Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Downloader.14.m


  • Please log in to reply
5 replies to this topic

#1 bthomerson

bthomerson

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 06 February 2008 - 03:59 PM

I am working on my parents laptop. It has been getting popups for malware. I ran AVG on it in safe mode and it moved the trojan to the vault. The filenames that are affected are TMPE7.tmp, TMPF4.tmp, lsass.exe, Aoo59182.exe and A0055634.exe.
I ran the Hijacker tool and I have the logs. Can you help?

BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:19 AM

Posted 06 February 2008 - 04:34 PM

How is the computer running. The malware was moved to the vault.
Did you get a virus name and a by chance a full path to it?
Is this an Xp SP2 machine?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 bthomerson

bthomerson
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 06 February 2008 - 04:52 PM

this is an xp sp2 machine. It is running extremely slow.
The TMPE trojans are in the Documents and Settings/Suzanne/Local Settings/Temp folder

The lsass.exe is in the program files

The Other 2 are in the C:\system Volume Information\_restore (with a long file name).exe

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:19 AM

Posted 06 February 2008 - 08:08 PM

First you will need to follow the instructions in our Tutorial
How To Remove Vundo/Winfixer Infection

Please post the contents of C:\vundofix.txt ,that is the scan result location,in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

Now Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program.
DO NOT run yet.

Now reboot into Safe Mode:
Safe Mode Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.


Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or the Opera browser click on that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.


Click Exit on the Main menu to close the program.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Please ask any needed questions,post logs and Let us know how your PC in running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 bthomerson

bthomerson
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 11 February 2008 - 09:21 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/08/2008 at 01:22 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 04:20:33

Memory items scanned : 362
Memory threats detected : 1
Registry items scanned : 6522
Registry threats detected : 7
File items scanned : 83668
File threats detected : 366

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\PMNLI.DLL
C:\WINDOWS\SYSTEM32\PMNLI.DLL
HKLM\Software\Classes\CLSID\{090A2FF5-B505-4C66-ABBF-96CA59745D1B}
HKCR\CLSID\{090A2FF5-B505-4C66-ABBF-96CA59745D1B}
HKCR\CLSID\{090A2FF5-B505-4C66-ABBF-96CA59745D1B}\InprocServer32
HKCR\CLSID\{090A2FF5-B505-4C66-ABBF-96CA59745D1B}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{090A2FF5-B505-4C66-ABBF-96CA59745D1B}

Trojan.WinFixer
[load] C:\WINDOWS\SYSTEM32\PMNLI.EXE
C:\WINDOWS\SYSTEM32\PMNLI.EXE
[load] C:\WINDOWS\SYSTEM32\PMNLI.EXE

Adware.Tracking Cookie
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-wachovia.hitbox[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@statse.webtrendslive[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-lowermybills.hitbox[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@webtrendslive.bbandt[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@www.googleadservices[8].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-legacy.hitbox[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ad.adition[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ad.zanox[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@vhost.oddcast[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@CA17WD9U.txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@2o7[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@perf.overture[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@phg.hitbox[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@cooking.adbureau[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@geo.precisionclick[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@questionmarket[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@statcounter[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@adopt.euroclick[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@atdmt[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@hotlog[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@anad.tacoda[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@nextag[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@server.cpmstar[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@stat.dealtime[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@indianapoliscolts.122.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@yfdmedia[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@itxt.vibrantmedia[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@usatoday1.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ads.cnn[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@apmebf[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-bareescentuals.hitbox[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@mediaplex[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@admarketplace[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ad2.fotki[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@indexstats[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-rivals.hitbox[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@cbs.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@publishers.clickbooth[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@bizrate[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@server.iad.liveperson[5].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@tribalfusion[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@tacoda[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@americanexpress.122.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@www.burstbeacon[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-drleonardshealthcare.hitbox[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@keywordmax[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@trafficmp[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@a.websponsors[3].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@try.screensavers[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@statse.webtrendslive[3].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@try.starware[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@advertising[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@adlegend[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@realmedia[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@adopt.specificclick[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@sales.liveperson[4].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@bluestreak[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ads.pointroll[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@lucent.122.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ad.yieldmanager[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@coolsavings[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@rotator.adjuggler[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@casalemedia[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@vertrue.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@hitbox[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-talbots.hitbox[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@zedo[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@burstnet[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@cgi-bin[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@revsci[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@atwola[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@dist.belnk[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@targetnet[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@microsoftwlmessengermkt.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ads.bridgetrack[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-bellsouth.hitbox[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-charlesschwab.hitbox[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@host-d.oddcast[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@indextools[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@incredimailltd.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@fastclick[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@belnk[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@doubleclick[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@serving-sys[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@snapfish.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@qnsr[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@microsofteup.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@roiservice[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@h.starware[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@edge.ru4[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@bs.serving-sys[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@financialcontent.advertserve[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-theheritagefoundation.hitbox[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@omahasteaks.122.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@dealtime[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@vitacost.122.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@partner2profit[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@getMessage[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ads.espn.adsonar[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@statse.webtrendslive[4].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@overture[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@tjx.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@msnprod.oberon-media[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-publiciswest.hitbox[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@media.adrevolver[3].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@omniturechannel.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@pricesexposed[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@windowsmedia[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@fymc.directtrack[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@www.smartadserver[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@revenue[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@livemercial.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@microsoftwlmailmkt.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@hearstmagazines.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@media.adrevolver[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@consumertrack.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@timeinc.122.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ar.atwola[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@playon.122.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ads.pgatour[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@icc.intellisrv[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@specificclick[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@valueclick[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@xiti[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@sylmarkidealmedia.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@marketlive.122.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@data2.perf.overture[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@sales.liveperson[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ads.addynamix[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@adfarm1.adition[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ad.m5prod[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@counter2.hitslink[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@da-tracking[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@shopping.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@counter.hitslink[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@stats2.clicktracks[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ads.pga[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@i.screensavers[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ad2.adnetinteractive[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@track.bestbuy[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@tequila.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-totalsystemsservices.hitbox[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-classmates.hitbox[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@stampscom.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@web4.realtracker[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@giftcertificatescom.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ads.worldgolfchampionships[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@microsoftwlspacesmkt.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@server.iad.liveperson[9].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@sportsad.adbureau[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@msnlivefavorites.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@buysafe.122.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@server.iad.liveperson[4].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@azoogleads[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@hc2.humanclick[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@giftscom.122.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@redorbit[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@pro-market[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ads.treehugger[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-trilegiant.hitbox[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@intheswim.122.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-win2000mag.hitbox[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@www7.addfreestats[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@redorbit.us.intellitxt[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@cf-db01.clickfacts[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@citi.bridgetrack[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@microsoftwlsearchcrm.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ads.web.aol[3].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ads.revsci[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@tracking.foxnews[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@adecn[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@commission-junction[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@interclick[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@data1.perf.overture[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@msnportal.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-helio.hitbox[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@drugstore.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-infospace.hitbox[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@bdirectonline.122.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ar.atwola[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@adinterax[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@server.iad.liveperson[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-golfwarehouse.hitbox[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@adv.webmd[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@data3.perf.overture[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@asseenonpc.directtrack[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@anat.tacoda[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ads.gadgetpanel[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@enhance[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@adprofile[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@scrippsfoodnet.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@eyewonder[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ecnext.advertserve[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@directtrack[3].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@bbandt.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@qksrv[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-gooseberry.hitbox[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@server.iad.liveperson[7].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@microsoftoffice.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@screensavers[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@incentaclick[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-samsungusa.hitbox[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@eas.apm.emediate[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@server.iad.liveperson[6].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@highbeam.122.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@chefscatalog.122.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-foxsports.hitbox[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@upspiral[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@server.iad.liveperson[11].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@dminsite.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@footballfanatics.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ads.associatedcontent[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ticketsnow.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@collective-media[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-verizon.hitbox[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@e-2dj6wjmyqhdjigo.stats.esomniture[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ticketsnow[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-gaddispartners.hitbox[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@jewelrytelevision.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@www.googleadservices[9].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@www.coolsavings[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@CAIC2X32.txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@CAR0C7Q1.txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@indigio.122.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@brightcove.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@aff.primaryads[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@247realmedia[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@xos.adbureau[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@richmedia.yahoo[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@mediaonenetwork[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-veohnetworksinc.hitbox[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@media.movies.ign[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ads.adbrite[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@stat.onestat[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@CAPK7050.txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@hypertracker[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@s.clickability[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@reunioncom.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ads.web.aol[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@securetea.securemediabox[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@bidzcom.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@lynxtrack[3].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@clickbank[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@6123.1.clickshield[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@spamblockerutility[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@firstpremierbankcard.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@samsclub.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ipoint.targetpoint[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-shoes.hitbox[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@www.upspiral[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@CA27D1NI.txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@sparknetworks.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@scot.valueclick[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@path.pureadstracking[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@CA8BSBXA.txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ge.bridgetrack[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@superstats[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ad.outerinfoads[3].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@tradedoubler[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@bgu.directtrack[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@infostatsdirect[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@e-2dj6wgk4okcjieo.stats.esomniture[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@www.admedia365[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@heavycom.122.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@stats.adbrite[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@adrevolver[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@azjmp[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@wiredforwireless.sitetracker[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@nettexmedia.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@linksynergy[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@bostoncommonpress.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@www.googleadservices[10].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@www.googleadservices[7].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@CAL6K1DG.txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@server.iad.liveperson[8].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@buycom.122.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@CAEIA98B.txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@stats1.reliablestats[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@server.iad.liveperson[3].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@server.iad.liveperson[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@sales.liveperson[3].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@www.ticketsnow[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@securepx.medianetwork[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@www.googleadservices[6].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@CAF0DTGA.txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@charmingshoppes.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@links.worldbannerexchange[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@www.googleadservices[5].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@aloeelite[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@CAJN8JTB.txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@potpourrigroup.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-theviptour.hitbox[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@secure1.m57media[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@CAU3P0QN.txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@paypal.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@sales.liveperson[5].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@guthyrenker.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@popularscreensavers[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@microsoftconsumermarketing.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-bestbuy.hitbox[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@eleadstracker[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@www.directnetadvertising[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-newegg.hitbox[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@www.googleadservices[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@login.tracking101[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@linkstattrack[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@precisionclick[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@care2.112.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@spylog[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@CA060WY2.txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ad1.m5-systems[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@www.incentaclick[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@affiliate.mywebtraffictracker[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@server.iad.liveperson[10].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@mediatraffic[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@www.clickxchange[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@roi.clicklab[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@findwhat[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@bizadverts[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@newmedia.go211[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-reed.hitbox[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@CALLUF9D.txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@CADI5ZSP.txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@adultfriendfinder[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@homestore.122.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@stats.bucksbill[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@tracking.exclusivenet[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@nfm.directtrack[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@cgm.adbureau[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-yvesrocher.hitbox[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@statsgod[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@toseeka[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@centralcoastnutra.directtrack[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@e-2dj6wclykic5mbq.stats.esomniture[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@taylorgifts.122.2o7[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@CAK0SJMC.txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ads.gmodules[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@www.googleadservices[3].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ad.outerinfoads[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ad.outerinfoads[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@bgu.directtrack[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@directtrack[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-sellingsource.hitbox[10].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-sellingsource.hitbox[11].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-sellingsource.hitbox[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-sellingsource.hitbox[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-sellingsource.hitbox[3].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-sellingsource.hitbox[4].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-sellingsource.hitbox[5].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-sellingsource.hitbox[6].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-sellingsource.hitbox[7].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-sellingsource.hitbox[8].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@ehg-sellingsource.hitbox[9].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@enhance[2].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@fastclick[1].txt
C:\Documents and Settings\Suzanne\Cookies\suzanne@lynxtrack[2].txt

Trojan.Downloader-Gen/AVP
C:\DOCUMENTS AND SETTINGS\SUZANNE\LOCAL SETTINGS\TEMP\TMP1F8E.TMP
C:\DOCUMENTS AND SETTINGS\SUZANNE\LOCAL SETTINGS\TEMP\TMP2699.TMP
C:\DOCUMENTS AND SETTINGS\SUZANNE\LOCAL SETTINGS\TEMP\TMP463.TMP
C:\DOCUMENTS AND SETTINGS\SUZANNE\LOCAL SETTINGS\TEMP\TMP814.TMP
C:\DOCUMENTS AND SETTINGS\SUZANNE\LOCAL SETTINGS\TEMP\TMPDB2.TMP

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:19 AM

Posted 11 February 2008 - 11:53 AM

Looking very good,so far.
Please post the contents of C:\vundofix.txt ,that is the scan result location,in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users