12/13 1:29:16 AM | Computer Name = SECOND-77229CA4 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Fips intelppm SASDIFSV SASKUTIL

    Error - 06/12/13 1:37:00 AM | Computer Name = SECOND-77229CA4 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 06/12/13 2:23:14 AM | Computer Name = SECOND-77229CA4 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 06/12/13 2:23:59 PM | Computer Name = SECOND-77229CA4 | Source = Dhcp | ID = 1002
    Description = The IP address lease 10.1.1.8 for the Network Card with network address
    000FB5850F3D has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a
    DHCPNACK message).


    < End of report >


    Malwarebytes Anti-Malware 1.75.0.1300
    Malwarebytes : Free anti-malware download

    Database version: v2013.12.07.01

    Windows XP Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Administrator :: SECOND-77229CA4 [administrator]

    07/12/13 10:08:56 AM
    MBAM-log-2013-12-07 (11-24-11).txt

    Scan type: Full scan (C:\|F:\|G:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 333977
    Time elapsed: 1 hour(s), 14 minute(s), 44 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 3
    HKLM\SOFTWARE\qone8Software (PUP.Optional.Qone8.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe (Security.Hijack) -> No action taken.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 2
    HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (PUP.Optional.Qone8) -> Bad: (C:\Program Files\Internet Explorer\iexplore.exe Start.qone8.com) Good: (iexplore.exe) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> No action taken.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 18
    C:\Documents and Settings\Administrator\Local Settings\Temp\MircosoftStudio\Baofeng.exe (PUP.Optional.NationZoom.A) -> No action taken.
    C:\Documents and Settings\Administrator\Local Settings\Temp\MircosoftStudio\package1.zip (PUP.Optional.NationZoom.A) -> No action taken.
    C:\Documents and Settings\Administrator\Local Settings\Temp\fullpackage_temp\Baofeng.exe (PUP.Optional.NationZoom.A) -> No action taken.
    C:\Documents and Settings\Administrator\Local Settings\Temp\fullpackage_temp\package1.zip (PUP.Optional.NationZoom.A) -> No action taken.
    C:\Program Files\DownloadXCtrl.com\DownloadX ActiveX Download Control 1.6\Installer.exe (PUP.Optional.Linkury.A) -> No action taken.
    C:\System Volume Information\_restore{65F8F758-24D8-4CB6-9FE1-02D84A49E0C3}\RP23\A0001904.msi (PUP.Optional.SweetIM) -> No action taken.
    C:\System Volume Information\_restore{65F8F758-24D8-4CB6-9FE1-02D84A49E0C3}\RP24\A0001964.rbf (PUP.Optional.SmartBar.A) -> No action taken.
    C:\System Volume Information\_restore{65F8F758-24D8-4CB6-9FE1-02D84A49E0C3}\RP24\A0002035.msi (PUP.Optional.SmartBar) -> No action taken.
    C:\System Volume Information\_restore{65F8F758-24D8-4CB6-9FE1-02D84A49E0C3}\RP24\A0002038.exe (PUP.Optional.InstallBrain.A) -> No action taken.
    C:\System Volume Information\_restore{65F8F758-24D8-4CB6-9FE1-02D84A49E0C3}\RP24\A0002039.dll (PUP.Optional.InstallBrain.A) -> No action taken.
    C:\System Volume Information\_restore{65F8F758-24D8-4CB6-9FE1-02D84A49E0C3}\RP24\A0002041.exe (PUP.Optional.InstallBrain.A) -> No action taken.
    C:\System Volume Information\_restore{65F8F758-24D8-4CB6-9FE1-02D84A49E0C3}\RP24\A0002045.exe (PUP.Optional.InstallBrain.A) -> No action taken.
    C:\System Volume Information\_restore{65F8F758-24D8-4CB6-9FE1-02D84A49E0C3}\RP24\A0002049.exe (PUP.Optional.OpenCandy.A) -> No action taken.
    C:\System Volume Information\_restore{65F8F758-24D8-4CB6-9FE1-02D84A49E0C3}\RP57\A0003947.dll (PUP.Optional.Glindorus.A) -> No action taken.
    C:\System Volume Information\_restore{65F8F758-24D8-4CB6-9FE1-02D84A49E0C3}\RP66\A0009851.exe (PUP.Optional.Wsys.A) -> No action taken.
    C:\System Volume Information\_restore{65F8F758-24D8-4CB6-9FE1-02D84A49E0C3}\RP66\A0009852.exe (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\System Volume Information\_restore{65F8F758-24D8-4CB6-9FE1-02D84A49E0C3}\RP66\A0009853.exe (PUP.Optional.Firseria) -> No action taken.
    C:\System Volume Information\_restore{65F8F758-24D8-4CB6-9FE1-02D84A49E0C3}\RP66\A0009854.exe (PUP.Optional.Firseria) -> No action taken.

    (end)


    Malwarebytes Anti-Malware 1.75.0.1300
    Malwarebytes : Free anti-malware download

    Database version: v2013.12.07.01

    Windows XP Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Administrator :: SECOND-77229CA4 [administrator]

    07/12/13 11:26:08 AM
    MBAM-log-2013-12-07 (11-37-15).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 205919
    Time elapsed: 10 minute(s), 23 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 3
    HKLM\SOFTWARE\qone8Software (PUP.Optional.Qone8.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe (Security.Hijack) -> No action taken.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 2
    HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (PUP.Optional.Qone8) -> Bad: (C:\Program Files\Internet Explorer\iexplore.exe Start.qone8.com) Good: (iexplore.exe) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> No action taken.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 4
    C:\Documents and Settings\Administrator\Local Settings\Temp\MircosoftStudio\Baofeng.exe (PUP.Optional.NationZoom.A) -> No action taken.
    C:\Documents and Settings\Administrator\Local Settings\Temp\MircosoftStudio\package1.zip (PUP.Optional.NationZoom.A) -> No action taken.
    C:\Documents and Settings\Administrator\Local Settings\Temp\fullpackage_temp\Baofeng.exe (PUP.Optional.NationZoom.A) -> No action taken.
    C:\Documents and Settings\Administrator\Local Settings\Temp\fullpackage_temp\package1.zip (PUP.Optional.NationZoom.A) -> No action taken.

    (end)

  9. #9
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi Mick,

    Did you compare the two MBAM logs? Notice how the full scan searches the C:\Systen Volume Information? Those are your Restore Points. It is best to leave those alone till the system is clean, which they can be purged thereafter and a new clean one can be created. An infected Restore Point is better than no Restore Point to go back to if needed.

    You'll also see No action taken after the files that MBAM had found. Let's go ahead and clean those files from your system.

    Please open Malwarebytes again.

    • Click on the Update tab then Check for Updates button.
    • Once the program has updated, click on the Scanner tab and select Perform Quick Scan, then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and Paste the entire report in your next reply.

    Extra Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


    Next:

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double-click AdwCleaner.exe to run the tool.
      Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • Click the Scan button.
    • AdwCleaner will begin. Be patient as the scan may take some time to complete.
    • The contents of the scan results may be confusing. If you see a program name that you know should not be removed, uncheck the results and please let me know about it.
    • Click the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.



    Next:

    Please download Junkware Removal Tool to your desktop.

    • Disable your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking on XP. Or right click and select Run as Administrator Vista/Win7 and above.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.



    In your next reply, please include the following logs:

    MBAM
    AdwCleaner[S0].txt
    JRT.txt


    Thank you,
    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  10. #10
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi mick warren,

    Do you require any help?

    If so, please follow the instructions above and post the logs requested.

    If you do not require further assistance, please let me know and we will close this topic for you.

    Thank you,
    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

Page 1 of 4 123 ... LastLast