Help required smart repair HDD

View previous topic View next topic Go down

Help required smart repair HDD

Post by wildfly73 on Thu Apr 19, 2012 7:55 pm

Hello,
Iv tried using GeekPolice Smart repair HDD removal guide, links to malwarebytes from the guide do not work on my infected computer but will on an unifected friends laptop. So downloaded malwarebytes to a USB and uploaded to my computer. icon appeares on desktop but does not function when clicked on. Even tried renaming malwarebytes but this not worked to. Seems like im locked out of C drive. Also opening internet explorer and typing in a website address it gets redirected to a ad or useless search engine. Plus the @ key no longer produces an @ when shift and @ are pressed. In Start menue all programmes are empty and desk top is blank (no icons showing) Still have access to IBOS.
Really in need of some help with this. Worst malware infection iv experienced.
Many Thanks
Stephen.


Last edited by wildfly73 on Thu Apr 19, 2012 8:31 pm; edited 1 time in total (Reason for editing : clarification/additional info)

wildfly73
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-06-20
Gender Gender : Male
OS OS : windows xp Home Edition 2002 service pack 3
Protection Protection : ad-aware, malwarebytes
Points Points : 20382
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by Superdave on Fri Apr 20, 2012 6:32 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

You may want to consider [You must be registered and logged in to see this link.] to protect against viruses and other threats.
Additionally, purchasing an effective antivirus program is a good idea. This will protect your identity and your computer against all types of viruses and other malware. [You must be registered and logged in to see this link.]
*****************************************************************
Please try running MBAM in Safe Mode.



Save these instructions so you can have access to them while in Safe Mode.

Please click [You must be registered and logged in to see this link.] to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by wildfly73 on Fri Apr 20, 2012 8:30 pm

iv tried tapping F8 key on start up but does not direct to safe mode option screen. I know the safe mode screen iv used it last year. A screen titled Hardware Recovery Menu appears giving option Profile 1 (i dont know what that is) or press L to boot last good configuration or exit menu to continue start up.

i tried rebooting again and this time a screen appeared
Please Select Boot Device
1st boot device [Pm-Phillips Drom621]
2nd boot device [generic STORAGE DE]
3rd boot device [3m-WDC WD1600JT-55]

each time i rebooted (6 times) i get one of the above screens. So at the moment i carnt access safe mode by tapping F8 on start up. is there another way we can acess safe mode?

wildfly73
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-06-20
Gender Gender : Male
OS OS : windows xp Home Edition 2002 service pack 3
Protection Protection : ad-aware, malwarebytes
Points Points : 20382
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by Superdave on Fri Apr 20, 2012 10:13 pm

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

  • Place a blank CD-R disc in to your CD burning drive.
  • Download [You must be registered and logged in to see this link.] and double-click on it to burn to a CD using an ISO Burner. One can be found [You must be registered and logged in to see this link.]
  • Reboot your system using the boot CD you just created.
  • Note : If you do not know how to set your computer to boot from CD follow the steps [You must be registered and logged in to see this link.]
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
  • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by wildfly73 on Sat Apr 21, 2012 1:10 pm

Hello,
On completion of the download OTLPEStd.exe to the blank CD-R the computer said download successfully completed. im using a friends laptop HP Pavilion dv3000, intel centrino 2, windows vista, its about 3 years old, to do the download. I do not know if it has an ISO burner. How can i find out if it has?
If i need to download ISO burner which do i need to choose isoburner.exe or ISOburner.rar.
Many thanks
stephen


Last edited by wildfly73 on Sat Apr 21, 2012 1:12 pm; edited 1 time in total (Reason for editing : spelling error)

wildfly73
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-06-20
Gender Gender : Male
OS OS : windows xp Home Edition 2002 service pack 3
Protection Protection : ad-aware, malwarebytes
Points Points : 20382
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by Superdave on Sat Apr 21, 2012 5:42 pm

If i need to download ISO burner which do i need to choose isoburner.exe or ISOburner.rar.
Please down load this one. It's much better.

[You must be registered and logged in to see this link.]

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by wildfly73 on Sat Apr 21, 2012 9:20 pm

Ok iv downloaded imgburner. how do i use it to burn OTLPEStd.exe ie which options on imgburner do i use.
Thanks
stephen.

wildfly73
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-06-20
Gender Gender : Male
OS OS : windows xp Home Edition 2002 service pack 3
Protection Protection : ad-aware, malwarebytes
Points Points : 20382
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by Superdave on Sat Apr 21, 2012 10:15 pm

First, save the OTLPEStd.exe file somewhere you can find it easily such as on your desktop. Next open IMG burner and in the upper left hand corner click the "write image file to disk" button. Now in the Source box click the first icon which is the browse button. Navigate to where you saved the file and select it. It will only show ISO files. Once you have selected the file the icons in the bottom left-hand corner will light up if you have a writable disk in the drive and now your ready to burn the ISO image.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by wildfly73 on Sun Apr 22, 2012 3:57 pm

Hello again superdave,
After many attempts iv successfully burned OTLPEStd.exe using imgburn to disk. On my infected computer Iv entered IBOS setup utility scrolled to boot tab selected boot device priority.

1st boot device [3M-WDC WD1600JD-55]
2nd boot device [Generic STORAGE DE]
3rd boot device [PM-PHILIPS DR0M621]

As you can see no option to set prority for CDROM or hard drive.
Is there another way to set priorty boot device to CDROM?
thanks again

wildfly73
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-06-20
Gender Gender : Male
OS OS : windows xp Home Edition 2002 service pack 3
Protection Protection : ad-aware, malwarebytes
Points Points : 20382
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by Superdave on Sun Apr 22, 2012 11:30 pm

You should experiment with change the boot order of # 3 to # 1 and if that doesn't work, try # 2 to #1. I would suspect that the 3rd one is your CDROM.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by wildfly73 on Mon Apr 23, 2012 6:48 pm

Hello superdave,
Iv booted using CDROM drive now displaying REATOGO-X-PE desktop. Double clicked OTLPE icon. It did not ask "Do you wish to load the remote registry", but did ask "Do you wish to load remote user profile(s) for scanning", i clicked yes. OTLPE opens. i could not find option you instructed to turn drivers to non microsoft. What i found was this - In the box labled Drivers - 3 options; non, Safe List, All. Safe List was already selected so i left it as that. I ran scan and the scan results were produced. I have internet connection on the infected system. internet explorer opens google. I type in [You must be registered and logged in to see this link.] to send OTPLE scan results but im stopped by a warning box - microsoft internet explorer cannot open the internet site [You must be registered and logged in to see this link.] Operation Aborted. i tried again and again same result. However, i can use [You must be registered and logged in to see this link.] with no problems. hmmm. Also im concerned using USB to transfer OTLPE scan results from my infected computer to my friends laptop to post here. in your experience is the risk of infection high?
Thanks Superdave.


Last edited by wildfly73 on Mon Apr 23, 2012 8:15 pm; edited 1 time in total (Reason for editing : addition info)

wildfly73
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-06-20
Gender Gender : Male
OS OS : windows xp Home Edition 2002 service pack 3
Protection Protection : ad-aware, malwarebytes
Points Points : 20382
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by Superdave on Mon Apr 23, 2012 10:24 pm

Also im concerned using USB to transfer OTLPE scan results from my infected computer to my friends laptop to post here. in your experience is the risk of infection high?
If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. If you're still afraid of getting infected, you can use CD-RW's to transfer the data.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download [You must be registered and logged in to see this link.]
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from [You must be registered and logged in to see this link.]
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
************************************************
Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by wildfly73 on Tue Apr 24, 2012 8:53 pm

Hello superdave, i hope you are well.

Attempted to download superantispyware (SAS)from the internet on my infected computer. As soon as superantispyware trys to begin copying files in its installation process this message pops up Install Error, File copy error, aborting installation. Iv tried downloading it again and same message appears. Iv looked on SAS website for solutions 2 came up. 1 Started download of RUNSAS.EXE same Install Error, File Copy Error pops up. 2 Started download of SASSAFERUN.COM and a blue screen appears Windows has shut down your computer to protect it. No keys worked at this point so i turned power off and on again and its restarted. Can you help to remedy this?

Iv not attempted downloading malwarebytes yet incase you wanted it done after superantispyware.

Tried using cd-rw to record the OTLPE log results. opened OTLPE log, attempted to save to relevant cd drive then the system said i did not have administor authorisation?

Whilst searching through my C:/program Files i found Spybot-search & destroy malwarebytes anti-malware, McAfee and McAfee security scan, Windows defender.

Thanks SuperDave


Last edited by wildfly73 on Thu Apr 26, 2012 7:28 pm; edited 5 times in total (Reason for editing : additional info)

wildfly73
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-06-20
Gender Gender : Male
OS OS : windows xp Home Edition 2002 service pack 3
Protection Protection : ad-aware, malwarebytes
Points Points : 20382
# Likes # Likes : 0

View user profile

Back to top Go down

OTLPE log results

Post by wildfly73 on Sat Apr 28, 2012 1:20 pm

Hello, please find attached the OTLPE log results.


wildfly73
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-06-20
Gender Gender : Male
OS OS : windows xp Home Edition 2002 service pack 3
Protection Protection : ad-aware, malwarebytes
Points Points : 20382
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by wildfly73 on Sat Apr 28, 2012 1:27 pm

Hello,OTLPE seemed to fail to attach. Part 1 OTLPE

OTL logfile created on: 4/27/2012 3:06:09 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 263.00 Mb Available Physical Memory | 51.00% Memory free
459.00 Mb Paging File | 322.00 Mb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 766 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 104.08 Gb Free Space | 69.83% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (SCardSvr)
SRV - File not found [Auto] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Auto] -- -- (CLTNetCnService)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/04/07 07:16:56 | 000,253,600 | -H-- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/08 09:32:27 | 002,152,152 | -H-- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/15 08:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/02/27 13:56:54 | 003,072,184 | -H-- | M] (Kontiki Inc.) [Auto] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/01/29 13:38:31 | 000,583,048 | -H-- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/08/09 03:27:52 | 000,073,728 | -H-- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/06/15 12:55:00 | 000,300,544 | -H-- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/11/03 14:19:58 | 000,013,592 | -H-- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/10/19 23:47:54 | 000,098,304 | -H-- | M] () [Auto] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/19 22:40:46 | 000,118,784 | -H-- | M] () [Auto] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/12/23 03:12:12 | 000,064,512 | -H-- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/12/23 03:12:10 | 000,015,232 | -H-- | M] () [Kernel | On_Demand] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/06/20 14:42:47 | 000,023,456 | -H-- | M] (Phoenix Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2007/11/14 10:11:46 | 000,395,312 | -H-- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/02/22 07:15:56 | 000,137,216 | -H-- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/02/22 07:15:14 | 000,012,288 | -H-- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007/02/22 07:15:14 | 000,012,288 | -H-- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007/02/22 07:15:14 | 000,008,320 | -H-- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2006/11/03 12:00:31 | 000,022,768 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2005/04/15 12:05:42 | 002,564,032 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/03/04 06:10:26 | 000,074,496 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/01/31 06:20:04 | 000,211,712 | RH-- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/31 06:12:48 | 000,022,016 | RH-- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/01/19 23:25:38 | 000,965,632 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/01/07 11:07:16 | 000,145,920 | -H-- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/03 18:31:34 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/05/20 07:58:54 | 000,379,456 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (PRISM_A02)
DRV - [2004/03/10 11:27:18 | 000,011,264 | -H-- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2003/12/08 06:53:48 | 000,053,600 | -H-- | M] (THOMSON) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 06:53:46 | 000,070,688 | -H-- | M] (THOMSON) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2003/11/13 13:19:48 | 000,210,304 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/13 13:18:36 | 000,679,808 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/13 13:17:00 | 001,042,816 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/11/27 21:16:36 | 000,021,081 | RH-- | M] (Pixela) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pixmcvv.sys -- (PIXMCVV)
DRV - [2002/10/03 15:53:22 | 000,028,057 | RH-- | M] (Pixela) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pixmcva.sys -- (PIXMCVA)
DRV - [2002/09/28 01:08:08 | 000,032,000 | RH-- | M] (Pixela) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pixmcvc.sys -- (PIXMCV)
DRV - [2002/03/19 05:29:16 | 000,014,165 | -H-- | M] (Pinnacle Systems GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Anthony_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Anthony_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Anthony_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Anthony_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKU\Anthony_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Anthony_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Anthony_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\Anthony_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Dawn_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\Dawn_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Dawn_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Dawn_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\Dawn_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Lee_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Lee_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Lee_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Lee_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Lee_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\Lee_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Stephen_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Stephen_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Stephen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Stephen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Stephen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/04/29 16:13:21 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/03/21 16:43:24 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/10 07:44:50 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/10 07:44:51 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2011/01/22 07:06:56 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2011/03/19 07:18:18 | 000,000,000 | -H-D | M]


O1 HOSTS File: ([2011/06/22 07:38:12 | 000,000,027 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5

wildfly73
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-06-20
Gender Gender : Male
OS OS : windows xp Home Edition 2002 service pack 3
Protection Protection : ad-aware, malwarebytes
Points Points : 20382
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by wildfly73 on Sat Apr 28, 2012 1:32 pm

Hello, part2 OTLPE log

========== Files Created - No Company Name ==========

[2012/04/18 11:25:47 | 536,203,264 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/18 10:34:13 | 000,000,065 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\mbam.context.scan
[2012/04/16 15:05:17 | 000,000,833 | -H-- | C] () -- C:\Documents and Settings\Stephen\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/04/16 14:47:43 | 000,000,168 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-jL6svp0h5ESLeVr
[2012/04/16 14:47:43 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-jL6svp0h5ESLeV
[2012/04/16 14:47:38 | 000,000,815 | -H-- | C] () -- C:\Documents and Settings\Stephen\Desktop\SMART_HDD.lnk
[2012/04/16 14:47:35 | 000,000,480 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\jL6svp0h5ESLeV
[2012/04/07 07:17:29 | 000,000,830 | -H-- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2011/06/22 07:05:54 | 000,256,512 | -H-- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/22 07:05:54 | 000,208,896 | -H-- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/22 07:05:54 | 000,098,816 | -H-- | C] () -- C:\WINDOWS\sed.exe
[2011/06/22 07:05:54 | 000,080,412 | -H-- | C] () -- C:\WINDOWS\grep.exe
[2011/06/22 07:05:54 | 000,068,096 | -H-- | C] () -- C:\WINDOWS\zip.exe
[2011/06/19 12:32:17 | 000,013,800 | -HS- | C] () -- C:\Documents and Settings\Stephen\Local Settings\Application Data\ux28k8k70xg6ehd13ev2e
[2011/06/19 12:32:17 | 000,013,800 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ux28k8k70xg6ehd13ev2e
[2011/04/30 04:22:44 | 000,000,064 | -H-- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/30 04:22:44 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/05/08 14:34:05 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/12/26 06:44:14 | 000,000,073 | -H-- | C] () -- C:\WINDOWS\MediaManager.INI
[2008/10/06 10:52:47 | 000,010,298 | -H-- | C] () -- C:\Documents and Settings\Dawn\Application Data\wklnhst.dat
[2008/10/05 12:52:15 | 000,000,127 | -H-- | C] () -- C:\Documents and Settings\Dawn\Local Settings\Application Data\fusioncache.dat
[2008/06/10 20:07:20 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/02/15 07:20:24 | 000,000,032 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/01/09 10:50:55 | 000,481,823 | -H-- | C] () -- C:\Documents and Settings\Stephen\Application Data\NMM-MetaData.db
[2007/12/29 09:15:56 | 000,000,736 | -H-- | C] () -- C:\WINDOWS\SamsungMaster.INI
[2007/12/26 08:17:50 | 000,008,704 | -H-- | C] () -- C:\WINDOWS\System32\vidccleaner.exe
[2007/03/29 19:00:40 | 000,203,264 | RH-- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006/11/25 16:22:53 | 000,000,214 | -H-- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/22 14:29:43 | 000,000,719 | -H-- | C] () -- C:\Documents and Settings\Lee\Application Data\QuickZip45.ini
[2006/11/08 08:10:27 | 000,024,064 | -H-- | C] () -- C:\Documents and Settings\Stephen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/03 12:00:13 | 000,014,294 | -H-- | C] () -- C:\Documents and Settings\Lee\1162569612-oem33.PNF
[2006/11/03 12:00:13 | 000,012,820 | -H-- | C] () -- C:\Documents and Settings\Lee\1162569613-oem34.PNF
[2006/11/03 12:00:13 | 000,012,546 | -H-- | C] () -- C:\Documents and Settings\Lee\1162569613-oem35.PNF
[2006/11/03 12:00:13 | 000,007,195 | -H-- | C] () -- C:\Documents and Settings\Lee\1162569612-oem33.inf
[2006/11/03 12:00:13 | 000,005,891 | -H-- | C] () -- C:\Documents and Settings\Lee\1162569613-oem35.inf
[2006/11/03 12:00:13 | 000,005,877 | -H-- | C] () -- C:\Documents and Settings\Lee\1162569613-oem34.inf
[2006/11/03 11:43:17 | 000,014,294 | -H-- | C] () -- C:\Documents and Settings\Lee\1162568597-oem33.PNF
[2006/11/03 11:43:17 | 000,012,820 | -H-- | C] () -- C:\Documents and Settings\Lee\1162568597-oem34.PNF
[2006/11/03 11:43:17 | 000,012,546 | -H-- | C] () -- C:\Documents and Settings\Lee\1162568597-oem35.PNF
[2006/11/03 11:43:17 | 000,007,195 | -H-- | C] () -- C:\Documents and Settings\Lee\1162568597-oem33.inf
[2006/11/03 11:43:17 | 000,005,891 | -H-- | C] () -- C:\Documents and Settings\Lee\1162568597-oem35.inf
[2006/11/03 11:43:17 | 000,005,877 | -H-- | C] () -- C:\Documents and Settings\Lee\1162568597-oem34.inf
[2006/11/03 11:32:37 | 000,014,294 | -H-- | C] () -- C:\Documents and Settings\Lee\1162567956-oem33.PNF
[2006/11/03 11:32:37 | 000,012,820 | -H-- | C] () -- C:\Documents and Settings\Lee\1162567957-oem34.PNF
[2006/11/03 11:32:37 | 000,012,546 | -H-- | C] () -- C:\Documents and Settings\Lee\1162567957-oem35.PNF
[2006/11/03 11:32:37 | 000,005,891 | -H-- | C] () -- C:\Documents and Settings\Lee\1162567957-oem35.inf
[2006/11/03 11:32:37 | 000,005,877 | -H-- | C] () -- C:\Documents and Settings\Lee\1162567957-oem34.inf
[2006/11/03 11:32:36 | 000,007,195 | -H-- | C] () -- C:\Documents and Settings\Lee\1162567956-oem33.inf
[2006/09/17 11:27:22 | 000,009,255 | RH-- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/09/17 11:22:51 | 000,053,248 | RH-- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2006/09/17 11:20:30 | 000,081,920 | RH-- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
[2006/09/06 07:44:44 | 000,001,084 | ---- | C] () -- C:\Documents and Settings\Anthony\Application Data\QuickZip45.ini
[2006/06/28 12:37:07 | 000,000,206 | -H-- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/05/27 12:03:20 | 000,007,195 | -H-- | C] () -- C:\Documents and Settings\Lee\USBMOT2000.INF
[2006/05/27 12:03:20 | 000,005,891 | -H-- | C] () -- C:\Documents and Settings\Lee\USBMOT2000XP.INF
[2006/05/27 12:03:20 | 000,005,877 | -H-- | C] () -- C:\Documents and Settings\Lee\USB_CMCS_2000.INF
[2006/05/27 12:03:11 | 000,019,758 | -H-- | C] () -- C:\Documents and Settings\Lee\1148745791-oem33.PNF
[2006/05/27 12:03:11 | 000,011,167 | -H-- | C] () -- C:\Documents and Settings\Lee\1148745791-oem33.inf
[2006/04/27 05:21:49 | 000,002,825 | -H-- | C] () -- C:\Documents and Settings\Stephen\Application Data\QuickZip45.ini
[2006/03/06 06:41:02 | 000,073,728 | -H-- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2005/11/22 18:34:29 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/15 07:38:35 | 000,002,565 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2005/11/15 07:37:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/06 15:19:53 | 000,016,973 | -H-- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2005/11/01 15:25:12 | 000,000,550 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/10/30 17:56:31 | 000,000,284 | -H-- | C] () -- C:\Documents and Settings\Lee\Application Data\ViewerApp.dat
[2005/10/17 05:33:59 | 000,005,606 | -H-- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/10/08 05:35:10 | 000,001,680 | -H-- | C] () -- C:\Documents and Settings\Lee\Application Data\wklnhst.dat
[2005/09/29 05:37:04 | 000,000,126 | -H-- | C] () -- C:\Documents and Settings\Lee\Local Settings\Application Data\fusioncache.dat
[2005/09/26 06:26:52 | 000,000,130 | -H-- | C] () -- C:\Documents and Settings\Stephen\Local Settings\Application Data\fusioncache.dat
[2005/09/25 13:51:54 | 000,068,946 | -H-- | C] () -- C:\WINDOWS\hpoins05.dat
[2005/09/25 13:51:54 | 000,019,696 | -H-- | C] () -- C:\WINDOWS\hpomdl05.dat
[2005/09/24 10:22:16 | 000,004,948 | ---- | C] () -- C:\Documents and Settings\Anthony\Application Data\wklnhst.dat
[2005/09/18 15:06:37 | 000,187,904 | -H-- | C] () -- C:\Documents and Settings\Lee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/09/16 11:16:15 | 000,037,172 | -H-- | C] () -- C:\Documents and Settings\Stephen\Application Data\wklnhst.dat
[2005/09/15 15:51:48 | 000,406,016 | -H-- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2005/09/15 15:33:00 | 000,000,116 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/09/13 10:15:55 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\fusioncache.dat
[2005/09/13 10:15:42 | 000,039,955 | -H-- | C] () -- C:\WINDOWS\System32\compare.dat
[2005/08/13 09:41:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\sirenacm(2).dll
[2005/05/23 06:09:02 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/21 12:05:44 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/21 12:04:57 | 000,268,600 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/05/21 11:48:38 | 000,073,845 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/05/21 11:47:26 | 000,156,672 | -H-- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/05/21 11:37:01 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/05/21 11:37:00 | 000,382,000 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/05/21 11:37:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/05/21 11:37:00 | 000,053,552 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/05/21 11:37:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/05/21 11:36:59 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/05/21 11:36:59 | 000,004,643 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/05/21 11:36:58 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/05/21 11:36:55 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/05/21 11:36:55 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/05/21 11:36:51 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/05/21 11:36:48 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/05/21 10:39:59 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/21 10:39:06 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/21 10:39:06 | 000,188,416 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/21 10:39:05 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/21 10:39:05 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/21 10:39:05 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/21 10:39:05 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/21 10:28:36 | 000,000,780 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2005/05/21 10:15:28 | 000,000,828 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/05/21 10:14:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/05/21 10:10:57 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/12/20 07:08:28 | 000,180,224 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 07:03:26 | 000,765,952 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/09/16 09:26:40 | 000,012,634 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/03/18 03:44:29 | 001,663,068 | -H-- | C] () -- C:\WINDOWS\System32\libmmd.dll
[1999/01/27 08:39:06 | 000,065,024 | -H-- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 02:56:08 | 000,056,832 | -H-- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2007/07/12 10:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Azureus
[2006/09/17 11:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\FotoWire
[2006/05/23 12:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Netscape
[2008/04/20 08:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Nokia
[2008/05/29 16:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Nokia Multimedia Player
[2008/02/03 06:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\PC Suite
[2008/10/06 14:21:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Dawn\Application Data\InterVideo
[2008/10/05 12:51:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Dawn\Application Data\PC Suite
[2006/02/19 08:08:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lee\Application Data\InterVideo
[2008/08/17 09:24:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lee\Application Data\PC Suite
[2009/07/30 07:07:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Stephen\Application Data\Azureus
[2011/04/10 08:35:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Stephen\Application Data\DDMSettings
[2005/09/21 07:58:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Stephen\Application Data\InterVideo
[2008/01/20 15:46:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Stephen\Application Data\LimeWire
[2005/11/15 07:37:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Stephen\Application Data\Netscape
[2008/01/09 11:31:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Stephen\Application Data\Nokia
[2008/02/04 12:00:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Stephen\Application Data\Nokia Multimedia Player
[2008/01/09 10:45:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Stephen\Application Data\PC Suite
[2012/03/23 16:49:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Stephen\Application Data\Philips-Songbird
[2006/01/18 15:28:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Stephen\Application Data\uTorrent
[2011/03/28 05:39:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Stephen\Application Data\WhiteSmoke
[2006/11/03 12:10:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/03/08 11:08:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/02/15 17:26:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Documents
[2008/11/20 11:52:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
[2008/01/09 10:41:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2012/04/22 12:26:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2008/01/09 10:47:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2005/09/15 15:40:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2006/02/23 15:56:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2007/06/30 08:07:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Prism
[2005/09/15 15:54:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2007/02/09 16:30:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2010/08/28 06:24:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/23 07:12:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/18 06:17:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/01/31 10:47:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{F0489EF2-D393-4114-85BA-A94D71D89543}
[2012/04/17 07:06:50 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/04/22 11:54:30 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


Invalid Environment Variable: %APPDATA%\Microsoft\*.*

< %systemroot%\system32\config\systemprofile\*.dat/x >
Invalid Switch: x

Invalid Environment Variable: %USERPROFILE%\Desktop\*.exe

< %PROGRAMFILES%\ccommon Files\*.* >

< %systemroot%\winn32\*.* >

Invalid Environment Variable: %USERPROFILE%\My Documents\*.exe

Invalid Environment Variable: %USERPROFILE%\*.exe

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Tinyproxy. >

< %systemroot%\system32\*.*/lockedfiles >
[2011/03/03 02:55:19 | 000,149,504 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2012/03/02 01:01:32 | 011,082,752 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2012/03/01 07:01:31 | 002,000,384 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 20:12:00 | 000,274,944 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 20:12:02 | 000,067,072 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2011/01/21 10:44:37 | 008,462,336 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks|*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011/03/18 11:26:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Adobe
[2005/05/21 10:38:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Ahead
[2008/11/20 11:58:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Apple Software Update
[2006/11/03 12:02:17 | 000,000,000 | -H-D | M] -- C:\Program Files\Avanquest update
[2011/06/20 16:14:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Azureus
[2010/08/28 06:13:29 | 000,000,000 | -H-D | M] -- C:\Program Files\Bonjour
[2008/08/03 08:40:32 | 000,000,000 | -H-D | M] -- C:\Program Files\CandleWorks
[2009/03/08 11:20:15 | 000,000,000 | -H-D | M] -- C:\Program Files\Canon
[2009/03/08 11:07:31 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2011/06/22 07:23:20 | 000,000,000 | -H-D | M] -- C:\Program Files\Common Files
[2005/05/21 10:10:47 | 000,000,000 | -H-D | M] -- C:\Program Files\ComPlus Applications
[2005/05/21 10:35:28 | 000,000,000 | -H-D | M] -- C:\Program Files\CONEXANT
[2006/10/15 12:25:15 | 000,000,000 | -H-D | M] -- C:\Program Files\ConvertMovie 4.1
[2005/11/01 13:35:51 | 000,000,000 | -H-D | M] -- C:\Program Files\Creative Labs
[2008/01/09 10:43:39 | 000,000,000 | -H-D | M] -- C:\Program Files\DIFX
[2011/06/15 12:08:21 | 000,000,000 | -H-D | M] -- C:\Program Files\DivX
[2005/05/21 10:40:22 | 000,000,000 | -H-D | M] -- C:\Program Files\Encarta
[2011/06/26 04:47:55 | 000,000,000 | -H-D | M] -- C:\Program Files\ESET
[2008/11/22 07:00:51 | 000,000,000 | -H-D | M] -- C:\Program Files\FirstClass
[2009/01/26 17:45:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Google
[2008/05/01 08:16:29 | 000,000,000 | -H-D | M] -- C:\Program Files\Hewlett-Packard
[2008/05/01 08:16:39 | 000,000,000 | -H-D | M] -- C:\Program Files\HP
[2008/10/28 13:09:11 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2012/04/16 15:29:36 | 000,000,000 | -H-D | M] -- C:\Program Files\Internet Explorer
[2005/05/21 10:39:03 | 000,000,000 | -H-D | M] -- C:\Program Files\InterVideo
[2010/08/28 06:23:48 | 000,000,000 | -H-D | M] -- C:\Program Files\iPod
[2006/02/19 07:54:39 | 000,000,000 | -H-D | M] -- C:\Program Files\IrfanView
[2010/08/28 06:24:42 | 000,000,000 | -H-D | M] -- C:\Program Files\iTunes
[2012/01/15 06:56:24 | 000,000,000 | -H-D | M] -- C:\Program Files\Java
[2006/03/07 15:15:03 | 000,000,000 | -H-D | M] -- C:\Program Files\JLIP VideoCapture3.1
[2008/10/24 12:26:15 | 000,000,000 | -H-D | M] -- C:\Program Files\KAZ (Keyboard A-Z)
[2009/01/31 13:39:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Kontiki
[2012/03/08 09:23:39 | 000,000,000 | -H-D | M] -- C:\Program Files\Lavasoft
[2006/09/17 11:24:06 | 000,000,000 | -H-D | M] -- C:\Program Files\Logitech
[2012/04/18 03:50:31 | 000,000,000 | -H-D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/21 16:43:00 | 000,000,000 | -H-D | M] -- C:\Program Files\McAfee
[2011/03/20 12:45:33 | 000,000,000 | -H-D | M] -- C:\Program Files\McAfee Security Scan
[2008/11/27 10:15:06 | 000,000,000 | -H-D | M] -- C:\Program Files\Messenger
[2005/05/21 10:39:51 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft ActiveSync
[2005/05/21 10:40:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft AutoRoute
[2008/03/22 17:14:17 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2005/05/21 10:12:43 | 000,000,000 | -H-D | M] -- C:\Program Files\microsoft frontpage
[2007/05/22 10:30:12 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Money 2005
[2010/06/07 13:02:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Office
[2005/05/21 10:40:05 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Works
[2005/05/21 10:39:15 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Works Suite 2005
[2006/11/03 12:02:02 | 000,000,000 | -H-D | M] -- C:\Program Files\Motorola Phone Tools
[2006/10/15 12:25:15 | 000,000,000 | -H-D | M] -- C:\Program Files\MOVAVI
[2010/08/11 15:42:04 | 000,000,000 | -H-D | M] -- C:\Program Files\Movie Maker
[2008/12/25 14:57:08 | 000,000,000 | -H-D | M] -- C:\Program Files\MP3 Player Utilities 4.17
[2010/06/07 13:01:52 | 000,000,000 | -H-D | M] -- C:\Program Files\MSECache
[2005/09/18 15:04:04 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN
[2005/09/17 11:46:01 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN Apps
[2008/11/27 10:20:22 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN Gaming Zone
[2011/06/26 05:15:18 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN Messenger
[2006/11/18 18:42:39 | 000,000,000 | -H-D | M] -- C:\Program Files\MSXML 4.0
[2008/08/11 14:36:46 | 000,000,000 | -H-D | M] -- C:\Program Files\NetMeeting
[2005/11/15 07:32:40 | 000,000,000 | -H-D | M] -- C:\Program Files\Netscape
[2008/01/09 10:43:59 | 000,000,000 | -H-D | M] -- C:\Program Files\Nokia
[2008/02/03 06:47:53 | 000,000,000 | -H-D | M] -- C:\Program Files\OLYMPUS
[2008/08/10 07:31:56 | 000,000,000 | -H-D | M] -- C:\Program Files\Online Services
[2010/12/19 07:57:57 | 000,000,000 | -H-D | M] -- C:\Program Files\Outlook Express
[2008/01/09 10:43:16 | 000,000,000 | -H-D | M] -- C:\Program Files\PC Connectivity Solution
[2010/12/25 10:27:02 | 000,000,000 | -H-D | M] -- C:\Program Files\Philips
[2006/06/23 10:24:59 | 000,000,000 | -H-D | M] -- C:\Program Files\Picture It! Premium 10
[2008/11/27 10:16:56 | 000,000,000 | -H-D | M] -- C:\Program Files\Pinnacle
[2005/10/30 13:35:58 | 000,000,000 | -H-D | M] -- C:\Program Files\PIXELA
[2005/09/13 10:14:43 | 000,000,000 | -H-D | M] -- C:\Program Files\Program Shortcuts
[2011/01/22 07:06:52 | 000,000,000 | -H-D | M] -- C:\Program Files\QuickTime
[2006/04/27 05:21:46 | 000,000,000 | -H-D | M] -- C:\Program Files\QuickZip4
[2005/11/01 15:20:01 | 000,000,000 | -H-D | M] -- C:\Program Files\Real
[2007/12/26 08:17:21 | 000,000,000 | -H-D | M] -- C:\Program Files\Samsung
[2006/12/27 06:19:30 | 000,000,000 | -H-D | M] -- C:\Program Files\SigmaTel
[2008/02/15 07:12:36 | 000,000,000 | -H-D | M] -- C:\Program Files\Skype
[2005/09/15 15:54:17 | 000,000,000 | -H-D | M] -- C:\Program Files\SmartSound Software
[2005/10/30 13:35:04 | 000,000,000 | -H-D | M] -- C:\Program Files\Sony Corporation
[2005/10/17 06:14:49 | 000,000,000 | -H-D | M] -- C:\Program Files\SpeedTouch
[2006/12/29 13:26:40 | 000,000,000 | -H-D | M] -- C:\Program Files\Spybot - Search & Destroy
[2008/07/31 15:47:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Sun
[2008/10/17 10:32:04 | 000,000,000 | -H-D | M] -- C:\Program Files\Tiscali
[2007/02/09 16:30:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Transparent
[2005/05/21 10:15:12 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/03/28 10:33:37 | 000,000,000 | -H-D | M] -- C:\Program Files\WhiteSmoke
[2010/08/10 11:02:51 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Defender
[2008/03/21 06:06:46 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Live
[2007/01/28 17:28:39 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Media Connect 2
[2008/08/11 14:36:39 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Media Player
[2008/08/10 07:31:33 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows NT
[2005/05/21 10:11:26 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2005/05/21 10:12:43 | 000,000,000 | -H-D | M] -- C:\Program Files\xerox
[2007/12/26 08:14:40 | 000,000,000 | -H-D | M] -- C:\Program Files\XviD


< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/11 14:27:40 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 08:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/08/11 14:27:40 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/11 14:27:40 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 08:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/08/11 14:27:40 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 08:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/08/11 14:27:40 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 08:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2008/08/11 14:27:40 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 08:00:00 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< CREATERESTOREPOINT >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Aut >

< Update\Results\Install | LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet | command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 08:17:40 | 000,174,080 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 08:17:40 | 000,174,080 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 08:17:40 | 000,174,080 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 09:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 09:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" HIDE [2005/10/12 14:24:23 | 000,038,923 | -H-- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" REGISTER [2005/10/12 14:24:23 | 000,038,923 | -H-- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.EXE" SHOW [2005/10/12 14:24:23 | 000,038,923 | -H-- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\open\command\\: C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE [2005/10/12 14:20:06 | 000,270,336 | -H-- | M] (Netscape)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\properties\command\\: C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE -chrome "chrome://browser/content/pref/pref.xul" [2005/10/12 14:20:06 | 000,270,336 | -H-- | M] (Netscape)

< hklm\software\clients\startmenuinternet | command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 08:17:40 | 000,174,080 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 08:17:40 | 000,174,080 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 08:17:40 | 000,174,080 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 09:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 09:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" HIDE [2005/10/12 14:24:23 | 000,038,923 | -H-- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.exe" REGISTER [2005/10/12 14:24:23 | 000,038,923 | -H-- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Netscape\Netscape Browser\NSSET.EXE" SHOW [2005/10/12 14:24:23 | 000,038,923 | -H-- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\open\command\\: C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE [2005/10/12 14:20:06 | 000,270,336 | -H-- | M] (Netscape)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\netscape.exe\shell\properties\command\\: C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE -chrome "chrome://browser/content/pref/pref.xul" [2005/10/12 14:20:06 | 000,270,336 | -H-- | M] (Netscape)

< End of report >

wildfly73
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-06-20
Gender Gender : Male
OS OS : windows xp Home Edition 2002 service pack 3
Protection Protection : ad-aware, malwarebytes
Points Points : 20382
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by Superdave on Sat Apr 28, 2012 7:06 pm

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:
:OTL

O3 - HKU\Anthony_ON_C\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\Anthony_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Dawn_ON_C\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\Lee_ON_C\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\Lee_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Stephen_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Stephen_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Stephen_ON_C\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [BWNgukIRpgkBmLb.exe] C:\Documents and Settings\All Users\Application Data\BWNgukIRpgkBmLb.exe ( )
O4 - HKU\Anthony_ON_C..\Run: [MsnMsgr] File not found
O4 - HKU\Anthony_ON_C..\Run: [MyWebSearch Email Plugin] File not found
O4 - HKU\Dawn_ON_C..\Run: [msnmsgr] File not found
[2012/04/16 14:21:14 | 000,322,560 | -H-- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\BWNgukIRpgkBmLb.exe

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.

Please let me know if you can boot your computer.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by wildfly73 on Sat Apr 28, 2012 9:02 pm



========== OTL ==========
Registry value HKEY_USERS\Anthony_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
Registry value HKEY_USERS\Anthony_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\Dawn_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
Registry value HKEY_USERS\Lee_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
Registry value HKEY_USERS\Lee_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\Stephen_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\Stephen_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\Stephen_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AlcWzrd deleted successfully.
C:\WINDOWS\ALCWZRD.EXE moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BWNgukIRpgkBmLb.exe deleted successfully.
C:\Documents and Settings\All Users\Application Data\BWNgukIRpgkBmLb.exe moved successfully.
Registry value HKEY_USERS\Anthony_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\MsnMsgr deleted successfully.
Registry value HKEY_USERS\Anthony_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin deleted successfully.
Registry value HKEY_USERS\Dawn_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
File C:\Documents and Settings\All Users\Application Data\BWNgukIRpgkBmLb.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.48.0 log created on 04292012_043740

i removed the windows recovery environment cd and booted my computer windows xp opens however no icons appear on desktop and no programes. The only usable options are shut down and restart.
hope this helps
regards
stephen.

wildfly73
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-06-20
Gender Gender : Male
OS OS : windows xp Home Edition 2002 service pack 3
Protection Protection : ad-aware, malwarebytes
Points Points : 20382
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by Superdave on Sat Apr 28, 2012 10:16 pm


  • Please download Unhide by Grinler from [You must be registered and logged in to see this link.] and save it to your desktop.
  • Double click unhide.exe to run the tool.
  • It will take some time to go through all your files, so please be patient.
  • If you still can't see anything on your desktop please let me know.

**************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download [You must be registered and logged in to see this link.]
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from [You must be registered and logged in to see this link.]
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
************************************************
Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Unhide log and reboot info

Post by wildfly73 on Sun Apr 29, 2012 12:31 pm

Unhide by Lawrence Abrams (Grinler)
[You must be registered and logged in to see this link.]
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
[You must be registered and logged in to see this link.]
Program started at: 04/29/2012 10:53:36 AM
Windows Version: Windows XP
Please be patient while your files are made visible again.
Processing the B:\ drive
Finished processing the B:\ drive. 388 files processed.
Processing the C:\ drive
Finished processing the C:\ drive. 162007 files processed.
Processing the D:\ drive
Finished processing the D:\ drive. 0 files processed.
Processing the E:\ drive
Finished processing the E:\ drive. 0 files processed.
Processing the F:\ drive
Finished processing the F:\ drive. 0 files processed.
Processing the G:\ drive
Finished processing the G:\ drive. 0 files processed.
Processing the H:\ drive
Finished processing the H:\ drive. 0 files processed.
The B:\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: [You must be registered and logged in to see this link.]
Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
* NoRun policy was found and deleted!
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Restarting Explorer.exe in order to apply changes.
Program finished at: 04/29/2012 11:01:57 AM
Execution time: 0 hours(s), 8 minute(s), and 21 seconds(s)

After running Unhide iv booted without Win Rec Envi cd. i have my usual icons appearing on the right side of the task bar and are functioning. In the start menu programmes are now showing. However, each folder shows empty except for a folder named SMART HDD which i have not knowingly installed. Within this folder is the option to uninstall, surprisingly. Also there are no short cuts showing on the desk top. I have internet access restored.
Within the start menu Run, my documents, my computer, control panel, ect have not been unhiden.


Last edited by wildfly73 on Sun Apr 29, 2012 5:36 pm; edited 2 times in total (Reason for editing : additional info)

wildfly73
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-06-20
Gender Gender : Male
OS OS : windows xp Home Edition 2002 service pack 3
Protection Protection : ad-aware, malwarebytes
Points Points : 20382
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by Superdave on Sun Apr 29, 2012 6:16 pm

Please run the other scans and post the logs.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by wildfly73 on Sun Apr 29, 2012 7:20 pm

Iv tried running superantispyware (SAS) twice in Windows Recovery Environment. Installation error, file copy error, aborting installation both times. Also tried running SAS without Win Rec Envi. Chose Save to desktop, it did save however no icon appears on the blank desktop and i have no access to the run command bar. Any suggestions appreciated
thanks s

wildfly73
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-06-20
Gender Gender : Male
OS OS : windows xp Home Edition 2002 service pack 3
Protection Protection : ad-aware, malwarebytes
Points Points : 20382
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by Superdave on Sun Apr 29, 2012 10:20 pm

Ok. Let's try this:

Save these instructions so you can have access to them while in Safe Mode.

Please click [You must be registered and logged in to see this link.] to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by wildfly73 on Mon Apr 30, 2012 12:19 pm

Hello,

Downloaded kaspersky to desktop. Rebooted computer tapped F8 but still does not enter SafeMode. It instead enters Select Boot Drive. Iv also tried tapping space bar on start up which produces Hardware profile/configuration recovery menu. This allows the selection of hardware profile to be used when windows is started. 1 option shows Profile 1. i dont know what this will do if it is selected so i press escape and XP startup begins.

Iv also tried to download kaspersky in Windows Recovery Environment. It almost installed, however, Disk Clean Up appeared in the final stage of download reporting there is not enough disk space. The option is to delete temp internet files freeing up 479kb. is it ok to go ahead and delete these files?[b]


Last edited by wildfly73 on Mon Apr 30, 2012 4:23 pm; edited 2 times in total (Reason for editing : further info)

wildfly73
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-06-20
Gender Gender : Male
OS OS : windows xp Home Edition 2002 service pack 3
Protection Protection : ad-aware, malwarebytes
Points Points : 20382
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by Superdave on Mon Apr 30, 2012 7:04 pm

Ok. What's the status of your computer now? Can you boot in Normal Mode?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by wildfly73 on Mon Apr 30, 2012 7:38 pm

Yes it will boot in normal mode. However, desktop is blank (empty blue screen) on the right handside of taskbar icons visable and functioning. In Start menu Programmes are visable but when hovering curser all show empty and are non functioning. Also run/command bar, my computer, my documents, control panel options are all apscent from the start menu.
After running the unhide fix, internet capability and task bar icons were restored to normal functioning.

wildfly73
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-06-20
Gender Gender : Male
OS OS : windows xp Home Edition 2002 service pack 3
Protection Protection : ad-aware, malwarebytes
Points Points : 20382
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by Superdave on Mon Apr 30, 2012 10:07 pm


  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.



  • If an infected file is detected, the default action will be Cure, click on Continue.



  • If a suspicious file is detected, the default action will be Skip, click on Continue.



  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.



  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

TDSSkiller log 1 & 2

Post by wildfly73 on Tue May 01, 2012 6:39 pm

Hello, i ran TDDS in Windows Recovery Environment. During the initialization process of TDSSkiller two error messages occured. Carnt initialize log and carnt load driver. However, TDSS still did a scan and detected threat Rootkit.Boot.SST.b Physicaldrive:\Device\Harddisk0\DR0 Malware object high risk cured on reboot.

TDSSkiller log1

20:27:51.0656 2152 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
20:27:51.0937 2152 ============================================================
20:27:51.0937 2152 Current date / time: 2012/05/01 20:27:51.0937
20:27:51.0937 2152 SystemInfo:
20:27:51.0937 2152
20:27:51.0937 2152 OS Version: 5.1.2600 ServicePack: 3.0
20:27:51.0937 2152 Product type: Workstation
20:27:51.0937 2152 ComputerName: YOUR-4AD98E1252
20:27:51.0937 2152 UserName: Stephen
20:27:51.0937 2152 Windows directory: C:\WINDOWS
20:27:51.0937 2152 System windows directory: C:\WINDOWS
20:27:51.0937 2152 Processor architecture: Intel x86
20:27:51.0937 2152 Number of processors: 2
20:27:51.0937 2152 Page size: 0x1000
20:27:51.0937 2152 Boot type: Normal boot
20:27:51.0937 2152 ============================================================
20:27:54.0109 2152 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:27:54.0203 2152 ============================================================
20:27:54.0203 2152 \Device\Harddisk0\DR0:
20:27:54.0218 2152 MBR partitions:
20:27:54.0218 2152 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
20:27:54.0218 2152 ============================================================
20:27:54.0312 2152 C: <-> \Device\Harddisk0\DR0\Partition0
20:27:54.0312 2152 ============================================================
20:27:54.0312 2152 Initialize success
20:27:54.0312 2152 ============================================================
20:28:01.0218 3796 ============================================================
20:28:01.0218 3796 Scan started
20:28:01.0218 3796 Mode: Manual;
20:28:01.0218 3796 ============================================================
20:28:01.0656 3796 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
20:28:01.0656 3796 61883 - ok
20:28:01.0656 3796 Abiosdsk - ok
20:28:01.0671 3796 abp480n5 - ok
20:28:01.0718 3796 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:28:01.0718 3796 ACPI - ok
20:28:01.0765 3796 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:28:01.0765 3796 ACPIEC - ok
20:28:01.0921 3796 AdobeActiveFileMonitor (f487ee1425d9533aef4b1d991fc5abbe) C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
20:28:01.0921 3796 AdobeActiveFileMonitor - ok
20:28:02.0062 3796 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:28:02.0062 3796 AdobeFlashPlayerUpdateSvc - ok
20:28:02.0062 3796 adpu160m - ok
20:28:02.0156 3796 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:28:02.0156 3796 aec - ok
20:28:02.0218 3796 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:28:02.0218 3796 AFD - ok
20:28:02.0218 3796 Aha154x - ok
20:28:02.0234 3796 aic78u2 - ok
20:28:02.0234 3796 aic78xx - ok
20:28:02.0296 3796 alcan5wn (0940030d5a5869067ccc03e3b0b8dec7) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
20:28:02.0296 3796 alcan5wn - ok
20:28:02.0328 3796 alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
20:28:02.0328 3796 alcaudsl - ok
20:28:02.0359 3796 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:28:02.0359 3796 Alerter - ok
20:28:02.0390 3796 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:28:02.0390 3796 ALG - ok
20:28:02.0390 3796 AliIde - ok
20:28:02.0406 3796 amsint - ok
20:28:02.0515 3796 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:28:02.0515 3796 Apple Mobile Device - ok
20:28:02.0531 3796 AppMgmt - ok
20:28:02.0578 3796 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:28:02.0578 3796 Arp1394 - ok
20:28:02.0640 3796 ASAPIW2k (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\drivers\ASAPIW2k.sys
20:28:02.0640 3796 ASAPIW2k - ok
20:28:02.0656 3796 asc - ok
20:28:02.0656 3796 asc3350p - ok
20:28:02.0671 3796 asc3550 - ok
20:28:02.0812 3796 aspnet_state (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
20:28:02.0843 3796 aspnet_state - ok
20:28:02.0875 3796 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:28:02.0875 3796 AsyncMac - ok
20:28:02.0906 3796 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:28:02.0906 3796 atapi - ok
20:28:02.0921 3796 Atdisk - ok
20:28:03.0000 3796 Ati HotKey Poller (8911ecc589539b2a71b09b65bc67b3b6) C:\WINDOWS\system32\Ati2evxx.exe
20:28:03.0000 3796 Ati HotKey Poller - ok
20:28:03.0046 3796 ati2mtag (1a12941c75be2003286c7787f21a7f81) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:28:03.0078 3796 ati2mtag - ok
20:28:03.0140 3796 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:28:03.0140 3796 Atmarpc - ok
20:28:03.0171 3796 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:28:03.0171 3796 AudioSrv - ok
20:28:03.0203 3796 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:28:03.0203 3796 audstub - ok
20:28:03.0234 3796 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
20:28:03.0234 3796 Avc - ok
20:28:03.0265 3796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:28:03.0265 3796 Beep - ok
20:28:03.0343 3796 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:28:03.0515 3796 BITS - ok
20:28:03.0718 3796 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files\Bonjour\mDNSResponder.exe
20:28:03.0718 3796 Bonjour Service - ok
20:28:03.0781 3796 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:28:03.0781 3796 Browser - ok
20:28:03.0781 3796 catchme - ok
20:28:03.0828 3796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:28:03.0828 3796 cbidf2k - ok
20:28:03.0859 3796 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:28:03.0859 3796 CCDECODE - ok
20:28:03.0875 3796 cd20xrnt - ok
20:28:03.0906 3796 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:28:03.0906 3796 Cdaudio - ok
20:28:03.0968 3796 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:28:03.0968 3796 Cdfs - ok
20:28:04.0031 3796 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:28:04.0031 3796 Cdrom - ok
20:28:04.0046 3796 Changer - ok
20:28:04.0078 3796 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:28:04.0078 3796 CiSvc - ok
20:28:04.0125 3796 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:28:04.0125 3796 ClipSrv - ok
20:28:04.0171 3796 CLTNetCnService - ok
20:28:04.0171 3796 CmdIde - ok
20:28:04.0171 3796 COMSysApp - ok
20:28:04.0187 3796 Cpqarray - ok
20:28:04.0234 3796 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:28:04.0234 3796 CryptSvc - ok
20:28:04.0250 3796 dac2w2k - ok
20:28:04.0250 3796 dac960nt - ok
20:28:04.0328 3796 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:28:04.0343 3796 DcomLaunch - ok
20:28:04.0406 3796 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:28:04.0406 3796 Dhcp - ok
20:28:04.0437 3796 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:28:04.0437 3796 Disk - ok
20:28:04.0437 3796 dmadmin - ok
20:28:04.0500 3796 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:28:04.0515 3796 dmboot - ok
20:28:04.0562 3796 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:28:04.0562 3796 dmio - ok
20:28:04.0593 3796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:28:04.0593 3796 dmload - ok
20:28:04.0625 3796 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:28:04.0625 3796 dmserver - ok
20:28:04.0671 3796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:28:04.0671 3796 DMusic - ok
20:28:04.0734 3796 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:28:04.0734 3796 Dnscache - ok
20:28:04.0796 3796 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:28:04.0796 3796 Dot3svc - ok
20:28:04.0796 3796 dpti2o - ok
20:28:04.0812 3796 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:28:04.0812 3796 drmkaud - ok
20:28:04.0843 3796 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32\Drivers\DrvAgent32.sys
20:28:04.0843 3796 DrvAgent32 - ok
20:28:04.0875 3796 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:28:04.0875 3796 EapHost - ok
20:28:05.0093 3796 eeCtrl (31c959319ef45b548d2111e338412270) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:28:05.0093 3796 eeCtrl - ok
20:28:05.0171 3796 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:28:05.0171 3796 ERSvc - ok
20:28:05.0234 3796 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:28:05.0234 3796 Eventlog - ok
20:28:05.0281 3796 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:28:05.0281 3796 EventSystem - ok
20:28:05.0375 3796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:28:05.0375 3796 Fastfat - ok
20:28:05.0437 3796 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:28:05.0437 3796 FastUserSwitchingCompatibility - ok
20:28:05.0500 3796 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:28:05.0500 3796 Fdc - ok
20:28:05.0562 3796 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:28:05.0562 3796 Fips - ok
20:28:05.0593 3796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:28:05.0593 3796 Flpydisk - ok
20:28:05.0625 3796 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:28:05.0640 3796 FltMgr - ok
20:28:05.0671 3796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:28:05.0671 3796 Fs_Rec - ok
20:28:05.0687 3796 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:28:05.0703 3796 Ftdisk - ok
20:28:05.0750 3796 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:28:05.0750 3796 GEARAspiWDM - ok
20:28:05.0812 3796 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:28:05.0812 3796 Gpc - ok
20:28:05.0921 3796 gusvc (34b56a3c195aee6ae11001d277acc83e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:28:05.0921 3796 gusvc - ok
20:28:05.0953 3796 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
20:28:05.0968 3796 HdAudAddService - ok
20:28:06.0015 3796 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:28:06.0015 3796 HDAudBus - ok
20:28:06.0078 3796 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:28:06.0078 3796 helpsvc - ok
20:28:06.0125 3796 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
20:28:06.0140 3796 HidServ - ok
20:28:06.0171 3796 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:28:06.0171 3796 hidusb - ok
20:28:06.0187 3796 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:28:06.0187 3796 hkmsvc - ok
20:28:06.0187 3796 hpn - ok
20:28:06.0218 3796 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:28:06.0218 3796 HPZid412 - ok
20:28:06.0234 3796 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:28:06.0234 3796 HPZipr12 - ok
20:28:06.0250 3796 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:28:06.0250 3796 HPZius12 - ok
20:28:06.0312 3796 HSFHWBS2 (128ef741b2293c36810561092b566b1c) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
20:28:06.0312 3796 HSFHWBS2 - ok
20:28:06.0359 3796 HSF_DP (9a0d0c461ef2b3d80cb7875b4b995e47) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
20:28:06.0390 3796 HSF_DP - ok
20:28:06.0468 3796 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:28:06.0468 3796 HTTP - ok
20:28:06.0515 3796 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:28:06.0515 3796 HTTPFilter - ok
20:28:06.0515 3796 i2omgmt - ok
20:28:06.0531 3796 i2omp - ok
20:28:06.0578 3796 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
20:28:06.0578 3796 i8042prt - ok
20:28:06.0593 3796 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:28:06.0593 3796 Imapi - ok
20:28:06.0671 3796 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:28:06.0671 3796 ImapiService - ok
20:28:06.0687 3796 ini910u - ok
20:28:06.0828 3796 IntcAzAudAddService (44792ccbc7b41b42ec068c6416d17de1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:28:06.0890 3796 IntcAzAudAddService - ok
20:28:07.0031 3796 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:28:07.0031 3796 IntelIde - ok
20:28:07.0093 3796 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:28:07.0093 3796 intelppm - ok
20:28:07.0125 3796 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:28:07.0125 3796 Ip6Fw - ok
20:28:07.0156 3796 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:28:07.0156 3796 IpFilterDriver - ok
20:28:07.0187 3796 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:28:07.0187 3796 IpInIp - ok
20:28:07.0234 3796 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:28:07.0234 3796 IpNat - ok
20:28:07.0359 3796 iPod Service (630d74599070824af3dc63a894adcdfc) C:\Program Files\iPod\bin\iPodService.exe
20:28:07.0375 3796 iPod Service - ok
20:28:07.0437 3796 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:28:07.0437 3796 IPSec - ok
20:28:07.0468 3796 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:28:07.0468 3796 IRENUM - ok
20:28:07.0500 3796 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:28:07.0500 3796 isapnp - ok
20:28:07.0640 3796 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
20:28:07.0640 3796 JavaQuickStarterService - ok
20:28:07.0656 3796 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:28:07.0656 3796 Kbdclass - ok
20:28:07.0718 3796 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:28:07.0718 3796 kbdhid - ok
20:28:07.0828 3796 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:28:07.0890 3796 kmixer - ok
20:28:07.0937 3796 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:28:07.0937 3796 KSecDD - ok
20:28:08.0171 3796 KService (70ceefe43cb746dd04a884c84a7ebaa3) C:\Program Files\Kontiki\KService.exe
20:28:08.0281 3796 KService - ok
20:28:08.0468 3796 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:28:08.0468 3796 lanmanserver - ok
20:28:08.0531 3796 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:28:08.0562 3796 lanmanworkstation - ok
20:28:08.0781 3796 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
20:28:08.0875 3796 Lavasoft Ad-Aware Service - ok
20:28:08.0937 3796 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
20:28:08.0937 3796 Lavasoft Kernexplorer - ok
20:28:09.0031 3796 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
20:28:09.0031 3796 Lbd - ok
20:28:09.0031 3796 lbrtfdc - ok
20:28:09.0109 3796 LiveUpdate Notice Ex - ok
20:28:09.0187 3796 LiveUpdate Notice Service (2d1389e05a807d956829f44bd4b60389) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
20:28:09.0203 3796 LiveUpdate Notice Service - ok
20:28:09.0265 3796 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:28:09.0265 3796 LmHosts - ok
20:28:09.0328 3796 LVUSBSta (a730fc8671a60666d6e877c544dd7cd4) C:\WINDOWS\system32\drivers\lvusbsta.sys
20:28:09.0328 3796 LVUSBSta - ok
20:28:09.0468 3796 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
20:28:09.0468 3796 McComponentHostService - ok
20:28:09.0484 3796 mdmxsdk (5110edd87e2508f02b922e83a2487dfc) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:28:09.0484 3796 mdmxsdk - ok
20:28:09.0515 3796 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:28:09.0515 3796 Messenger - ok
20:28:09.0562 3796 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:28:09.0562 3796 mnmdd - ok
20:28:09.0625 3796 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:28:09.0625 3796 mnmsrvc - ok
20:28:09.0687 3796 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:28:09.0687 3796 Modem - ok
20:28:09.0750 3796 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:28:09.0750 3796 Mouclass - ok
20:28:09.0812 3796 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:28:09.0812 3796 mouhid - ok
20:28:09.0875 3796 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:28:09.0875 3796 MountMgr - ok
20:28:09.0875 3796 mraid35x - ok
20:28:09.0921 3796 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:28:09.0921 3796 MRxDAV - ok
20:28:10.0000 3796 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:28:10.0000 3796 MRxSmb - ok
20:28:10.0078 3796 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:28:10.0078 3796 MSDTC - ok
20:28:10.0125 3796 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
20:28:10.0125 3796 MSDV - ok
20:28:10.0140 3796 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:28:10.0140 3796 Msfs - ok
20:28:10.0140 3796 MSIServer - ok
20:28:10.0171 3796 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:28:10.0171 3796 MSKSSRV - ok
20:28:10.0187 3796 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:28:10.0187 3796 MSPCLOCK - ok
20:28:10.0203 3796 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:28:10.0203 3796 MSPQM - ok
20:28:10.0234 3796 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:28:10.0234 3796 mssmbios - ok
20:28:10.0281 3796 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:28:10.0281 3796 MSTEE - ok
20:28:10.0328 3796 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:28:10.0328 3796 Mup - ok
20:28:10.0359 3796 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:28:10.0359 3796 NABTSFEC - ok
20:28:10.0406 3796 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:28:10.0406 3796 napagent - ok
20:28:10.0453 3796 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:28:10.0468 3796 NDIS - ok
20:28:10.0500 3796 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:28:10.0500 3796 NdisIP - ok
20:28:10.0546 3796 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:28:10.0546 3796 NdisTapi - ok
20:28:10.0562 3796 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:28:10.0562 3796 Ndisuio - ok
20:28:10.0593 3796 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:28:10.0593 3796 NdisWan - ok
20:28:10.0609 3796 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:28:10.0609 3796 NDProxy - ok
20:28:10.0625 3796 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:28:10.0625 3796 NetBIOS - ok
20:28:10.0671 3796 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:28:10.0671 3796 NetBT - ok
20:28:10.0734 3796 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:28:10.0734 3796 NetDDE - ok
20:28:10.0734 3796 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:28:10.0734 3796 NetDDEdsdm - ok
20:28:10.0765 3796 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:28:10.0765 3796 Netlogon - ok
20:28:10.0796 3796 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:28:10.0796 3796 Netman - ok
20:28:10.0859 3796 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:28:10.0859 3796 NIC1394 - ok
20:28:10.0921 3796 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:28:10.0937 3796 Nla - ok
20:28:10.0984 3796 nmwcd (696b37ea78f9d9767a2f18ba0304a51a) C:\WINDOWS\system32\drivers\nmwcd.sys
20:28:10.0984 3796 nmwcd - ok
20:28:11.0015 3796 nmwcdc (bbb6010fc01d9239d88fcdf133e03ff0) C:\WINDOWS\system32\drivers\nmwcdc.sys
20:28:11.0015 3796 nmwcdc - ok
20:28:11.0031 3796 nmwcdcj (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcj.sys
20:28:11.0031 3796 nmwcdcj - ok
20:28:11.0046 3796 nmwcdcm (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcm.sys
20:28:11.0046 3796 nmwcdcm - ok
20:28:11.0062 3796 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:28:11.0062 3796 Npfs - ok
20:28:11.0156 3796 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:28:11.0156 3796 Ntfs - ok
20:28:11.0171 3796 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:28:11.0171 3796 NtLmSsp - ok
20:28:11.0218 3796 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:28:11.0234 3796 NtmsSvc - ok
20:28:11.0281 3796 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:28:11.0281 3796 Null - ok
20:28:11.0328 3796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:28:11.0328 3796 NwlnkFlt - ok
20:28:11.0343 3796 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:28:11.0343 3796 NwlnkFwd - ok
20:28:11.0359 3796 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:28:11.0359 3796 ohci1394 - ok
20:28:11.0390 3796 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:28:11.0390 3796 Parport - ok
20:28:11.0437 3796 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:28:11.0437 3796 PartMgr - ok
20:28:11.0484 3796 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:28:11.0484 3796 ParVdm - ok
20:28:11.0500 3796 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:28:11.0500 3796 PCI - ok
20:28:11.0500 3796 PCIDump - ok
20:28:11.0515 3796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
20:28:11.0531 3796 PCIIde - ok
20:28:11.0578 3796 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
20:28:11.0578 3796 PCLEPCI - ok
20:28:11.0625 3796 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:28:11.0625 3796 Pcmcia - ok
20:28:11.0625 3796 PDCOMP - ok
20:28:11.0640 3796 PDFRAME - ok
20:28:11.0640 3796 PDRELI - ok
20:28:11.0656 3796 PDRFRAME - ok
20:28:11.0656 3796 perc2 - ok
20:28:11.0671 3796 perc2hib - ok
20:28:11.0859 3796 PhotoshopElementsDeviceConnect (e9ca440fe7a5957eb2eb0c587958dd29) C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
20:28:11.0859 3796 PhotoshopElementsDeviceConnect - ok
20:28:11.0906 3796 PID_0928 (5bd2c6d982481d548107c602e7ccfbbc) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
20:28:11.0921 3796 PID_0928 - ok
20:28:11.0953 3796 PIXMCV (5c08d25808a7ed574102ea832fbb1400) C:\WINDOWS\system32\Drivers\pixmcvc.sys
20:28:11.0968 3796 PIXMCV - ok
20:28:11.0984 3796 PIXMCVA (2cecad203aded777e8a46e2a01971147) C:\WINDOWS\system32\Drivers\pixmcva.sys
20:28:11.0984 3796 PIXMCVA - ok
20:28:12.0015 3796 PIXMCVV (2bdeef8b900e18de526ae8586ce6c680) C:\WINDOWS\system32\Drivers\pixmcvv.sys
20:28:12.0015 3796 PIXMCVV - ok
20:28:12.0046 3796 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:28:12.0062 3796 PlugPlay - ok
20:28:12.0125 3796 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
20:28:12.0125 3796 Pml Driver HPZ12 - ok
20:28:12.0171 3796 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:28:12.0171 3796 PolicyAgent - ok
20:28:12.0234 3796 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:28:12.0234 3796 PptpMiniport - ok
20:28:12.0265 3796 PRISM_A02 (c383926d4ba41afbca592b2ad1fe4109) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
20:28:12.0265 3796 PRISM_A02 - ok
20:28:12.0265 3796 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:28:12.0281 3796 ProtectedStorage - ok
20:28:12.0328 3796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:28:12.0328 3796 PSched - ok
20:28:12.0375 3796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:28:12.0390 3796 Ptilink - ok
20:28:12.0421 3796 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:28:12.0468 3796 PxHelp20 - ok
20:28:12.0484 3796 ql1080 - ok
20:28:12.0484 3796 Ql10wnt - ok
20:28:12.0500 3796 ql12160 - ok
20:28:12.0500 3796 ql1240 - ok
20:28:12.0515 3796 ql1280 - ok
20:28:12.0562 3796 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:28:12.0562 3796 RasAcd - ok
20:28:12.0609 3796 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:28:12.0609 3796 RasAuto - ok
20:28:12.0656 3796 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:28:12.0656 3796 Rasl2tp - ok
20:28:12.0718 3796 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:28:12.0718 3796 RasMan - ok
20:28:12.0750 3796 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:28:12.0750 3796 RasPppoe - ok
20:28:12.0750 3796 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:28:12.0765 3796 Raspti - ok
20:28:12.0796 3796 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:28:12.0796 3796 Rdbss - ok
20:28:12.0859 3796 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:28:12.0859 3796 RDPCDD - ok
20:28:12.0906 3796 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:28:12.0921 3796 RDPWD - ok
20:28:12.0968 3796 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:28:12.0968 3796 RDSessMgr - ok
20:28:13.0031 3796 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:28:13.0046 3796 redbook - ok
20:28:13.0078 3796 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:28:13.0078 3796 RemoteAccess - ok
20:28:13.0140 3796 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:28:13.0140 3796 RpcLocator - ok
20:28:13.0218 3796 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
20:28:13.0234 3796 RpcSs - ok
20:28:13.0312 3796 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:28:13.0312 3796 RSVP - ok
20:28:13.0375 3796 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
20:28:13.0375 3796 RTL8023xp - ok
20:28:13.0421 3796 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:28:13.0421 3796 rtl8139 - ok
20:28:13.0468 3796 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:28:13.0468 3796 SamSs - ok
20:28:13.0468 3796 SCardSvr - ok
20:28:13.0546 3796 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:28:13.0546 3796 Schedule - ok
20:28:13.0593 3796 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:28:13.0593 3796 Secdrv - ok
20:28:13.0640 3796 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:28:13.0640 3796 seclogon - ok
20:28:13.0656 3796 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:28:13.0656 3796 SENS - ok
20:28:13.0671 3796 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:28:13.0671 3796 serenum - ok
20:28:13.0718 3796 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:28:13.0718 3796 Serial - ok
20:28:13.0906 3796 ServiceLayer (019ab047b932ad277a4da2673e5cc19c) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
20:28:13.0906 3796 ServiceLayer - ok
20:28:13.0968 3796 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:28:13.0968 3796 Sfloppy - ok
20:28:14.0046 3796 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:28:14.0046 3796 SharedAccess - ok
20:28:14.0109 3796 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:28:14.0109 3796 ShellHWDetection - ok
20:28:14.0109 3796 Simbad - ok
20:28:14.0156 3796 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:28:14.0156 3796 SLIP - ok
20:28:14.0171 3796 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
20:28:14.0171 3796 SONYPVU1 - ok
20:28:14.0187 3796 Sparrow - ok
20:28:14.0234 3796 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:28:14.0234 3796 splitter - ok
20:28:14.0296 3796 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:28:14.0296 3796 Spooler - ok
20:28:14.0312 3796 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:28:14.0312 3796 sr - ok
20:28:14.0375 3796 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:28:14.0390 3796 srservice - ok
20:28:14.0437 3796 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:28:14.0437 3796 Srv - ok
20:28:14.0484 3796 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:28:14.0484 3796 SSDPSRV - ok
20:28:14.0562 3796 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:28:14.0578 3796 stisvc - ok
20:28:14.0640 3796 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:28:14.0640 3796 streamip - ok
20:28:14.0671 3796 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:28:14.0671 3796 swenum - ok
20:28:14.0687 3796 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:28:14.0687 3796 swmidi - ok
20:28:14.0687 3796 SwPrv - ok
20:28:14.0703 3796 symc810 - ok
20:28:14.0703 3796 symc8xx - ok
20:28:14.0718 3796 sym_hi - ok
20:28:14.0718 3796 sym_u3 - ok
20:28:14.0765 3796 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:28:14.0765 3796 sysaudio - ok
20:28:14.0890 3796 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:28:14.0890 3796 SysmonLog - ok
20:28:15.0000 3796 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:28:15.0000 3796 TapiSrv - ok
20:28:15.0078 3796 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:28:15.0078 3796 Tcpip - ok
20:28:15.0140 3796 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:28:15.0140 3796 TDPIPE - ok
20:28:15.0140 3796 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:28:15.0140 3796 TDTCP - ok
20:28:15.0187 3796 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:28:15.0187 3796 TermDD - ok
20:28:15.0265 3796 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:28:15.0281 3796 TermService - ok
20:28:15.0390 3796 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:28:15.0390 3796 Themes - ok
20:28:15.0406 3796 TosIde - ok
20:28:15.0484 3796 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:28:15.0500 3796 TrkWks - ok
20:28:15.0531 3796 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
20:28:15.0531 3796 TVICHW32 - ok
20:28:15.0546 3796 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:28:15.0546 3796 Udfs - ok
20:28:15.0562 3796 ultra - ok
20:28:15.0625 3796 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:28:15.0640 3796 Update - ok
20:28:15.0703 3796 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:28:15.0703 3796 upnphost - ok
20:28:15.0734 3796 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:28:15.0734 3796 UPS - ok
20:28:15.0796 3796 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:28:15.0796 3796 USBAAPL - ok
20:28:15.0828 3796 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:28:15.0828 3796 usbccgp - ok
20:28:15.0843 3796 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:28:15.0843 3796 usbehci - ok
20:28:15.0906 3796 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:28:15.0921 3796 usbhub - ok
20:28:15.0968 3796 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:28:15.0968 3796 usbprint - ok
20:28:16.0000 3796 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:28:16.0000 3796 usbscan - ok
20:28:16.0031 3796 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
20:28:16.0031 3796 usbser - ok
20:28:16.0062 3796 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
20:28:16.0062 3796 usbsermpt - ok
20:28:16.0062 3796 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:28:16.0078 3796 usbstor - ok
20:28:16.0125 3796 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:28:16.0125 3796 usbuhci - ok
20:28:16.0156 3796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:28:16.0156 3796 VgaSave - ok
20:28:16.0156 3796 ViaIde - ok
20:28:16.0203 3796 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:28:16.0203 3796 VolSnap - ok
20:28:16.0281 3796 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:28:16.0281 3796 VSS - ok
20:28:16.0312 3796 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:28:16.0328 3796 W32Time - ok
20:28:16.0375 3796 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:28:16.0390 3796 Wanarp - ok
20:28:16.0390 3796 WDICA - ok
20:28:16.0406 3796 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:28:16.0406 3796 wdmaud - ok
20:28:16.0468 3796 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:28:16.0468 3796 WebClient - ok
20:28:16.0578 3796 winachsf (ce545a84bf3411e7516fa8da51ad9d93) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:28:16.0593 3796 winachsf - ok
20:28:16.0703 3796 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
20:28:16.0703 3796 WinDefend - ok
20:28:16.0812 3796 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:28:16.0828 3796 winmgmt - ok
20:28:16.0906 3796 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
20:28:16.0906 3796 WLSetupSvc - ok
20:28:16.0937 3796 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:28:16.0937 3796 WmdmPmSN - ok
20:28:17.0000 3796 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:28:17.0000 3796 WmiApSrv - ok
20:28:17.0156 3796 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:28:17.0187 3796 WMPNetworkSvc - ok
20:28:17.0234 3796 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:28:17.0250 3796 wscsvc - ok
20:28:17.0296 3796 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:28:17.0296 3796 WSTCODEC - ok
20:28:17.0328 3796 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:28:17.0328 3796 wuauserv - ok
20:28:17.0390 3796 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:28:17.0390 3796 WudfPf - ok
20:28:17.0421 3796 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:28:17.0421 3796 WudfRd - ok
20:28:17.0468 3796 WudfSvc (ae93084d2d236887ba56467ae42b4955) C:\WINDOWS\System32\WUDFSvc.dll
20:28:17.0468 3796 WudfSvc - ok
20:28:17.0531 3796 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:28:17.0546 3796 WZCSVC - ok
20:28:17.0578 3796 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:28:17.0593 3796 xmlprov - ok
20:28:17.0625 3796 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:28:17.0796 3796 \Device\Harddisk0\DR0 - ok
20:28:17.0796 3796 Boot (0x1200) (72df94b034316e55cad91980b1e3bfa6) \Device\Harddisk0\DR0\Partition0
20:28:17.0796 3796 \Device\Harddisk0\DR0\Partition0 - ok
20:28:17.0796 3796 ============================================================
20:28:17.0796 3796 Scan finished
20:28:17.0796 3796 ============================================================
20:28:17.0812 3752 Detected object count: 0
20:28:17.0812 3752 Actual detected object count: 0
20:41:28.0421 2948 Deinitialize success


TDSSkiller log 2
23:31:18.0796 2036 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
23:31:19.0000 2036 ============================================================
23:31:19.0000 2036 Current date / time: 2012/05/01 23:31:19.0000
23:31:19.0000 2036 SystemInfo:
23:31:19.0000 2036
23:31:19.0000 2036 OS Version: 5.1.2600 ServicePack: 3.0
23:31:19.0000 2036 Product type: Workstation
23:31:19.0000 2036 ComputerName: YOUR-4AD98E1252
23:31:19.0000 2036 UserName: Stephen
23:31:19.0000 2036 Windows directory: C:\WINDOWS
23:31:19.0000 2036 System windows directory: C:\WINDOWS
23:31:19.0000 2036 Processor architecture: Intel x86
23:31:19.0000 2036 Number of processors: 2
23:31:19.0000 2036 Page size: 0x1000
23:31:19.0000 2036 Boot type: Normal boot
23:31:19.0000 2036 ============================================================
23:31:21.0453 2036 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:31:21.0484 2036 ============================================================
23:31:21.0484 2036 \Device\Harddisk0\DR0:
23:31:21.0531 2036 MBR partitions:
23:31:21.0531 2036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
23:31:21.0531 2036 ============================================================
23:31:21.0578 2036 C: <-> \Device\Harddisk0\DR0\Partition0
23:31:21.0578 2036 ============================================================
23:31:21.0578 2036 Initialize success
23:31:21.0578 2036 ============================================================
23:31:29.0500 2024 Deinitialize success


wildfly73
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-06-20
Gender Gender : Male
OS OS : windows xp Home Edition 2002 service pack 3
Protection Protection : ad-aware, malwarebytes
Points Points : 20382
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by wildfly73 on Tue May 01, 2012 6:53 pm

Hello, after running TDSSkiller i feel we have made good progress. i rebooted without Windows Recovery Environment. I was now able to download SAS! Below are two SAS scan logs 1st quick scan 2nd complete scan.

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 05/01/2012 at 09:17 PM

Application Version : 5.0.1148

Core Rules Database Version : 8535
Trace Rules Database Version: 6347

Scan type : Quick Scan
Total Scan Time : 00:24:52

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 529
Memory threats detected : 0
Registry items scanned : 29850
Registry threats detected : 0
File items scanned : 17724
File threats detected : 522

Trojan.Agent/Gen-FakeAntiSpy
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\JL6SVP0H5ESLEV.EXE
C:\WINDOWS\Prefetch\JL6SVP0H5ESLEV.EXE-2DDEBA6B.pf

PUP.Whitesmoke
C:\Program Files\WHITESMOKE

Adware.Tracking Cookie
C:\Documents and Settings\Stephen\Cookies\stephen@006.free-counters.co[2].txt [ /006.free-counters.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@112.2o7[2].txt [ /112.2o7 ]
C:\Documents and Settings\Stephen\Cookies\stephen@122.2o7[2].txt [ /122.2o7 ]
C:\Documents and Settings\Stephen\Cookies\stephen@122.2o7[3].txt [ /122.2o7 ]
C:\Documents and Settings\Stephen\Cookies\stephen@192com.112.2o7[1].txt [ /192com.112.2o7 ]
C:\Documents and Settings\Stephen\Cookies\stephen@2012-thecountdown[1].txt [ /2012-thecountdown ]
C:\Documents and Settings\Stephen\Cookies\stephen@247realmedia[2].txt [ /247realmedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@2o7[2].txt [ /2o7 ]
C:\Documents and Settings\Stephen\Cookies\stephen@77tracking[1].txt [ /77tracking ]
C:\Documents and Settings\Stephen\Cookies\stephen@a1.interclick[2].txt [ /a1.interclick ]
C:\Documents and Settings\Stephen\Cookies\stephen@account.live[2].txt [ /account.live ]
C:\Documents and Settings\Stephen\Cookies\stephen@accounts.google[3].txt [ /accounts.google ]
C:\Documents and Settings\Stephen\Cookies\stephen@ad.360yield[1].txt [ /ad.360yield ]
C:\Documents and Settings\Stephen\Cookies\stephen@ad.adperium[1].txt [ /ad.adperium ]
C:\Documents and Settings\Stephen\Cookies\stephen@ad.bodybuilding[2].txt [ /ad.bodybuilding ]
C:\Documents and Settings\Stephen\Cookies\stephen@ad.pitattomatch[1].txt [ /ad.pitattomatch ]
C:\Documents and Settings\Stephen\Cookies\stephen@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
C:\Documents and Settings\Stephen\Cookies\stephen@ad.zanox[2].txt [ /ad.zanox ]
C:\Documents and Settings\Stephen\Cookies\stephen@ad1.emediate[1].txt [ /ad1.emediate ]
C:\Documents and Settings\Stephen\Cookies\stephen@adbrite[1].txt [ /adbrite ]
C:\Documents and Settings\Stephen\Cookies\stephen@adform[1].txt [ /adform ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.ad4game[2].txt [ /ads.ad4game ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.adap[2].txt [ /ads.adap ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.anm.co[2].txt [ /ads.anm.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.aol.co[1].txt [ /ads.aol.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.associatedcontent[1].txt [ /ads.associatedcontent ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.audience2media[2].txt [ /ads.audience2media ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.audience2media[3].txt [ /ads.audience2media ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.bleepingcomputer[2].txt [ /ads.bleepingcomputer ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.blogtalkradio[2].txt [ /ads.blogtalkradio ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.blogtalkradio[3].txt [ /ads.blogtalkradio ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.carocean.co[1].txt [ /ads.carocean.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.ctasnet[2].txt [ /ads.ctasnet ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.foodbuzz[2].txt [ /ads.foodbuzz ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.gmodules[2].txt [ /ads.gmodules ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.monster[1].txt [ /ads.monster ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.monster[2].txt [ /ads.monster ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.moviemaker[1].txt [ /ads.moviemaker ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.nsi-ltd[2].txt [ /ads.nsi-ltd ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.ogdenpubs[1].txt [ /ads.ogdenpubs ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.pubmatic[2].txt [ /ads.pubmatic ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.raasnet[1].txt [ /ads.raasnet ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.roiserver[2].txt [ /ads.roiserver ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.simonandschuster[1].txt [ /ads.simonandschuster ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.telegraph.co[1].txt [ /ads.telegraph.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.torrentreactor[2].txt [ /ads.torrentreactor ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.uknetguide.co[1].txt [ /ads.uknetguide.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.verticalscope[1].txt [ /ads.verticalscope ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.viddler[2].txt [ /ads.viddler ]
C:\Documents and Settings\Stephen\Cookies\stephen@ads.widgetbucks[2].txt [ /ads.widgetbucks ]
C:\Documents and Settings\Stephen\Cookies\stephen@adsenserecipe[1].txt [ /adsenserecipe ]
C:\Documents and Settings\Stephen\Cookies\stephen@adserver.adtechus[1].txt [ /adserver.adtechus ]
C:\Documents and Settings\Stephen\Cookies\stephen@adserver.adtechus[2].txt [ /adserver.adtechus ]
C:\Documents and Settings\Stephen\Cookies\stephen@adtech.staticwhich.co[2].txt [ /adtech.staticwhich.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@adtech.staticwhich.co[3].txt [ /adtech.staticwhich.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@adtech[1].txt [ /adtech ]
C:\Documents and Settings\Stephen\Cookies\stephen@advertising[1].txt [ /advertising ]
C:\Documents and Settings\Stephen\Cookies\stephen@advertstream[2].txt [ /advertstream ]
C:\Documents and Settings\Stephen\Cookies\stephen@adviva[1].txt [ /adviva ]
C:\Documents and Settings\Stephen\Cookies\stephen@adxpose[1].txt [ /adxpose ]
C:\Documents and Settings\Stephen\Cookies\stephen@adxpose[2].txt [ /adxpose ]
C:\Documents and Settings\Stephen\Cookies\stephen@aimfar.solution.weborama[1].txt [ /aimfar.solution.weborama ]
C:\Documents and Settings\Stephen\Cookies\stephen@aimfar.solution.weborama[2].txt [ /aimfar.solution.weborama ]
C:\Documents and Settings\Stephen\Cookies\stephen@airfrance.bannerfactory[1].txt [ /airfrance.bannerfactory ]
C:\Documents and Settings\Stephen\Cookies\stephen@allyours.virginmedia[2].txt [ /allyours.virginmedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@amazonmerchants.122.2o7[1].txt [ /amazonmerchants.122.2o7 ]
C:\Documents and Settings\Stephen\Cookies\stephen@amazonmerchants.122.2o7[2].txt [ /amazonmerchants.122.2o7 ]
C:\Documents and Settings\Stephen\Cookies\stephen@andomedia[1].txt [ /andomedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@anrtx.tacoda[1].txt [ /anrtx.tacoda ]
C:\Documents and Settings\Stephen\Cookies\stephen@apmebf[2].txt [ /apmebf ]
C:\Documents and Settings\Stephen\Cookies\stephen@askavetquestion[2].txt [ /askavetquestion ]
C:\Documents and Settings\Stephen\Cookies\stephen@at.atwola[2].txt [ /at.atwola ]
C:\Documents and Settings\Stephen\Cookies\stephen@atdmt[1].txt [ /atdmt ]
C:\Documents and Settings\Stephen\Cookies\stephen@atdmt[3].txt [ /atdmt ]
C:\Documents and Settings\Stephen\Cookies\stephen@audience2media[1].txt [ /audience2media ]
C:\Documents and Settings\Stephen\Cookies\stephen@audience2media[2].txt [ /audience2media ]
C:\Documents and Settings\Stephen\Cookies\stephen@audience2media[3].txt [ /audience2media ]
C:\Documents and Settings\Stephen\Cookies\stephen@audit.median[1].txt [ /audit.median ]
C:\Documents and Settings\Stephen\Cookies\stephen@azjmp[2].txt [ /azjmp ]
C:\Documents and Settings\Stephen\Cookies\stephen@baa.solution.weborama[2].txt [ /baa.solution.weborama ]
C:\Documents and Settings\Stephen\Cookies\stephen@banners.bgmaps[2].txt [ /banners.bgmaps ]
C:\Documents and Settings\Stephen\Cookies\stephen@bannersng.yell[1].txt [ /bannersng.yell ]
C:\Documents and Settings\Stephen\Cookies\stephen@bannersng.yell[2].txt [ /bannersng.yell ]
C:\Documents and Settings\Stephen\Cookies\stephen@bittorrent.click-new-download[1].txt [ /bittorrent.click-new-download ]
C:\Documents and Settings\Stephen\Cookies\stephen@bizrate[1].txt [ /bizrate ]
C:\Documents and Settings\Stephen\Cookies\stephen@bluestreak[2].txt [ /bluestreak ]
C:\Documents and Settings\Stephen\Cookies\stephen@bmuk.burstnet[2].txt [ /bmuk.burstnet ]
C:\Documents and Settings\Stephen\Cookies\stephen@bmuk.burstnet[3].txt [ /bmuk.burstnet ]
C:\Documents and Settings\Stephen\Cookies\stephen@bookdiscountlinks.blogspot[1].txt [ /bookdiscountlinks.blogspot ]
C:\Documents and Settings\Stephen\Cookies\stephen@bravenet[2].txt [ /bravenet ]
C:\Documents and Settings\Stephen\Cookies\stephen@bravenet[3].txt [ /bravenet ]
C:\Documents and Settings\Stephen\Cookies\stephen@britannia.112.2o7[1].txt [ /britannia.112.2o7 ]
C:\Documents and Settings\Stephen\Cookies\stephen@bs.serving-sys[1].txt [ /bs.serving-sys ]
C:\Documents and Settings\Stephen\Cookies\stephen@bs.serving-sys[2].txt [ /bs.serving-sys ]
C:\Documents and Settings\Stephen\Cookies\stephen@burstbeacon[2].txt [ /burstbeacon ]
C:\Documents and Settings\Stephen\Cookies\stephen@burstnet[1].txt [ /burstnet ]
C:\Documents and Settings\Stephen\Cookies\stephen@burstnet[2].txt [ /burstnet ]
C:\Documents and Settings\Stephen\Cookies\stephen@c.gigcount[2].txt [ /c.gigcount ]
C:\Documents and Settings\Stephen\Cookies\stephen@care2.112.2o7[1].txt [ /care2.112.2o7 ]
C:\Documents and Settings\Stephen\Cookies\stephen@carsparefinder.co[1].txt [ /carsparefinder.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@casalemedia[2].txt [ /casalemedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@casalemedia[3].txt [ /casalemedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@click.cashengines[2].txt [ /click.cashengines ]
C:\Documents and Settings\Stephen\Cookies\stephen@click.fspeletters[1].txt [ /click.fspeletters ]
C:\Documents and Settings\Stephen\Cookies\stephen@click.fspeletters[2].txt [ /click.fspeletters ]
C:\Documents and Settings\Stephen\Cookies\stephen@click.fspeletters[4].txt [ /click.fspeletters ]
C:\Documents and Settings\Stephen\Cookies\stephen@click.jobsgopublic[1].txt [ /click.jobsgopublic ]
C:\Documents and Settings\Stephen\Cookies\stephen@click.jobsgopublic[2].txt [ /click.jobsgopublic ]
C:\Documents and Settings\Stephen\Cookies\stephen@click.mediadome[1].txt [ /click.mediadome ]
C:\Documents and Settings\Stephen\Cookies\stephen@click2.cashengines[2].txt [ /click2.cashengines ]
C:\Documents and Settings\Stephen\Cookies\stephen@clickbank[1].txt [ /clickbank ]
C:\Documents and Settings\Stephen\Cookies\stephen@clicks.laterooms[2].txt [ /clicks.laterooms ]
C:\Documents and Settings\Stephen\Cookies\stephen@clicks.laterooms[3].txt [ /clicks.laterooms ]
C:\Documents and Settings\Stephen\Cookies\stephen@clicktrk.laterooms[2].txt [ /clicktrk.laterooms ]
C:\Documents and Settings\Stephen\Cookies\stephen@clicktrk.laterooms[3].txt [ /clicktrk.laterooms ]
C:\Documents and Settings\Stephen\Cookies\stephen@collective-media[1].txt [ /collective-media ]
C:\Documents and Settings\Stephen\Cookies\stephen@collective-media[3].txt [ /collective-media ]
C:\Documents and Settings\Stephen\Cookies\stephen@collective-media[4].txt [ /collective-media ]
C:\Documents and Settings\Stephen\Cookies\stephen@condenast.112.2o7[1].txt [ /condenast.112.2o7 ]
C:\Documents and Settings\Stephen\Cookies\stephen@content.yieldmanager[2].txt [ /content.yieldmanager ]
C:\Documents and Settings\Stephen\Cookies\stephen@content.yieldmanager[4].txt [ /content.yieldmanager ]
C:\Documents and Settings\Stephen\Cookies\stephen@counter.hitslink[1].txt [ /counter.hitslink ]
C:\Documents and Settings\Stephen\Cookies\stephen@counter2.hitslink[1].txt [ /counter2.hitslink ]
C:\Documents and Settings\Stephen\Cookies\stephen@countercentral[1].txt [ /countercentral ]
C:\Documents and Settings\Stephen\Cookies\stephen@counters.gigya[1].txt [ /counters.gigya ]
C:\Documents and Settings\Stephen\Cookies\stephen@countrywidegrounds[1].txt [ /countrywidegrounds ]
C:\Documents and Settings\Stephen\Cookies\stephen@crackyoureggprogram[2].txt [ /crackyoureggprogram ]
C:\Documents and Settings\Stephen\Cookies\stephen@dc.tremormedia[1].txt [ /dc.tremormedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@directtrack[1].txt [ /directtrack ]
C:\Documents and Settings\Stephen\Cookies\stephen@discountshoestore.co[1].txt [ /discountshoestore.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@discountvitaminsandherbs[2].txt [ /discountvitaminsandherbs ]
C:\Documents and Settings\Stephen\Cookies\stephen@divx.112.2o7[1].txt [ /divx.112.2o7 ]
C:\Documents and Settings\Stephen\Cookies\stephen@dmtracker[1].txt [ /dmtracker ]
C:\Documents and Settings\Stephen\Cookies\stephen@dmtracker[2].txt [ /dmtracker ]
C:\Documents and Settings\Stephen\Cookies\stephen@dmtracker[3].txt [ /dmtracker ]
C:\Documents and Settings\Stephen\Cookies\stephen@doubleclick[1].txt [ /doubleclick ]
C:\Documents and Settings\Stephen\Cookies\stephen@doubleclick[2].txt [ /doubleclick ]
C:\Documents and Settings\Stephen\Cookies\stephen@e-2dj6aekicnajkdp.stats.esomniture[2].txt [ /e-2dj6aekicnajkdp.stats.esomniture ]
C:\Documents and Settings\Stephen\Cookies\stephen@e-2dj6aekioncjkcq.stats.esomniture[2].txt [ /e-2dj6aekioncjkcq.stats.esomniture ]
C:\Documents and Settings\Stephen\Cookies\stephen@e-2dj6aelisjc5afp.stats.esomniture[2].txt [ /e-2dj6aelisjc5afp.stats.esomniture ]
C:\Documents and Settings\Stephen\Cookies\stephen@e-2dj6wal4akajikp.stats.esomniture[2].txt [ /e-2dj6wal4akajikp.stats.esomniture ]
C:\Documents and Settings\Stephen\Cookies\stephen@e-2dj6walyciczwho.stats.esomniture[1].txt [ /e-2dj6walyciczwho.stats.esomniture ]
C:\Documents and Settings\Stephen\Cookies\stephen@e-2dj6wdl4godjokq.stats.esomniture[1].txt [ /e-2dj6wdl4godjokq.stats.esomniture ]
C:\Documents and Settings\Stephen\Cookies\stephen@e-2dj6wdmyapazwgp.stats.esomniture[2].txt [ /e-2dj6wdmyapazwgp.stats.esomniture ]
C:\Documents and Settings\Stephen\Cookies\stephen@e-2dj6wfkielc5eeo.stats.esomniture[2].txt [ /e-2dj6wfkielc5eeo.stats.esomniture ]
C:\Documents and Settings\Stephen\Cookies\stephen@e-2dj6wfkoklcjscp.stats.esomniture[2].txt [ /e-2dj6wfkoklcjscp.stats.esomniture ]
C:\Documents and Settings\Stephen\Cookies\stephen@e-2dj6wglywgczabp.stats.esomniture[2].txt [ /e-2dj6wglywgczabp.stats.esomniture ]
C:\Documents and Settings\Stephen\Cookies\stephen@e-2dj6wjkokgc5kaq.stats.esomniture[2].txt [ /e-2dj6wjkokgc5kaq.stats.esomniture ]
C:\Documents and Settings\Stephen\Cookies\stephen@e-2dj6wjkygndzido.stats.esomniture[2].txt [ /e-2dj6wjkygndzido.stats.esomniture ]
C:\Documents and Settings\Stephen\Cookies\stephen@e-2dj6wjloqjajsdo.stats.esomniture[1].txt [ /e-2dj6wjloqjajsdo.stats.esomniture ]
C:\Documents and Settings\Stephen\Cookies\stephen@e-2dj6wjlyggcpekq.stats.esomniture[1].txt [ /e-2dj6wjlyggcpekq.stats.esomniture ]
C:\Documents and Settings\Stephen\Cookies\stephen@e-2dj6wmmighcjoko.stats.esomniture[1].txt [ /e-2dj6wmmighcjoko.stats.esomniture ]
C:\Documents and Settings\Stephen\Cookies\stephen@e-2dj6wnkyggd5oko.stats.esomniture[2].txt [ /e-2dj6wnkyggd5oko.stats.esomniture ]
C:\Documents and Settings\Stephen\Cookies\stephen@e-2dj6wnmyqnc5sdq.stats.esomniture[1].txt [ /e-2dj6wnmyqnc5sdq.stats.esomniture ]
C:\Documents and Settings\Stephen\Cookies\stephen@eas.apm.emediate[2].txt [ /eas.apm.emediate ]
C:\Documents and Settings\Stephen\Cookies\stephen@eas.apm.emediate[3].txt [ /eas.apm.emediate ]
C:\Documents and Settings\Stephen\Cookies\stephen@eas.apm.emediate[4].txt [ /eas.apm.emediate ]
C:\Documents and Settings\Stephen\Cookies\stephen@ehg-tfl.hitbox[2].txt [ /ehg-tfl.hitbox ]
C:\Documents and Settings\Stephen\Cookies\stephen@emediate[2].txt [ /emediate ]
C:\Documents and Settings\Stephen\Cookies\stephen@emediate[3].txt [ /emediate ]
C:\Documents and Settings\Stephen\Cookies\stephen@emediate[4].txt [ /emediate ]
C:\Documents and Settings\Stephen\Cookies\stephen@enhance[2].txt [ /enhance ]
C:\Documents and Settings\Stephen\Cookies\stephen@euroclick[1].txt [ /euroclick ]
C:\Documents and Settings\Stephen\Cookies\stephen@euroclick[2].txt [ /euroclick ]
C:\Documents and Settings\Stephen\Cookies\stephen@eventbrite.122.2o7[1].txt [ /eventbrite.122.2o7 ]
C:\Documents and Settings\Stephen\Cookies\stephen@eventbrite.122.2o7[2].txt [ /eventbrite.122.2o7 ]
C:\Documents and Settings\Stephen\Cookies\stephen@everyclick[1].txt [ /everyclick ]
C:\Documents and Settings\Stephen\Cookies\stephen@eyewonder[2].txt [ /eyewonder ]
C:\Documents and Settings\Stephen\Cookies\stephen@eyewonder[3].txt [ /eyewonder ]
C:\Documents and Settings\Stephen\Cookies\stephen@fastclick[2].txt [ /fastclick ]
C:\Documents and Settings\Stephen\Cookies\stephen@find.myrecipes[2].txt [ /find.myrecipes ]
C:\Documents and Settings\Stephen\Cookies\stephen@findaspring[1].txt [ /findaspring ]
C:\Documents and Settings\Stephen\Cookies\stephen@findaspring[2].txt [ /findaspring ]
C:\Documents and Settings\Stephen\Cookies\stephen@findhorn[1].txt [ /findhorn ]
C:\Documents and Settings\Stephen\Cookies\stephen@findingjoymovie[1].txt [ /findingjoymovie ]
C:\Documents and Settings\Stephen\Cookies\stephen@fr.at.atwola[1].txt [ /fr.at.atwola ]
C:\Documents and Settings\Stephen\Cookies\stephen@friendlytrack[2].txt [ /friendlytrack ]
C:\Documents and Settings\Stephen\Cookies\stephen@googleads.g.doubleclick[1].txt [ /googleads.g.doubleclick ]
C:\Documents and Settings\Stephen\Cookies\stephen@guyfinley.directtrack[2].txt [ /guyfinley.directtrack ]
C:\Documents and Settings\Stephen\Cookies\stephen@hearstmagazines.112.2o7[1].txt [ /hearstmagazines.112.2o7 ]
C:\Documents and Settings\Stephen\Cookies\stephen@herbdoc.112.2o7[1].txt [ /herbdoc.112.2o7 ]
C:\Documents and Settings\Stephen\Cookies\stephen@hitbox[2].txt [ /hitbox ]
C:\Documents and Settings\Stephen\Cookies\stephen@ilead.itrack[1].txt [ /ilead.itrack ]
C:\Documents and Settings\Stephen\Cookies\stephen@imrworldwide[2].txt [ /imrworldwide ]
C:\Documents and Settings\Stephen\Cookies\stephen@imrworldwide[3].txt [ /imrworldwide ]
C:\Documents and Settings\Stephen\Cookies\stephen@imrworldwide[4].txt [ /imrworldwide ]
C:\Documents and Settings\Stephen\Cookies\stephen@in.getclicky[1].txt [ /in.getclicky ]
C:\Documents and Settings\Stephen\Cookies\stephen@in.getclicky[2].txt [ /in.getclicky ]
C:\Documents and Settings\Stephen\Cookies\stephen@insightexpressai[1].txt [ /insightexpressai ]
C:\Documents and Settings\Stephen\Cookies\stephen@interclick[1].txt [ /interclick ]
C:\Documents and Settings\Stephen\Cookies\stephen@invitemedia[1].txt [ /invitemedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@kantarmedia[2].txt [ /kantarmedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@kiddicare.solution.weborama[2].txt [ /kiddicare.solution.weborama ]
C:\Documents and Settings\Stephen\Cookies\stephen@kontera[1].txt [ /kontera ]
C:\Documents and Settings\Stephen\Cookies\stephen@kontera[2].txt [ /kontera ]
C:\Documents and Settings\Stephen\Cookies\stephen@latestnews.virginmedia[1].txt [ /latestnews.virginmedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@legolas-media[2].txt [ /legolas-media ]
C:\Documents and Settings\Stephen\Cookies\stephen@lfstmedia[1].txt [ /lfstmedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@lfstmedia[2].txt [ /lfstmedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@liveperson[1].txt [ /liveperson ]
C:\Documents and Settings\Stephen\Cookies\stephen@liveperson[3].txt [ /liveperson ]
C:\Documents and Settings\Stephen\Cookies\stephen@liveperson[4].txt [ /liveperson ]
C:\Documents and Settings\Stephen\Cookies\stephen@liveperson[5].txt [ /liveperson ]
C:\Documents and Settings\Stephen\Cookies\stephen@lstat.youku[2].txt [ /lstat.youku ]
C:\Documents and Settings\Stephen\Cookies\stephen@lucidmedia[2].txt [ /lucidmedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@measussex.org[2].txt [ /measussex.org ]
C:\Documents and Settings\Stephen\Cookies\stephen@media.cardomain[1].txt [ /media.cardomain ]
C:\Documents and Settings\Stephen\Cookies\stephen@media.easyads[2].txt [ /media.easyads ]
C:\Documents and Settings\Stephen\Cookies\stephen@media.medhelp[1].txt [ /media.medhelp ]
C:\Documents and Settings\Stephen\Cookies\stephen@media.medhelp[3].txt [ /media.medhelp ]
C:\Documents and Settings\Stephen\Cookies\stephen@media.mercola[2].txt [ /media.mercola ]
C:\Documents and Settings\Stephen\Cookies\stephen@media6degrees[1].txt [ /media6degrees ]
C:\Documents and Settings\Stephen\Cookies\stephen@media6degrees[3].txt [ /media6degrees ]
C:\Documents and Settings\Stephen\Cookies\stephen@media6degrees[4].txt [ /media6degrees ]
C:\Documents and Settings\Stephen\Cookies\stephen@mediabrandsww[1].txt [ /mediabrandsww ]
C:\Documents and Settings\Stephen\Cookies\stephen@mediaforge[1].txt [ /mediaforge ]
C:\Documents and Settings\Stephen\Cookies\stephen@mediaplex[2].txt [ /mediaplex ]
C:\Documents and Settings\Stephen\Cookies\stephen@mediaweb.musicradio[1].txt [ /mediaweb.musicradio ]
C:\Documents and Settings\Stephen\Cookies\stephen@mercola.122.2o7[1].txt [ /mercola.122.2o7 ]
C:\Documents and Settings\Stephen\Cookies\stephen@microsoftsto.112.2o7[1].txt [ /microsoftsto.112.2o7 ]
C:\Documents and Settings\Stephen\Cookies\stephen@mm.chitika[2].txt [ /mm.chitika ]
C:\Documents and Settings\Stephen\Cookies\stephen@mm.chitika[3].txt [ /mm.chitika ]
C:\Documents and Settings\Stephen\Cookies\stephen@movies.virginmedia[1].txt [ /movies.virginmedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@msnportal.112.2o7[1].txt [ /msnportal.112.2o7 ]
C:\Documents and Settings\Stephen\Cookies\stephen@msnportal.112.2o7[2].txt [ /msnportal.112.2o7 ]
C:\Documents and Settings\Stephen\Cookies\stephen@mtvn.112.2o7[1].txt [ /mtvn.112.2o7 ]
C:\Documents and Settings\Stephen\Cookies\stephen@mywebsearch[1].txt [ /mywebsearch ]
C:\Documents and Settings\Stephen\Cookies\stephen@naturalfoodfinder.co[1].txt [ /naturalfoodfinder.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@naturalfoodfinder.co[2].txt [ /naturalfoodfinder.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@naturalfoodfinder.co[4].txt [ /naturalfoodfinder.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@oneclickpharmacy.co[2].txt [ /oneclickpharmacy.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@onlineadtracker.co[2].txt [ /onlineadtracker.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@optimize.indieclick[2].txt [ /optimize.indieclick ]
C:\Documents and Settings\Stephen\Cookies\stephen@oracle.112.2o7[1].txt [ /oracle.112.2o7 ]
C:\Documents and Settings\Stephen\Cookies\stephen@paypal.112.2o7[2].txt [ /paypal.112.2o7 ]
C:\Documents and Settings\Stephen\Cookies\stephen@paypal.112.2o7[3].txt [ /paypal.112.2o7 ]
C:\Documents and Settings\Stephen\Cookies\stephen@popuptraffic[1].txt [ /popuptraffic ]
C:\Documents and Settings\Stephen\Cookies\stephen@pro-market[2].txt [ /pro-market ]
C:\Documents and Settings\Stephen\Cookies\stephen@pro-market[3].txt [ /pro-market ]
C:\Documents and Settings\Stephen\Cookies\stephen@propertyfinder[1].txt [ /propertyfinder ]
C:\Documents and Settings\Stephen\Cookies\stephen@propertyfinder[2].txt [ /propertyfinder ]
C:\Documents and Settings\Stephen\Cookies\stephen@questionmarket[1].txt [ /questionmarket ]
C:\Documents and Settings\Stephen\Cookies\stephen@quote.airport-parking-discounts.co[2].txt [ /quote.airport-parking-discounts.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@r1-ads.ace.advertising[2].txt [ /r1-ads.ace.advertising ]
C:\Documents and Settings\Stephen\Cookies\stephen@r1-ads.ace.advertising[3].txt [ /r1-ads.ace.advertising ]
C:\Documents and Settings\Stephen\Cookies\stephen@realmedia[2].txt [ /realmedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@revsci[1].txt [ /revsci ]
C:\Documents and Settings\Stephen\Cookies\stephen@revsci[2].txt [ /revsci ]
C:\Documents and Settings\Stephen\Cookies\stephen@rts.pgmediaserve[1].txt [ /rts.pgmediaserve ]
C:\Documents and Settings\Stephen\Cookies\stephen@ru4[2].txt [ /ru4 ]
C:\Documents and Settings\Stephen\Cookies\stephen@ru4[3].txt [ /ru4 ]
C:\Documents and Settings\Stephen\Cookies\stephen@search.virginmedia[2].txt [ /search.virginmedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@server.lon.liveperson[2].txt [ /server.lon.liveperson ]
C:\Documents and Settings\Stephen\Cookies\stephen@server.lon.liveperson[3].txt [ /server.lon.liveperson ]
C:\Documents and Settings\Stephen\Cookies\stephen@serving-sys[1].txt [ /serving-sys ]
C:\Documents and Settings\Stephen\Cookies\stephen@smartadserver[2].txt [ /smartadserver ]
C:\Documents and Settings\Stephen\Cookies\stephen@socialmedia[1].txt [ /socialmedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@specificclick[1].txt [ /specificclick ]
C:\Documents and Settings\Stephen\Cookies\stephen@specificclick[2].txt [ /specificclick ]
C:\Documents and Settings\Stephen\Cookies\stephen@spicesofindia.co[2].txt [ /spicesofindia.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@stat.aldi[1].txt [ /stat.aldi ]
C:\Documents and Settings\Stephen\Cookies\stephen@stat.dealtime[1].txt [ /stat.dealtime ]
C:\Documents and Settings\Stephen\Cookies\stephen@stat.dealtime[3].txt [ /stat.dealtime ]
C:\Documents and Settings\Stephen\Cookies\stephen@stat.youku[1].txt [ /stat.youku ]
C:\Documents and Settings\Stephen\Cookies\stephen@statcounter[1].txt [ /statcounter ]
C:\Documents and Settings\Stephen\Cookies\stephen@statcounter[3].txt [ /statcounter ]
C:\Documents and Settings\Stephen\Cookies\stephen@stats.dnnmetrics[1].txt [ /stats.dnnmetrics ]
C:\Documents and Settings\Stephen\Cookies\stephen@stats.free-rein[1].txt [ /stats.free-rein ]
C:\Documents and Settings\Stephen\Cookies\stephen@stats.manticoretechnology[1].txt [ /stats.manticoretechnology ]
C:\Documents and Settings\Stephen\Cookies\stephen@stats.matraxis[1].txt [ /stats.matraxis ]
C:\Documents and Settings\Stephen\Cookies\stephen@stats.matraxis[2].txt [ /stats.matraxis ]
C:\Documents and Settings\Stephen\Cookies\stephen@stats.matraxis[3].txt [ /stats.matraxis ]
C:\Documents and Settings\Stephen\Cookies\stephen@stats.mytraveline[2].txt [ /stats.mytraveline ]
C:\Documents and Settings\Stephen\Cookies\stephen@stats.paypal[2].txt [ /stats.paypal ]
C:\Documents and Settings\Stephen\Cookies\stephen@stats.paypal[3].txt [ /stats.paypal ]
C:\Documents and Settings\Stephen\Cookies\stephen@stats.paypal[4].txt [ /stats.paypal ]
C:\Documents and Settings\Stephen\Cookies\stephen@statse.webtrendslive[2].txt [ /statse.webtrendslive ]
C:\Documents and Settings\Stephen\Cookies\stephen@steelhousemedia[2].txt [ /steelhousemedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@steenbergs.co[1].txt [ /steenbergs.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@steenbergs.co[2].txt [ /steenbergs.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@steenbergs.co[3].txt [ /steenbergs.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@superstats[1].txt [ /superstats ]
C:\Documents and Settings\Stephen\Cookies\stephen@surveymonkey.122.2o7[1].txt [ /surveymonkey.122.2o7 ]
C:\Documents and Settings\Stephen\Cookies\stephen@tacoda.at.atwola[1].txt [ /tacoda.at.atwola ]
C:\Documents and Settings\Stephen\Cookies\stephen@tacoda.at.atwola[3].txt [ /tacoda.at.atwola ]
C:\Documents and Settings\Stephen\Cookies\stephen@target.tangomedia.co[2].txt [ /target.tangomedia.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@thefind.co[2].txt [ /thefind.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@tiscali.propertyfinder[1].txt [ /tiscali.propertyfinder ]
C:\Documents and Settings\Stephen\Cookies\stephen@toplist[2].txt [ /toplist ]
C:\Documents and Settings\Stephen\Cookies\stephen@track.adform[2].txt [ /track.adform ]
C:\Documents and Settings\Stephen\Cookies\stephen@track.omguk[1].txt [ /track.omguk ]
C:\Documents and Settings\Stephen\Cookies\stephen@track.omguk[3].txt [ /track.omguk ]
C:\Documents and Settings\Stephen\Cookies\stephen@tracker.roitesting[1].txt [ /tracker.roitesting ]
C:\Documents and Settings\Stephen\Cookies\stephen@tracker.roitesting[2].txt [ /tracker.roitesting ]
C:\Documents and Settings\Stephen\Cookies\stephen@tracking.dc-storm[2].txt [ /tracking.dc-storm ]
C:\Documents and Settings\Stephen\Cookies\stephen@tracking.liveyourtruth[1].txt [ /tracking.liveyourtruth ]
C:\Documents and Settings\Stephen\Cookies\stephen@tracking.summitmedia.co[1].txt [ /tracking.summitmedia.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@tracking.vcab[2].txt [ /tracking.vcab ]
C:\Documents and Settings\Stephen\Cookies\stephen@tradedoubler[2].txt [ /tradedoubler ]
C:\Documents and Settings\Stephen\Cookies\stephen@trafficking.nabbr[2].txt [ /trafficking.nabbr ]
C:\Documents and Settings\Stephen\Cookies\stephen@trafficmp[2].txt [ /trafficmp ]
C:\Documents and Settings\Stephen\Cookies\stephen@tribalfusion[1].txt [ /tribalfusion ]
C:\Documents and Settings\Stephen\Cookies\stephen@tuiactivity.112.2o7[1].txt [ /tuiactivity.112.2o7 ]
C:\Documents and Settings\Stephen\Cookies\stephen@tvguide.virginmedia[2].txt [ /tvguide.virginmedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@uk.at.atwola[1].txt [ /uk.at.atwola ]
C:\Documents and Settings\Stephen\Cookies\stephen@user.lucidmedia[1].txt [ /user.lucidmedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@virginmedia[1].txt [ /virginmedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@virginmedia[2].txt [ /virginmedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@w3counter[2].txt [ /w3counter ]
C:\Documents and Settings\Stephen\Cookies\stephen@weather.virginmedia[1].txt [ /weather.virginmedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@weborama[1].txt [ /weborama ]
C:\Documents and Settings\Stephen\Cookies\stephen@worldnakedbikeride[2].txt [ /worldnakedbikeride ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.burstbeacon ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.burstbeacon ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.burstnet ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.burstnet ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.burstnet ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.burstnet ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.burstnet ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.clicksafe.lloydstsb ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.clicksafe.lloydstsb ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.clicksafe.lloydstsb ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.clicktoviewlink ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.countryside-jobs ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.countryside-jobs ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.countryside-jobs ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.discountshoestore.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.dover-parking-discounts.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.everyclick ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.findingjoymovie ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.googleadservices ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.googleadservices ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.googleadservices ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.googleadservices ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.googleadservices ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.googleadservices ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.googleadservices ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.googleadservices ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.grapeshot-media ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.hardtofindseminars ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.hxtrack ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.ist-track ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.measussex.org ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.onetruemedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.petmedia.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.stats.tso.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.stats.tso.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.steenbergs.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.sublimemedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.thefind.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.virginmedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@[You must be registered and logged in to see this link.] [ /www.virginmedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@xiti[1].txt [ /xiti ]
C:\Documents and Settings\Stephen\Cookies\stephen@xiti[2].txt [ /xiti ]
C:\Documents and Settings\Stephen\Cookies\stephen@xiti[3].txt [ /xiti ]
C:\Documents and Settings\Stephen\Cookies\stephen@xm.xtendmedia[1].txt [ /xm.xtendmedia ]
C:\Documents and Settings\Stephen\Cookies\stephen@yadro[1].txt [ /yadro ]
C:\Documents and Settings\Stephen\Cookies\stephen@yourcounty.co[1].txt [ /yourcounty.co ]
C:\Documents and Settings\Stephen\Cookies\stephen@zedo[1].txt [ /zedo ]
C:\Documents and Settings\Stephen\Cookies\ZLUCGGPX.txt [ /media.mercola.com ]
C:\Documents and Settings\Stephen\Cookies\EUJNT3NW.txt [ /interclick.com ]
C:\Documents and Settings\Stephen\Cookies\6O9RURKM.txt [ /delivery.ads-littlestarmedia.co.uk ]
C:\Documents and Settings\Stephen\Cookies\D8MCF4LZ.txt [ /questionmarket.com ]
C:\Documents and Settings\Stephen\Cookies\7RBZ9CY7.txt [ /mediaservices-d.openxenterprise.com ]
C:\Documents and Settings\Stephen\Cookies\66QW8P3N.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\Stephen\Cookies\BJOWQJPC.txt [ /gnosticmedia.com ]
C:\Documents and Settings\Stephen\Cookies\OY68EX60.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Stephen\Cookies\S3VTVX07.txt [ /tracking.3gnet.de ]
C:\Documents and Settings\Stephen\Cookies\FC68IJD6.txt [ /legolas-media.com ]
C:\Documents and Settings\Stephen\Cookies\0GBEM90R.txt [ /2o7.net ]
C:\Documents and Settings\Stephen\Cookies\YEW9YKTC.txt [ /invitemedia.com ]
C:\Documents and Settings\Stephen\Cookies\FJCOO34X.txt [ /virginmedia.com ]
C:\Documents and Settings\Stephen\Cookies\VORMJKGR.txt [ /media6degrees.com ]
C:\Documents and Settings\Stephen\Cookies\5FTN808R.txt [ /adtech.de ]
C:\Documents and Settings\Stephen\Cookies\I8LML8P8.txt [ /e-2dj6aekococ5odq.stats.esomniture.com ]
C:\Documents and Settings\Stephen\Cookies\8CW79HDY.txt [ /burstnet.com ]
C:\Documents and Settings\Stephen\Cookies\IFM5V843.txt [ /tracker.roitesting.com ]
C:\Documents and Settings\Stephen\Cookies\7HNDII1V.txt [ /revsci.net ]
C:\Documents and Settings\Stephen\Cookies\KOOCAAC7.txt [ /in.getclicky.com ]
C:\Documents and Settings\Stephen\Cookies\G2P2JQVR.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\Stephen\Cookies\V31FBQRS.txt [ /dmtracker.com ]
C:\Documents and Settings\Stephen\Cookies\3MZDMT97.txt [ /andomedia.com ]
C:\Documents and Settings\Stephen\Cookies\3VSVFVI8.txt [ /server.iad.liveperson.net ]
C:\Documents and Settings\Stephen\Cookies\P8AOZV07.txt [ /msnbc.112.2o7.net ]
C:\Documents and Settings\Stephen\Cookies\WJSNMMHC.txt [ /imrworldwide.com ]
C:\Documents and Settings\Stephen\Cookies\CCR7N9LC.txt [ /lucidmedia.com ]
C:\Documents and Settings\Stephen\Cookies\MYX256Z3.txt [ /at.atwola.com ]
C:\Documents and Settings\Stephen\Cookies\W8WVUCFP.txt [ /paypal.112.2o7.net ]
C:\Documents and Settings\Stephen\Cookies\PADJOJTG.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Stephen\Cookies\1EDENWSQ.txt [ /doubleclick.net ]
C:\Documents and Settings\Stephen\Cookies\D59LEHMN.txt [ /serving-sys.com ]
C:\Documents and Settings\Stephen\Cookies\2K818SGT.txt [ /e-2dj6wal4akajikp.stats.esomniture.com ]
C:\Documents and Settings\Stephen\Cookies\M2RLN91W.txt [ /eas.apm.emediate.eu ]
C:\Documents and Settings\Stephen\Cookies\NL6SQ93K.txt [ /ads.undertone.com ]
C:\Documents and Settings\Stephen\Cookies\0IDJ9NB1.txt [ /www.burstnet.com ]
C:\Documents and Settings\Stephen\Cookies\3G0A5CPS.txt [ /liveperson.net ]
C:\Documents and Settings\Stephen\Cookies\0GFDJQ7O.txt [ /liveperson.net ]
C:\Documents and Settings\Stephen\Cookies\PHBZFSON.txt [ /mediaplex.com ]
C:\Documents and Settings\Stephen\Cookies\YJ3A2GTX.txt [ /statse.webtrendslive.com ]
C:\Documents and Settings\Stephen\Cookies\5YCFRG4R.txt [ /bs.serving-sys.com ]
C:\Documents and Settings\Stephen\Cookies\0C898PTC.txt [ /counter.hitslink.com ]
C:\Documents and Settings\Stephen\Cookies\988Y2864.txt [ /hc2.humanclick.com ]
C:\Documents and Settings\Stephen\Cookies\T3EY5KFL.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Stephen\Cookies\HD2JCADY.txt [ /ad.360yield.com ]
C:\Documents and Settings\Stephen\Cookies\LQO7CZ9Z.txt [ /ru4.com ]
C:\Documents and Settings\Stephen\Cookies\ULHUXVB3.txt [ /atdmt.com ]
C:\Documents and Settings\Stephen\Cookies\CM4LIMIJ.txt [ /ads.pubmatic.com ]
C:\Documents and Settings\Stephen\Cookies\9HBO7XD5.txt [ /bizrate.com ]
C:\Documents and Settings\Stephen\Cookies\T5B1O5OX.txt [ /statcounter.com ]
C:\Documents and Settings\Stephen\Cookies\D7GDQZKE.txt [ /apmebf.com ]
C:\Documents and Settings\Stephen\Cookies\7TO6KKYF.txt [ /advertising.com ]
C:\Documents and Settings\Stephen\Cookies\PR5YV9TJ.txt [ /adbrite.com ]
C:\Documents and Settings\Stephen\Cookies\MKSQ3I3M.txt [ /specificclick.net ]
C:\Documents and Settings\Stephen\Cookies\UDJJO1HQ.txt [ /tribalfusion.com ]
C:\Documents and Settings\Stephen\Cookies\26LJVH3T.txt [ /stat.onestat.com ]
C:\Documents and Settings\Stephen\Cookies\DZ3D2MCS.txt [ /accounts.google.com ]
C:\Documents and Settings\Stephen\Cookies\N5P71FIA.txt [ /zedo.com ]
C:\Documents and Settings\Stephen\Cookies\TUBRUNAB.txt [ /casalemedia.com ]
C:\Documents and Settings\Stephen\Cookies\7R6JOVBI.txt [ /adviva.net ]
C:\Documents and Settings\Stephen\Cookies\E9CM4V39.txt [ /fastclick.net ]
C:\Documents and Settings\Stephen\Cookies\9MOAI84G.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Stephen\Cookies\SKI5B6E3.txt [ /e-2dj6wjnyglcjckp.stats.esomniture.com ]
C:\Documents and Settings\Stephen\Cookies\M0P9BG58.txt [ /click.expandsearchanswers.com ]
C:\Documents and Settings\Stephen\Cookies\HOE3SUZB.txt [ /www.steenbergs.co.uk ]
C:\Documents and Settings\Stephen\Cookies\CAI0AW0K.txt [ /steenbergs.co.uk ]
C:\Documents and Settings\Stephen\Cookies\NSBY4JHR.txt [ /hc2.humanclick.com ]
C:\Documents and Settings\Stephen\Cookies\54Q7IS5V.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Stephen\Cookies\J5F2W0HX.txt [ /ox-d.fondnessmedia.com ]
C:\Documents and Settings\Stephen\Cookies\VBAH1ILU.txt [ /adserver.adtechus.com ]
C:\Documents and Settings\Stephen\Cookies\G1JYUNM5.txt [ /uk.at.atwola.com ]
C:\Documents and Settings\Stephen\Cookies\440I8ARJ.txt [ /tradedoubler.com ]
C:\Documents and Settings\Stephen\Cookies\VQT8GKC7.txt [ /liveperson.net ]
C:\Documents and Settings\Stephen\Cookies\NX9CRI82.txt [ /network.realmedia.com ]
C:\Documents and Settings\Stephen\Cookies\U6TUVRJB.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Stephen\Cookies\W7STGVJG.txt [ /rotator.adjuggler.com ]
C:\Documents and Settings\Stephen\Cookies\MHNY10HL.txt [ /realmedia.com ]
C:\Documents and Settings\Stephen\Cookies\YDKG5YL3.txt [ /audience2media.com ]
C:\Documents and Settings\Stephen\Cookies\Z0U4IBL4.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Stephen\Cookies\X1JLTMWO.txt [ /xm.xtendmedia.com ]
C:\Documents and Settings\Stephen\Cookies\EQ1XSG2W.txt [ /kaspersky.122.2o7.net ]
C:\Documents and Settings\Stephen\Cookies\OX0HWOZF.txt [ /tracking.onefeed.co.uk ]
C:\Documents and Settings\Stephen\Cookies\TYS122QX.txt [ /dc.tremormedia.com ]
C:\Documents and Settings\Stephen\Cookies\ZBKONQW5.txt [ /steelhousemedia.com ]
C:\Documents and Settings\Stephen\Cookies\5GGBRHO8.txt [ /tacoda.net ]
C:\Documents and Settings\Stephen\Cookies\EEG7B7D7.txt [ /mm.chitika.net ]
C:\Documents and Settings\Stephen\Cookies\KJ1G2WW8.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Stephen\Cookies\ZWB7TUHE.txt [ /googleads.g.doubleclick.net ]
C:\Documents and Settings\Stephen\Cookies\CKYQIDKM.txt [ /yadro.ru ]
C:\Documents and Settings\Stephen\Cookies\D8B3J4II.txt [ /ads.lycos.com ]
C:\Documents and Settings\Stephen\Cookies\8NB6PRD4.txt [ /adxpose.com ]
C:\Documents and Settings\Stephen\Cookies\I8JE0P6H.txt [ /smartadserver.com ]
C:\Documents and Settings\Stephen\Cookies\WC85T96I.txt [ /ad.zanox.com ]
C:\Documents and Settings\Stephen\Cookies\4PZA74CV.txt [ /amazon-adsystem.com ]
C:\Documents and Settings\Stephen\Cookies\BN6AX8RY.txt [ /ads.pointroll.com ]
C:\Documents and Settings\Stephen\Cookies\MDUSWHZ5.txt [ /pointroll.com ]
C:\Documents and Settings\Stephen\Cookies\4R9ZQZAD.txt [ /cn.clickable.net ]
C:\Documents and Settings\Stephen\Cookies\EGPQ3E9T.txt [ /collective-media.net ]
C:\Documents and Settings\Stephen\Cookies\Z5C08TX3.txt [ /ads.bleepingcomputer.com ]
C:\Documents and Settings\Stephen\Cookies\R6TOMNVY.txt [ /ads.msv-inc.com ]
C:\Documents and Settings\Stephen\Cookies\XDHP2X24.txt [ /www.clicksafe.lloydstsb.com ]
C:\Documents and Settings\Stephen\Cookies\B3TSU2RP.txt [ /eas4.emediate.eu ]
C:\Documents and Settings\Stephen\Cookies\YIMI17D6.txt [ /www.grapeshot-media.net ]
C:\Documents and Settings\Stephen\Cookies\R0YSVW4T.txt [ /armanicouture.solution.weborama.fr ]
C:\Documents and Settings\Stephen\Cookies\9N9VHOK8.txt [ /247realmedia.com ]
C:\Documents and Settings\Stephen\Cookies\PJXG18GE.txt [ /ads.saymedia.com ]
C:\Documents and Settings\Stephen\Cookies\JRYKGXAG.txt [ /weborama.fr ]
C:\Documents and Settings\Stephen\Cookies\2RHL9QT1.txt [ /pro-market.net ]
C:\Documents and Settings\Stephen\Cookies\7Z1Z5IAJ.txt [ /kontera.com ]
C:\Documents and Settings\Stephen\Cookies\V75X03RU.txt [ /www.countrycottagescotswolds.co.uk ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\HRPGHB11.txt [ Cookie:administrator@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\QNN5TT4T.txt [ Cookie:administrator@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\32PLDIYG.txt [ Cookie:administrator@adtech.de/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\BIAWNEUW.txt [ Cookie:administrator@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\38BLAGGW.txt [ Cookie:administrator@tradedoubler.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\HQ4P7091.txt [ Cookie:administrator@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\OJ6X4H4U.txt [ Cookie:administrator@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\A2ZZ6AM4.txt [ Cookie:administrator@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\SQKCBMFP.txt [ Cookie:administrator@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\JN9OAQH1.txt [ Cookie:administrator@specificclick.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\Q1HRCUKW.txt [ Cookie:administrator@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\Q5CIGGPZ.txt [ Cookie:administrator@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\1E9GDYPB.txt [ Cookie:administrator@tacoda.at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\AOBLX1SK.txt [ Cookie:administrator@eas4.emediate.eu/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\KLEDR8KE.txt [ Cookie:administrator@at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\3M2DI6A1.txt [ Cookie:administrator@pro-market.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\8PA9V0L0.txt [ Cookie:administrator@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\JVFTMGUB.txt [ Cookie:administrator@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\43B8RPXM.txt [ Cookie:administrator@onlineadtracker.co.uk/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\0Q20RZTO.txt [ Cookie:administrator@dc.tremormedia.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\FY6HR7Y4.txt [ Cookie:administrator@adformdsp.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\CZZQUQDQ.txt [ Cookie:administrator@server.adformdsp.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\0TJTZNJS.txt [ Cookie:administrator@atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\RSGZ79JZ.txt [ Cookie:administrator@interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\F49O77ID.txt [ Cookie:administrator@click.expandsearchanswers.com/ads-clicktrack/click/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\K7ZC2JDW.txt [ Cookie:administrator@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\QOYZVO3M.txt [ Cookie:administrator@adup.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\HS6SS9W0.txt [ Cookie:administrator@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\AFEXYQQB.txt [ Cookie:administrator@serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\FGGUJJXY.txt [ Cookie:administrator@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\686KBOR8.txt [ Cookie:administrator@audience2media.com/servlet/ajrotator/track/pt1103192 ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\GUDBMSZI.txt [ Cookie:administrator@mediaplex.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\WCL3GY34.txt [ Cookie:administrator@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\T1JZKD4C.txt [ Cookie:administrator@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\ATE19RRW.txt [ Cookie:administrator@ar.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\BN2T2VQY.txt [ Cookie:administrator@zedo.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\D7B8PX1L.txt [ Cookie:administrator@ad.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\Y2R9FCPW.txt [ Cookie:administrator@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\C7KH88QX.txt [ Cookie:administrator@liveperson.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\8WW6KRIX.txt [ Cookie:administrator@[You must be registered and logged in to see this link.] ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\FZKTCT0U.txt [ Cookie:administrator@find.seekgreen.co.uk/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\36G8ECAS.txt [ Cookie:administrator@micklemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\0NCZ6X5V.txt [ Cookie:administrator@247realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\TIGAG463.txt [ Cookie:administrator@sales.liveperson.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\WRJTMPZV.txt [ Cookie:administrator@track.adform.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\WPIIXZVH.txt [ Cookie:administrator@fidelity.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\FA875G1T.txt [ Cookie:administrator@adform.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\9DZWVK00.txt [ Cookie:administrator@virginmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\STEPHEN\Cookies\DBIQQ0H3.txt [ Cookie:stephen@clkads.com/adServe/banners ]
C:\DOCUMENTS AND SETTINGS\STEPHEN\Cookies\P6YBZAZF.txt [ Cookie:stephen@adsonar.com/adserving ]

2nd Scan Log

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 05/01/2012 at 11:07 PM

Application Version : 5.0.1148

Core Rules Database Version : 8535
Trace Rules Database Version: 6347

Scan type : Complete Scan
Total Scan Time : 01:35:57

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 504
Memory threats detected : 0
Registry items scanned : 35902
Registry threats detected : 0
File items scanned : 107745
File threats detected : 63

Adware.Tracking Cookie
cdn.complexmedianetwork.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KUQSZ4L8 ]
ads1.msn.com [ C:\DOCUMENTS AND SETTINGS\DAWN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RXB76UBJ ]
atdmt.com [ C:\DOCUMENTS AND SETTINGS\DAWN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RXB76UBJ ]
img-cdn.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\DAWN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RXB76UBJ ]
interclick.com [ C:\DOCUMENTS AND SETTINGS\DAWN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RXB76UBJ ]
m.uk.2mdn.net [ C:\DOCUMENTS AND SETTINGS\DAWN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RXB76UBJ ]
m1.2mdn.net [ C:\DOCUMENTS AND SETTINGS\DAWN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RXB76UBJ ]
m1.emea.2mdn.net [ C:\DOCUMENTS AND SETTINGS\DAWN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RXB76UBJ ]
oddcast.com [ C:\DOCUMENTS AND SETTINGS\DAWN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RXB76UBJ ]
serving-sys.com [ C:\DOCUMENTS AND SETTINGS\DAWN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RXB76UBJ ]
spe.atdmt.com [ C:\DOCUMENTS AND SETTINGS\DAWN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RXB76UBJ ]
2mdn.net [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
ad.uk.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
ads1.msn.com [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
as-us.falkag.net [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
atdmt.com [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
b.ads1.msn.com [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
broadcast.piximedia.fr [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
cdn5.specificclick.net [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
core.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
doubleclick.net [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
ds.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
ec.atdmt.com [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
fr.2mdn.net [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
gw.callingbanners.com [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
img-cdn.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
interclick.com [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
kona.kontera.com [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
m.uk.2mdn.net [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
m1.2mdn.net [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
m1.emea.2mdn.net [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
media.monster.com [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
media.scanscout.com [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
media.tattomedia.com [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
media.tiscali.co.uk [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
media01.kyte.tv [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
mediaplex.com [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
msntest.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
naiadsystems.com [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
oddcast.com [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
revenue.net [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
serving-sys.com [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
sftrack.searchforce.net [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
spe.atdmt.com [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
static.2mdn.net [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
track.webgains.com [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
uk.2mdn.net [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
[You must be registered and logged in to see this link.] [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]
[You must be registered and logged in to see this link.] [ C:\DOCUMENTS AND SETTINGS\STEPHEN\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4EWY72W4 ]

PUP.MyWebSearch
C:\PROGRAM FILES\NETSCAPE\NETSCAPE BROWSER\PLUGINS\NPMYWEBS.DLL

Trojan.Agent/Gen-Nullo[Short]
ZIP ARCHIVE( C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\_ARP_.EXE.ZIP )/ARP.EXE.1
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\_ARP_.EXE.ZIP
ZIP ARCHIVE( C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\_SCARDSVR_.EXE.ZIP )/SCARDSVR.EXE.1
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\_SCARDSVR_.EXE.ZIP
ZIP ARCHIVE( C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\_SETUP_.EXE.ZIP )/SETUP.EXE.1
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\_SETUP_.EXE.ZIP

Trojan.Agent/Gen-FakeAntiSpy
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A1FDC60D-0FFC-4EFA-9F97-603332CE802D}\RP787\A0070876.EXE

Trojan.Agent/Gen-FakeAlert
C:\_OTL\MOVEDFILES\04292012_043740\C_DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\BWNGUKIRPGKBMLB.EXE

wildfly73
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-06-20
Gender Gender : Male
OS OS : windows xp Home Edition 2002 service pack 3
Protection Protection : ad-aware, malwarebytes
Points Points : 20382
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by wildfly73 on Tue May 01, 2012 9:17 pm

Hello, Mbam complete scan log

Malwarebytes' Anti-Malware 1.51.0.1200
[You must be registered and logged in to see this link.]

Database version: 912050110

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/05/2012 03:47:08
mbam-log-2012-05-02 (03-47-07).txt

Scan type: Full scan (C:\|)
Objects scanned: 416011
Time elapsed: 1 hour(s), 36 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Anthony\my documents\eurogrand casino\_setupcasino[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1fdc60d-0ffc-4efa-9f97-603332ce802d}\RP787\A0070887.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a1fdc60d-0ffc-4efa-9f97-603332ce802d}\RP787\A0070888.exe (Trojan.Agent) -> Quarantined and deleted successfully.

wildfly73
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-06-20
Gender Gender : Male
OS OS : windows xp Home Edition 2002 service pack 3
Protection Protection : ad-aware, malwarebytes
Points Points : 20382
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by Superdave on Tue May 01, 2012 10:29 pm

Good, we got it. Now we can continue to see if there's anything left.

Download Combofix from any of the links below, and save it to your DESKTOP.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by wildfly73 on Wed May 02, 2012 10:25 am

Hello,

ComboFix 12-05-01.03 - Stephen 02/05/2012 16:52:15.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.140 [GMT 1:00]
Running from: c:\documents and settings\Stephen\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\jL6svp0h5ESLeV
c:\documents and settings\Stephen\My Documents\~WRL3288.tmp
c:\windows\system32\CddbCdda.dll
c:\windows\system32\nsn19A.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-05-02 15:41 . 2012-05-02 15:41 -------- d-----w- c:\windows\SxsCaPendDel
2012-05-02 15:40 . 2012-05-02 15:40 -------- d-----w- c:\windows\LastGood
2012-05-01 19:45 . 2012-05-01 19:45 -------- d-----w- c:\documents and settings\Stephen\Application Data\SUPERAntiSpyware.com
2012-05-01 19:43 . 2012-05-01 19:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-01 19:43 . 2012-05-01 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-04-29 08:37 . 2012-04-29 08:37 -------- d-----w- C:\_OTL
2012-04-16 19:30 . 2012-04-16 19:30 -------- d-----w- C:\Kontiki
2012-04-07 11:16 . 2012-04-07 11:16 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-07 11:16 . 2011-06-06 09:22 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 14:56 . 2011-06-21 19:47 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2005-05-21 15:37 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2005-05-21 15:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2005-05-21 15:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2005-05-21 15:37 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2005-05-21 15:36 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2005-05-21 15:36 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2005-05-21 15:37 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"sbitunesagent"="c:\program files\Philips\Philips Songbird\songbirditunesagent.exe" [2011-08-18 266240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SoundMan"="SOUNDMAN.EXE" [2005-04-06 90112]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"ATIPTA"="c:\ati-cpanel\atiptaxx.exe" [2005-01-19 339968]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2011-08-18 380416]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [20/10/2004 04:47 98304]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [20/10/2004 03:40 118784]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [07/04/2012 12:16 253600]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [20/06/2011 19:42 23456]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13:49 227232]
S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [20/09/2005 18:52 32000]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\drivers\pixmcva.sys [20/09/2005 18:53 28057]
S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\system32\drivers\pixmcvv.sys [20/09/2005 18:53 21081]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 11:16]
.
2012-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
2012-05-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.17\AMVConverter\grab.html
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-05-02 17:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(732)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-05-02 17:15:00
ComboFix-quarantined-files.txt 2012-05-02 16:14
ComboFix2.txt 2011-06-22 11:51
.
Pre-Run: 111,070,990,336 bytes free
Post-Run: 111,572,414,464 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 84644414AD6D7D53D24D3E3423D85A8E

wildfly73
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-06-20
Gender Gender : Male
OS OS : windows xp Home Edition 2002 service pack 3
Protection Protection : ad-aware, malwarebytes
Points Points : 20382
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by Superdave on Wed May 02, 2012 7:28 pm

Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by wildfly73 on Thu May 03, 2012 10:10 am

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
Windows Defender
McAfee SiteAdvisor
Java(TM) 6 Update 32
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java version out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Windows Defender MsMpEng.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````

wildfly73
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-06-20
Gender Gender : Male
OS OS : windows xp Home Edition 2002 service pack 3
Protection Protection : ad-aware, malwarebytes
Points Points : 20382
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by Superdave on Thu May 03, 2012 7:16 pm

You can uninstall the following. They are no longer needed.

Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7

Can you run the other scan?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by wildfly73 on Fri May 04, 2012 8:20 pm

Yes iv ran the other scan and have the log. I tried posting it 3x's throught yesterday. The problem is when i click to paste the log in this reply box the GeekPolice webpage becomes unresponsive. i use task manager to close GeekPolice webpage and it does but very slowly. Strangely task manager shows two identical unresponsive GeekPolice webpages. hmm.

The log is to large to post here, 3,274 644 characters! So copied it from notepad to a word document. SysProt AntiRootkit Log file sent as attachment.

successfully uninstalled java 2,3,5, & 7.


Last edited by wildfly73 on Fri May 04, 2012 8:57 pm; edited 1 time in total (Reason for editing : addition info)

wildfly73
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-06-20
Gender Gender : Male
OS OS : windows xp Home Edition 2002 service pack 3
Protection Protection : ad-aware, malwarebytes
Points Points : 20382
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by Superdave on Fri May 04, 2012 10:47 pm

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by wildfly73 on Sat May 05, 2012 12:13 pm

Hello, results of ESET scan

C:\Documents and Settings\Stephen\Application Data\Sun\Java\Deployment\cache\6.0\12\3af49e4c-1c5ed8e0 Java/Exploit.Agent.NAX trojan cleaned by deleting - quarantined

wildfly73
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-06-20
Gender Gender : Male
OS OS : windows xp Home Edition 2002 service pack 3
Protection Protection : ad-aware, malwarebytes
Points Points : 20382
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by Superdave on Sat May 05, 2012 11:04 pm

How's your computer working now? Any other issues?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by wildfly73 on Wed May 09, 2012 8:03 pm

All files have been unhided and have normal running/operation of computer restored. Just one thing of concern. On my desktop a shortcut icon has appeared named SMART_HDD.
Thanks for all your help Thank You!

wildfly73
Novice
Novice

Posts Posts : 32
Joined Joined : 2011-06-20
Gender Gender : Male
OS OS : windows xp Home Edition 2002 service pack 3
Protection Protection : ad-aware, malwarebytes
Points Points : 20382
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help required smart repair HDD

Post by Superdave on Wed May 09, 2012 10:33 pm

On my desktop a shortcut icon has appeared named SMART_HDD.
Just drag it into the Recycle Bin. Let's do some cleanup.

To uninstall ComboFix


  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall




(Note: Make sure there's a space between the word ComboFix and the forward-slash.)


  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

******************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
******************************************************
Clean out your temporary internet files and temp files.

Download [You must be registered and logged in to see this link.] to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
If you experience problems running TFC, just abort and run a cleandisk on your C drive.
*******************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) [You must be registered and logged in to see this link.] (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) [You must be registered and logged in to see this link.]
3) [You must be registered and logged in to see this link.]
4) [You must be registered and logged in to see this link.]

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*************************************************************
Use the [You must be registered and logged in to see this link.] to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to [You must be registered and logged in to see this link.] and get all critical updates.

----------

I suggest using [You must be registered and logged in to see this link.]. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

[You must be registered and logged in to see this link.]- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* [You must be registered and logged in to see this link.] from Spyware and Malware
* If you don't know what ActiveX controls are, see [You must be registered and logged in to see this link.]

Protect yourself against spyware using the Immunize feature in [You must be registered and logged in to see this link.] Guide: [You must be registered and logged in to see this link.] to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. [You must be registered and logged in to see this link.]

Check out [You must be registered and logged in to see this link.] for tips and free tools to help keep you safe in the future.

Also see [You must be registered and logged in to see this link.] for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum