Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

2009 Anti Virus/XP Police infection Logs included


  • Please log in to reply
7 replies to this topic

#1 Dutchboy45

Dutchboy45

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 06 February 2009 - 05:32 AM

Hello everyone,
My name is Michael,but feel free to use my screen name as well. I've come here looking for help to get rid of a virus(the research that I've done).
I am not real computer savy,but I do have some abilities. I have Windows Xp Home Edition. I use AVG Free Anti Spy ware that updates automatically,daily. Never had a problem and have used AVG for years.
To start off,(Thursday,Feb.5th),I was getting all the symptoms pop ups,trying to fool the user of a potential/threatening virus. I knew better from the google research,that any of it was true. My computer never seemed slow. I always had multiple browser windows open and going. Had no problems with my Winamp Media Player going all at the same time. Then ,BLAM...pop ups started taking over. Sometimes frequently. Sometimes it would take almost 10 minutes before one came up again. I had the little red x down in the right corner and a balloon coming on,but through some c drive folder searching. I was able to locate them.
I then opened control panel,add remove...found some things on the list that didnt belong and I went through the routine uninstall process and restarted my compter when prompted too. Got rid of the x,balloon and "some" pop ups.
I am getting alerts from my AVG when these pop ups show themselves. Here are a few of the alert messages. Sorry,I dont know how to screen save such images. I am typing out EXACTLY AS THEY READ. The number is just to show amount of alerts I get. These are all AVG alerts.
1)
Web Sheild Alert
Accessed File is infected
threat detected!
File name: scanworldonline.com/scan/index.php?affid=08100
threat name: Exploit Rogue spyware scanner

Process name: C:\Program Files\Internet Explorer\iexplore.exe
Process ID: 3256

2)
Resident Sheild alert
Access File is Infected
threat detected!
File name: C:\Documents and Settings\DUTCHBOY381\Local Settings\Temporary Internet Files\Content.IE5\6CN9RFE8\freescan\[1].htm
threat name: Virus found FakeAlert
Detected an open.
Process Name: C:\Program Files\Internet Explorer\iexplorer.exe
ProcessID: 3368

3)
Resident Sheild alert
Access File is Infected
threat detected!
File name: C:\Documents and Settings\DUTCHBOY381\Local Settings\Temporary Internet Files\Content.IE5\B803APNO\freescan\[1].htm
threat name: Virus found FakeAlert
Detected an open.
Process Name: C:\Program Files\Internet Explorer\iexplorer.exe
ProcessID: 3368


***NOTE ON THE ABOVE 3***
When these alerts show from the AVG ,I have a check box that reads " Remove threat as Power User"
I always checkthe box and click "Move to Vault"
***2nd NOTE***
I have also traced the path directory in search of these articles,but never found anything as the full extention actually is.

4)
Web Sheild alert
Multiple Threat detection
File I nfection Result
onlineproantispywarescanner.com/promo/6/e... Exploit Rougue spyware scanner(t...
virusremover2008-offer.com/js/params.js Exploit Rougue spyware scanner

Process Name: C:\Program Files\Internet Explorer\iexplorer.exe
ProcessID: 3368

***NOTE ON 4***
On this AVG screen,I can only right click each line,highlighting it,giving me the option only to "remove threats".
I try this,but it wont remove them. So I click the CLOSE tab.

After some more Google research,I followed links in some forums on how to remove this "2009 Anti Spyware/ XP POLICE Anti Spware".
I downloaded from the site links that the forums ALL (I read sveral different write ups,from various people) recomeneded an program called
"Malwarebytes' Anti-Malware"
I followed the prompts thoroughly and when I was prompted to. I ran the recomended "Quick Scan". When it finished,it showed a lot of infected files and I was then prompted to delete them. which I did.
Still was getting the above numbered pop ups.
Here are the log:
Malwarebytes' Anti-Malware 1.33
Database version: 1733
Windows 5.1.2600 Service Pack 3

2/6/2009 1:29:13 AM
mbam-log-2009-02-06 (01-29-13).txt

Scan type: Quick Scan
Objects scanned: 56455
Time elapsed: 6 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 22
Registry Values Infected: 4
Registry Data Items Infected: 4
Folders Infected: 2
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\iehost.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\msxml71.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\winapp.winsafe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{16406580-14ce-4441-b904-ad56cc8064ca} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b6b571fb-b71d-449c-ad70-82e966328795} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b6b571fb-b71d-449c-ad70-82e966328795} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b6b571fb-b71d-449c-ad70-82e966328795} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\winapp.winsafe.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RX ToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XP Police Antivirus (Rogue.XP-Police-Antivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9cda4c6-7d74-7541-6bc1-ea66278fd54a} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e9cda4c6-7d74-7541-6bc1-ea66278fd54a} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mcadisayikovuviy (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\srogas (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PoliceAV (Rogue.XP-Police-Antivirus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.MsAntispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.MsAntispyware) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\iehost.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\msxml71.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\DUTCHBOY381\Local Settings\Temp\216.jpg (Trojan.Obvod) -> Quarantined and deleted successfully.
C:\Documents and Settings\DUTCHBOY381\Local Settings\Temp\perce.jpg.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\DUTCHBOY381\Desktop\XP Police Antivirus.lnk (Rogue.XP-Police-Antivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.


I was still getting pop ups.
I then ran a file scan with the AVG. Came up with nothing after taking quite a while.
I then went back to the Malwarebytes Anti-Malware and ran a full scan. It took awhile too. When it completed I deleted files as prompted.
Here is the log:

Malwarebytes' Anti-Malware 1.33
Database version: 1733
Windows 5.1.2600 Service Pack 3

2/6/2009 4:46:54 AM
mbam-log-2009-02-06 (04-46-54).txt

Scan type: Full Scan (C:\|)
Objects scanned: 125383
Time elapsed: 1 hour(s), 20 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP998\A0445487.dll (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP998\A0445488.dll (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP957\A0432282.exe (Adware.Adrotator) -> Quarantined and deleted successfully.



I am still getting the pop ups. I have restarted after the first Malware scan, and then again after the Malware full scan.
I hope this isnt too long and I also hope that I have been as detalied as possible so I can get the proper help. Thhis is my first time ever having this bad of a problem and Im new to this forum. So,I really hope I posted this properly. I did read through the forums home page suggestions and other need to read information.
I was thinking this is a good place to start.
Thank you's for any available help at all.
Michael

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,946 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:06 AM

Posted 06 February 2009 - 10:49 AM

I am moving this from the XP forum to the Am I Infected forum. ~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Dutchboy45

Dutchboy45
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 06 February 2009 - 02:49 PM

My apologies. I wasn't quite sure where to post y thread. Thank you for moving it to the appropriate forum.
Michael

#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:08:06 AM

Posted 06 February 2009 - 05:37 PM

Removed now irrelevant text. ~ OB
----------------------------------------------


ATF
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

------------------------------------

Now SAS,may need an hour
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Edited by Orange Blossom, 08 February 2009 - 07:05 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 Dutchboy45

Dutchboy45
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 08 February 2009 - 06:57 PM

Junes,
Yes...I have the EXACT same issues. Same windows popping open interupting wahatever Im doin at the the time. My AVG as well, alerts me,moves to vault,empty vault,BUT...nothing to rid the problem entirely. I downloaded and installed malewarebyes anti-maleware...ran qucik and full scan. Ridded a lot of stuff,but not the problem.
I did the same as you...I followed the directrory path and it wasnt their!!!
WTF!?
I am in a desperate hunt for help. Apperently this sight is probably the ebst site to come for help. I noticed no one is chiming in on this and that surprises me for as big as this trojan/virus/anti whatever is. Ive done research and it's everywhere,but yet...not one else on this sight knows about it.
*sigh*...figures...everyone's clueless :>)
If I ever find a solution,I will contact you,you do the same please.
Thanx!

#6 Dutchboy45

Dutchboy45
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 08 February 2009 - 07:03 PM

Garnmanma,
Hey...I tried the suggestion you left for JUnes,seeing how Junes and I have the same proble.
I ran the ATF cleaner exactly how you described.
When it was done it said it cleaned 676.something.
I restarted my pc...guess what.
I still have the same symptoms that I had before i ran the ATF cleaner.
Any more suggestions?
I mean no offense,but I am blown away of how few people are even coming forward on this topic....the Trojan/Virus or whatever it is is everywhere. Everyone I talk to has it,but yet no one else on this forum has it...very odd.
I am now on a search for a better forum to find help. I am still gonna stay very active with this forum,in search of help or to pass along a solution if I come across it,but I am pretty convinced their is no real help on this topic,anywhere on this site.
Michael

#7 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,946 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:06 AM

Posted 08 February 2009 - 07:08 PM

Dutchboy45,

To clarify: Most of garmanma's post was to you. That part of the post remains.

Please follow the rest of the instructions garmanma left for you. ATF was only the first step.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#8 Erin80

Erin80

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 26 May 2009 - 10:22 PM

Ok so I have had the same problem and I followed the steps listed above and here are the last instruction says to paste the scan results in the reply. Here are my scan results. Can you help me from here???



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/26/2009 at 10:59 PM

Application Version : 4.26.1004

Core Rules Database Version : 3911
Trace Rules Database Version: 1855

Scan type : Complete Scan
Total Scan Time : 00:29:50

Memory items scanned : 293
Memory threats detected : 0
Registry items scanned : 6730
Registry threats detected : 0
File items scanned : 21845
File threats detected : 32

Adware.Tracking Cookie
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@ads.mediamayhemcorp[1].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@data.coremetrics[1].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@ehg-verizon.hitbox[2].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@specificclick[2].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@specificclick[1].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@websponsors[1].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@apmebf[1].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@interclick[3].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@interclick[1].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@sales.liveperson[3].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@adserver.adtechus[2].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@sales.liveperson[1].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@adserver.adtechus[1].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@specificmedia[3].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@specificmedia[2].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@doubleclick[3].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@media6degrees[3].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@ads.bleepingcomputer[3].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@www.burstbeacon[1].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@adopt.specificclick[2].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@a1.interclick[1].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@edge.ru4[1].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@ads.bleepingcomputer[1].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@atdmt[2].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@avgtechnologies.112.2o7[1].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@chitika[1].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@doubleclick[1].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@interclick[2].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@media6degrees[1].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@roiservice[1].txt
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Cookies\Low\erin@www.burstnet[2].txt

Trace.Known Threat Sources
C:\Users\Erin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HZXU8R4S\chunks[2].jsp




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users