Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

av.exe? virus.. Fake virus scan keeps popping up.


  • This topic is locked This topic is locked
15 replies to this topic

#1 Scyance

Scyance

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 24 February 2010 - 12:20 AM

Im running win xp.. and just recently started having problems, last night.. This is a home computer, so other members of my family use this computer.. not sure, what they did.. ha.. but something happened.. They said, they didn't download anything? my problem is that when I click on the (e) to open internet explorer a fake? virus scan opens up.. looks kinda real.. but I know I didn't install that. so Im sure its fake.. I've done some investigating online.. and did see that av.exe process in my task manager, when this pop up runs.. I can get to the internet... if I close the fake popup fast, and end the process within task manager.. however when i do a search in yahoo. I get redirected to Other sites then the one that I try to go to. I have been just typing the site, or copying it straight into the address bar and I can get to that site.. Ive used this site for help in other problems Ive experiened and managed to get those working on my own, but now I need some help. :thumbsup: I did find the av.exe within the app data file.. but I did not delete it cause I seen others have done this, then had problems running applications. So before I really start messing things up Id figure Id register here, and get some offical help. :flowers: couple more thangs. ;) I did search the forum and seen others had similar problems. I seen some suggest running the combofix, but it also said, not to run unless directed too.. so I haven't ran that.. I was however able to run the malwarebytes scan by right clicking the icon and selectings start".. it did find some things.. but after rebooting as requested by the app.. the problem seems to still be there, as I see the pop up right away, and the av.exe in the task manager still.. okay. thats all. THANKS in advance!

quick addition.. the popup names/titles I see are...>
internet security firewall alert.. then..>
windows security center
xp internet security.. .

Edited by Scyance, 24 February 2010 - 12:52 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 60,071 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:11 AM

Posted 24 February 2010 - 11:55 AM

Hello and welcome. i am moving this from XP to the Am I Infected forum..

Please post the MBAM scan log you have...
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#3 Scyance

Scyance
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 25 February 2010 - 12:53 AM

Hello.. thanks for getting back to me.. Before.. seeing your reply.. I was looking over other posts with similar problems. and noticed one of them said to make sure I update my malwarebytes program.. and remembered ever time I did try. I got an error message. but ran the scans anyway.. So this morning, I went into safemode. and was then able to update my malwarebytes.. then I scanned again.. This time when it did find problems.. i got the message that it was unable to quarantine? one of the files.. and it would delete it when rebooting.. so I continued.. to let it do its thang.. When it rebooted.. it seemed the pop ups where no longer there.. however I was then unable to open any apps..*internet exploer*.. I seen this was a problem others had when deleting the av.exe directly from the app. data folder where it was hiding.. sure enough, looking into the app data folder, where I did see the av.exe before was no longer there..I was actually trying to avoid this.. as you can see from my first post.. oh well. :thumbsup: I assume the file that HAD to be deleted.. was the av.exe file?.. tho it said something else.. like.. mstsstrA?.. or something like that.. I was able to get my exes working again by using task manager and run.. downloading a file xp exe fix.zip from dougknoxs? site..I am now able to open my apps.. and no longer getting the fake virus messages. BUT!!.. I am still being redirected to different links when I search and click on links.. I can type them directly or copy them to the address bar. Also. Ive noticed in task manager.. something I haven't seen to my memory before.. is a process called OUTLOOK.exe... and I have 1 svchosts.exe file that is using tons of memory.. like 150k and up?.. which is also different from before..Im worried the virus, or viruses? may have changed things in my registry? I wasn't sure, if you still wanted me to run the atf and superantispyware programs.. So i will hold off. and post my most recent malwarebytes log. Thanks for your patience.. *reading through all this :flowers: * and your expertise..


Malwarebytes' Anti-Malware 1.44
Database version: 3787
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2/24/2010 9:18:46 PM
mbam-log-2010-02-24 (21-18-46).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 368825
Time elapsed: 1 hour(s), 42 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 8
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistryBot (Rogue.RegistryBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pdcrorjd (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\WinBudget (Adware.Admedia) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget\bin (Adware.Admedia) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\RegistryBot\Registry Backups (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\RegistryBot\Log (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\RegistryBot\Full Backups\FULL 2009-09-10_22-43-41.rbu (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\RegistryBot (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\RegistryBot\Full Backups (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Common (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\WinBudget\bin\matrix.dat (Adware.Admedia) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\RegistryBot\Full Backups\FULL 2009-09-10_22-43-41.rbu\CURRENT_USER (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\RegistryBot\Registry Backups\FULL 2009-09-10_22-43-41.rbu (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\RegistryBot\Full Backups\FULL 2009-09-10_22-43-41.rbu\SOFTWARE (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\RegistryBot\Full Backups\FULL 2009-09-10_22-43-41.rbu\SYSTEM (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\RegistryBot\Full Backups\FULL 2009-09-10_22-43-41.rbu\SAM (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\RegistryBot\Full Backups\FULL 2009-09-10_22-43-41.rbu\SECURITY (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\RegistryBot\Registry Backups\2009-09-10_22-42-46.reg (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\RegistryBot\Log\2009 Sep 10 - 10_39_22 PM_361.log (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\RegistryBot\Full Backups\FULL 2009-09-10_22-43-41.rbu\DEFAULT (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Common\svchost.exe (Worm.AutoRun) -> Quarantined and deleted successfully

Edited by Scyance, 25 February 2010 - 08:10 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 60,071 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:11 AM

Posted 28 February 2010 - 05:43 PM

Hello,sorry for the delay had some personal business to attend to.

If this is a Delll yoiu may want to disable an app called "OutlookAddinSetup" thru the Control Panel,Add / Remove programs for the OUTLOOK.exe issue.

The othere issue I feel we will still get thru further scans.
Please run the ATF ans SAS then Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#5 Scyance

Scyance
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 02 March 2010 - 04:47 PM

thanks for helping.. once again.. I did what you suggested.. the ATF.. and SAS.. the SAS took a REAL long time.. started after your reply.. and finally finished early this morning.. it says 7 hrs in the log.. but thats the 2nd 7 hours..ha.. I didn't see exactly when the timer started over.. but I thought I seen it at 9 hours once.. it ran thru the night. in the morning.. it was still scanning but the timer had started over?.. Hope this is all normal?.. I probably just have lots of files right? my bros a dj, with tons of music, and samples. Anyways.. I was unable to update SAS in normal mode. not sure if I have something running that blocks it?.. I was able to update once I started in safe mode with networking.. I restarted back into regular SAFE mode.. and ran ATF.. then SAS.. about a day + later. :thumbsup: it finished.. I restarted in regular mode then ran the malwarebytes.. *like SAS I was unable to update in reg mode. so I updated in safe mode with networking, then restarted and Ran it in REG mode* it didn't find anything.. I did have my network disabled tho.. should I have had it enabled then run the malwarebytes or does it matter? Haven't used the computer much.. but tried a quick search this morning.. and it seemed to still redirect when i click on a link from a search page. I have not rebooted after the malwarebytes but since it did not find anything and did not ask me to, I didn't think it necessary.. just wanted to send my logs as soon as possible to get these issues resolved hopefully. here they are.. first is the SAS..and then the Malwarebytes log.. thanks for all the help.. ;)

..>

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/02/2010 at 02:45 AM

Application Version : 4.34.1000

Core Rules Database Version : 4625
Trace Rules Database Version: 2437

Scan type : Complete Scan
Total Scan Time : 07:40:30

Memory items scanned : 230
Memory threats detected : 0
Registry items scanned : 7791
Registry threats detected : 14
File items scanned : 219161
File threats detected : 242

Adware.180solutions/ZangoSearch
HKLM\Software\Zango Programs
HKLM\Software\Zango Programs\Zango Toolbar
HKLM\Software\Zango Programs\Zango Toolbar#ToolbarMoved
HKLM\Software\Zango Programs\Zango Toolbar#SearchURL
HKLM\Software\Zango Programs\Zango Toolbar#UpdateDate
HKLM\Software\Zango Programs\Zango Toolbar\History
HKCR\AppId\ZangoToolbar.DLL
HKCR\AppId\ZangoToolbar.DLL#AppID
HKCR\AppId\{F1F040D5-E8F8-4680-B101-9334E9773841}
HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}
HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}\ProxyStubClsid
HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}\ProxyStubClsid32
HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}\TypeLib
HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}\TypeLib#Version

Adware.Tracking Cookie
ad.yieldmanager.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
ad1.clickhype.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
ads.adbrite.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
ads.adbrite.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
ads.adbrite.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
www.freecountersnow.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.divx.112.2o7.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.ehg-foxsports.hitbox.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.tremor.adbureau.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.bedroommedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.bedroommedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.ehg-veohnetworksinc.hitbox.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.clicksor.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.clicksor.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.clicksor.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
ads4.blastro.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
ads3.blastro.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.adecn.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.adecn.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
traffic.buyservices.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.buycom.122.2o7.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.adlegend.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.xiti.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.adserver.easyad.info [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
adserver.adreactor.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fvu2lvbx.default\cookies.txt ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@247realmedia[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@2o7[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@adbrite[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@adecn[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@adinterax[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@adknowledge[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@adlegend[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@admarketplace[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@adnetserver[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@adrevolver[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@adrevolver[3].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@adsrevenue[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@adultfriendfinder[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@advertising[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@apartmentfinder[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@apmebf[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@atdmt[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@atwola[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@azjmp[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@bedroommedia[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@belnk[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@bluestreak[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@burstbeacon[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@burstnet[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@casalemedia[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@chitika[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@clicksense[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@collective-media[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@doubleclick[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@e-2dj6wfl4[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@easyadservice[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@exitexchange[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@eyewonder[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@fastclick[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@insightexpressai[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@interclick[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@keywordmax[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@kontera[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@linksynergy[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@livesexasian[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@media6degrees[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@mediafire[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@mediaplex[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@milfsexreports[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@nextag[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@onlinerewardcenter[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@optimost[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@overture[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@partner2profit[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@pornoeule[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@qnsr[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@questionmarket[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@realmedia[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@revsci[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@screensavers[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@serving-sys[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@socialmedia[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@soundclick[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@specificclick[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@specificmedia[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@statcounter[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@tacoda[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@trafficmp[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@tribalfusion[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@tripod[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@xiti[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@yadro[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@zedo[1].txt

Trojan.Agent/Gen-MSFake
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\LOCAL SETTINGS\TEMP\WPRXEIJEVP.TMP






//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////


Malwarebytes' Anti-Malware 1.44
Database version: 3808
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

3/2/2010 5:26:15 AM
mbam-log-2010-03-02 (05-26-15).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 367173
Time elapsed: 1 hour(s), 39 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 02 March 2010 - 05:30 PM

Hello :thumbsup:

I don't want to butt in or interfere with the instructions/advice given to you by boopme,
because the answers given by boopme are the CORRECT answers :flowers:

You post indicated that you were unable to update Malwarebytes' and SUPERAntiSpyware.

These topics address that issue:

How to use Malwarebytes' Anti-Malware to scan and remove malware from your computer
Posted by Grinler on February 16, 2010

http://www.bleepingcomputer.com/virus-remo...alware-tutorial
See "Error 732 when trying to update Malwarebytes' Anti-Malware" under "Troubleshoot".

How to use SUPERAntiSpyware to scan and remove malware from your computer
Posted by Grinler on November 2, 2009

http://www.bleepingcomputer.com/virus-remo...pyware-tutorial
(See step # 7)

Hopefully you'll be able to get both Malwarebytes' and SUPERAntiSpyware updated, to ensure
you have the most current definitions.
If we don't change the direction we are going,
We are likely to end up where we are headed.

#7 Scyance

Scyance
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 02 March 2010 - 07:07 PM

Sashacat.. thanks.. I did see the "check to make sure proxy was not checked" suggestion before.. and it wasn't.. as for the manual download SAS update.. thanks for that one.. however, I want to make it clear that I WAS able to update both programs.. while in safe mode with networking.. When I hit update they both seemed to update fine?.. I can see new version numbers and both say last update date was 2-28? so Im hoping that should be sufficient?

Question.. > Should I leave SAS running?

Note) I have been disabling my internet connection.. because I noticed in tsk manager.. 1 of my svchosts.exe mem usage increases and increases over time.. from like 20-30k to well over 100k.. I think I seen it once at like 200k+ seems the longer I stay connected the higher the number goes and once I disconnect I see the number gradually drop over time.. it takes a while.. and doesn't seem to affect much.. except I see the cpu usage been used more and more.. and I don't believe it was never like this before? the increase and decrease, don't happen very quickly. happens over time.. tho I have noticed the increase seems to happen faster then the decrease. Sashacat.. thanks.. I did see the "check to make sure proxy was not checked" suggestion before.. and it wasn't.. as for the manual download SAS update.. thanks for that one.. however, I want to make it clear that I WAS able to update both programs.. while in safe mode with networking.. When I hit update they both seemed to update fine?.. I can see new version numbers and both say last update date was 2-28? so Im hoping that should be sufficient?

Question.. > Should I leave SAS running?

Note) I have been disabling my internet connection.. because I noticed in tsk manager.. 1 of my svchosts.exe mem usage increases and increases over time.. from like 20-30,000k to well over 100,000k.. I think I seen it once at like 200,000k+ seems the longer I stay connected the higher the number goes and once I disconnect I see the number gradually drop over time.. it takes a while.. and doesn't seem to affect much.. except I see the cpu usage been used more and more.. and I don't believe it was never like this before? the increase and decrease, don't happen very quickly. happens over time.. tho I have noticed the increase seems to happen faster then the decrease. the decrease takes very long. seems to decrease by 4k at a time.. very slowly.. but surely. hope that all makes sense?

another note. :thumbsup: I just finished another scan.. with malwarebytes.. with the internet connecting.. just in case, that did matter.. It didn't seem to.. as it didn't find anything again.

thanks for all the help.. much appreciated.. :flowers:

another note. :trumpet: I just finished another scan.. with malwarebytes.. with the internet connecting.. just in case, that did matter.. It didn't seem to.. as it didn't find anything again.

thanks for all the help.. much appreciated.. :inlove:

Edited by Scyance, 02 March 2010 - 07:17 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 60,071 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:11 AM

Posted 02 March 2010 - 08:54 PM

Hello.
Question.. > Should I leave SAS running?
Do you mean the scanis still ruuning? If so yes,let it complete. It can be several hours.
If you mean running in the system tray, I would say no.

How is the machine running now? Are you still having the svchost thing/

I would still want to do an online scan
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#9 Scyance

Scyance
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 02 March 2010 - 10:31 PM

No, The SAS scan Did complete.. it took a SUper" long time. haha. but it did finish.. I posted the log, cause you said you wanted it in the first reply.. 2nd reply you just said to run it.. wasn't sure if you wanted it.. but thought more info was better then less.. I was talking about it running in the sys tray.. I closed it.. but wasn't sure if it was recommended to keep it on? thats why I asked.. thanks..

Yes, the Svchosts.. seems to still be tripping?.. When I rebot the computer.. its at a nice low number like most the others.. and stays like that.. if the comp is not connected to the net.. once i connect.. it starts increasing.. I can disconnect and it will start dropping... but very very very slowly.. *at least its not increasing, which I take as a good sign?* Right now.. since connected and typing this reply.. I seen it increase to 180-190,000k.. then it dropped down to 150,000 its still connected.. and seem to be staying around that 150,000k area.. its using 50% cpu.. Im not sure what it is.. just know.. its not what Im used to seeing in the task manager with the high CPU and mem usage?..

Im about to run the ESET scan. See if it finds anything.. then I'll post that log, as requested..

thanks.

#10 Scyance

Scyance
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 02 March 2010 - 10:45 PM

hmm.. not sure if that ESET online scan ran right?.. I went thru the steps.. it said downloading virus sig database *step 2 of 4*.. didn't see it move.. and stayed at 0% for a while.. then REAL fast.. I seen it complete..*or looked like it*.. and it immediate is at the step 4 and says it scanned it and no threats were found.. but looking at it.. it says..

scanned files..0
infected files... 0
cleaned files.. 0
total scan time.. 00.00.00
scan status.. finished..

:thumbsup: doesn't seem right? ha.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 60,071 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:11 AM

Posted 02 March 2010 - 11:01 PM

Ok well it is OK to disconnect when running any scan and is probably better. We could run a few other tools (eg. aRootkit scan) but I think with the svchosts and the other issues you may have a hidden/protected piece of malware so we are going to need a DDS log regardlesss and the RK scan is in these instructions..

You will need to Download and Run DDS which will create a Pseudo HJT Report as part of its log..
If for some reason you cannot perform a step, move on to the next.
Please follow this guide. go and do steps 6 thru 8 ,, Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help . Then go here Virus, Trojan, Spyware, and Malware Removal Logs ,click New Topic,give it a relevant Title and post that complete log.

Let me know if it went OK.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#12 Scyance

Scyance
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 03 March 2010 - 12:05 AM

oh man.. before seeing that last post.. I tried to be slick. and retried running the online scan.. in safe mode with networking.. as it had worked for me with the other program updates.. and it seemed to be going well.. (seemed to be) I even seen this time.. where it said, my computer had symantecs antivurs(I think) 2004.. on the computer.. I believe the computer had this installed when we first bought it.. but had some time long ago, stopped working correctly.. So. it said, It may cause some problems but I could still do the scan.. and I continued on.. this time.. I did see the virus sig database update this time.. and I seen it Start to scan my files.. THEN!!.. :thumbsup: my computer started tripping.. I got a whole mess of errors.. the program closed.. and I was seeing stuff like.. >

explorer.exe application error
the instruction at 0x01db5f4d" referenced memory at "0x00000000". the memory could not be "written"
I got alot of these errors, one after the next.. and some other things.. seems I let loose a beast? ha..

I was able to log off.. and I restarted in reg mode.. to see what damage had happened...

Soon as it came up.. "Security Tool.. is now running a scan.. WHAT is Security Tool?.. It seemed to be another fake.. that some how has been let loose.. or newly installed somehow in the limited time from me doing the eset scan?.. I see task manager has something called 29557953.exe running.. It was a little rough but was able to end the program in task manager.. I still getting lot of explorer.exe app errors.. and my desktop has disappeared.. ha..

I did a search on secruity tool (using another comp).. and found bc's link to delete it.. pretty much says uses rkill and run malwarebytes.. plus do some things to the hosts file.. which Im a little scared to do.. but Im good with instructions so I'll see what I can do.. Im now running the malwarebytes and its actually finding some more infected files to my surprise as the last time I ran it was clean.. so.. Im going to see how far I can get with malwarebytes.. hopefully it completes and doesn't jack up my computer more like eset? and then continue with the steps, tho Im unfamiliar with the hosts file steps. I will attempt to follow the directions. and see what happens?

if you got any suggestions for me at this point.. hopefully I can at least get back to the NO Security Tool and explorer.exe app errors.. :flowers: Im doing malwarebytes scan.. be done in about an hour.. hopeful if it completes as normal.

Edited by Scyance, 03 March 2010 - 12:07 AM.


#13 Scyance

Scyance
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 03 March 2010 - 05:15 AM

well. I was able to get rid of that damn security tool virus from popping up.. using rkill, malwarebytes.. and I even switched the hosts file as suggested in the tutorial.. so.. thats all good.. not sure what running the eset did... unlocked something hidden? or?.. not really sure.. it didn't even finish scanning i don't believe.. kinda stoped, then thats when all the explorer.exe app error, and security tool drama started.... but.. it somehow made malwarebytes, find a couple more files, that it wasn't able to before?.. quarantined, even had to delete some.. my background, went back to none/black) which is not a problem at this point. compared to all that other stuff. :thumbsup: So.. Im not sure.. should I now go ahead and continue with running dds? and posting the logs?..

thanks.

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 60,071 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:11 AM

Posted 03 March 2010 - 11:42 AM

Hi, we probably broke thru. the malware and tols are in combat in the registry. This is the cause of the errors. I would rather be safe and sure there is nothing left and that. WE can run tools to straighten the errored files but if the malware is still protected we may lose the machine. So I say post the DDS have one of our experts confirm it clean . They will tidy up after,trust me .
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#15 Scyance

Scyance
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 04 March 2010 - 10:54 PM

well I did a post.. I used dds.. and posted the logs.. my computer rebooted during gmer? .. so Im not sure, what they want me to do.. thanks for all the help boopme.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users