Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Police Pro


  • This topic is locked This topic is locked
13 replies to this topic

#1 logochick

logochick

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 20 September 2009 - 05:25 PM

Hey guys, I'm infected with this thing that shuts down malwarebytes after four seconds of running. Wont let me run HJT or Norton or safe mode. I don't really know what to do. It blocks up my internet and keeps redirecting my google searches. In my processes, I found some weird stuff like a five or six different iexplorer.exe processes running as well b.exe and c.exe. I need help :thumbsup: What should i do?

Edited by The weatherman, 20 September 2009 - 05:28 PM.
Moved from HJT to a more appropriate forum. Tw


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:48 PM

Posted 20 September 2009 - 05:40 PM

Hello and welcome . Start here Remove Windows Police Pro (Removal Guide)
Scroll to Automated Removal Instructions for Windows Police Pro using Malwarebytes' Anti-Malware:

when Completed post the Scan Log here.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

how is it running no?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 logochick

logochick
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 20 September 2009 - 06:26 PM

Hey boopme,

Thanks for your help! I ran into a bit of a problem with the solution posted.

When I double clicked the fixtm.reg file. I got an error message saying that registry editing has been disabled by my administrator. I don't know how this would happen... I am my computer's administrator.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:48 PM

Posted 20 September 2009 - 07:07 PM

This is what this pest does. Can you run either or both...
Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 logochick

logochick
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 20 September 2009 - 08:08 PM

My computer gave me a strange warning about dcom or something and then turned itself off. Then i tried to run it in safe mode twice and the computer just turned itself off.

For root repeal, it works excrutiatingly slow. Is thia normal? It looks like it may take hours.

Edited by logochick, 20 September 2009 - 08:20 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:48 PM

Posted 20 September 2009 - 09:19 PM

Two choices with Rootrepeal.. give it about and hour to complete,that shou;d be long enough. Then shut it down and try this alternative.
Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 logochick

logochick
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 20 September 2009 - 10:33 PM

I downloaded and installed the program but as soon as the installation was over, nothing happened. I tried to re-install it and nothing. I surfed the windows explorer and found it and ran it but when it finished all the things it found were not recommended for removal so I don't know what I should do now. :thumbsup:

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:48 PM

Posted 20 September 2009 - 10:48 PM

•When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
•This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\<username>\Local Settings\Temp\.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 logochick

logochick
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 20 September 2009 - 10:51 PM

Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 9/20/2009 at 22:50:32 PM
User "hptest" on computer "YOUR-0CDC4F5844"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hjgruipkmlmsoi
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\hjgruipkmlmsoi
Hidden: registry item \HKEY_USERS\S-1-5-18_Classes
Hidden: registry item \HKEY_USERS\S-1-5-19
Hidden: registry item \HKEY_USERS\S-1-5-19_Classes
Hidden: registry item \HKEY_USERS\S-1-5-20
Hidden: registry item \HKEY_USERS\S-1-5-20_Classes
Hidden: registry item \HKEY_USERS\S-1-5-21-2312848793-1292848404-2359120040-1005
Hidden: registry item \HKEY_USERS\S-1-5-21-2312848793-1292848404-2359120040-1005_Classes
Hidden: registry item \HKEY_USERS\S-1-5-21-2312848793-1292848404-2359120040-500
Hidden: registry item \HKEY_USERS\S-1-5-21-2312848793-1292848404-2359120040-500_Classes
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Hidden: file C:\WINDOWS\system32\sdra64.exe
Hidden: file C:\WINDOWS\temp\hjgruidwfjisvmbi.tmp
Hidden: file C:\Documents and Settings\hptest\Temporary Internet Files\Content.IE5\SPND7AWZ\91%2F0%2F5%2FAdId%3D316600%3BBnId%3D2%3Bitime%3D765718255%3Bkvmn%3D93245558%3Bkr581%3D1887%3Bkvag%3Daf2%3Aua25%3Bkvug%3D2%3Bkp%3D12323%3Bnodecode%3Dyes%3Blink%3D;ord=765718255[1]
Hidden: file C:\WINDOWS\temp\hjgruijtwtiqpati.tmp
Hidden: file C:\WINDOWS\system32\hjgruikfrthcvn.dll
Hidden: file C:\WINDOWS\system32\hjgruijkckalxr.dat
Hidden: file C:\WINDOWS\system32\hjgruijnwujedp.dll
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6WZZ41HJ\IAAwAAAAAAbLQv2iMBAAAAAQAAAGZhZjkxZjVhLWE2NGMtMTFkZS05ZGEyLTAwMWIyNDkzNjAzMAAAAAAAAAA=ibBOAA==,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1253496042
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\16KV5DRH\i[1].htm
Hidden: file C:\WINDOWS\temp\ea0462b6-1fa8-40dd-ba6b-7047be53ddd3.tmp
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C05L5926\MAAAAAAAIAAwAAAAAAYp4w2iMBAAAAAAAAADFlYWM0NDA0LWE2NGQtMTFkZS1hODFhLTAwMzA0ODYzMmRjMAAAAAAAAAA=,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1253496102
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W9KC814X\IAAwAAAAAAxMQw2iMBAAAAAQAAADI0ODc4MWE0LWE2NGQtMTFkZS05YzQzLTAwMzA0ODYzNDdlOAAAAAAAAAA=ibBOAA==,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1253496112
Hidden: file C:\Documents and Settings\hptest\Temporary Internet Files\Content.IE5\SPND7AWZ\91%2F0%2F5%2FAdId%3D280996%3BBnId%3D2%3Bitime%3D765948019%3Bkvmn%3D93245558%3Bkr581%3D1887%3Bkvag%3Daf2%3Aua25%3Bkvug%3D2%3Bkp%3D12323%3Bnodecode%3Dyes%3Blink%3D;ord=765948019[1]
Hidden: file C:\Documents and Settings\hptest\Temporary Internet Files\Content.IE5\KA5QDL6S\91%2F0%2F5%2FAdId%3D316600%3BBnId%3D1%3Bitime%3D820790024%3Bkvmn%3D93245558%3Bkr581%3D1887%3Bkvag%3Daf2%3Aua25%3Bkvug%3D2%3Bkp%3D12323%3Bnodecode%3Dyes%3Blink%3D;ord=820790024[1]
Hidden: file C:\Documents and Settings\hptest\Temporary Internet Files\Content.IE5\Q2OJRLZ4\40535034%3Bkvmn%3D93245558%3Bkvtid%3D1578nuh1t6b62g%3Bkvseg%3D99999%3A50280%3Bkr581%3D1887%3Bkvag%3Daf2%3Aua25%3Bkvug%3D2%3Bkp%3D12323%3Bnodecode%3Dyes%3Blink%3D;ord=240535034[1]
Hidden: file C:\Documents and Settings\hptest\Temporary Internet Files\Content.IE5\L0EC3660\91%2F0%2F5%2FAdId%3D280996%3BBnId%3D2%3Bitime%3D820871658%3Bkvmn%3D93245558%3Bkr581%3D1887%3Bkvag%3Daf2%3Aua25%3Bkvug%3D2%3Bkp%3D12323%3Bnodecode%3Dyes%3Blink%3D;ord=820871658[1]
Hidden: file C:\WINDOWS\system32\drivers\hjgruiqaiqvujo.sys
Hidden: file C:\WINDOWS\system32\hjgruivsbuhtkm.dll
Hidden: file C:\WINDOWS\system32\hjgruittgsyrue.dat
Hidden: file C:\Documents and Settings\hptest\Temporary Internet Files\Content.IE5\L0EC3660\67099967%3Bkvmn%3D93245558%3Bkvtid%3D1578nuh1t6b62g%3Bkvseg%3D99999%3A50280%3Bkr581%3D1887%3Bkvag%3Daf2%3Aua25%3Bkvug%3D2%3Bkp%3D12323%3Bnodecode%3Dyes%3Blink%3D;ord=167099967[1]
Hidden: file C:\e375dbb4783faf38d304f2ba\update\updspapi.dll
Hidden: file C:\e375dbb4783faf38d304f2ba\update\update.exe
Hidden: file C:\WINDOWS\system32\eventlog.dll
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GX6NGT27\IAAwAAAAAAuMWq1yMBAAAAAQAAADkyNGNhYzQwLWE1ZWEtMTFkZS04NDU1LTAwMWIyNDkzNjE0OADQnyoAAAA=9RtPAA==,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1253453776
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GX6NGT27\id=1180594;mr=14;channel=1;subchannel=;nickname=Mikecor000;ispub=1;isLog=0;hpcdp=0;tags=child,crazy%20toddler,kid,mom,ritalin,skirt;ord=6434657898834402[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K1YB8HMR\ch=1;cid=4;mr=14;channel=1;nickname=Mikecor000;hpcdp=0;tags=child,crazy%20toddler,kid,mom,ritalin,skirt;u=1180594;cntid=1180594;ord=6434657898834402[1].xml
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AF0P2N\xml;nullbch=1;cid=4;mr=14;channel=1;nickname=Mikecor000;hpcdp=0;tags=child,crazy%20toddler,kid,mom,ritalin,skirt;u=1180594;cntid=1180594;ord=5908399[1].xml
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K1YB8HMR\0x600;cid=4;cntid=1336676;mr=MA;channel=;subchannel=;nickname=PrinceHenryStout;ispub=0;isLog=0;hpcdp=0;tags=nuts,Skater,nut,Nutshot;ord=1870313312134063[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GX6NGT27\IAAwAAAAAATdKr1yMBAAAAAQAAAGJiNDgzMWJlLWE1ZWEtMTFkZS05ZmU2LTAwMWU2ODQ5ZjRlMwAAAAAAAAA=9RtPAA==,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1253453845
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K1YB8HMR\UAAAAAAAIAAwAAAAAAWeGz1yMBAAAAAQAAAGY2MTQwNDM0LWE1ZWItMTFkZS05OGJhLTAwMWIyNDkzNjFmYwAAAAAAAAA=YXA-AA==,,http%3A%2F%2Fwww.dailyitem[1].com%2F,;ord=1253454373
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OD2JW1IR\IAAwAAAAAAObmr1yMBAAAAAQAAAGI3NzQ5MGU2LWE1ZWEtMTFkZS1iNDU3LTAwMWU2ODQ5ZjM5NwCgpSoAAAA=9RtPAA==,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1253453838
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OD2JW1IR\AAABQOwUAAAAAAAIAAwAAAAAAW5-r1yMBAAAAAAAAAAAAABiCUZYqAAAAaBKAqSoAAAAYglGWKgAAACgEUKAqAAAACIJRlioAAAA=,,http%3A%2F%2Fbeyondhollywood[1].com%2F,%7BCLICKURL%7D
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GX6NGT27\IAAwAAAAAA-3mv1yMBAAAAAQAAADRhMGUyZGI4LWE1ZWItMTFkZS1iMGMzLTAwMWIyNDc4NGEyNgAAAAAAAAA=9RtPAA==,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1253454084
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OD2JW1IR\IAAwAAAAAA7jDb1yMBAAAAAQAAAGY1YThhYWQwLWE1ZjEtMTFkZS1hZmQ1LTAwMWIyNDc4M2E0MAAAAAAAAAA=9RtPAA==,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1253456949
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C05L5926\AAAAAAAAAAABSAwQAAAAAAAIAAwAAAAAAAyo62iMBAAAAAAAAAAAAAAAAAAAAAAAA-AMQJSsAAADQsVGWKgAAAABJPdMqAAAA4Eg90yoAAAA=,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GX6NGT27\MAAAAAAAIAAwAAAAAAcluu1yMBAAAAAAAAADFlNTU2M2QwLWE1ZWItMTFkZS04ZjVhLTAwMWIyNDkzNjNiMgAAAAAAAAA=,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1253454011
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OD2JW1IR\BQOwUAAAAAAAIAAwAAAAAA4gqx1yMBAAAAAQAAADg3M2E2YjdhLWE1ZWItMTFkZS04M2FlLTAwMWIyNDkzNjBkYQC5oCoAAAA=YXA-AA==,,http%3A%2F%2Fhoverspot[1].com%2F,;ord=1253454187
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AF0P2N\AAAAAAAAAAABSAwQAAAAAAAIAAwAAAAAAhc2w1yMBAAAAAAAAAAAAAAAAAAAAAAAA0FNBnyoAAABAssBIAAAAAMD5T6sqAAAAoPlPqyoAAAA=,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GX6NGT27\UAAAAAAAIAAwAAAAAAHxm81yMBAAAAAQAAADM3MTY5MTA4LWE1ZWQtMTFkZS1iODRmLTAwMWIyNDc4NDk0MgAAAAAAAAA=YXA-AA==,,http%3A%2F%2Fwww.dailyitem[1].com%2F,;ord=1253454911
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GX6NGT27\AAAAAAAAAADgYgUAAAAAAAIAAwAAAAAAJBzB1yMBAAAAAQAAAGZhZGM5OWMwLWE1ZWQtMTFkZS1iY2MxLTAwMWU2ODM3ZTQ1NQAAAAAAAAA=3dhFAA==,,http%3A%2F%2Fwww.berkshireeagle[1].htm
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K1YB8HMR\UAAAAAAAIAAwAAAAAAWEDC1yMBAAAAAQAAADI3NzJjYzNlLWE1ZWUtMTFkZS1iYWUzLTAwMWIyNGJlNWJmMgAAAAAAAAA=YXA-AA==,,http%3A%2F%2Fwww.dailynews[1].com%2F,;ord=1253455315
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GX6NGT27\AAABPOwUAAAAAAAIAAwAAAAAA897K1yMBAAAAAQAAADc4MjY0Y2VhLWE1ZWYtMTFkZS05MDkzLTAwMWIyNDc4NGE0NAAAAAAAAAA=YXA-AA==,,http%3A%2F%2Fdiynet[1].com%2F,;ord=1253455879
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GX6NGT27\AAAAAAAAAAAAAAAAAAACqcQUAAAAAAAIAAwAAAAAAoFvS1yMBAAAAAAAAAAAAAAAAAAAAAAAAQA0w5CoAAADQUVGWKgAAAHACw54qAAAAUALDnioAAAA=,,http%3A%2F%2Fwww.freeridegames[1].htm
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GX6NGT27\e=standard;sz=728x90;tile=1;dcopt=ist;;u=pageName-index%7Cpos-unk%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdcopt-ist;ord=452252077697906000[1].htm
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OD2JW1IR\_ron_071009;net=dn;u=dn-20480863_1253456809,113fb9ad9406efb,Miscellaneous,;;ord1=228220;sz=300x250;contx=Miscellaneous;dflt=directive;btg=;ord=456806189[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GX6NGT27\IAAwAAAAAAyl7a1yMBAAAAAQAAAGQ1OTgwZWEyLWE1ZjEtMTFkZS05NjhmLTAwMWIyNDc4M2FkYQDkoSoAAAA=YXA-AA==,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1253456895
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OD2JW1IR\MAAAAAAAIAAwAAAAAAuLnc1yMBAAAAAAAAADMxOTdmZmEwLWE1ZjItMTFkZS1iZDc4LTAwMjM3ZDA2MzMzNwAAAAAAAAA=,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1253457050
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AF0P2N\IAAwAAAAAANlzd1yMBAAAAAQAAADRhNjM1ZjQ4LWE1ZjItMTFkZS04MzI2LTAwMzA0ODYzMjk2YQAAAAAAAAA=ibBOAA==,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1253457091
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OD2JW1IR\IAAwAAAAAAoYfd1yMBAAAAAQAAADUxMDM1ZDEyLWE1ZjItMTFkZS1iYWYyLTAwMWU2ODQ5ZjQ5ZAAAAAAAAAA=ibBOAA==,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1253457102
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OD2JW1IR\AAAAAAAAAAAABhyUZYqAAAA8A6wrCoAAAAYclGWKgAAAKABYKQqAAAACHJRlioAAAA=,,http%3A%2F%2Fserved.antventure.com%2Fcreatives%2Fdefault%2Fmetanetwork%2F72890ad[1].htm
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AF0P2N\_;sect=entertain;group1=;group2=;site=ivillage;!category=entertain;!category=videoplayer;network=ivil;emval=;sz=300x250;pos=7;tile=7;ord=406716635351069[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GX6NGT27\AAAAAAAAAAAAAAAAAAAAAAAsBKApioAAAAYQlGWKgAAAOCt0KQqAAAAwK3QpCoAAAA=,,http%3A%2F%2Fserved.antventure.com%2Fcreatives%2Fdefault%2Fmetanetwork%2F72890ad[1].htm
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K1YB8HMR\AAAAAAAAAABhyUZYqAAAAQBYQqioAAADQcVGWKgAAADgJAJ8qAAAACHJRlioAAAA=,,http%3A%2F%2Fserved.antventure.com%2Fcreatives%2Fdefault%2Fmetanetwork%2F72890ad[1].html,
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K1YB8HMR\AAAAAAAAAAABRAwQAAAAAAAIAAwAAAAAA6Mbh1yMBAAAAAAAAAAAAAAAAAAAAAAAA0FNBnyoAAABAUgRtAAAAAGCmBKEqAAAAQKYEoSoAAAA=,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AF0P2N\AAAAIAAgAAAAAAi0.n1yMBAAAAAQAAAGNmMTQ4OTMyLWE1ZjMtMTFkZS1iNzFiLTAwMWU2ODU3MzMyNQBUAAAAAAA=ibBOAA==,,http%3A%2F%2Fad.promanagerplus[1].com%2F,;ord=1253457743
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OD2JW1IR\_;sect=entertain;group1=;group2=;site=ivillage;!category=entertain;!category=videoplayer;network=ivil;emval=;sz=300x250;pos=7;tile=7;ord=421367318034172[1]
Hidden: file C:\Documents and Settings\hptest\Temporary Internet Files\Content.IE5\L0EC3660\00715541%3Bkvmn%3D93245558%3Bkvtid%3D158cm3t1pn35er%3Bkvseg%3D99999%3A50280%3Bkr581%3D1887%3Bkvag%3Daf2%3Aua25%3Bkvug%3D2%3Bkp%3D13286%3Bnodecode%3Dyes%3Blink%3D;ord=600715541[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K1YB8HMR\IAAwAAAAAAyCrp1yMBAAAAAQAAADE3OTg3OGJjLWE1ZjQtMTFkZS1hZDAyLTAwMWU2ODM3ZTljMQAAAAAAAAA=3dhFAA==,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1253457865
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AF0P2N\_;sect=entertain;group1=;group2=;site=ivillage;!category=entertain;!category=videoplayer;network=ivil;emval=;sz=300x250;pos=7;tile=7;ord=207747851522173[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GX6NGT27\IAAwAAAAAANS.t1yMBAAAAAQAAAGI0ODU1MWVhLWE1ZjQtMTFkZS04MWYxLTAwMWU2ODM3ZWE3MwAAAAAAAAA=3dhFAA==,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1253458128
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GX6NGT27\_;sect=entertain;group1=;group2=;site=ivillage;!category=entertain;!category=videoplayer;network=ivil;emval=;sz=300x250;pos=7;tile=7;ord=150503577208146[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AF0P2N\%2F%2Faxxessads.valuead[1].com%2Fcode%3Fpid%3D299%26gid%3D8%26oin%3D0%26rto%3D0%26srb%3D%26rid%3D559326385%26dom%3D20%26dow%3D0%26hod%3D10,;ord=1253458192
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AF0P2N\_;sect=entertain;group1=;group2=;site=ivillage;!category=entertain;!category=videoplayer;network=ivil;emval=;sz=300x250;pos=7;tile=7;ord=112802751292474[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GX6NGT27\_;sect=entertain;group1=;group2=;site=ivillage;!category=entertain;!category=videoplayer;network=ivil;emval=;sz=300x250;pos=7;tile=7;ord=230215727857314[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K1YB8HMR\_;sect=entertain;group1=;group2=;site=ivillage;!category=entertain;!category=videoplayer;network=ivil;emval=;sz=300x250;pos=7;tile=7;ord=296818911761511[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K1YB8HMR\AAAAAAAAAAAAAAAAAAAAADoYgUAAAAAAAIAAwAAAAAAAIf81yMBAAAAAAAAAAAAABgC0MArAAAAwBBkoioAAABA8j9BAAAAAPgVwOkqAAAACALQwCsAAAA=,,http%3A%2F%2Fwww.craveonline[1].htm
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OD2JW1IR\_;sect=entertain;group1=;group2=;site=ivillage;!category=entertain;!category=videoplayer;network=ivil;emval=;sz=300x250;pos=7;tile=7;ord=203320437521673[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K1YB8HMR\_;sect=entertain;group1=;group2=;site=ivillage;!category=entertain;!category=videoplayer;network=ivil;emval=;sz=300x250;pos=7;tile=7;ord=180626221047714[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OD2JW1IR\_;sect=entertain;group1=;group2=;site=ivillage;!category=entertain;!category=videoplayer;network=ivil;emval=;sz=300x250;pos=7;tile=7;ord=289949367337394[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K1YB8HMR\_;sect=entertain;group1=;group2=;site=ivillage;!category=entertain;!category=videoplayer;network=ivil;emval=;sz=300x250;pos=7;tile=7;ord=480487435565330[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AF0P2N\AAAAAAAAAQDgUAAAAAAAIAAwAAAAAAQFz41yMBAAAAAAAAADY5MTRlMjE0LWE1ZjYtMTFkZS1iNDc0LTAwMWU2ODQ5ZjFjYgAAAAAAAAA=,,http%3A%2F%2Fcasasugar[1].com%2F,;ord=1253458861
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GX6NGT27\AAAAC8PAUAAAAAAAIAAwAAAAAAnZz41yMBAAAAAQAAADcyZTcwNDUyLWE1ZjYtMTFkZS1hNjk5LTAwMWIyNGJlNWEwOAAAAAAAAAA=nWA.AA==,,http%3A%2F%2Fphoto[1].net%2F,;ord=1253458877
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GX6NGT27\_;sect=entertain;group1=;group2=;site=ivillage;!category=entertain;!category=videoplayer;network=ivil;emval=;sz=300x250;pos=7;tile=7;ord=187476641085464[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AF0P2N\_;sect=entertain;group1=;group2=;site=ivillage;!category=entertain;!category=videoplayer;network=ivil;emval=;sz=300x250;pos=7;tile=7;ord=102183872106485[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AF0P2N\_;sect=entertain;group1=;group2=;site=ivillage;!category=entertain;!category=videoplayer;network=ivil;emval=;sz=300x250;pos=7;tile=7;ord=100000000000000[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AF0P2N\_;sect=entertain;group1=;group2=;site=ivillage;!category=entertain;!category=videoplayer;network=ivil;emval=;sz=300x250;pos=7;tile=7;ord=125259971614461[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K1YB8HMR\_;sect=entertain;group1=;group2=;site=ivillage;!category=entertain;!category=videoplayer;network=ivil;emval=;sz=300x250;pos=7;tile=7;ord=718382015090901[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GX6NGT27\_;sect=entertain;group1=;group2=;site=ivillage;!category=entertain;!category=videoplayer;network=ivil;emval=;sz=300x250;pos=7;tile=7;ord=203545430649071[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GX6NGT27\_;sect=entertain;group1=;group2=;site=ivillage;!category=entertain;!category=videoplayer;network=ivil;emval=;sz=300x250;pos=7;tile=7;ord=998448960217647[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7T31FNT7\AAAAIAAgAAAAAAnKZf2CMBAAAAAQAAADJiZGQ3NzY2LWE2MDYtMTFkZS05MDkzLTAwMWIyNDkzNjIxNAAAAAAAAAA=ibBOAA==,,http%3A%2F%2Fad.promanagerplus[1].com%2F,;ord=1253465630
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K1YB8HMR\AAAAAAIAAwAAAAAAGj0W2CMBAAAAAQAAAGY4MzQxMjRhLWE1ZmEtMTFkZS05ZDRjLTAwMjI2NDQyYmEzNwAAAAAAAAA=YXA-AA==,,http%3A%2F%2Fwww.craveonline[1].com%2F,;ord=1253460819
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OD2JW1IR\AAAAIAAgAAAAAABSsb2CMBAAAAAQAAAGI4YzFjYjYwLWE1ZmItMTFkZS1hZmMyLTAwMWU2ODM3ZTk0NwBUAAAAAAA=ibBOAA==,,http%3A%2F%2Fad.promanagerplus[1].com%2F,;ord=1253461142
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AF0P2N\AAAAAAAAAAAAAAAAAAAAAAAAAAAAD.cAUAAAAAAAIAAwAAAAAAN5kc2CMBAAAAAAAAAAAAAAAAAAAAAAAAKA0wIisAAABQMlGWKgAAAKDbi60qAAAAgNuLrSoAAAA=,,http%3A%2F%2Fwww.blnk[1].htm
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AF0P2N\AAAAAAAAAAAAAAAAAAAAAAABWcQUAAAAAAAIAAwAAAAAAktYi2CMBAAAAAAAAAAAAABiSUZYqAAAAEBAw3CoAAADQkVGWKgAAAAAFgKUqAAAACJJRlioAAAA=,,http%3A%2F%2Fwww.dailyitem[1].htm
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GX6NGT27\AAAAIAAgAAAAAAaUUl2CMBAAAAAQAAADQzNjhiNGE4LWE1ZmQtMTFkZS04OTE0LTAwMWIyNDc4NGFkMgAAAAAAAAA=ibBOAA==,,http%3A%2F%2Fad.promanagerplus[1].com%2F,;ord=1253461804
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AF0P2N\xBaG95b0FBQUJBd21KZEFBQUFBUEFVMExzcUFBQUEwQUVndkNzQUFBQSUzRCUyQyUyQ2h0dHAlMjUzQSUyNTJGJTI1MkZ3d3cuY3JhdmVvbmxpbmUuY29tJTI1MkYlMkMX;ord=1253463795438[1].htm
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K1YB8HMR\e=standard;sz=728x90;tile=1;dcopt=ist;;u=pageName-index%7Cpos-unk%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdcopt-ist;ord=640252652836372300[1].htm
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GX6NGT27\AAAAAAADYAAUAAAAAAAIAAgAAAAAA8p4v2CMBAAAAAAAAAAAAAAAAAAAAAAAAEEIQ6CoAAABAoiJcAAAAAACc87AqAAAA4JvzsCoAAAA=,,http%3A%2F%2Fcomingsoon[1].net%2F,;ord=1253462482
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DV3M5UN6\e=standard;sz=728x90;tile=1;dcopt=ist;;u=pageName-index%7Cpos-unk%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-1%7Cdcopt-ist;ord=320308258440118500[1].htm
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OD2JW1IR\AAABQOwUAAAAAAAIAAwAAAAAAC9842CMBAAAAAQAAADQxMDllZTJjLWE2MDAtMTFkZS04ZTMwLTAwMWU2ODU3MzQxZAD93SoAAAA=3dhFAA==,,http%3A%2F%2Ffanpop[1].com%2F,;ord=1253463088
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GX6NGT27\_ron_082609;net=dn;u=dn-94667314_1253463195,113fb9ad9406efb,Miscellaneous,;;ord1=500229;sz=300x250;contx=Miscellaneous;dflt=directive;btg=;ord=463192867[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K1YB8HMR\IAAwAAAAAAI7g72CMBAAAAAQAAAGIwNGE0MWE2LWE2MDAtMTFkZS1iYzBlLTAwMWIyNDc4M2EwNgAAAAAAAAA=3dhFAA==,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1253463275
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K1YB8HMR\ality;daypart=primetime;dcopt=ist;!category=naughtykitchen;!category=noexpand;!category=oxygen;sz=728x90,970x66;tile=1;pos=1;pm=1;qsg=D;ord=656334830642[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GX6NGT27\AAAAAAIAAwAAAAAAZ9JQ2CMBAAAAAQAAAGU4OWMzMjhjLWE2MDMtMTFkZS1hYmM5LTAwMWIyNGJlNWQxOAAAAAAAAAA=YXA-AA==,,http%3A%2F%2Fwww.craveonline[1].com%2F,;ord=1253464658
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OD2JW1IR\kitchen;sect=home;genre=reality;daypart=primetime;dcopt=ist;!category=naughtykitchen;!category=oxygen;sz=728x90,970x66;tile=1;pos=1;pm=1;ord=65875512711[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OD2JW1IR\AAAAAAAAABjQQAAAAAAAIAAwAAAAAAgqNS2CMBAAAAAAAAAAAAAAAAAAAAAAAAsAlA0yoAAADQ0VGWKgAAAOAH6KIqAAAAwAfooioAAAA=,,http%3A%2F%2Fd3.zedo.com%2Fjsc%2Fd3%2Fff2[1].htm
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9AF0P2N\=photos;genre=reality;daypart=primetime;!category=naughtykitchen;!category=noexpand;!category=oxygen;sz=300x250;tile=7;pos=7;pm=1;qsg=D;ord=656334830642[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1NG1LAXW\ality;daypart=primetime;dcopt=ist;!category=naughtykitchen;!category=noexpand;!category=oxygen;sz=728x90,970x66;tile=1;pos=1;pm=1;qsg=D;ord=224517968101[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DV3M5UN6\=photos;genre=reality;daypart=primetime;!category=naughtykitchen;!category=noexpand;!category=oxygen;sz=300x250;tile=7;pos=7;pm=1;qsg=D;ord=224517968101[1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1NG1LAXW\AAAAAAIAAwAAAAAARdZc2CMBAAAAAQAAAGJkZjM0NDdlLWE2MDUtMTFkZS1hMzM5LTAwMWIyNDc4NDkzOAAAAAAAAAA=YXA-AA==,,http%3A%2F%2Fwww.craveonline[1].com%2F,;ord=1253465445
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DV3M5UN6\IAAwAAAAAAZY1l2CMBAAAAAQAAADEyNjQ4ZWI4LWE2MDctMTFkZS04MTRkLTAwMWU2ODU3Mzc0ZgAAAAAAAAA=ibBOAA==,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1253466017
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\5MTKP264\CqcQUAAAAAAAIAAwAAAAAAFwpr2CMBAAAAAAAAAAAAANABYCErAAAAoCFeoSoAAABAUgBFAAAAAGgDUKEqAAAAwAFgISsAAAA=,,http%3A%2F%2Fwww.freeridegames[1].com%2F,;ord=1253466376
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1NG1LAXW\UAAAAAAAIAAwAAAAAAQFhv2CMBAAAAAQAAADkwZThhYTBjLWE2MDgtMTFkZS1hYWI2LTAwMWIyNDc4Mzk3ZQAAAAAAAAA=3dhFAA==,,http%3A%2F%2Fwww.dailynews[1].com%2F,;ord=1253466658
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\5MTKP264\p%2FB%3DIEhQGUWTSR8-%2FJ%3D1253466664690708%2FK%3DRm62SW4jco.wknnICQct5w%2FA%3D5758408%2FR%3D0%2F%2A%24,http%3A%2F%2Fhotjobs.yahoo[1].com%2F,;ord=1253466667
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7T31FNT7\0AFoRqsKlkq2YlIAByyz%2FB%3DCLPFGkLEYrg-%2FJ%3D1253466706503827%2FK%3D_u9W5jk9WYQ3do1DnG_7Dg%2FA%3D5758408%2FR%3D0%2F%2A%24,http%3A%2F%2Fhotjobs.yahoo[1].htm
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\5MTKP264\AAAAAAAAAAAAAAAAAAAAAAAAAAAABQOwUAAAAAAAIAAwAAAAAAAOF82CMBAAAAAAAAAAAAANBhUZYqAAAAIFXRnioAAABAkoRvAAAAAJAX0J4qAAAAwGFRlioAAAA=,,http%3A%2F%2Fplaylist[1].htm
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7T31FNT7\AAAAAABPOwUAAAAAAAIAAwAAAAAAd0qA2CMBAAAAAQAAADI2ZGUyOTE4LWE2MGItMTFkZS04NjkzLTAwMWIyNDkzNjA0YQB-0ioAAAA=YXA-AA==,,http%3A%2F%2Fdnj[1].com%2F,;ord=1253467769
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\5MTKP264\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACuXgUAAAAAAAIAAwAAAAAA3eyA2CMBAAAAAAAAAAAAANBBUZYqAAAAiBMApCoAAAAYQlGWKgAAAOAMgJ4qAAAAwEFRlioAAAA=,,http%3A%2F%2Fbebo[1].htm
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7T31FNT7\AAAAIAAgAAAAAAECPG2CMBAAAAAQAAAGNmM2IwMDE4LWE2MTUtMTFkZS1hMTNkLTAwMzA0ODYzMjkyMgA3TDoAAAA=ibBOAA==,,http%3A%2F%2Fad.promanagerplus[1].com%2F,;ord=1253472346
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1NG1LAXW\AAAAIAAgAAAAAA.yeS2CMBAAAAAQAAAGUwYmJhZDY4LWE2MGQtMTFkZS04MjNlLTAwMWIyNDkzNjQ0ZQAAAAAAAAA=ibBOAA==,,http%3A%2F%2Fad.promanagerplus[1].com%2F,;ord=1253468940
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1NG1LAXW\AAAAIAAgAAAAAAzrmF2CMBAAAAAQAAAGZiMmI2OTU2LWE2MGItMTFkZS05OTE3LTAwMWU2ODU3MzU0NwAAAAAAAAA=ibBOAA==,,http%3A%2F%2Fad.promanagerplus[1].com%2F,;ord=1253468125
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DV3M5UN6\AAAAAAAAAAAAAAAAAAAAAAAAAAAAD.cAUAAAAAAAIAAwAAAAAARfuL2CMBAAAAAAAAAAAAABjSUZYqAAAAiARAnyoAAADA0VGWKgAAAADQUZYqAAAATLFTAAAAAAA=,,http%3A%2F%2Fwww.blnk[1].htm
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\5MTKP264\AAAAIAAgAAAAAAMlOR2CMBAAAAAQAAAGMwNDMzOGU0LWE2MGQtMTFkZS05YTBhLTAwMWIyNGJlNTllMgAAAAAAAAA=ibBOAA==,,http%3A%2F%2Fad.promanagerplus[1].com%2F,;ord=1253468885
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\5MTKP264\DRhgUAAAAAAAIAAwAAAAAAuXmd2CMBAAAAAQAAADlhZTQwZmY0LWE2MGYtMTFkZS1hZjI5LTAwMWIyNGJlNWFhMAAAAAAAAAA=nWA.AA==,,http%3A%2F%2Fwww.macon[1].com%2F,;ord=1253469682
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1NG1LAXW\AAAAAAAAAAAAAAAAAAACqcQUAAAAAAAIAAwAAAAAANu-g2CMBAAAAAAAAAAAAAAAAAAAAAAAAuAFwnioAAABAMlGWKgAAAIAwUZYqAAAATLFTAAAAAAA=,,http%3A%2F%2Fwww.freeridegames[1].htm
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7T31FNT7\AAAAAAIAAwAAAAAACfyl2CMBAAAAAQAAAGU3NDY4NzVlLWE2MTAtMTFkZS05NjRkLTAwMzA0OGQxMDI1ZQAAAAAAAAA=YXA-AA==,,http%3A%2F%2Fwww.craveonline[1].com%2F,;ord=1253470239
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7T31FNT7\AAAAAAAAAAAAAAAAAAAAAAAAAAAAD.cAUAAAAAAAIAAwAAAAAAp8uv2CMBAAAAAAAAAAAAABiCUZYqAAAAABcg-ioAAADQgVGWKgAAAPgAkLIqAAAACIJRlioAAAA=,,http%3A%2F%2Fwww.blnk[1].htm
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1NG1LAXW\aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaco6wqaaaaaaaiaaqaaaaaaub6f61g4vj-4hoxrubi-pwaaaaaaaaaaaaaaaaaaaaaaaaaaaaa%2C%7C1095%7C31;sz=728x90;ord=[timestamp][1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\5MTKP264\aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaco6wqaaaaaaaiaaqaaaaaaub6f61g4vj-4hoxrubi-pwaaaaaaaaaaaaaaaaaaaaaaaaaaaaa%2C%7C1095%7C31;sz=728x90;ord=[timestamp][1]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1NG1LAXW\v48851.48851.48851.48851.48851.38771.48851.48851.78282.38771.71746.71745.62864.38771.66362.77756.76912.69832.38771.63688.38771.73289.67088.55944.78448[1].14
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7T31FNT7\AC8PAUAAAAAAAIAAwAAAAAAePq.2CMBAAAAAQAAAGRlYTkzODBlLWE2MTQtMTFkZS04NTYwLTAwMWIyNDkzNjRkMABRyioAAAA=nWA.AA==,,http%3A%2F%2Frhapsody[1].com%2F,;ord=1253471943
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\5MTKP264\UAAAAAAAIAAwAAAAAAinzF2CMBAAAAAQAAAGI1ZDIzMTZlLWE2MTUtMTFkZS04OWVmLTAwMWIyNGJlNWNiNgAAAAAAAAA=YXA-AA==,,http%3A%2F%2Fwww.dailynews[1].com%2F,;ord=1253472304
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DV3M5UN6\AAAIAAwAAAAAAhDbN2CMBAAAAAQAAAGUzYTJkZDU0LWE2MTYtMTFkZS05YTE1LTAwMzA0OGQxMDI5NAAAAAAAAAA=3dhFAA==,,http%3A%2F%2Fwww.berkshireeagle[1].com%2F,;ord=1253472810
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DV3M5UN6\AAAAAAAAAAMCBUZYqAAAAAIBRlioAAABMsVMAAAAAAFCCUZYqAAAAGAAAAAAAAAA%3D%2C%2Chttp%253A%252F%252Fdivshare[1].com%252F%2C%7C1433550%7C22;sz=728x90;ord=[timestamp]
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1NG1LAXW\pos=unk;tag=adi;mtype=standard;sz=300x250;tile=2;;u=pageName-index%7Cpos-unk%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-2;ord=320308258440118500[1].htm
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1NG1LAXW\AAAAAAAAAD.cAUAAAAAAAIAAwAAAAAASRbc2CMBAAAAAAAAAAAAAJgyUZYqAAAAsCRTmioAAABAIiNhAAAAANAW4MMrAAAAiDJRlioAAAA=,,http%3A%2F%2Fwww.blnk[1].com%2F,;ord=1253473785
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7T31FNT7\FBQUFBd0ZDeW9Tb0FBQUJBRW9CQ0FBQUFBT0RhdjZFcUFBQUF3TnEub1NvQUFBQSUzRCUyQyUyQ2h0dHAlMjUzQSUyNTJGJTI1MkZ3d3cuYmxuay5jb20lMjUyRiUyQwXX;ord=1253475771597[1].htm
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\5MTKP264\IAAwAAAAAA7nrl2CMBAAAAAQAAADk3OTM0ZmJjLWE2MWEtMTFkZS1hMmM1LTAwMWIyNGJlNTljMgAAAAAAAAA=9RtPAA==,,http%3A%2F%2Fad.harrenmedianetwork[1].com%2F,;ord=1253474401
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\5MTKP264\BAAAAAAAAAAAAABhCUZYqAAAAgPKDnioAAABAIiBDAAAAAJARgJ4qAAAACEJRlioAAAA%3D%2C%2Chttp%253A%252F%252Fhypem[1].com%252F%2C%7C2106810%7C10;sz=728x90;ord=1253474199
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DV3M5UN6\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADRhgUAAAAAAAIAAwAAAAAAo2fi2CMBAAAAAAAAAAAAABhCUZYqAAAAgPKDnioAAABAIiBDAAAAAJARgJ4qAAAACEJRlioAAAA=,,http%3A%2F%2Fhypem[1].htm
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1NG1LAXW\5FRW9Db0FBQUJBSWlKWEFBQUFBTUFPc0tVcUFBQUFDQUlBdmlzQUFBQSUzRCUyQyUyQ2h0dHAlMjUzQSUyNTJGJTI1MkZ3d3cuY3JhdmVvbmxpbmUuY29tJTI1MkYlMkMX;ord=1253474110991[1].htm
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DV3M5UN6\AAAAAAAAAAAAAAAAAAAAAAAsFQBnyoAAABAguBGAAAAADDTCZ8qAAAAENMJnyoAAAA%3D%2C%2Chttp%253A%252F%252Finfoplease[1].com%252F%2C%7C6537%7C29;sz=728x90;ord=1253474638
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DV3M5UN6\FBQUFBQUI4QXhsVFB3QUFBQUFDQUFBQUFBQUFBQUFBQUFBQUFBQSUzRCUyQyUyQ2h0dHAlMjUzQSUyNTJGJTI1MkZ3d3cuZnJlZXJpZGVnYW1lcy5jb20lMjUyRiUyQwXX;ord=1253474815467[1].htm
Hidden: file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DV3M5UN6\AAAAAAAAAAKCHogAAAAAAAAAAAAAAAAB8A2nuPwAAAAACAAAAAAAAAAAAAAAAAAA%3D%2C%2Chttp%253A%252F%252Fdivshare[1].com%252F%2C%7C1433550%7C22;sz=728x90;ord=[timestamp]
Hidden: file C:\WINDOWS\system32\drivers\7bd11eff.sys
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W9KC814X\AAAAIAAgAAAAAAj2By2iMBAAAAAQAAADI3NWQzNjEyLWE2NTctMTFkZS05N2U3LTAwMzA0ODYzMjcwNgBHAAAAAAA=ibBOAA==,,http%3A%2F%2Fad.promanagerplus[1].com%2F,;ord=1253500412
Hidden: file C:\Documents and Settings\hptest\Temporary Internet Files\Content.IE5\Q2OJRLZ4\le=NeXplore%20-%20Search%23pid%3Daon-pop1%26query%3Dch%2Bair%26source%3D113090%23pid%3Daon-pop1%26query%3Dch%2Bair%26source%3D113090&referer=&screen=1280x800&localtime=16%3A19[1]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6WZZ41HJ\PAP6RwPQrXo8A.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8f0Paccz.BvDReqSbXXguta.CR7c9ZBIsutfAAAAAAA%3D%3D%2C%2Chttp%3A%2F%2Fad.harrenmedianetwork[1].com%2F
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6WZZ41HJ\st[1]
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6WZZ41HJ\AAAAAAAAAAAAAAAAAAAAAAQFRBnyoAAABA4qFUAAAAACCdPsQqAAAAAJ0-xCoAAAA%3D%2C%2Chttp%253A%252F%252Fcentredaily[1].com%252F%2C%7C322%7C26;sz=300x250;ord=1253502035
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\16KV5DRH\AAAAAAAAAAAAAAADhYgUAAAAAAAIAAwAAAAAA9syL2iMBAAAAAAAAAAAAABhiUZYqAAAAUADgzioAAADQYVGWKgAAAPgJULsqAAAACGJRlioAAAA=,,http%3A%2F%2Fwww.entertainmentwise[1].htm
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\16KV5DRH\AAAAAAAAAAAAKCHogAAAAAAAAAAAAAAAAB8AwnAMQAAAAACAAAAAAAAAAAAAAAAAAA=,,http%3A%2F%2Fserved.antventure.com%2Fcreatives%2Fdefault%2Fmetanetwork%2F72890ad[1].htm
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\16KV5DRH\AAAAAAAAAAAAKCHogAAAAAAAAAAAAAAAAB8A6muPgAAAAACAAAAAAAAAAAAAAAAAAA=,,http%3A%2F%2Fserved.antventure.com%2Fcreatives%2Fdefault%2Fmetanetwork%2F72890ad[1].htm
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W9KC814X\AAAAAAAAAAAABiyUZYqAAAAkFUhnyoAAABA8kNpAAAAAMgGkJ8qAAAACLJRlioAAAA=,,http%3A%2F%2Fserved.antventure.com%2Fcreatives%2Fdefault%2Fmetanetwork%2F72890ad[1].htm
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C05L5926\AAAAAAAAAAAAAAAAAAAAAAA8FkBnyoAAABAQmJYAAAAANDrJ94qAAAAsOsn3ioAAAA=,,http%3A%2F%2Fserved.antventure.com%2Fcreatives%2Fdefault%2Fmetanetwork%2F72890ad[1].htm
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C05L5926\FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhNmpnbWFhYWFhYWFpYWF3YWFhYWFhdGRlanF3ZGxvZDltbjRsYnlvd2dwMHczaXVmZzViYS50ZGVqcXdkbHNkOHB4aS5jOXNpJTJD;ord=1253503079800[1].htm
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6WZZ41HJ\FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhNmpnbWFhYWFhYWFpYWF3YWFhYWFhdGRlanF3ZGxvZDltbjRsYnlvd2dwMHczaXVmZzViYS50ZGVqcXdkbHNkOHB4aS5jOXNpJTJD;ord=1253503242210[1].htm
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C05L5926\decide[1].htm
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C05L5926\afr[1].php
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W9KC814X\iframe3[6].htm
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C05L5926\AAAAIAAwAAAAAAvNie2iMBAAAAAQAAAGYwNzM3ZWNhLWE2NWQtMTFkZS04YjY3LTAwMWU2ODU3MzY0OQAAAAAAAAA=odZHAA==,,http%3A%2F%2Fwww.freeridegames[1].com%2F,;ord=1253503326
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C05L5926\iframe3[1].htm
Hidden: file C:\Documents and Settings\NetworkService\Cookies\system@somrapi[1].txt
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6WZZ41HJ\afr[1].php
Hidden: file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W9KC814X\st[10]
Hidden: file C:\Documents and Settings\hptest\Temporary Internet Files\Content.IE5\Q2OJRLZ4\combofix;net=ns;u=ns-78462440_1253479558,113fcd59778c609,CE_Laptops_General,;;kw=;dcopt=ist;tile=1;ord1=901517;sz=728x90;contx=CE_Laptops_General;btg=;ord=%204972874798983183[1]
Hidden: file C:\WINDOWS\temp\hjgruixvbcxrevpe.tmp
Hidden: file C:\WINDOWS\temp\hjgruigiqhxbvgqd.tmp
Info: Starting disk scan of D: (FAT).
Hidden: file D:\MiniNT\system32\xpsp2res.dll
Hidden: file D:\MiniNT\system32\Thawbrkr.dll
Info: Starting disk scan of F: (NTFS).
Stopped logging on 9/20/2009 at 23:26:03 PM

#10 logochick

logochick
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 21 September 2009 - 06:25 AM

So i turned my computer off and now at start up it shows the windows logo but after that it gives me a quick blue screen that tells me something about the registry not being able to load the hive. It just keeps doing that continuously.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:48 PM

Posted 21 September 2009 - 10:25 AM

You do have a Rootkit that needs attention.

Now ... Download this Utility and save it to your Desktop.
Double-click the Utility to run it and and let it finish.
When it states Finished! Press any key to exit, press any key to close the program.
It will save a .txt file to your desktop automatically. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as part of the reply in the topic you will create below..

Next please go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post the Rootrepeal log and the above log.

Let me know how that went.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 logochick

logochick
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 21 September 2009 - 10:35 PM

Hey Boopme,

My computer wouldnt stop turning on and off so I had to do a hard system restore. I never got any help in the other forum so I was hoping you could help me out. What worries me is that I just downloaded Avira antivirus and it told me I have something called SPR/Dldr.DigStream I have no idea how to get rid of it or even what it is. I've run MalwareBytes and it comes up clean.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:48 PM

Posted 22 September 2009 - 01:57 PM

Go to Control Panel > Add/Remove Programs and you should be able to uninstall Digstream.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,041 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:48 PM

Posted 24 September 2009 - 09:12 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/259213/windows-police-pro/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.


Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users