Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Infected!!!!!


  • This topic is locked This topic is locked
35 replies to this topic

#1 killa57

killa57

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 19 April 2009 - 10:21 AM

I was told to post here by boopme he did all he could do to help and he/she told me to post a HJT/DDS on here
here the topic he was helping me on can be located Here http://www.bleepingcomputer.com/forums/t/219433/help/plz help me remove what ever it is that boopme could not succeed in doing


DDS (Ver_09-03-16.01) - NTFSx86
Run by Charlie at 10:01:50.79 on Sun 04/19/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1021.334 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\dlbucoms.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdnserv.exe
C:\Windows\system32\lxdncoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Photo AIO Printer 942\DLBUmon.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Photo AIO Printer 942\DLBUmon.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Charlie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\compan~1

\installs\cpn0\yt.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark

toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!

\common\yiesrvc.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common

files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: {a3d0fd2a-75e4-45a8-b600-d94652124ad0} - c:\windows\system32\byXQJYpP.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program

files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\compan~1\installs\cpn0

\yt.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark

toolbar\toolband.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common

files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AdobeCS4ServiceManager] "c:\program files\common

files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection

service\bin\ACDaemon.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DLBUCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBUtime.dll,_RunDLLEntry@16
mRun: [dlbumon.exe] "c:\program files\dell photo aio printer 942\dlbumon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 942\memcard.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hppsc1~1.lnk - c:\program

files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpoddt~1.lnk - c:\program

files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search
IE: Add to QQ Customized Emoticons - c:\program files\tencent\qq\AddEmotion.htm
IE: Add to QQ Customized Panel - c:\program files\tencent\qq\AddPanel.htm
IE: Add to QQ Emotions - c:\program files\tencent\qq\AddEmotion.htm
IE: Send picture by MMS - c:\program files\tencent\qq\SendMMS.htm
IE: Send Picture with QQ MMS - c:\program files\tencent\qq\SendMMS.htm
IE: Upload to QQ Network Hard Disk - c:\program files\tencent\qq\AddToNetDisk.htm
IE: {0A155D3C-68E2-4215-A47A-E800A446447A} - c:\program files\cga gameing platform\GameClient.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157b} - c:\program files\tencent\qq\QQ.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program

files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program

files\yahoo!\common\yiesrvc.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-

windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-

windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-

windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-

windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: dkdklc.dll avgrsstx.dll wggnpz.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32

\wpdshserviceobj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program

files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\users\charlie\appdata\roaming\mozilla\firefox\profiles\27ai3wsn.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin:

c:\users\charlie\appdata\roaming\mozilla\firefox\profiles\27ai3wsn.default\extensions\firefox@tvunetwor

ks.com\plugins\npTVUAx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-13 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-13 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-13 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-13 298264]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-7 55152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24

12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-5

-8 47640]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32

\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3

\lxdnserv.exe [2008-2-27 98984]
R3 b57nd60x;%SvcDispName%;c:\windows\system32\drivers\b57nd60x.sys [2009-3-22 179712]
R3 portio32;portio32;c:\windows\system32\drivers\portio32.sys [2009-4-4 2048]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6

533360]

=============== Created Last 30 ================

2009-04-18 18:22 --d----- c:\users\charlie\appdata\roaming\Lexmark Productivity

Studio
2009-04-18 11:31 --d----- c:\users\charlie\appdata\roaming\FaxCtr
2009-04-17 19:39 --d----- c:\programdata\Lx_cats
2009-04-17 19:39 --d----- c:\progra~2\Lx_cats
2009-04-17 19:36 --d----- C:\logs
2009-04-17 19:32 77,304 a------- c:\windows\system32\lxdnprpr.chm
2009-04-17 19:32 348,160 a------- c:\windows\system32\lxdncoin.dll
2009-04-17 19:28 45,056 a------- c:\windows\system32\LXF3PMON.DLL
2009-04-17 19:28 32,768 a------- c:\windows\system32\LXF3FXPU.DLL
2009-04-17 19:28 339,968 a------- c:\windows\system32\IMGMAN32.DLL
2009-04-17 19:28 98,345 a------- c:\windows\system32\IMHOST32.DLL
2009-04-17 19:28 98,304 a------- c:\windows\system32\IM31XPNG.DEL
2009-04-17 19:28 69,632 a------- c:\windows\system32\IM31XTIF.DEL
2009-04-17 19:28 53,248 a------- c:\windows\system32\lxf3oem.dll
2009-04-17 19:28 49,152 a------- c:\windows\system32\IM31IMG.DIL
2009-04-17 19:28 12,288 a------- c:\windows\system32\LXF3PMRC.DLL
2009-04-17 19:28 --d----- c:\programdata\FaxCtr
2009-04-17 19:28 --d----- c:\progra~2\FaxCtr
2009-04-17 19:27 --d----- c:\program files\Lexmark Fax Solutions
2009-04-17 19:27 --d----- c:\program files\Abbyy FineReader 6.0 Sprint
2009-04-17 19:26 1,645,320 a------- c:\windows\system32\gdiplus.dll
2009-04-17 19:26 --d----- c:\program files\Lexmark Toolbar
2009-04-17 19:26 102,400 a------- c:\windows\system32\lxdnwupd.dll
2009-04-17 19:26 17,064 a------- c:\windows\system32\lxdnwupd.exe
2009-04-17 19:26 44 a------- c:\windows\system32\lxdnrwrd.ini
2009-04-17 19:25 --d----- c:\program files\Lexmark 2600 Series
2009-04-17 14:07 0 a---h--- c:\windows\system32

\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-04-17 11:38 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-17 11:37 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-17 11:37 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-16 22:07 --d----- c:\programdata\SUPERAntiSpyware.com
2009-04-16 22:07 --d----- c:\progra~2\SUPERAntiSpyware.com
2009-04-16 22:07 --d----- c:\users\charlie\appdata\roaming\SUPERAntiSpyware.com
2009-04-16 22:07 --d----- c:\program files\SUPERAntiSpyware
2009-04-16 22:06 --d----- c:\program files\common files\Wise Installation Wizard
2009-04-15 15:59 376,832 a------- c:\windows\system32\winhttp.dll
2009-04-15 15:58 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-04-15 15:58 38,912 a------- c:\windows\system32\xolehlp.dll
2009-04-15 15:57 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-04-15 15:57 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-04-15 15:57 551,424 a------- c:\windows\system32\rpcss.dll
2009-04-15 15:57 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-04-15 15:57 183,296 a------- c:\windows\system32\sdohlp.dll
2009-04-15 15:57 98,304 a------- c:\windows\system32\iasrecst.dll
2009-04-15 15:57 54,784 a------- c:\windows\system32\iasads.dll
2009-04-15 15:57 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-04-15 15:57 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-04-15 15:57 17,408 a------- c:\windows\system32\iashost.exe
2009-04-15 15:56 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-04-15 15:56 72,704 a------- c:\windows\system32\secur32.dll
2009-04-15 15:56 24,064 a------- c:\windows\system32\amxread.dll
2009-04-15 15:56 13,824 a------- c:\windows\system32\apilogen.dll
2009-04-12 22:03 --d----- c:\programdata\WindowsSearch
2009-04-08 22:21 --d----- c:\program files\common files\PX Storage Engine
2009-04-08 22:20 --d----- c:\program files\common files\DivX Shared
2009-04-04 17:32 19,968 a------- c:\windows\system32\portio32.dll
2009-04-04 17:32 2,048 a------- c:\windows\system32\drivers\portio32.sys
2009-04-04 17:32 --d----- c:\windows\PortIO32
2009-04-04 17:32 28 a------- c:\windows\yehal
2009-04-03 20:01 0 a---h--- c:\windows\system32

\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-01 21:43 --d----- c:\program files\CnCNet
2009-03-24 16:27 885,248 a------- c:\windows\system32\RacEngn.dll
2009-03-24 16:27 9,127 a------- c:\windows\system32\RacUR.xml
2009-03-24 16:27 153 a------- c:\windows\system32\RacUREx.xml
2009-03-24 16:27 468,992 a------- c:\windows\system32\newdev.dll
2009-03-24 16:27 74,752 a------- c:\windows\system32\newdev.exe
2009-03-23 20:31 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-03-23 20:31 891,448 a------- c:\windows\system32\drivers\tcpip.sys
2009-03-23 20:31 72,192 a------- c:\windows\system32\drivers\pacer.sys
2009-03-23 20:31 15,360 a------- c:\windows\system32\pacerprf.dll
2009-03-23 20:31 147,456 a------- c:\windows\system32\Faultrep.dll
2009-03-23 20:31 125,952 a------- c:\windows\system32\wersvc.dll
2009-03-23 20:31 625,152 a------- c:\windows\system32\drivers\dxgkrnl.sys
2009-03-23 20:31 565,248 a------- c:\windows\system32\emdmgmt.dll
2009-03-23 20:31 148,480 a------- c:\windows\system32\drivers\nwifi.sys
2009-03-23 20:31 45,056 a------- c:\windows\system32\dataclen.dll
2009-03-23 20:31 36,864 a------- c:\windows\system32\cdd.dll
2009-03-23 20:30 430,080 a------- c:\windows\system32\vbscript.dll
2009-03-23 20:30 180,224 a------- c:\windows\system32\scrobj.dll
2009-03-23 20:30 155,648 a------- c:\windows\system32\wscript.exe
2009-03-23 20:30 135,168 a------- c:\windows\system32\wshom.ocx
2009-03-23 20:30 135,168 a------- c:\windows\system32\cscript.exe
2009-03-23 20:30 90,112 a------- c:\windows\system32\wshext.dll
2009-03-23 20:30 172,032 a------- c:\windows\system32\scrrun.dll
2009-03-23 14:52 1,080 a------- c:\windows\system32\settingsbkup.sfm
2009-03-23 14:52 1,080 a------- c:\windows\system32\settings.sfm
2009-03-23 14:45 --d----- C:\PerfLogs
2009-03-23 03:27 747,566 a------- c:\windows\system32\abgx360.exe
2009-03-22 22:29 680,448 a------- c:\windows\system32\msvcrt.dll
2009-03-22 22:28 970,240 a------- c:\windows\system32\cryptui.dll
2009-03-22 22:27 443,904 a------- c:\windows\system32\wiashext.dll
2009-03-22 22:26 60,124 a------- c:\windows\system32\tcpmon.ini
2009-03-22 22:25 145,455 a------- c:\windows\system32\perfmon.msc
2009-03-22 22:25 599,552 a------- c:\windows\system32\vsp1cln.exe
2009-03-22 22:25 3 a------- c:\windows\system32

\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2009-03-22 22:22 357,888 a------- c:\windows\system32\wbemcomn.dll
2009-03-22 22:22 129,536 a------- c:\windows\system32\sqmapi.dll
2009-03-22 22:22 139,264 a------- c:\windows\system32\SmiInstaller.dll
2009-03-22 22:22 704,512 a------- c:\windows\system32\SmiEngine.dll
2009-03-22 22:21 218,624 a------- c:\windows\system32\wdscore.dll
2009-03-22 22:21 130,560 a------- c:\windows\system32\PkgMgr.exe
2009-03-22 22:20 246,784 a------- c:\windows\system32\drvstore.dll
2009-03-22 22:20 305,152 a------- c:\windows\system32\msdelta.dll
2009-03-22 22:20 258,560 a------- c:\windows\system32\dpx.dll
2009-03-22 22:20 35,328 a------- c:\windows\system32\mspatcha.dll
2009-03-22 02:24 --d----- c:\program files\Dell Photo AIO Printer 942
2009-03-22 01:44 344,064 a------- c:\windows\system32\dlbucoin.dll
2009-03-22 01:44 126,059 a------- c:\windows\system32\dlbuceip.chm
2009-03-22 01:44 40,960 a------- c:\windows\system32\dlbuvs.dll
2009-03-21 21:41 --d----- c:\programdata\NVIDIA
2009-03-21 21:24 1,108,512 a------- c:\windows\system32\nvcpluir.dll
2009-03-21 21:24 797,216 a------- c:\windows\system32\nvcplui.exe
2009-03-21 21:24 420,384 a------- c:\windows\system32\nvcpl.cpl
2009-03-21 21:24 453,152 a------- c:\windows\system32\nvuninst.exe
2009-03-21 20:42 1,294,336 a------- c:\windows\system32\vorbis.acm
2009-03-21 11:24 269,312 a------- c:\windows\system32\es.dll
2009-03-21 10:52 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-03-21 10:52 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-03-21 10:52 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-03-21 10:51 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-03-21 02:51 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-03-21 02:51 61,440 a------- c:\windows\system32\winipsec.dll
2009-03-21 02:51 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-03-21 02:51 272,896 a------- c:\windows\system32\polstore.dll
2009-03-21 02:49 1,820 a------- c:\windows\system32\rasctrnm.h
2009-03-21 02:47 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-03-21 02:47 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-03-21 02:47 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-03-21 02:28 296,960 a------- c:\windows\system32\gdi32.dll
2009-03-21 02:25 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-03-21 02:22 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-03-21 02:22 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-03-21 02:22 1,695,744 a------- c:\windows\system32\gameux.dll
2009-03-21 02:20 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-03-21 02:17 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-03-21 02:17 2,048 a------- c:\windows\system32\msxml3r.dll
2009-03-21 02:04 2,048 a------- c:\windows\system32\tzres.dll
2009-03-21 02:00 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-21 02:00 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-21 02:00 4,096 a------- c:\windows\system32\msdxm.ocx
2009-03-21 02:00 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-21 01:46 2,927,104 a------- c:\windows\explorer.exe
2009-03-21 01:44 15,872 a------- c:\windows\system32\hcrstco.dll
2009-03-21 01:44 8,704 a------- c:\windows\system32\hccoin.dll
2009-03-21 01:36 4,875,776 a------- c:\windows\system32\NlsData0009.dll
2009-03-21 01:28 6,656 a------- c:\windows\system32\kbd106n.dll
2009-03-21 01:28 988,216 a------- c:\windows\system32\winload.exe
2009-03-21 01:28 927,288 a------- c:\windows\system32\winresume.exe
2009-03-21 01:28 318,464 a------- c:\windows\system32\rstrui.exe
2009-03-21 01:28 40,960 a------- c:\windows\system32\srclient.dll
2009-03-21 01:28 378,368 a------- c:\windows\system32\srcore.dll
2009-03-21 01:28 14,848 a------- c:\windows\system32\srdelayed.exe
2009-03-21 01:28 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-03-21 01:28 19,000 a------- c:\windows\system32\kd1394.dll
2009-03-21 01:28 615,992 a------- c:\windows\system32\ci.dll
2009-03-21 01:11 443,392 a------- c:\windows\system32\win32spl.dll
2009-03-21 01:11 37,888 a------- c:\windows\system32\printcom.dll
2009-03-21 01:07 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-03-21 01:07 14,848 a------- c:\windows\system32\wshrm.dll
2009-03-21 01:02 268,288 a------- c:\windows\system32\schannel.dll
2009-03-21 00:55 622,080 a------- c:\windows\system32\icardagt.exe
2009-03-21 00:55 97,800 a------- c:\windows\system32\infocardapi.dll
2009-03-21 00:55 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-03-21 00:55 11,264 a------- c:\windows\system32\icardres.dll
2009-03-21 00:55 105,016 a------- c:\windows\system32

\PresentationCFFRasterizerNative_v0300.dll
2009-03-21 00:55 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-03-21 00:55 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-03-21 00:55 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-03-21 00:46 13,434,880 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-03-21 00:46 32,768 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-03-21 00:46 16,384 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-03-21 00:42 96,760 a------- c:\windows\system32\dfshim.dll
2009-03-21 00:42 41,984 a------- c:\windows\system32\netfxperf.dll
2009-03-21 00:42 282,112 a------- c:\windows\system32\mscoree.dll
2009-03-21 00:42 158,720 a------- c:\windows\system32\mscorier.dll
2009-03-21 00:42 83,968 a------- c:\windows\system32\mscories.dll
2009-03-21 00:32 2,868,736 a------- c:\windows\system32\mf.dll
2009-03-21 00:32 98,816 a------- c:\windows\system32\mfps.dll
2009-03-21 00:32 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-03-21 00:32 24,576 a------- c:\windows\system32\mfpmp.exe
2009-03-21 00:32 2,048 a------- c:\windows\system32\mferror.dll
2009-03-21 00:32 94,720 a------- c:\windows\system32\logagent.exe
2009-03-21 00:32 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-03-21 00:31 738,304 a------- c:\windows\system32\inetcomm.dll
2009-03-21 00:31 84,480 a------- c:\windows\system32\INETRES.dll
2009-03-21 00:31 1,645,568 a------- c:\windows\system32\connect.dll
2009-03-21 00:31 1,314,816 a------- c:\windows\system32\quartz.dll
2009-03-21 00:28 17,480 a------- c:\windows\system32\drivers\hamachi.sys
2009-03-21 00:28 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-21 00:27 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-03-21 00:27 2,048 a------- c:\windows\system32\msxml6r.dll
2009-03-20 23:45 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-03-20 23:45 83,456 a------- c:\windows\system32\wudriver.dll
2009-03-20 23:45 162,064 a------- c:\windows\system32\wuwebv.dll
2009-03-20 23:45 31,232 a------- c:\windows\system32\wuapp.exe
2009-03-20 21:34 --d----- c:\windows\Panther
2009-03-20 21:33 243,328 a------- c:\windows\system32\drivers\RT2500.sys
2009-03-20 21:33 421,888 a------- c:\windows\system32\dlbudrs.dll
2009-03-20 21:33 69,632 a------- c:\windows\system32\dlbucfg.dll
2009-03-20 21:33 61,440 a------- c:\windows\system32\dlbucnv4.dll
2009-03-20 21:33 104,064 a------- c:\windows\system32\drivers\viamraid.sys
2009-03-20 21:33 871,040 a------- c:\windows\system32\drivers\iaStor.sys
2009-03-20 21:20 --d-h--- C:\$WINDOWS.~Q
2009-03-20 21:17 --d-h--- C:\$INPLACE.~TR
2009-03-20 19:22 355 a--shr-- C:\Boot.ini.saved
2009-03-20 19:17 22,668 a------- c:\windows\system32\emptyregdb.dat
2009-03-20 18:46 --d----- c:\users\Charlie
2009-03-20 18:45 --d----- c:\windows\system32\URTTEMP
2009-03-20 18:45 --dsh--- c:\windows\Installer
2009-03-20 18:39 2,736 a---h--- c:\windows\system32\7B296FB0-376B-497e-B012-

9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2009-03-20 18:39 2,736 a---h--- c:\windows\system32\7B296FB0-376B-497e-B012-

9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2009-03-20 18:14 8,192 a--s-r-- C:\BOOTSECT.BAK
2009-03-20 18:14 333,203 a--shr-- C:\bootmgr
2009-03-20 18:14 --dsh--- C:\Boot

==================== Find3M ====================

2009-04-17 19:36 86,016 a------- c:\windows\inf\infstrng.dat
2009-04-17 19:36 51,200 a------- c:\windows\inf\infpub.dat
2009-04-17 19:35 86,016 a------- c:\windows\inf\infstor.dat
2009-03-27 09:44 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-23 14:58 174 a--sh--- c:\program files\desktop.ini
2009-03-23 14:45 665,600 a------- c:\windows\inf\drvindex.dat
2009-03-23 14:27 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-03-23 14:27 82,432 a------- c:\windows\system32\axaltocm.dll
2009-03-21 02:22 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-03-21 02:22 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-03-21 02:22 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-03-21 02:22 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-03-21 02:22 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-03-21 02:22 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-03-21 01:36 3,104,768 a------- c:\windows\system32\NlsData004a.dll
2009-03-20 23:23 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-20 23:23 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-18 12:08 103,744 a------- c:\windows\system32\drivers\AnyDVD.sys
2009-03-16 22:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-12 10:30 142,504 a------- c:\windows\system32\ElbyVCD.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-02 23:40 827,392 a------- c:\windows\system32\wininet.dll
2009-03-02 23:37 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-02 21:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-03-02 06:41 29,184 a------- c:\windows\system32\drivers\VClone.sys
2009-02-17 14:01 1,156,185 a------- C:\RA57.zip
2009-02-17 08:33 89,256 a------- c:\windows\system32\ElbyCDIO.dll
2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-01-29 17:13 724,992 a------- c:\windows\iun6002.exe
2009-01-26 20:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-01-26 20:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-01-26 20:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-01-26 20:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-01-26 20:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-01-26 20:34 684,032 a------- c:\windows\system32\DivX.dll
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-01-13 20:31 668,678 a--sh--- c:\windows\system32\PpYJQXyb.ini2

============= FINISH: 10:04:19.28 ===============


Attached File  Attach.zip   4.79KB   17 downloads

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:55 PM

Posted 28 April 2009 - 05:27 PM

Hello killa57,

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document. (Please do not attach or zip any of the reports)

Edited by SifuMike, 28 April 2009 - 05:28 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 killa57

killa57
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 28 April 2009 - 10:49 PM

Thank you for answering my topic i was about to lose hope heres what you asked for

Results of screen317's Security Check version 0.98.3
Windows Vista Service Pack 1
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Enabled!
AVG8.5
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

SUPERAntiSpyware Free Edition
Malwarebytes' Anti-Malware
Java™ 6 Update 13
Java™ 6 Update 7
Out of date Java installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

Windows Defender MSASCui.exe
Windows Defender MsMpEng.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
AVG avgemc.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GREAT! (Very random)

Scan took 34 seconds.
`````````End of Log```````````

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:55 PM

Posted 29 April 2009 - 12:09 AM

Hi killa57,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 13.
  • Click the "Download" button to the right.
  • At the Select Platform and Language for your download drop down box
    Select Windows and Mult-Language
  • Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. )
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java 6 Update 7
    Java 2 Runtime Environment, SE v1.4.2
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 6
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.

*******************


We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

You need to disable your AVG Antivirus and Windows Defender
before running ComboFix, as they will prevent it from running.

To disable AVG antivirus:  
Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: Posted Image) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.
When you need to enable the AVG Resident Shield, ( I’ll let you know when) just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.


We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.


Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop..

Post the log from ComboFix in your next reply,


A caution -
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 killa57

killa57
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 30 April 2009 - 06:23 AM

okay i ran into a problem i followed the guide to the letter on the combo fix when i ran it, it complained about my AVG i turned of the shield resident like it asked to do brfore i ran combo fix. so i closed combo fix after it complained about my AVG . i uninstalled my AVG restarted computer the i ran combo fix again this time it didnt complain about AVG and it got as far as combo fix is preparing to run i left it going like that for 8 hrs didnt touch nothing cause it was time for me to go to sleep when i woke up it was still at combo fix is preparing to run ?????

P.S. i did turn off windows defender like it asked on the guide , closed all the icons by time clock and i didnt touch nothing like it asked.

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:55 PM

Posted 30 April 2009 - 08:55 AM

Hi,

Reboot your computer.

Delete the version of ComboFix you have on your desktop.

Download a fresh vesion of ComboFix to your desktop.


Run ComboFix using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall

When finished, it shall produce a log for you. Post that log in your next reply.

A caution -
ComboFix should complete in 25 minutes or less on a heavly infected computer.
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Edited by SifuMike, 30 April 2009 - 09:40 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 killa57

killa57
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 02 May 2009 - 09:47 AM

same problem has occured but it got further into the process it got to were it says its trying creating a system restore but thats the furthest it got to i left it running 4 about 40 min the light wasn't blinking after about 5 minutes into it

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:55 PM

Posted 02 May 2009 - 10:06 AM

Hi killa57,

It should not take more than an hour or two to run. :thumbup2: Sounds like it is still having a problem.

Reboot the computer.

Delete the version of ComboFix you have on your desktop.

You need to disable your AVG Antivirus and Windows Defender
before running ComboFix, as they will prevent it from running.

To disable AVG antivirus:
Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: Posted Image) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.
When you need to enable the AVG Resident Shield, ( Iââ?¬â?˘ll let you know when) just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.


We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

Download Combofix from any of the links below. You must rename it before saving it.  Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.  
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 killa57

killa57
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 03 May 2009 - 02:50 PM

combo fix did the same thing it didnt go any further than creating a restore point

but heres the hijack log with the attach.txt


DDS (Ver_09-03-16.01) - NTFSx86
Run by Charlie at 14:43:22.47 on Sun 05/03/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1021.404 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\dlbucoms.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdnserv.exe
C:\Windows\system32\lxdncoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Photo AIO Printer 942\DLBUmon.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\alg.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\Users\Charlie\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {a3d0fd2a-75e4-45a8-b600-d94652124ad0} - c:\windows\system32\byXQJYpP.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DLBUCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBUtime.dll,_RunDLLEntry@16
mRun: [dlbumon.exe] "c:\program files\dell photo aio printer 942\dlbumon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 942\memcard.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [UnlockerAssistant] "e:\program files\unlocker\UnlockerAssistant.exe"
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
StartupFolder: c:\users\charlie\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search
IE: Add to QQ Customized Emoticons - c:\program files\tencent\qq\AddEmotion.htm
IE: Add to QQ Customized Panel - c:\program files\tencent\qq\AddPanel.htm
IE: Add to QQ Emotions - c:\program files\tencent\qq\AddEmotion.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Send picture by MMS - c:\program files\tencent\qq\SendMMS.htm
IE: Send Picture with QQ MMS - c:\program files\tencent\qq\SendMMS.htm
IE: Upload to QQ Network Hard Disk - c:\program files\tencent\qq\AddToNetDisk.htm
IE: {0A155D3C-68E2-4215-A47A-E800A446447A} - c:\program files\cga gameing platform\GameClient.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157b} - c:\program files\tencent\qq\QQ.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mi1933~1\office12\GR99D3~1.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
LSA: Notification Packages = scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\users\charlie\appdata\roaming\mozilla\firefox\profiles\27ai3wsn.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - plugin: c:\users\charlie\appdata\roaming\mozilla\firefox\profiles\27ai3wsn.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

============= SERVICES / DRIVERS ===============

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-7 55152]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-5-8 47640]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2008-2-27 98984]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 b57nd60x;%SvcDispName%;c:\windows\system32\drivers\b57nd60x.sys [2009-3-22 179712]
R3 portio32;portio32;c:\windows\system32\drivers\portio32.sys [2009-4-4 2048]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]

=============== Created Last 30 ================

2009-05-03 14:41 <DIR> --d----- c:\program files\Novatel Wireless
2009-05-02 22:22 115,680 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-05-02 22:20 <DIR> --d----- c:\users\charlie\appdata\roaming\Desktopicon
2009-05-02 22:03 32,592 a------- c:\windows\system32\msonpmon.dll
2009-05-02 21:56 <DIR> --d----- c:\program files\common files\ODBC
2009-05-02 21:53 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-05-02 21:52 <DIR> --d----- c:\windows\SHELLNEW
2009-05-02 21:51 <DIR> --d----- c:\programdata\Microsoft Help
2009-05-02 21:05 318,976 a------- c:\windows\system32\CF18687.exe
2009-05-02 21:05 <DIR> --d----- C:\Combo-Fix
2009-05-02 11:42 318,976 a------- c:\windows\system32\CF6585.exe
2009-05-02 09:17 318,976 a------- c:\windows\system32\CF11001.exe
2009-05-02 09:17 <DIR> --d----- C:\ComboFix
2009-05-01 10:07 318,976 a------- c:\windows\system32\CF746.exe
2009-05-01 09:56 318,976 a------- c:\windows\system32\CF31483.exe
2009-05-01 09:44 318,976 a------- c:\windows\system32\CF29057.exe
2009-05-01 09:43 318,976 a------- c:\windows\system32\CF28809.exe
2009-04-30 21:31 318,976 a------- c:\windows\system32\CF16437.exe
2009-04-30 21:19 318,976 a------- c:\windows\system32\CF14047.exe
2009-04-29 23:14 318,976 a------- c:\windows\system32\CF16629.exe
2009-04-29 22:26 318,976 a------- c:\windows\system32\CF7280.exe
2009-04-29 22:20 318,976 a------- c:\windows\system32\CF6098.exe
2009-04-29 21:35 318,976 a------- c:\windows\system32\CF29781.exe
2009-04-29 21:05 161,792 a------- c:\windows\SWREG.exe
2009-04-29 21:05 98,816 a------- c:\windows\sed.exe
2009-04-29 21:05 318,976 a------- c:\windows\system32\CF24151.exe
2009-04-29 21:03 318,976 a------- c:\windows\system32\CF23746.exe
2009-04-29 21:01 318,976 a------- c:\windows\system32\CF23162.exe
2009-04-27 17:26 16 a------- c:\users\charlie\hacked1.5Key.bin
2009-04-27 17:26 262,144 a------- c:\users\charlie\Hit-OFW6.bin
2009-04-27 17:25 262,144 a------- c:\users\charlie\Hit-OFW5.bin
2009-04-27 17:25 262,144 a------- c:\users\charlie\Hit-OFW4.bin
2009-04-27 17:20 262,144 a------- c:\users\charlie\Hit-OFW2.bin
2009-04-27 17:19 262,144 a------- c:\users\charlie\Hit-OFW1.bin
2009-04-27 16:54 262,144 a------- c:\users\charlie\ftbof.bin
2009-04-27 16:43 262,144 a------- c:\users\charlie\Hit-OFW.bin
2009-04-27 16:40 262,144 a------- C:\original360.bin
2009-04-27 16:40 262,144 a------- C:\original360 3.bin
2009-04-22 20:33 <DIR> --d----- C:\Jnes
2009-04-18 18:22 <DIR> --d----- c:\users\charlie\appdata\roaming\Lexmark Productivity Studio
2009-04-18 11:31 <DIR> --d----- c:\users\charlie\appdata\roaming\FaxCtr
2009-04-17 19:39 <DIR> --d----- c:\programdata\Lx_cats
2009-04-17 19:39 <DIR> --d----- c:\progra~2\Lx_cats
2009-04-17 19:36 <DIR> --d----- C:\logs
2009-04-17 19:32 77,304 a------- c:\windows\system32\lxdnprpr.chm
2009-04-17 19:32 348,160 a------- c:\windows\system32\lxdncoin.dll
2009-04-17 19:28 45,056 a------- c:\windows\system32\LXF3PMON.DLL
2009-04-17 19:28 32,768 a------- c:\windows\system32\LXF3FXPU.DLL
2009-04-17 19:28 339,968 a------- c:\windows\system32\IMGMAN32.DLL
2009-04-17 19:28 98,345 a------- c:\windows\system32\IMHOST32.DLL
2009-04-17 19:28 98,304 a------- c:\windows\system32\IM31XPNG.DEL
2009-04-17 19:28 69,632 a------- c:\windows\system32\IM31XTIF.DEL
2009-04-17 19:28 53,248 a------- c:\windows\system32\lxf3oem.dll
2009-04-17 19:28 49,152 a------- c:\windows\system32\IM31IMG.DIL
2009-04-17 19:28 12,288 a------- c:\windows\system32\LXF3PMRC.DLL
2009-04-17 19:28 <DIR> --d----- c:\programdata\FaxCtr
2009-04-17 19:28 <DIR> --d----- c:\progra~2\FaxCtr
2009-04-17 19:27 <DIR> --d----- c:\program files\Lexmark Fax Solutions
2009-04-17 19:27 <DIR> --d----- c:\program files\Abbyy FineReader 6.0 Sprint
2009-04-17 19:26 1,645,320 a------- c:\windows\system32\gdiplus.dll
2009-04-17 19:26 <DIR> --d----- c:\program files\Lexmark Toolbar
2009-04-17 19:26 102,400 a------- c:\windows\system32\lxdnwupd.dll
2009-04-17 19:26 17,064 a------- c:\windows\system32\lxdnwupd.exe
2009-04-17 19:26 44 a------- c:\windows\system32\lxdnrwrd.ini
2009-04-17 19:25 <DIR> --d----- c:\program files\Lexmark 2600 Series
2009-04-17 14:07 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-04-16 22:07 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-04-16 22:07 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-04-16 22:07 <DIR> --d----- c:\users\charlie\appdata\roaming\SUPERAntiSpyware.com
2009-04-16 22:07 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-15 15:59 376,832 a------- c:\windows\system32\winhttp.dll
2009-04-15 15:58 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-04-15 15:58 38,912 a------- c:\windows\system32\xolehlp.dll
2009-04-15 15:57 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-04-15 15:57 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-04-15 15:57 551,424 a------- c:\windows\system32\rpcss.dll
2009-04-15 15:57 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-04-15 15:57 183,296 a------- c:\windows\system32\sdohlp.dll
2009-04-15 15:57 98,304 a------- c:\windows\system32\iasrecst.dll
2009-04-15 15:57 54,784 a------- c:\windows\system32\iasads.dll
2009-04-15 15:57 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-04-15 15:57 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-04-15 15:57 17,408 a------- c:\windows\system32\iashost.exe
2009-04-15 15:56 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-04-15 15:56 72,704 a------- c:\windows\system32\secur32.dll
2009-04-15 15:56 24,064 a------- c:\windows\system32\amxread.dll
2009-04-15 15:56 13,824 a------- c:\windows\system32\apilogen.dll
2009-04-12 22:03 <DIR> --d----- c:\programdata\WindowsSearch
2009-04-08 22:21 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-04-08 22:20 <DIR> --d----- c:\program files\common files\DivX Shared
2009-04-04 17:32 19,968 a------- c:\windows\system32\portio32.dll
2009-04-04 17:32 2,048 a------- c:\windows\system32\drivers\portio32.sys
2009-04-04 17:32 <DIR> --d----- c:\windows\PortIO32
2009-04-04 17:32 28 a------- c:\windows\yehal
2009-04-03 20:01 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

==================== Find3M ====================

2009-05-03 14:42 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-03 14:42 86,016 a------- c:\windows\inf\infstor.dat
2009-05-03 14:42 51,200 a------- c:\windows\inf\infpub.dat
2009-04-29 20:35 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-23 14:58 174 a--sh--- c:\program files\desktop.ini
2009-03-23 14:45 665,600 a------- c:\windows\inf\drvindex.dat
2009-03-23 14:27 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-03-23 14:27 82,432 a------- c:\windows\system32\axaltocm.dll
2009-03-23 03:27 747,566 a------- c:\windows\system32\abgx360.exe
2009-03-21 11:24 269,312 a------- c:\windows\system32\es.dll
2009-03-21 10:52 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-03-21 10:52 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-03-21 10:52 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-03-21 10:51 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-03-21 02:51 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-03-21 02:51 61,440 a------- c:\windows\system32\winipsec.dll
2009-03-21 02:51 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-03-21 02:51 272,896 a------- c:\windows\system32\polstore.dll
2009-03-21 02:47 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-03-21 02:47 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-03-21 02:47 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-03-21 02:28 296,960 a------- c:\windows\system32\gdi32.dll
2009-03-21 02:25 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-03-21 02:22 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-03-21 02:22 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-03-21 02:22 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-03-21 02:22 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-03-21 02:22 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-03-21 02:22 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-03-21 02:22 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-03-21 02:22 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-03-21 02:22 1,695,744 a------- c:\windows\system32\gameux.dll
2009-03-21 02:20 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-03-21 02:17 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-03-21 02:17 2,048 a------- c:\windows\system32\msxml3r.dll
2009-03-21 02:04 2,048 a------- c:\windows\system32\tzres.dll
2009-03-21 02:00 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-21 02:00 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-21 02:00 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-21 01:46 2,927,104 a------- c:\windows\explorer.exe
2009-03-21 01:36 3,104,768 a------- c:\windows\system32\NlsData004a.dll
2009-03-21 01:28 6,656 a------- c:\windows\system32\kbd106n.dll
2009-03-21 01:28 988,216 a------- c:\windows\system32\winload.exe
2009-03-21 01:28 927,288 a------- c:\windows\system32\winresume.exe
2009-03-21 01:28 318,464 a------- c:\windows\system32\rstrui.exe
2009-03-21 01:28 40,960 a------- c:\windows\system32\srclient.dll
2009-03-21 01:28 378,368 a------- c:\windows\system32\srcore.dll
2009-03-21 01:28 14,848 a------- c:\windows\system32\srdelayed.exe
2009-03-21 01:28 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-03-21 01:28 19,000 a------- c:\windows\system32\kd1394.dll
2009-03-21 01:28 615,992 a------- c:\windows\system32\ci.dll
2009-03-21 01:11 443,392 a------- c:\windows\system32\win32spl.dll
2009-03-21 01:11 37,888 a------- c:\windows\system32\printcom.dll
2009-03-21 01:07 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-03-21 01:07 14,848 a------- c:\windows\system32\wshrm.dll
2009-03-21 01:02 268,288 a------- c:\windows\system32\schannel.dll
2009-03-21 00:55 622,080 a------- c:\windows\system32\icardagt.exe
2009-03-21 00:55 97,800 a------- c:\windows\system32\infocardapi.dll
2009-03-21 00:55 11,264 a------- c:\windows\system32\icardres.dll
2009-03-21 00:55 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-21 00:55 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-03-21 00:55 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-03-21 00:55 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-03-21 00:42 96,760 a------- c:\windows\system32\dfshim.dll
2009-03-21 00:42 41,984 a------- c:\windows\system32\netfxperf.dll
2009-03-21 00:42 282,112 a------- c:\windows\system32\mscoree.dll
2009-03-21 00:42 158,720 a------- c:\windows\system32\mscorier.dll
2009-03-21 00:42 83,968 a------- c:\windows\system32\mscories.dll
2009-03-21 00:32 2,868,736 a------- c:\windows\system32\mf.dll
2009-03-21 00:32 98,816 a------- c:\windows\system32\mfps.dll
2009-03-21 00:32 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-03-21 00:32 24,576 a------- c:\windows\system32\mfpmp.exe
2009-03-21 00:32 2,048 a------- c:\windows\system32\mferror.dll
2009-03-21 00:32 94,720 a------- c:\windows\system32\logagent.exe
2009-03-21 00:32 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-03-21 00:31 738,304 a------- c:\windows\system32\inetcomm.dll
2009-03-21 00:31 84,480 a------- c:\windows\system32\INETRES.dll
2009-03-21 00:31 1,645,568 a------- c:\windows\system32\connect.dll
2009-03-21 00:31 1,314,816 a------- c:\windows\system32\quartz.dll
2009-03-21 00:28 17,480 a------- c:\windows\system32\drivers\hamachi.sys
2009-03-21 00:28 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-21 00:27 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-03-21 00:27 2,048 a------- c:\windows\system32\msxml6r.dll
2009-03-20 23:45 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-03-20 23:45 83,456 a------- c:\windows\system32\wudriver.dll
2009-03-20 23:45 162,064 a------- c:\windows\system32\wuwebv.dll
2009-03-20 23:45 31,232 a------- c:\windows\system32\wuapp.exe
2009-03-20 19:17 22,668 a------- c:\windows\system32\emptyregdb.dat
2009-03-18 12:08 103,744 a------- c:\windows\system32\drivers\AnyDVD.sys
2009-03-16 22:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-12 10:30 142,504 a------- c:\windows\system32\ElbyVCD.dll
2009-03-08 06:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 06:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 06:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 06:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 06:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 06:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 06:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 06:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 06:33:15 A------- 103,936 c:\windows\system32\SetDepNx.exe
2009-01-13 20:31 668,678 a--sh--- c:\windows\system32\PpYJQXyb.ini2

============= FINISH: 14:45:30.50 ===============

Attached File  Attach2.zip   4.24KB   13 downloads

#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:55 PM

Posted 03 May 2009 - 03:12 PM

Hi killa57,

That is not a Hijackthis log, it is a DDS log. :thumbup2:
Attach2.zip is zipped making it hard to read. Do not zip files you attach.
You need to attach a new attach.txt log (not zipped).


Please post a Hijackthis log (NOT the DDS log).

If you dont have Hijackthis, then please download and install the new version by following the instructions here: http://www.download.com/Trend-Micro-Hijack....html?tag=mncol

Note that it is unnecessary to uninstall the old version because the new one will be copied to a different folder.

Let it install in the default folder C:\Program Files\Trend Micro\HijackThis
Please post it.

Edited by SifuMike, 03 May 2009 - 03:34 PM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 killa57

killa57
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 03 May 2009 - 03:44 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:49 PM, on 5/3/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Photo AIO Printer 942\DLBUmon.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A3D0FD2A-75E4-45A8-B600-D94652124AD0} - C:\WINDOWS\system32\byXQJYpP.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlbumon.exe] "C:\Program Files\Dell Photo AIO Printer 942\dlbumon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O9 - Extra button: Holdfast Battle Net - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\CGA Gameing Platform\GameClient.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{578A0A41-AE9F-41AE-9FEA-44847BE76F45}: NameServer = 68.28.186.91 68.28.178.91
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: dlbu_device - - C:\Windows\system32\dlbucoms.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: SPCSUtilityService - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11283 bytes





this is the attach file the new one





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 3/20/2009 7:22:13 PM
System Uptime: 5/3/2009 12:17:05 PM (3 hours ago)

Motherboard: Dell Inc. | | 0U7084
Processor: Intel® Pentium® 4 CPU 3.40GHz | Microprocessor | 3391/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 10.14 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 269 GiB total, 56.289 GiB free.
F: is FIXED (NTFS) - 10 GiB total, 6.263 GiB free.
G: is CDROM (CDFS)
I: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_01761028&REV_01\4&1D7EFF9E&0&00E0
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_01761028&REV_01\4&1D7EFF9E&0&00E0
Service: b57nd60x

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: Creative Game Port
Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&10416D21&0&09F0
Manufacturer: Creative
Name: Creative Game Port
PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&10416D21&0&09F0
Service:

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Linksys Wireless-G PCI Adapter
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&10416D21&0&10F0
Manufacturer: Linksys, A Division of Cisco Systems, Inc.
Name: Linksys Wireless-G PCI Adapter
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&10416D21&0&10F0
Service: RT2500

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi

==== System Restore Points ===================

RP78: 5/2/2009 9:50:39 PM - Installed Microsoft Office Enterprise 2007
RP79: 5/3/2009 9:14:52 AM - Installed Nero 7 Essentials. Available with Windows Installer version 1.2 and later.
RP80: 5/3/2009 2:33:09 PM - Windows Update
RP81: 5/3/2009 2:41:26 PM - Installed Sprint Mobile Broadband (Novatel Wireless).
RP83: 5/3/2009 3:09:09 PM - Before uninstall CnCNet 0.9.8.8

==== Installed Programs ======================


µTorrent
AAC Decoder
ABBYY FineReader 6.0 Sprint
abgx360 v1.0.1
AC3Filter (remove only)
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AnyDVD
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ASIO4ALL
AutoUpdate
Brain Train on the Go (remove only)
CCScore
Choice Guard
CloneCD
CloneDVD2
CmdHere Powertoy For Windows XP
CnCNet 0.9.9.0
CodeStuff Starter
Collab
Command & Conquer The First Decade
Connect
ConvertHelper 2.1
Creative Audio Console
Dell Photo AIO Printer 942
Dell ResourceCD
DivX Codec
DivX Converter
DivX H.264 Player Plugin
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
fflink
FL Studio 8
Fraps (remove only)
FrostWire 4.17.1
Google Toolbar for Internet Explorer
H.264 Decoder
Hamachi 1.0.1.5
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
IL Download Manager
ImgBurn (Remove Only)
Intel Matrix Storage Manager
Intel® 537EP V9x DF PCI Modem
iPrep 101
Java™ 6 Update 13
Junk Mail filter update
Kali II
kgcbase
kgchlwn
Kodak EasyShare software
kuler
Lexmark 2600 Series
Lexmark Fax Solutions
Lexmark Toolbar
LightScribe 1.4.136.1
MaxBlast 4
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Mozilla Firefox (3.0.8)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB927977)
Nero 7 Essentials
neroxml
netbrdg
Nox
NVIDIA Drivers
OfotoXMI
PDF Settings CS4
Photoshop Camera Raw
Platform
PoiZone
QuickTime
Red Alert Themes
SA30xx Device Manager
SA30xx Media Converter
SA32xx Device Manager
Scrapbook Factory Deluxe
Segoe UI
SFR
SHASTA
skin0001
SKINXSDK
Soldat 1.4.2
Sole Survivor
Sprint Mobile Broadband (Novatel Wireless)
Sprint Mobile Broadband (Sierra)
staticcr
Suite Shared Configuration CS4
TaxCut Basic + Efile 2008
tooltips
Toxic Biohazard
Unlocker 1.8.7
VC80CRTRedist - 8.0.50727.762
VIA Platform Device Manager
VirtualCloneDrive
VPRINTOL
WebFldrs XP
Westwood Chat 4.221
Westwood Online
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
WinRAR archiver
WinZip 11.2
WIRELESS
XBC 5.1
XML Paper Specification Shared Components Pack 1.0
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Search Suggest Add-on for IE7
Yahoo! Software Update
Yahoo! Toolbar
Your Uninstaller! 2008 Version 6.0

==== Event Viewer Messages From Past Week ========

5/3/2009 2:53:36 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{578A0A41-AE9F-41AE-9FEA-44847BE76F45} because another computer on the network has the same name. The server could not start.
5/2/2009 6:46:23 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{DD52CF1C-976E-432A-8BAF-23763B7F312C} because another computer on the network has the same name. The server could not start.
5/2/2009 10:04:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
5/2/2009 10:04:21 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/2/2009 10:04:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/1/2009 9:57:09 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/1/2009 9:57:09 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/1/2009 9:57:09 AM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
5/1/2009 9:57:09 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/1/2009 9:57:09 AM, Error: Service Control Manager [7031] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
4/30/2009 9:19:42 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/30/2009 9:19:39 PM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/30/2009 9:19:33 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/30/2009 9:19:32 PM, Error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
4/30/2009 9:19:32 PM, Error: Service Control Manager [7034] - The lxdn_device service terminated unexpectedly. It has done this 1 time(s).
4/30/2009 9:19:32 PM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
4/30/2009 9:19:31 PM, Error: Service Control Manager [7034] - The SPCSUtilityService service terminated unexpectedly. It has done this 1 time(s).
4/30/2009 9:19:31 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
4/30/2009 9:19:31 PM, Error: Service Control Manager [7034] - The lxdnCATSCustConnectService service terminated unexpectedly. It has done this 1 time(s).
4/30/2009 9:19:31 PM, Error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
4/30/2009 9:19:31 PM, Error: Service Control Manager [7034] - The IAA Event Monitor service terminated unexpectedly. It has done this 1 time(s).
4/30/2009 9:19:31 PM, Error: Service Control Manager [7034] - The dlbu_device service terminated unexpectedly. It has done this 1 time(s).
4/30/2009 9:19:31 PM, Error: Service Control Manager [7034] - The ArcSoft Connect Daemon service terminated unexpectedly. It has done this 1 time(s).
4/30/2009 9:19:31 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/30/2009 9:19:31 PM, Error: Service Control Manager [7031] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/30/2009 11:04:06 PM, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
4/29/2009 8:33:35 PM, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
4/29/2009 8:21:37 PM, Error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified.
4/27/2009 5:27:23 PM, Error: cdrom [15] - The device, \Device\CdRom7, is not ready for access yet.
4/27/2009 5:22:39 PM, Error: cdrom [15] - The device, \Device\CdRom6, is not ready for access yet.
4/27/2009 5:12:24 PM, Error: cdrom [15] - The device, \Device\CdRom3, is not ready for access yet.
4/27/2009 5:11:38 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom3.
4/27/2009 5:07:43 PM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.
4/27/2009 5:02:57 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
4/27/2009 12:08:15 PM, Error: PlugPlayManager [12] - The device 'HL-DT-ST DVD-ROM GDR3120L SCSI CdRom Device' (SCSI\CdRom&Ven_HL-DT-ST&Prod_DVD-ROM_GDR3120L&Rev_0079\5&3899e503&0&000000) disappeared from the system without first being prepared for removal.
4/27/2009 12:08:15 PM, Error: cdrom [15] - The device, \Device\CdRom4, is not ready for access yet.
4/27/2009 12:01:23 PM, Error: viamraid [15] - The device, \Device\Scsi\viamraid1, is not ready for access yet.
4/27/2009 12:01:23 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom4.
4/27/2009 1:02:17 PM, Error: cdrom [15] - The device, \Device\CdRom5, is not ready for access yet.
4/27/2009 1:01:45 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom5.
4/26/2009 8:10:05 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
4/26/2009 12:02:31 AM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.

==== End Of File ===========================


edited it added the HJT log

Edited by killa57, 03 May 2009 - 03:47 PM.


#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:55 PM

Posted 03 May 2009 - 04:15 PM

Hi,


Please tell me the antivirus you are using.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 killa57

killa57
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 03 May 2009 - 04:27 PM

i uninstalled my AVG cause combofix was warning me about it running so i uninstalled after the first try. I did stop the resident shield before i ran combofix the first time and i got the warning about AVG from combofix thats why i uninstalled it. After i get rid of the infectious object in my registry that malwarebyte couldn't remove ill install it back on

so at the moment i have none installed

Edited by killa57, 03 May 2009 - 04:28 PM.


#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:55 PM

Posted 03 May 2009 - 04:31 PM

Very bad! :thumbup2: It was not AVG that was preventing ComobFix from running.
You uninstalled it and still ComobFix refused to run.

Never operate a computer without an antivirus installed.

Upgrading to AVG 8.5 is free and it contains the Anti-Spyware engine
  • Download the latest version from AVG'S Website
  • Run the installation file downloaded before and proceed with the installation. At one point it will warn you that to install AVG 8.5 it will remove previous versions, accept and go forward with the installation.
After AVG 8.5 installed, update it and do a complete scan
Once the complete scan is finished post the results in the forum this way:
  • Double click AVG's icon near the watch
  • Select from the menu History -> Scan Results
  • Double click the last scan results
  • Click on Export overview to file... and save the file somewhere you'll be able to find
  • Open the saved file with notepad and copy and paste the results here

Edited by SifuMike, 03 May 2009 - 04:36 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 killa57

killa57
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 03 May 2009 - 11:20 PM

"Scan ""Scan whole computer"" was finished."
"No infection was found during this scan"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"Sunday, May 03, 2009, 5:24:04 PM"
"Scan finished:";"Sunday, May 03, 2009, 8:55:56 PM (3 hour(s) 31 minute(s) 51 second(s))"
"Total object scanned:";"810545"
"User who launched the scan:";"Charlie"

"Warnings"
"File";"Infection";"Result"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@247realmedia[1].txt";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@247realmedia[1].txt:\247realmedia.com.7363636b";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@247realmedia[1].txt:\247realmedia.com.855b46d";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@247realmedia[1].txt:\247realmedia.com.d90d45cf";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@2o7[1].txt";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@2o7[1].txt:\2o7.net.392a317d";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@2o7[1].txt:\2o7.net.8f4a3ad4";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@ad.yieldmanager[1].txt";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@ad.yieldmanager[1].txt:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@ad.yieldmanager[1].txt:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@ad.yieldmanager[1].txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@adrevolver[2].txt";"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@adrevolver[2].txt:\adrevolver.com.9b9d670a";"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@adrevolver[2].txt:\adrevolver.com.f6cfcad4";"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@adtech[1].txt";"Found Tracking cookie.Adtech";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@adtech[1].txt:\adtech.de.a9245469";"Found Tracking cookie.Adtech";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@advertising[2].txt";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@advertising[2].txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@advertising[2].txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@advertising[2].txt:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@advertising[2].txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@advertising[2].txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@atdmt[1].txt";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@atdmt[1].txt:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@atdmt[1].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@atdmt[1].txt:\atdmt.com.ce59db3e";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@bs.serving-sys[1].txt";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@bs.serving-sys[1].txt:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@burstbeacon[1].txt";"Found Tracking cookie.Burstbeacon";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@burstbeacon[1].txt:\burstbeacon.com.c4fe2ebb";"Found Tracking cookie.Burstbeacon";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@burstnet[1].txt";"Found Tracking cookie.Burstnet";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@burstnet[1].txt:\burstnet.com.c4fe2ebb";"Found Tracking cookie.Burstnet";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@casalemedia[1].txt";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@casalemedia[1].txt:\casalemedia.com.1773afc";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@casalemedia[1].txt:\casalemedia.com.2d37ad26";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@casalemedia[1].txt:\casalemedia.com.350339d4";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@casalemedia[1].txt:\casalemedia.com.80ad4799";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@casalemedia[1].txt:\casalemedia.com.8c65eddd";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@casalemedia[1].txt:\casalemedia.com.987e6b46";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@casalemedia[1].txt:\casalemedia.com.fb62dd4b";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@doubleclick[2].txt";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@doubleclick[2].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@doubleclick[2].txt:\doubleclick.net.ce59db3e";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@fastclick[2].txt";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@fastclick[2].txt:\fastclick.net.57e8da10";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@fastclick[2].txt:\fastclick.net.6fd479aa";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@fastclick[2].txt:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@fastclick[2].txt:\fastclick.net.fac3d6f0";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@media.adrevolver[2].txt";"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@media.adrevolver[2].txt:\media.adrevolver.com.7fd89687";"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@mediaplex[2].txt";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@mediaplex[2].txt:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@mediaplex[2].txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@overture[2].txt";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@overture[2].txt:\overture.com.52ca467a";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@overture[2].txt:\overture.com.d727de6f";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@realmedia[2].txt";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@realmedia[2].txt:\realmedia.com.68087763";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@realmedia[2].txt:\realmedia.com.6b2e2a72";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@realmedia[2].txt:\realmedia.com.752f13c3";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@realmedia[2].txt:\realmedia.com.9514c147";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@realmedia[2].txt:\realmedia.com.a2b49f1a";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@realmedia[2].txt:\realmedia.com.bf4a1fa7";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@realmedia[2].txt:\realmedia.com.ef906bac";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@revsci[1].txt";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@revsci[1].txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@revsci[1].txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@revsci[1].txt:\revsci.net.8642c85d";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@revsci[1].txt:\revsci.net.cfd3b3f6";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@revsci[1].txt:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@serving-sys[2].txt";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@serving-sys[2].txt:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@serving-sys[2].txt:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@serving-sys[2].txt:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@serving-sys[2].txt:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@serving-sys[2].txt:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@serving-sys[2].txt:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@tacoda[2].txt";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@tacoda[2].txt:\tacoda.net.27341d57";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@tacoda[2].txt:\tacoda.net.4366831a";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@tacoda[2].txt:\tacoda.net.5935e89";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@tacoda[2].txt:\tacoda.net.c4fe2ebb";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@tacoda[2].txt:\tacoda.net.cd7ce44f";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@tacoda[2].txt:\tacoda.net.ed9c50d1";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@yieldmanager[2].txt";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@yieldmanager[2].txt:\yieldmanager.com.90e15025";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@yieldmanager[2].txt:\yieldmanager.com.ce59db3e";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@zedo[1].txt";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@zedo[1].txt:\zedo.com.27f1639b";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@zedo[1].txt:\zedo.com.a5b6a132";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\Low\charlie@zedo[1].txt:\zedo.com.c1dd09f2";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite";"Found Tracking cookie.Atdmt";"Healed"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\247realmedia.com.855b46d";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\247realmedia.com.d90d45cf";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\2o7.net.3b7e7590";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\2o7.net.9f8b156b";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\2o7.net.e31bc356";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\2o7.net.159cd052";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\2o7.net.770368fe";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\ad.yieldmanager.com.87a9ab5d";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\ad.yieldmanager.com.b4be891c";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\adrevolver.com.9b9d670a";"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\adbrite.com.557c9f74";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\adrevolver.com.f6cfcad4";"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\adtech.de.a9245469";"Found Tracking cookie.Adtech";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\adbrite.com.71beeff9";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\adbrite.com.775ee79c";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\advertising.com.1dfa2206";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\burstbeacon.com.c4fe2ebb";"Found Tracking cookie.Burstbeacon";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\burstnet.com.c4fe2ebb";"Found Tracking cookie.Burstnet";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\casalemedia.com.1773afc";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\casalemedia.com.650648e8";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\burstnet.com.27341d57";"Found Tracking cookie.Burstnet";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\burstnet.com.a3218a37";"Found Tracking cookie.Burstnet";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\casalemedia.com.80ad4799";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\casalemedia.com.8c65eddd";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\casalemedia.com.987e6b46";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\casalemedia.com.fb62dd4b";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\fastclick.net.57e8da10";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\fastclick.net.6fd479aa";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\m.webtrends.com.b4ca7df0";"Found Tracking cookie.Webtrends";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\media.adrevolver.com.7fd89687";"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\overture.com.d727de6f";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\realmedia.com.68087763";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\revsci.net.50e13b1b";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\revsci.net.8642c85d";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\fastclick.net.8dd1284a";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\fastclick.net.94ca190b";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\realmedia.com.e14be39e";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\revsci.net.f5f26334";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\tacoda.net.27341d57";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\tacoda.net.4366831a";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\fastclick.net.fac3d6f0";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\overture.com.52ca467a";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\overture.com.e626e6be";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\perf.overture.com.610ef18d";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\realmedia.com.125a868c";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\tacoda.net.5935e89";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\revsci.net.55564293";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\tacoda.net.c4fe2ebb";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\tacoda.net.cd7ce44f";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\tacoda.net.ed9c50d1";"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\trafficmp.com.37644bdb";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\trafficmp.com.a00e30b4";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\trafficmp.com.ae53b8b";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\trafficmp.com.e2e71e33";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\trafficmp.com.f3e5803e";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\tribalfusion.com.5eef93d0";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\tribalfusion.com.7610f0e0";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\tribalfusion.com.8b22ad8c";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\tribalfusion.com.9bc3e98f";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\yieldmanager.com.ce59db3e";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\zedo.com.14a38114";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\zedo.com.27f1639b";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\zedo.com.a5b6a132";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\zedo.com.c1dd09f2";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\27ai3wsn.default\cookies.sqlite:\zedo.com.ff8ec9c0";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@247realmedia[2].txt";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@247realmedia[2].txt:\247realmedia.com.125a868c";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@247realmedia[2].txt:\247realmedia.com.855b46d";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@247realmedia[2].txt:\247realmedia.com.d90d45cf";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@2o7[2].txt";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@2o7[2].txt:\2o7.net.a4061a69";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@ad.yieldmanager[1].txt";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@ad.yieldmanager[1].txt:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@ad.yieldmanager[1].txt:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@ad.yieldmanager[1].txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@adrevolver[2].txt";"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@adrevolver[2].txt:\adrevolver.com.9b9d670a";"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@adrevolver[2].txt:\adrevolver.com.f6cfcad4";"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@advertising[1].txt";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@advertising[1].txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@advertising[1].txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@advertising[1].txt:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@advertising[1].txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@advertising[1].txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@atdmt[2].txt";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@atdmt[2].txt:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@atdmt[2].txt:\atdmt.com.74c5668";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@atdmt[2].txt:\atdmt.com.9e6d7fd3";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@atdmt[2].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@atdmt[2].txt:\atdmt.com.ce59db3e";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@bs.serving-sys[2].txt";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@bs.serving-sys[2].txt:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@doubleclick[2].txt";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@doubleclick[2].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@doubleclick[2].txt:\doubleclick.net.ce59db3e";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@fastclick[2].txt";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@fastclick[2].txt:\fastclick.net.57e8da10";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@fastclick[2].txt:\fastclick.net.6fd479aa";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@fastclick[2].txt:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@fastclick[2].txt:\fastclick.net.fac3d6f0";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@media.adrevolver[1].txt";"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@media.adrevolver[1].txt:\media.adrevolver.com.7fd89687";"Found Tracking cookie.Adrevolver";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@msnportal.112.2o7[1].txt";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@overture[1].txt";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@overture[1].txt:\overture.com.52ca467a";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@overture[1].txt:\overture.com.d727de6f";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@overture[1].txt:\overture.com.e626e6be";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@realmedia[2].txt";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@realmedia[2].txt:\realmedia.com.855b46d";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@realmedia[2].txt:\realmedia.com.ef906bac";"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@serving-sys[2].txt";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@serving-sys[2].txt:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@serving-sys[2].txt:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@serving-sys[2].txt:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@serving-sys[2].txt:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@serving-sys[2].txt:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@serving-sys[2].txt:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@trafficmp[2].txt";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@trafficmp[2].txt:\trafficmp.com.37644bdb";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@trafficmp[2].txt:\trafficmp.com.a00e30b4";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@trafficmp[2].txt:\trafficmp.com.ae53b8b";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@trafficmp[2].txt:\trafficmp.com.ce59db3e";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@trafficmp[2].txt:\trafficmp.com.e2e71e33";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@trafficmp[2].txt:\trafficmp.com.f3e5803e";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@tribalfusion[2].txt";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@tribalfusion[2].txt:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@zedo[1].txt";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@zedo[1].txt:\zedo.com.27f1639b";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@zedo[1].txt:\zedo.com.c1dd09f2";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Microsoft\Windows\Cookies\Low\ruby@zedo[1].txt:\zedo.com.f462b69f";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite";"Found Tracking cookie.Atdmt";"Healed"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\247realmedia.com.855b46d";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\2o7.net.3b7e7590";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\ad.yieldmanager.com.87a9ab5d";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\casalemedia.com.156cbc67";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\casalemedia.com.1773afc";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\casalemedia.com.2d37ad26";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\casalemedia.com.350339d4";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\casalemedia.com.3a28db8d";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\casalemedia.com.650648e8";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\casalemedia.com.80ad4799";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\casalemedia.com.8c65eddd";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\casalemedia.com.987e6b46";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\fastclick.net.57e8da10";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\fastclick.net.6fd479aa";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\fastclick.net.fac3d6f0";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\overture.com.52ca467a";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\overture.com.e626e6be";"Found Tracking cookie.Overture";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
"C:\Users\Ruby\AppData\Roaming\Mozilla\Firefox\Profiles\54sweecj.default\cookies.sqlite:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users