Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Eicar_test And Insightexpressai[1]


  • Please log in to reply
3 replies to this topic

#1 pbroeder

pbroeder

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 05 October 2008 - 10:36 AM

What do I do to block this from down loading and inserting itself on my toolbar? I keep getting the Gold Shield with the message it wants to download at least once a day. I don't know much about computers. I run AVG, Spy Bot, and Combo-Fix everyday and sometimes several times a day. They usually get rid of the problem. Isn't there a way to block these from downloading when I am on the Internet?

BC AdBot (Login to Remove)

 


#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 05 October 2008 - 10:48 AM

:thumbsup:
With respect; one may wonder why you are running the combofix tool apparently several times a day?This tool is meant for use only under the direct supervision of a Trained Expert ; I guess you think you are continually infected by something ?

Lets try some safer tools

Malawarebytes from
http://www.bleepingcomputer.com/forums/ind...st&p=959453

and superantispyware from
http://www.bleepingcomputer.com/forums/ind...st&p=959604


Pleae post both reports for examination by the Experts on here

#3 pbroeder

pbroeder
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 05 October 2008 - 08:22 PM

This is the Malwarebytes Log. I am now starting the next. Thanks.

Malwarebytes' Anti-Malware 1.28
Database version: 1231
Windows 5.1.2600 Service Pack 2

10/5/2008 9:15:38 PM
mbam-log-2008-10-05 (21-15-38).txt

Scan type: Full Scan (C:\|)
Objects scanned: 153230
Time elapsed: 1 hour(s), 35 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 78

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3BROVLY.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL.vir (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE.vir (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SHLLVW.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066084.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066100.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066080.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066081.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066082.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066083.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066085.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066086.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066087.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066088.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066089.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066090.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066091.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066092.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066093.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066094.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066095.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066096.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066097.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066099.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066101.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066102.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066104.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066105.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066106.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066107.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066108.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066109.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066110.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066111.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066112.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066113.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066114.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066122.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066123.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP953\A0066125.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP969\A0066707.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia Roeder\Application Data\suhagyho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charles Roeder\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charles Roeder\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charles Roeder\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charles Roeder\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.

#4 pbroeder

pbroeder
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 05 October 2008 - 09:18 PM

I have ran the second program and below is the log. I am very green with computer and appreciate your input.

The Yellow SHield is still running in my toolbar. Thanks



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/05/2008 at 10:08 PM

Application Version : 4.21.1004

Core Rules Database Version : 3589
Trace Rules Database Version: 1576

Scan type : Complete Scan
Total Scan Time : 00:41:37

Memory items scanned : 410
Memory threats detected : 0
Registry items scanned : 6603
Registry threats detected : 0
File items scanned : 26844
File threats detected : 168

Adware.Tracking Cookie
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@sales.liveperson[2].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@adecn[1].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@adinterax[2].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@www.stopzilla[1].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@sixapart.adbureau[2].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@www.googleadservices[8].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@www.googleadservices[1].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@ads.nascar[2].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@tracking.dsmmadvantage[1].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@flashwebscanner[2].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@ads.revsci[1].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@ads.sun[1].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@stopzilla[2].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@www.googleadservices[4].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@sales.liveperson[4].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@interclick[2].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@realmedia[2].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@www.wav2008[1].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@specificclick[2].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@adopt.euroclick[2].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@ads.bleepingcomputer[1].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@adopt.specificclick[1].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@specificmedia[2].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@ad.yieldmanager[1].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@www.googleadservices[3].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@tacoda[1].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@partner2profit[2].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@sales.liveperson[3].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@ads.pointroll[2].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@questionmarket[2].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@www.googleadservices[6].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@ads.lucidmedia[1].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@scan.antispyware-free-scanner[1].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@qnsr[1].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@ads.bridgetrack[1].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@www.googleadservices[9].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@collective-media[2].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@www.googleadservices[2].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@msnportal.112.2o7[1].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@media.legacy[2].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@lowcountryrealestate[2].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@www.googleadservices[7].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@revsci[1].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@tribalfusion[2].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@overture[2].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@ford.112.2o7[1].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@usatoday1.112.2o7[1].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@atwola[1].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@msnbc.112.2o7[1].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@www.googleadservices[5].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@ads.cnn[2].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@insightexpressai[1].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@westernunionglobal.112.2o7[1].txt
C:\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@ads.addynamix[2].txt
C:\Documents and Settings\Charles Roeder\Cookies\charles_roeder@adultbouncer[1].txt
C:\Documents and Settings\Charles Roeder\Cookies\charles_roeder@www.allrealitypass[1].txt
C:\Documents and Settings\Charles Roeder\Cookies\charles_roeder@www.sexmoviesmania[2].txt
C:\Documents and Settings\Charles Roeder\Cookies\charles_roeder@specificclick[2].txt
C:\Documents and Settings\Charles Roeder\Cookies\charles_roeder@msnbc.112.2o7[1].txt
C:\Documents and Settings\Charles Roeder\Cookies\charles_roeder@qnsr[1].txt
C:\Documents and Settings\Charles Roeder\Cookies\charles_roeder@adecn[2].txt
C:\Documents and Settings\Charles Roeder\Cookies\charles_roeder@atdmt[1].txt
C:\Documents and Settings\Charles Roeder\Cookies\charles_roeder@ads.pointroll[2].txt
C:\Documents and Settings\Charles Roeder\Cookies\charles_roeder@ads.cnn[2].txt
C:\Documents and Settings\Charles Roeder\Cookies\charles_roeder@insightexpressai[2].txt
C:\Documents and Settings\Charles Roeder\Cookies\charles_roeder@msnportal.112.2o7[1].txt
C:\Documents and Settings\Charles Roeder\Cookies\charles_roeder@adopt.specificclick[2].txt
C:\Documents and Settings\Charles Roeder\Cookies\charles_roeder@ads.revsci[1].txt
C:\Documents and Settings\Charles Roeder\Cookies\charles_roeder@chokertraffic[2].txt
C:\Documents and Settings\Charles Roeder\Cookies\charles_roeder@gaypornaccess[1].txt
C:\Documents and Settings\Charles Roeder\Cookies\charles_roeder@interclick[2].txt
C:\Documents and Settings\Charles Roeder\Cookies\charles_roeder@media6degrees[2].txt
C:\Documents and Settings\Charles Roeder\Cookies\charles_roeder@www.bigfreeporn[1].txt
.adopt.specificclick.net [ C:\Documents and Settings\Keri Berry\Application Data\Mozilla\Firefox\Profiles\fhi3d8uq.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Keri Berry\Application Data\Mozilla\Firefox\Profiles\fhi3d8uq.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Keri Berry\Application Data\Mozilla\Firefox\Profiles\fhi3d8uq.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Keri Berry\Application Data\Mozilla\Firefox\Profiles\fhi3d8uq.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Keri Berry\Application Data\Mozilla\Firefox\Profiles\fhi3d8uq.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Keri Berry\Application Data\Mozilla\Firefox\Profiles\fhi3d8uq.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Keri Berry\Application Data\Mozilla\Firefox\Profiles\fhi3d8uq.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Keri Berry\Application Data\Mozilla\Firefox\Profiles\fhi3d8uq.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Keri Berry\Application Data\Mozilla\Firefox\Profiles\fhi3d8uq.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Keri Berry\Application Data\Mozilla\Firefox\Profiles\fhi3d8uq.default\cookies.txt ]
.socialmedia.com [ C:\Documents and Settings\Keri Berry\Application Data\Mozilla\Firefox\Profiles\fhi3d8uq.default\cookies.txt ]
.socialmedia.com [ C:\Documents and Settings\Keri Berry\Application Data\Mozilla\Firefox\Profiles\fhi3d8uq.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Keri Berry\Application Data\Mozilla\Firefox\Profiles\fhi3d8uq.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Keri Berry\Application Data\Mozilla\Firefox\Profiles\fhi3d8uq.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Keri Berry\Application Data\Mozilla\Firefox\Profiles\fhi3d8uq.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Keri Berry\Application Data\Mozilla\Firefox\Profiles\fhi3d8uq.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Keri Berry\Application Data\Mozilla\Firefox\Profiles\fhi3d8uq.default\cookies.txt ]
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@f7.thezirius[1].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@f5.thezirius[1].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@f6.thezirius[1].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@specificclick[1].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@ads.addynamix[1].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@adserver.adtechus[1].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@thezirius[1].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@f9.thezirius[1].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@adfi.adbureau[1].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@ads.pointroll[1].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@www.burstnet[1].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@interclick[2].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@ads.revsci[1].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@adlegend[2].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@viacom.adbureau[2].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@collective-media[2].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@imrworldwide[2].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@mywebsearch[2].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@media6degrees[2].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@sixapart.adbureau[2].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@toseeka[1].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@adopt.specificclick[2].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@209.9.174[2].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@ad.lookery[1].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@f3.thezirius[1].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@208.122.40[2].txt
C:\Documents and Settings\Keri Berry\Cookies\keri_berry@apmebf[1].txt
.adlegend.com [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.eb.adbureau.net [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.eb.adbureau.net [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.eb.adbureau.net [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.eb.adbureau.net [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.eb.adbureau.net [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.prospect.adbureau.net [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.richmedia.yahoo.com [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.socialmedia.com [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Patricia Roeder\Application Data\Mozilla\Firefox\Profiles\c1mxitlp.default\cookies.txt ]
C:\QooBox\Quarantine\C\Documents and Settings\Keri Berry\Cookies\keri_berry@insightexpressai[2].txt.vir
C:\QooBox\Quarantine\C\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@ads.pointroll[1].txt.vir
C:\QooBox\Quarantine\C\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@insightexpressai[1].txt.vir
C:\QooBox\Quarantine\C\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@specificclick[1].txt.vir
C:\QooBox\Quarantine\C\Documents and Settings\Patricia Roeder\Cookies\patricia_roeder@specificclick[2].txt.vir

Malware.Installer-Pkg/Gen
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{B1F233C8-DB6B-4F8E-831E-2806BD72131E}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE

Trojan.Downloader-Gen/Suspicious
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP975\A0066947.EXE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users