Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Virtuamonde / numerous trojans


  • This topic is locked This topic is locked
35 replies to this topic

#1 JimmyTheBoy

JimmyTheBoy

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 15 November 2009 - 07:48 PM

Here is the DDS log


DDS (Ver_09-10-26.01) - NTFSx86
Run by Gangstas at 18:35:54.17 on Sun 11/15/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.57 [GMT -6:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Gangstas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\Gangstas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\Gangstas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gangstas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gangstas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gangstas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gangstas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gangstas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gangstas\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/?o=101760&l=dis
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\gangstas\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\docume~1\gangstas\locals~1\applic~1\skype\shared\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-3-21 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-3-21 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-3-21 108552]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-3-21 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-3-21 29208]

=============== Created Last 30 ================

2009-11-15 17:20:13 0 d-----w- c:\program files\Trend Micro
2009-11-15 16:43:08 0 d-sh--w- c:\documents and settings\gangstas\IECompatCache
2009-11-14 23:45:48 0 d-----w- c:\docume~1\gangstas\applic~1\MPEG Streamclip
2009-11-13 14:24:34 0 d-----w- C:\07a3a2bca879272bfd8647e5758f3491

==================== Find3M ====================

2009-11-15 23:16:57 63 ----a-w- c:\documents and settings\gangstas\jagex_runescape_preferences2.dat
2009-11-15 23:07:39 38 ----a-w- c:\documents and settings\gangstas\jagex_runescape_preferences.dat
2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:35:52 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\dllcache\strmdll.dll
2003-08-05 16:41:44 53248 -c--a-w- c:\windows\inf\ap561.exe
2002-11-26 21:24:58 32768 -c--a-w- c:\windows\inf\Remove561.exe
2002-11-22 20:56:52 118784 -c--a-w- c:\windows\inf\ShowBmp.exe
2002-10-29 23:07:44 36864 -c--a-w- c:\windows\inf\Setup8a.exe
2002-10-01 19:43:32 119798 -c--a-w- c:\windows\inf\spca561.sys
2006-07-29 19:37:38 22 -csha-w- c:\windows\sminst\HPCD.sys
2009-08-15 02:47:57 1 --sha-w- c:\windows\system32\biyiziko.dll
2009-08-12 12:24:16 39424 --sha-w- c:\windows\system32\bubeguto.dll
2009-08-12 12:24:16 92160 --sha-w- c:\windows\system32\herifolu.dll
2009-08-11 23:07:22 92160 --sha-w- c:\windows\system32\hofalobu.dll
2009-08-15 05:13:49 0 --sha-w- c:\windows\system32\lewemafa.dll
2009-08-15 02:47:58 1 --sha-w- c:\windows\system32\ramidiru.dll
2009-08-15 02:47:58 1 --sha-w- c:\windows\system32\vetiwapo.dll
2009-08-12 12:24:16 0 --sha-w- c:\windows\system32\zazuporo.dll

============= FINISH: 18:37:28.89 ===============


When I try to run RootRepeal as instructed I get this error:
"Could not load driver (0xc0000061)!"


Help is appreciated, thank you!! :(

Attached Files



BC AdBot (Login to Remove)

 


#2 JimmyTheBoy

JimmyTheBoy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 18 November 2009 - 11:49 PM

heres my dds log



DDS (Ver_09-10-26.01) - NTFSx86 NETWORK
Run by Administrator at 22:07:18.18 on Wed 11/18/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.152 [GMT -6:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Local Settings\Temporary Internet Files\Content.IE5\16DF53BE\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9e.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\documents and settings\administrator.sylviaoffice\start menu\programs\startup\LimeWire On Startup.lnk.disabled
StartupFolder: c:\docume~1\admini~1.syl\startm~1\programs\startup\pin.lnk - c:\hp\bin\CLOAKER.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\npjpi160_07.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-3-21 12552]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-3-21 108552]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-3-21 29208]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-3-21 335240]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-26 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-7 297752]
S2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-4-26 1370488]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-4 24652]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-3-21 29208]

=============== Created Last 30 ================

2009-11-16 00:41:21 34816 ----a-w- c:\windows\system32\drivers\.sys
2009-11-15 20:07:27 0 d-----w- c:\docume~1\admini~1.syl\applic~1\HPQ
2009-11-15 17:20:24 63 ----a-w- c:\documents and settings\administrator.sylviaoffice\jagex_runescape_preferences2.dat
2009-11-15 17:20:13 0 d-----w- c:\program files\Trend Micro
2009-11-15 17:15:32 38 ----a-w- c:\documents and settings\administrator.sylviaoffice\jagex_runescape_preferences.dat
2009-11-15 17:12:45 0 d-sh--w- c:\documents and settings\administrator.sylviaoffice\PrivacIE
2009-11-15 17:12:15 0 d-sh--w- c:\documents and settings\administrator.sylviaoffice\IETldCache
2009-11-13 14:24:34 0 d-----w- C:\07a3a2bca879272bfd8647e5758f3491

==================== Find3M ====================

2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:35:52 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\dllcache\strmdll.dll
2003-08-05 16:41:44 53248 -c--a-w- c:\windows\inf\ap561.exe
2002-11-26 21:24:58 32768 -c--a-w- c:\windows\inf\Remove561.exe
2002-11-22 20:56:52 118784 -c--a-w- c:\windows\inf\ShowBmp.exe
2002-10-29 23:07:44 36864 -c--a-w- c:\windows\inf\Setup8a.exe
2002-10-01 19:43:32 119798 -c--a-w- c:\windows\inf\spca561.sys
2006-07-29 19:37:38 22 -csha-w- c:\windows\sminst\HPCD.sys
2009-08-15 02:47:57 1 --sha-w- c:\windows\system32\biyiziko.dll
2009-08-15 05:13:49 0 --sha-w- c:\windows\system32\lewemafa.dll
2009-08-15 02:47:58 1 --sha-w- c:\windows\system32\ramidiru.dll
2009-08-15 02:47:58 1 --sha-w- c:\windows\system32\vetiwapo.dll
2009-08-12 12:24:16 0 --sha-w- c:\windows\system32\zazuporo.dll
2009-03-31 20:50:07 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009033120090401\index.dat

============= FINISH: 22:08:30.53 ===============

ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/11/18 22:17 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF6EDA000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7AC5000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal[1].sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal[1].sys Address: 0xF67A3000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: c:\windows\temp\63e7dcaf-966e-4b58-93cb-d846ab1cdaa1.tmp Status: Allocation size mismatch (API: 65536, Raw: 0) Path: c:\recycler\s-1-5-21-4004330770-2961150447-819971090-1009\dc385\qdata_20060622_20070504_20070716_20071125_20080318.qdf Status: Allocation size mismatch (API: 8736768, Raw: 8699904) Path: c:\recycler\s-1-5-21-4004330770-2961150447-819971090-1009\dc385\qdata_20060622_20070504_20070716_20071125_20080318.qel Status: Allocation size mismatch (API: 1884160, Raw: 1867776) Path: C:\RECYCLER\S-1-5-21-4004330770-2961150447-819971090-1009\Dc390\FAX013~2.DOC Status: Locked to the Windows API! Path: C:\RECYCLER\S-1-5-21-4004330770-2961150447-819971090-1009\Dc390\FAX021~1.DOC Status: Locked to the Windows API! Path: C:\RECYCLER\S-1-5-21-4004330770-2961150447-819971090-1009\Dc390\STEEPV~1.DOC Status: Locked to the Windows API! Path: c:\recycler\s-1-5-21-4004330770-2961150447-819971090-1009\dc394\qdata_20060622_20070504_20070716_20071125_20080318.qdf Status: Allocation size mismatch (API: 8736768, Raw: 8699904) Path: c:\recycler\s-1-5-21-4004330770-2961150447-819971090-1009\dc394\qdata_20060622_20070504_20070716_20071125_20080318.qel Status: Allocation size mismatch (API: 1884160, Raw: 1867776) Path: c:\recycler\s-1-5-21-4004330770-2961150447-819971090-1009\dc397\qdata_20060622_20070504_20070716_20071125_20080318.qdf Status: Allocation size mismatch (API: 8736768, Raw: 8699904) Path: c:\recycler\s-1-5-21-4004330770-2961150447-819971090-1009\dc397\qdata_20060622_20070504_20070716_20071125_20080318.qel Status: Allocation size mismatch (API: 1884160, Raw: 1867776) Path: c:\documents and settings\administrator.sylviaoffice\local settings\temp\~df225a.tmp Status: Allocation size mismatch (API: 32768, Raw: 16384) Path: c:\documents and settings\administrator.sylviaoffice\local settings\temp\~df2786.tmp Status: Allocation size mismatch (API: 524288, Raw: 16384) Path: c:\documents and settings\administrator.sylviaoffice\local settings\temp\~df4435.tmp Status: Allocation size mismatch (API: 524288, Raw: 16384) Path: c:\documents and settings\administrator.sylviaoffice\local settings\temp\~dfdcdb.tmp Status: Allocation size mismatch (API: 16384, Raw: 0) Path: c:\documents and settings\compaq_owner\local settings\temp\~df280f.tmp Status: Allocation size mismatch (API: 16384, Raw: 0) Path: c:\documents and settings\compaq_owner\local settings\temp\~dfcdb5.tmp Status: Allocation size mismatch (API: 2490368, Raw: 16384) Path: c:\documents and settings\compaq_owner\local settings\temp\~df594c.tmp Status: Allocation size mismatch (API: 139264, Raw: 0) Path: c:\documents and settings\compaq_owner\local settings\temp\~dfe881.tmp Status: Allocation size mismatch (API: 16384, Raw: 0) Path: C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\zilch - song remains the same 2008nov08 v1c echo gary yan jo.mp3 Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\zilch - song remains the same 2008nov08 v1c echo gary ya (1).mp3 Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\zilch - tough boys 2009sept06 v1b echo jamie dan gary john (.mp3 Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\zilch - tough boys 2009sept06 v1b echo jamie dan gary jo (1).mp3 Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\zilch - tough boys 2009sept06 v1b echo jamie dan gary john.mp3:Zone.Identifier Status: Invisible to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\zilch - tough boys 2009sept06 v1b echo jamie dan gary john.mp3:Zone.Identifier Status: Invisible to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\zilch - tough boys 2009sept06 v1b echo jamie dan gary john.mp3:Zone.Identifier Status: Invisible to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\zilch - tough boys 2009sept06 v1b echo jamie dan gary john.mp3:Zone.Identifier Status: Invisible to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\zilch - all lit up again - buckcherry 2009sept05 v1 jamie da.mp3 Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\zilch - back in the saddle again 2009jan04 v1b echo cut gary.mp3 Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\zilch - head or tail v1a 2009july11 jamie john gary.mp3:Zone.Identifier Status: Invisible to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\zilch - head or tail v1a 2009july11 jamie john gary.mp3:Zone.Identifier Status: Invisible to the Windows API! Path: c:\documents and settings\gangstas\local settings\temp\etilqs_tabp8hcdxvtr6obwm3fn Status: Allocation size mismatch (API: 8192, Raw: 0) Path: C:\RECYCLER\S-1-5-21-4004330770-2961150447-819971090-1009\Dc400\HOME\Download\program\TomTom_Application_for_ONE_3RD_Edition-1\NAVCOR~1.CAB Status: Locked to the Windows API! Path: C:\RECYCLER\S-1-5-21-4004330770-2961150447-819971090-1009\Dc400\HOME\Download\program\TomTom_Application_for__ONE\NAVCOR~1.CAB Status: Locked to the Windows API! Path: C:\Documents and Settings\Gangstas\Local Settings\Apps\2.0\X2RQ5L1M.MBG\PZ2ZAVOD.YYO\manifests\clickonce_bootstrap.exe.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Gangstas\Local Settings\Apps\2.0\X2RQ5L1M.MBG\PZ2ZAVOD.YYO\manifests\clickonce_bootstrap.exe.manifest Status: Locked to the Windows API! ==EOF==


Please help me, thanks :(

Attached Files


Edited by SifuMike, 25 November 2009 - 05:27 PM.
Merged topics. ~ OB


#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:33 AM

Posted 23 November 2009 - 11:15 PM

Hello JimmyTheBoy,

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.


**********************


Are you a Java Developer? Do you use Java DB and Java Developement Kit?
If not, then uninstall these:
Java DB 10.3.1.4
Java™ SE Development Kit 6 Update 7



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 17.
  • Click the "Download" button to the right.
  • At the Select Platform and Language for your download drop down box
    Select Windows and Mult-Language
  • Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. )
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u16-windows-i586-p.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    J2SE Runtime Environment 5.0 Update 5
    Java™ 6 Update 13
    Java™ 6 Update 3
    Java™ 6 Update 7
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586.exe to install the newest version.
**********************

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

**********************


Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh DDS log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Edited by SifuMike, 23 November 2009 - 11:36 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 JimmyTheBoy

JimmyTheBoy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 25 November 2009 - 11:10 AM

Java updated successfully!

here is the security check:

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
AVG 8.5
``````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
HijackThis 2.0.2
CCleaner (remove only)
Java™ 6 Update 17
Java DB 10.3.1.4
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 7.0.9
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
AVG avgemc.exe
Virus Removal Local Settings Application Data Google\Chrome\Application\chrome.exe
Virus Removal Local Settings Application Data Google\Chrome\Application\chrome.exe
Virus Removal Local Settings Application Data Google\Chrome\Application\chrome.exe
Virus Removal Local Settings Application Data Google\Chrome\Application\chrome.exe
Virus Removal Local Settings Application Data Google\Chrome\Application\chrome.exe
Virus Removal Local Settings Application Data Google\Chrome\Application\chrome.exe
Virus Removal My Documents Downloads SecurityCheck.exe
VIRUSR~1 LOCALS~1 Temp RarSFX0\SecurityCheck\Objlist.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````



MWB can't scan completely!
It gets to about 4238 files then gives me this error:
Run-time error '5': Invalid procedure call or argument

thanks!

Edited by JimmyTheBoy, 25 November 2009 - 11:14 AM.


#5 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:33 AM

Posted 25 November 2009 - 01:19 PM

Hi,

AVG 8.5 is old.
You need to download and install AVG 9.0.
http://www.filehippo.com/download_avg_antivirus/

Please note that any previous version of AVG Free will be un-installed automatically during the installation of the new AVG Free.


***************
Do you use Java Database?

If not, then uninstall
Java DB 10.3.1.4

***************

You are using and outdated version of Adobe Reader. Adobe has since been updated and the update closes many security holes and provides new features.

First, uninstall earlier versions of Adobe Reader.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Adobe Reader.
  • Check (highlight) any item with Adobe Reader in the name.
    Adobe Reader 7.0.9
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Adobe Reader version.
Please download the latest version from:
http://get.adobe.com/reader/

And install it. Once installed, launch it, select Help --> Check for Updates and install any updates.

You may also try the free Foxit PDF reader if you prefer:
http://www.foxitsoftware.com/pdf/reader/

***************

Please download and run this utility and REBOOT. (very important).

Then redownload the latest version of MBAM from here.

Try running MBAM with the Quick Scan. Post the log.

Edited by SifuMike, 25 November 2009 - 01:40 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 JimmyTheBoy

JimmyTheBoy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 25 November 2009 - 04:15 PM

Upgraded AVG!
Upgraded Adobe

Ran the utility, Malwarebytes still gives the me the same run time error!
It does the same thing in Safe mode tambien. >:-0

#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:33 AM

Posted 25 November 2009 - 05:24 PM

Hi,

Go to the program directory of MBAM (e.g. C:\Program Files\Malwarebytes Antimalware\) then rename mbam.exe to JimmyTheBoy.exe, double click JimmyTheBoy.exe to proceed in running a Quick scan.


If still having a problem running it, try this random renamer for MBAM http://kixhelp.com/wr/files/mb/randmbam.exe
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 JimmyTheBoy

JimmyTheBoy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 25 November 2009 - 05:48 PM

Hey,

Neither of those worked =(

#9 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:33 AM

Posted 25 November 2009 - 05:53 PM

Hi,

What was the complete error message?
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 JimmyTheBoy

JimmyTheBoy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 25 November 2009 - 06:01 PM

Run-time error '5': Invalid procedure call or argument

#11 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:33 AM

Posted 25 November 2009 - 06:04 PM

Lets try this:

Download SUPERantispyware
  • Load SUPERantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log to this thread.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 JimmyTheBoy

JimmyTheBoy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 25 November 2009 - 11:44 PM

heres the log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/25/2009 at 09:52 PM

Application Version : 4.31.1000

Core Rules Database Version : 4312
Trace Rules Database Version: 2176

Scan type : Complete Scan
Total Scan Time : 04:27:17

Memory items scanned : 594
Memory threats detected : 0
Registry items scanned : 6289
Registry threats detected : 0
File items scanned : 48292
File threats detected : 564

Adware.Tracking Cookie
C:\Documents and Settings\Virus Removal\Cookies\virus_removal@doubleclick[2].txt
C:\Documents and Settings\Virus Removal\Cookies\virus_removal@interclick[2].txt
C:\Documents and Settings\Virus Removal\Cookies\virus_removal@ad.yieldmanager[2].txt
C:\Documents and Settings\Virus Removal\Cookies\virus_removal@fastclick[1].txt
C:\Documents and Settings\Virus Removal\Cookies\virus_removal@at.atwola[1].txt
C:\Documents and Settings\Virus Removal\Cookies\virus_removal@atdmt[1].txt
C:\Documents and Settings\JD.SEGUIN-COMP\Cookies\jd@www.insightexpress[1].txt
C:\Documents and Settings\JD.SEGUIN-COMP\Cookies\jd@findory[1].txt
C:\Documents and Settings\JD.SEGUIN-COMP\Cookies\jd@insightexpressai[1].txt
C:\Documents and Settings\JD.SEGUIN-COMP\Cookies\jd@insightexpress[1].txt
C:\Documents and Settings\JD.SEGUIN-COMP\Cookies\jd@insightfirst[1].txt
C:\Documents and Settings\JD.SEGUIN-COMP\Cookies\jd@kontera[2].txt
.apmebf.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pgd5t3ia.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pgd5t3ia.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pgd5t3ia.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pgd5t3ia.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pgd5t3ia.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pgd5t3ia.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pgd5t3ia.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pgd5t3ia.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pgd5t3ia.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pgd5t3ia.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pgd5t3ia.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pgd5t3ia.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pgd5t3ia.default\cookies.txt ]
.reduxads.valuead.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pgd5t3ia.default\cookies.txt ]
ads.adbrite.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pgd5t3ia.default\cookies.txt ]
anad.tacoda.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pgd5t3ia.default\cookies.txt ]
anat.tacoda.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pgd5t3ia.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.adlegend.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.ads.addynamix.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.ads.addynamix.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.ads.addynamix.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.ads.addynamix.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.ads.addynamix.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.ads.addynamix.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.antispywaredeluxe.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.antispywaredeluxe.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.antispywaredeluxe.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.antispywaredeluxe.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.antispywaredeluxe.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.eb.adbureau.net [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.eb.adbureau.net [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.eb.adbureau.net [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.eyewonder.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.network.realmedia.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.qnsr.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.qnsr.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.qnsr.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.richmedia.yahoo.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.trackmon.itor.us [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.trackmon.itor.us [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.tremor.adbureau.net [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.tremor.adbureau.net [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.tripod.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.tripod.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.youporn.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.youporn.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.youporn.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.youporn.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.youporn.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
.youporn.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
ad.stillpoint-media.nl [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
ad1.clickhype.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
ads.adbrite.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
ads-dev.youporn.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
anad.tacoda.net [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
anat.tacoda.net [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
banner.iflipit.net [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
bp.specificclick.net [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
cache.trafficmp.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
cache.trafficmp.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
optimize.indieclick.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
tremor.adbureau.net [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
www.burstbeacon.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
www.missoulamedia.net [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
www.nudeteenphoto.com [ C:\Documents and Settings\Administrator.SYLVIAOFFICE\Application Data\Mozilla\Firefox\Profiles\w9hi0o5d.default\cookies.txt ]
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@media6degrees[1].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@media6degrees[2].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@insightexpressai[3].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@insightexpressai[1].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@interclick[2].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@server.iad.liveperson[2].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@server.iad.liveperson[3].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@at.atwola[1].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@a1.interclick[1].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@media.adfrontiers[1].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@collective-media[1].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@ads.audxch[2].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@bs.serving-sys[1].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@eb.adbureau[2].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@oasn04.247realmedia[1].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@richmedia.yahoo[1].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@trafficmp[1].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@ads.pointroll[2].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@ads.bridgetrack[2].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@bravenet[1].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@chitika[1].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@cdn4.specificclick[2].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@questionmarket[1].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@tacoda[2].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@invitemedia[2].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@content.yieldmanager[3].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@realmedia[3].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@specificclick[1].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@ad.yieldmanager[3].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@revsci[1].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@realmedia[1].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@specificmedia[1].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@content.yieldmanager[1].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@microsoftsto.112.2o7[1].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@247realmedia[2].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@247realmedia[1].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@ads.adap[1].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@www.burstbeacon[1].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@serving-sys[3].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@pointroll[1].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@serving-sys[1].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@adserver.adtechus[1].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@eyewonder[2].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@tribalfusion[2].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@kontera[2].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@socialmedia[2].txt
C:\Documents and Settings\Administrator.SYLVIAOFFICE\Cookies\administrator@yieldmanager[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificclick[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@chitika[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@interclick[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@collective-media[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@surveymonkey.122.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@burstnet[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@target.db.advertising[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificclick[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificclick[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@collective-media[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adbrite[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@healthgrades.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@interclick[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@questionmarket[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tribalfusion[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-verizon.hitbox[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@richmedia.yahoo[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-verizon.hitbox[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mediawebconnect[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@content.yieldmanager[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@content.yieldmanager[6].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@data.coremetrics[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.burstnet[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@content.yieldmanager[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@content.yieldmanager[7].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@richmedia.yahoo[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@richmedia.yahoo[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@samsclub.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@serving-sys[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@roiservice[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@content.yieldmanager[8].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@revsci[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@content.yieldmanager[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@content.yieldmanager[5].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cdn4.specificclick[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.googleadservices[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.googleadservices[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.adap[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cdn4.specificclick[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@hitbox[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@t.pointroll[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@levelwing.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ge.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mediaplex[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.pointroll[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ge.112.2o7[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.pointroll[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@jibjab.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@iacas.adbureau[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@bluestreak[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@oasn04.247realmedia[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@oasn04.247realmedia[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@videoegg.adbureau[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@iacas.adbureau[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cpsenergy.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@sales.liveperson[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@sales.liveperson[5].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@sales.liveperson[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@sales.liveperson[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@statse.webtrendslive[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@intermundomedia[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@advertising[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.barnonedrinks[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@realmedia[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@yieldmanager[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@doubleclick[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificmedia[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@statse.webtrendslive[4].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@statse.webtrendslive[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.ad4game[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.ad4game[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@yieldmanager[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@millerbrewingcompany.122.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad1.adtitan[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@socialmedia[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@socialmedia[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@fastclick[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@northwestairlines.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adserver.adtechus[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificmedia[4].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificmedia[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media6degrees[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.shutterfly[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@apmebf[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media6degrees[4].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media6degrees[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@insightexpressai[4].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@statcounter[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@statcounter[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@apmebf[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@insightexpressai[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@apmebf[4].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ehg-jigsaw.hitbox[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@apmebf[5].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@at.atwola[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@at.atwola[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@at.atwola[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@insightexpressai[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.hrsaccount[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@track.bestbuy[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.gamersmedia[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@edge.ru4[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@trafficmp[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.hrsaccount[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@edge.ru4[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.bridgetrack[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.bridgetrack[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@gaiainteractive.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atwola[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@invitemedia[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@invitemedia[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adbureau[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@servedby.adxpower[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@servedby.adxpower[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adbureau[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@rotator.adjuggler[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@bs.serving-sys[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.burstbeacon[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@dannon.122.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@kontera[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@kontera[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@eb.adbureau[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adrevolver[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@pointroll[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@c7.zedo[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adlegend[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@citi.bridgetrack[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.undertone[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.undertone[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@eb.adbureau[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cgm.adbureau[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.pgatour[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@highbeam.122.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media.adrevolver[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media.adrevolver[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@a1.interclick[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@kens.mediawebconnect[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@lucidmedia[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@lucidmedia[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@network.realmedia[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@network.realmedia[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2o7[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@a1.interclick[4].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@a1.interclick[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@broadview.122.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adinterax[2].txt
C:\Documents and Settings\Gabi\Cookies\gabi@www.peoplefinders[2].txt
C:\Documents and Settings\Gabi\Cookies\gabi@www.findpeopletoday[2].txt
C:\Documents and Settings\Gabi\Cookies\gabi@kontera[2].txt
C:\Documents and Settings\Gabi\Cookies\gabi@account.toontown[1].txt
C:\Documents and Settings\Gabi\Cookies\gabi@insightexpressai[1].txt
C:\Documents and Settings\Gabi\Cookies\gabi@traffic.buyservices[1].txt
.adlegend.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.clickaider.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.eyewonder.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.r-kimedia.co.uk [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
adserver6.teracent.net [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
anat.tacoda.net [ C:\Documents and Settings\Gabi.SEGUIN\Application Data\Mozilla\Firefox\Profiles\070tnwiu.default\cookies.txt ]
C:\Documents and Settings\Gabi.SEGUIN\Cookies\gabi@ads.cartoondollemporium[1].txt
C:\Documents and Settings\Gabi.SEGUIN\Cookies\gabi@brightcove.112.2o7[1].txt
C:\Documents and Settings\Gabi.SEGUIN\Cookies\gabi@imrworldwide[2].txt
C:\Documents and Settings\Gabi.SEGUIN\Cookies\gabi@kontera[2].txt
C:\Documents and Settings\Gabi.SEGUIN\Cookies\gabi@richmedia.yahoo[1].txt
C:\Documents and Settings\Gabi.SEGUIN-COMP\Cookies\gabi@insightexpressai[2].txt
C:\Documents and Settings\Gabi.SEGUIN-COMP\Cookies\gabi@www.freebiefind[2].txt
C:\Documents and Settings\Guest\Cookies\guest@insightexpressai[2].txt
.imrworldwide.com [ C:\Documents and Settings\Guest#2\Application Data\Mozilla\Firefox\Profiles\f3bs0jsj.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Guest#2\Application Data\Mozilla\Firefox\Profiles\f3bs0jsj.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Guest#2\Application Data\Mozilla\Firefox\Profiles\f3bs0jsj.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Guest#2\Application Data\Mozilla\Firefox\Profiles\f3bs0jsj.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Guest#2\Application Data\Mozilla\Firefox\Profiles\f3bs0jsj.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Guest#2\Application Data\Mozilla\Firefox\Profiles\f3bs0jsj.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Guest#2\Application Data\Mozilla\Firefox\Profiles\f3bs0jsj.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Guest#2\Application Data\Mozilla\Firefox\Profiles\f3bs0jsj.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\Guest#2\Application Data\Mozilla\Firefox\Profiles\f3bs0jsj.default\cookies.txt ]
cache.trafficmp.com [ C:\Documents and Settings\Guest#2\Application Data\Mozilla\Firefox\Profiles\f3bs0jsj.default\cookies.txt ]
cache.trafficmp.com [ C:\Documents and Settings\Guest#2\Application Data\Mozilla\Firefox\Profiles\f3bs0jsj.default\cookies.txt ]
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@ads.gamersmedia[1].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@media6degrees[1].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@socialmedia[2].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@adxpose[1].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@cgm.adbureau[1].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@interclick[1].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@a1.interclick[2].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@lucidmedia[2].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@adlegend[2].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@content.yieldmanager[3].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@content.yieldmanager[1].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@zillow.adbureau[2].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@a1.interclick[1].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@www.burstbeacon[1].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@ads.pointroll[1].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@rotator.adjuggler[1].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@intermundomedia[2].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@cdn.at.atwola[2].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@ads.ad4game[2].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@oasn04.247realmedia[2].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@servedby.adxpower[2].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@adserver.adtechus[1].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@servedby.adxpower[3].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@server.cpmstar[2].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@network.realmedia[2].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@insightexpressai[1].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@at.atwola[1].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@ar.atwola[2].txt
C:\Documents and Settings\Guest.SYLVIAOFFICE\Cookies\guest@atwola[1].txt
C:\Documents and Settings\James\Cookies\james@insightexpressai[2].txt
C:\Documents and Settings\James\Cookies\james@adserving.cpxinteractive[2].txt
C:\Documents and Settings\James\Cookies\james@media.adrevolver[1].txt
C:\Documents and Settings\JD\Cookies\jd@twci.coremetrics[1].txt
.adlegend.com [ C:\Documents and Settings\kids\Application Data\Mozilla\Firefox\Profiles\wrg2a8b0.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\kids\Application Data\Mozilla\Firefox\Profiles\wrg2a8b0.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\kids\Application Data\Mozilla\Firefox\Profiles\wrg2a8b0.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\kids\Application Data\Mozilla\Firefox\Profiles\wrg2a8b0.default\cookies.txt ]
anad.tacoda.net [ C:\Documents and Settings\kids\Application Data\Mozilla\Firefox\Profiles\wrg2a8b0.default\cookies.txt ]
C:\Documents and Settings\Roni\Cookies\roni@www.findpeopletoday[2].txt
C:\Documents and Settings\Roni\Cookies\roni@insightexpressai[1].txt
C:\Documents and Settings\Roni\Cookies\roni@www.bookfinder4u[1].txt
C:\Documents and Settings\Roni\Cookies\roni@backcountry[2].txt
C:\Documents and Settings\Roni\Cookies\roni@www.findarticles[1].txt
C:\Documents and Settings\Roni\Cookies\roni@traffic.buyservices[1].txt
.adlegend.com [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.electronicarts.112.2o7.net [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.paypal.112.2o7.net [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
.tremor.adbureau.net [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
tremor.adbureau.net [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
www.burstbeacon.com [ C:\Documents and Settings\Roni.SEGUIN\Application Data\Mozilla\Firefox\Profiles\6rvepcp5.default\cookies.txt ]
C:\Documents and Settings\Roni.SEGUIN\Cookies\roni@ads.addynamix[1].txt
C:\Documents and Settings\Roni.SEGUIN\Cookies\roni@ads.pointroll[1].txt
C:\Documents and Settings\Roni.SEGUIN\Cookies\roni@adserving.cpxinteractive[2].txt
C:\Documents and Settings\Roni.SEGUIN\Cookies\roni@adopt.specificclick[1].txt
C:\Documents and Settings\Roni.SEGUIN\Cookies\roni@statse.webtrendslive[3].txt
C:\Documents and Settings\Roni.SEGUIN\Cookies\roni@tripod[2].txt
C:\Documents and Settings\Roni.SEGUIN\Cookies\roni@adlegend[2].txt
C:\Documents and Settings\Roni.SEGUIN\Cookies\roni@imrworldwide[2].txt
C:\Documents and Settings\Roni.SEGUIN\Cookies\roni@insightexpressai[1].txt
C:\Documents and Settings\Roni.SEGUIN\Cookies\roni@media.adrevolver[2].txt
C:\Documents and Settings\Roni.SEGUIN\Cookies\roni@precisionclick[2].txt
C:\Documents and Settings\Roni.SEGUIN\Cookies\roni@specificclick[2].txt
C:\Documents and Settings\Roni.SEGUIN-COMP\Cookies\roni@insightexpressai[1].txt
C:\Documents and Settings\Toni\Cookies\toni@insightexpressai[2].txt
C:\Documents and Settings\Toni.SEGUIN-COMP\Cookies\toni@insightexpressai[1].txt
C:\Documents and Settings\Toni.SEGUIN.000\Cookies\toni@imrworldwide[2].txt
C:\Documents and Settings\Toni.SEGUIN.000\Cookies\toni@media.adrevolver[2].txt
C:\Documents and Settings\Toni.SEGUIN.000\Cookies\toni@precisionclick[1].txt
C:\USERDATA\Cookies\compaq_owner@richmedia.yahoo[1].txt
C:\USERDATA\Cookies\compaq_owner@ads.cnn[1].txt

Trojan.Dropper/SVCHost-Fake
C:\RECYCLER\S-1-5-21-606747145-1085031214-725345543-500\SVCHOST.EXE

Adware.Vundo/Variant-WinMM
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP831\A0676491.DLL

Adware.Vundo/Variant-[Fixed]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP831\A0676492.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP831\A0676519.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP831\A0676538.DLL

Adware.Vundo/Variant-BJ
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP831\A0676539.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP831\A0676540.DLL

:(

#13 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:33 AM

Posted 26 November 2009 - 01:46 AM

Hi JimmyTheBoy,

We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

You need to disable your AVG Antivirus before running ComboFix, as it will prevent it from running.

Disable AVG Resident Shield:
  • Double click AVG system tray icon to open AVG.
  • In Overview section double click Resident Shield.
  • Uncheck Resident Shield Active.
  • Press Save Changes
  • right click on the icon on the Notification Area to exit AVG.

    Note: It is important to activate the resident shield immediately after running ComboFix.
Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop. <== IMPORTANT

A caution -
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post the ComboFix log..

Edited by SifuMike, 26 November 2009 - 01:48 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 JimmyTheBoy

JimmyTheBoy
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 26 November 2009 - 12:23 PM

ComboFix 09-11-25.05 - Virus Removal 11/26/2009 8:52.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.176 [GMT -6:00]
Running from: c:\documents and settings\Virus Removal\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Real\WeatherBug\MiniBugTransporter.dll
c:\recycler\S-1-5-21-1797211860-1752216396-2014673243-1009
c:\recycler\S-1-5-21-1797211860-1752216396-2014673243-1010
c:\recycler\S-1-5-21-1797211860-1752216396-2014673243-1012
c:\recycler\S-1-5-21-1797211860-1752216396-2014673243-1013
c:\recycler\S-1-5-21-1797211860-1752216396-2014673243-1014
c:\recycler\S-1-5-21-2355295214-757667612-4106385601-1009
c:\recycler\S-1-5-21-2355295214-757667612-4106385601-1011
c:\recycler\S-1-5-21-2355295214-757667612-4106385601-1013
c:\recycler\S-1-5-21-4014882481-1941349518-3739153596-1009
c:\recycler\S-1-5-21-4014882481-1941349518-3739153596-1011
c:\recycler\S-1-5-21-4014882481-1941349518-3739153596-1012
c:\recycler\S-1-5-21-4014882481-1941349518-3739153596-1013
c:\recycler\S-1-5-21-484763869-2025429265-1177238915-1003
c:\recycler\S-1-5-21-606747145-1085031214-725345543-500
C:\Thumbs.db
c:\windows\system32\biyiziko.dll
c:\windows\system32\EV02
c:\windows\system32\lewemafa.dll
c:\windows\system32\pac.txt
c:\windows\system32\ramidiru.dll
c:\windows\system32\vetiwapo.dll
c:\windows\system32\zazuporo.dll
c:\windows\viassary-hp.reg

.
((((((((((((((((((((((((( Files Created from 2009-10-26 to 2009-11-26 )))))))))))))))))))))))))))))))
.

2009-11-26 14:23 . 2009-11-26 14:23 -------- d-----w- c:\documents and settings\Virus Removal\Application Data\DivX
2009-11-25 23:20 . 2009-11-26 04:24 117760 ----a-w- c:\documents and settings\Virus Removal\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-25 23:13 . 2009-11-25 23:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-25 23:13 . 2009-11-25 23:13 -------- d-----w- c:\documents and settings\Virus Removal\Application Data\SUPERAntiSpyware.com
2009-11-25 23:08 . 2009-11-25 23:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-25 21:07 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-25 21:07 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-25 21:07 . 2009-11-25 22:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-25 16:50 . 2009-11-25 16:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-25 16:45 . 2009-11-25 16:50 -------- d-----w- C:\$AVG
2009-11-25 16:43 . 2009-11-25 16:43 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2009-11-25 16:42 . 2009-11-25 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-25 16:18 . 2009-11-25 21:08 -------- d-----w- c:\documents and settings\Virus Removal\Application Data\Malwarebytes
2009-11-25 16:08 . 2009-11-26 14:37 63 ----a-w- c:\documents and settings\Virus Removal\jagex_runescape_preferences2.dat
2009-11-25 16:08 . 2009-11-26 14:39 38 ----a-w- c:\documents and settings\Virus Removal\jagex_runescape_preferences.dat
2009-11-25 15:04 . 2009-11-25 15:05 -------- d-----w- c:\documents and settings\Virus Removal\Local Settings\Application Data\Temp
2009-11-25 15:04 . 2009-11-25 15:04 53720 ----a-w- c:\documents and settings\Virus Removal\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-25 15:04 . 2009-11-25 15:04 -------- d-----w- c:\documents and settings\Virus Removal\Local Settings\Application Data\Deployment
2009-11-25 15:00 . 2009-11-25 15:00 -------- d-sh--w- c:\documents and settings\Virus Removal\PrivacIE
2009-11-25 14:53 . 2009-11-25 14:53 -------- d-----w- c:\documents and settings\Virus Removal\Application Data\Logitech
2009-11-25 14:52 . 2009-11-25 14:52 -------- d-----w- c:\documents and settings\Virus Removal\Local Settings\Application Data\Apple Computer
2009-11-25 14:49 . 2009-11-25 14:49 -------- d-sh--w- c:\documents and settings\Virus Removal\IETldCache
2009-11-21 16:14 . 2009-11-18 15:18 3775256 ----a-w- c:\documents and settings\All Users\Application Data\Temp\AVG\setup.exe
2009-11-20 03:18 . 2009-11-20 03:18 -------- d-----w- c:\documents and settings\Gangstas\Application Data\Malwarebytes
2009-11-19 13:21 . 2009-11-19 13:21 -------- d-----w- C:\VundoFix Backups
2009-11-19 12:38 . 2009-11-19 12:38 -------- d-----w- c:\documents and settings\Administrator.SYLVIAOFFICE\Application Data\Malwarebytes
2009-11-19 12:38 . 2009-11-25 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-16 00:41 . 2009-11-16 12:55 34816 ----a-w- c:\windows\system32\drivers\.sys
2009-11-15 20:07 . 2009-11-15 20:07 -------- d-----w- c:\documents and settings\Administrator.SYLVIAOFFICE\Application Data\HPQ
2009-11-15 17:20 . 2009-11-15 22:30 63 ----a-w- c:\documents and settings\Administrator.SYLVIAOFFICE\jagex_runescape_preferences2.dat
2009-11-15 17:20 . 2009-11-15 17:20 -------- d-----w- c:\program files\Trend Micro
2009-11-15 17:15 . 2009-11-15 22:35 38 ----a-w- c:\documents and settings\Administrator.SYLVIAOFFICE\jagex_runescape_preferences.dat
2009-11-15 17:12 . 2009-11-15 17:12 -------- d-sh--w- c:\documents and settings\Administrator.SYLVIAOFFICE\PrivacIE
2009-11-15 17:12 . 2009-11-15 17:12 -------- d-sh--w- c:\documents and settings\Administrator.SYLVIAOFFICE\IETldCache
2009-11-15 16:43 . 2009-11-15 16:43 -------- d-sh--w- c:\documents and settings\Gangstas\IECompatCache
2009-11-14 23:45 . 2009-11-14 23:45 -------- d-----w- c:\documents and settings\Gangstas\Application Data\MPEG Streamclip
2009-11-13 14:24 . 2009-11-13 14:24 -------- d-----w- C:\07a3a2bca879272bfd8647e5758f3491
2009-11-03 23:46 . 2009-11-03 23:47 63 ----a-w- c:\documents and settings\Guest.SYLVIAOFFICE\jagex_runescape_preferences2.dat
2009-11-03 23:45 . 2009-11-03 23:47 38 ----a-w- c:\documents and settings\Guest.SYLVIAOFFICE\jagex_runescape_preferences.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-26 15:39 . 2008-12-03 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-11-26 14:21 . 2009-04-25 03:01 -------- d-----w- c:\program files\HyCam2
2009-11-26 14:13 . 2008-04-18 12:11 0 ----a-w- c:\documents and settings\bob\Local Settings\Application Data\prvlcl.dat
2009-11-26 14:13 . 2008-03-26 00:02 0 ----a-w- c:\documents and settings\Guest.SYLVIAOFFICE\Local Settings\Application Data\prvlcl.dat
2009-11-25 16:44 . 2008-03-22 02:50 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-25 16:44 . 2008-03-22 02:50 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-25 16:44 . 2007-12-24 16:34 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-25 16:43 . 2008-03-22 02:50 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-25 16:43 . 2008-03-22 02:50 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-11-25 16:42 . 2008-03-22 02:49 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-11-25 16:42 . 2008-03-22 02:49 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-11-25 16:42 . 2008-03-22 02:49 -------- d-----w- c:\program files\AVG
2009-11-25 16:05 . 2008-11-28 04:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-25 15:53 . 2006-02-22 00:58 -------- d-----w- c:\program files\Java
2009-11-25 14:23 . 2008-12-08 13:00 38 ----a-w- c:\documents and settings\Gangstas\jagex_runescape_preferences.dat
2009-11-25 14:23 . 2009-09-03 01:52 63 ----a-w- c:\documents and settings\Gangstas\jagex_runescape_preferences2.dat
2009-11-21 16:13 . 2009-05-14 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2009-11-15 21:20 . 2008-04-18 11:31 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-15 20:06 . 2007-07-29 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-15 19:45 . 2009-02-28 17:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-14 22:35 . 2008-12-08 00:55 -------- d-----w- c:\documents and settings\Gangstas\Application Data\Apple Computer
2009-10-06 02:47 . 2009-09-22 00:16 -------- d-----w- c:\documents and settings\Gangstas\Application Data\Skype
2009-10-06 02:39 . 2009-09-22 00:18 -------- d-----w- c:\documents and settings\Gangstas\Application Data\skypePM
2009-09-29 02:23 . 2008-12-08 00:45 53720 ----a-w- c:\documents and settings\Gangstas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-24 00:32 . 2009-09-24 00:32 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-22 00:15 . 2009-09-22 00:15 371272 ----a-r- c:\documents and settings\Gangstas\Application Data\Microsoft\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
2009-09-11 14:18 . 2004-08-04 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2006-07-29 19:37 . 2006-07-29 17:37 22 -csha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 23:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]
"Google Update"="c:\documents and settings\Virus Removal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-25 135664]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-27 185872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-25 149280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-25 2020120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-21 27136]

c:\documents and settings\Administrator.SYLVIAOFFICE\Start Menu\Programs\Startup\
LimeWire On Startup.lnk.disabled [2008-5-28 1546]
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-21 27136]

c:\documents and settings\Toni.SEGUIN\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-21 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-5-28 450560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-25 16:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\TomTom HOME 2\\xulrunner\\HOMERuntime.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [11/25/2009 10:43 AM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [3/21/2008 8:50 PM 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/21/2008 8:50 PM 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/21/2008 8:50 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/25/2009 10:43 AM 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/25/2009 10:43 AM 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [11/25/2009 10:43 AM 2304192]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [3/21/2008 8:49 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [11/25/2009 10:43 AM 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [11/25/2009 10:43 AM 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [11/25/2009 10:43 AM 25736]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [11/25/2009 10:42 AM 5832712]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 4:45 AM 13088]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [3/21/2008 8:49 PM 30104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/25/2009 3:07 PM 38224]
.
Contents of the 'Scheduled Tasks' folder

2009-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4004330770-2961150447-819971090-1017Core.job
- c:\documents and settings\Gangstas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-27 01:20]

2009-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4004330770-2961150447-819971090-1017UA.job
- c:\documents and settings\Gangstas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-27 01:20]

2009-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4004330770-2961150447-819971090-1018Core.job
- c:\documents and settings\Virus Removal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-25 15:04]

2009-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4004330770-2961150447-819971090-1018UA.job
- c:\documents and settings\Virus Removal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-25 15:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-PCDrProfiler - (no file)
AddRemove-QcDrv - c:\program files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE UNINSTALL REMOVEPROMPT
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-26 10:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1244)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-11-26 10:42
ComboFix-quarantined-files.txt 2009-11-26 16:41
ComboFix2.txt 2007-08-14 01:46

Pre-Run: 124,131,971,072 bytes free
Post-Run: 128,325,820,416 bytes free

- - End Of File - - 39F67D75B18B0DD1BD15E54E2D45D476

#15 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:33 AM

Posted 26 November 2009 - 01:30 PM

Hi,

ComboFix 09-11-25.05 - Virus Removal 11/26/2009 8:52.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.176 [GMT -6:00]
Running from: c:\documents and settings\Virus Removal\Desktop\ComboFix.exe



Have you edited your ComobFix log? I see "Virus Removal" :(




I strongly suggest that you uninstall Ask Toolbar. Some of the bad practices of this toolbar are:

  • Promoting its toolbars on sites targeted to kids. Details.
  • Promoting its toolbars through ads that appear to be part of other companies' sites. Details.
  • Promoting its toolbars through other companies' spyware. Details.
  • Installing without any disclosure whatsoever and without any consent whatsoever. Details.
  • Soliciting installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link. Details.
  • Making confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit. Details.
Plesae read the full details HERE.

If you decided to remove Ask Toolbar.
Go to Start > Control Panel > Add Remove programs and remove Ask Toolbar.

Then go to C: > Program Files and delete Ask Toolbar folder.





Please show hidden files and folders
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the each of the following file paths into the "Suspicious files to scan"box on the top of the page:
    • c:\windows\system32\drivers\.sys
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
  • If Copy to Clipbard does not work, then just copy and paste the output in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.

Edited by SifuMike, 26 November 2009 - 02:03 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users