Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Frequent pop-ups & Warnings of Virus Protection Needed


  • This topic is locked This topic is locked
18 replies to this topic

#1 megslc

megslc

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Salt Lake City, Utah
  • Local time:10:01 AM

Posted 19 January 2010 - 12:05 AM

Two issues: (1) While on IE7, various websites including Facebook, Google searches, etc., annoying pop-ups appear even though I have Pop-ups blocked. Two that I noted show across the top - //media2.tmlatn.com and www.gamevance.com, and several others that start with 'media2'. I can always close them but they are large and annoying. Second issue: Have had several recent virus warning pop-ups come up saying I have multiple viruses, trojans, etc. and I need to install their program to clean and protect. One was REGISTRY DEFENDER but didn't get the name of the others. It usually takes clicking multiple 'cancel' and x's to close the various boxes that come up until they finally all clear. They all work about the same as the "Security Tool" that I was able to uninstall on 12/27/09 by following guide found here on Bleeping Computer. That was the first of this type worm or whatever it is that I have had. The more recent events, while not 'Security Tool', have had the same behavior. I need help getting rid of all this stuff that Kaspersky doesn't seem to catch! blink.gif
OMG, the a media2.tmlatn pop-up appeared just now while attaching the files below!!!!! And another from www.pcsecurityshield.com although body of pop-up was blank.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Marsha Goff at 20:59:26.84 on Mon 01/18/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.173 [GMT -7:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Documents and Settings\Marsha Goff\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net?cid=NET_mmhpset
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Shell=Explorer.exe logon.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [TClockEx] c:\documents and settings\marsha goff\desktop\tclockex\TCLOCKEX.EXE
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Desktop Software] "c:\program files\comcastui\universal installer\uinstaller.exe" /ini "uinstaller.ini" /fromrun /starthidden
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe Version Cue CS2] c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [avp] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [yekakupan] Rundll32.exe "c:\windows\system32\jekesoyu.dll",a
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\marsha~1\startm~1\programs\startup\eventr~1.lnk - c:\pmw\PMREMIND.EXE
StartupFolder: c:\docume~1\marsha~1\startm~1\programs\startup\impuls~1.lnk - c:\program files\stardock\impulse\now\ImpulseNow.exe
StartupFolder: c:\docume~1\marsha~1\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\object desktop\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: cmcflex.com\webmail
Trusted Zone: delta.com\connect
Trusted Zone: musicmatch.com\online
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192810068578
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - hxxp://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\kasper~1\kasper~2\mzvkbd3.dll c:\progra~1\kasper~1\kasper~2\kloehk.dll gilanova.dll c:\windows\system32\jekesoyu.dll
SSODL: lehofujaf - {0779654b-94ef-41c0-ae82-41b575d81fc1} - c:\windows\system32\jekesoyu.dll
STS: mujuzedij: {0779654b-94ef-41c0-ae82-41b575d81fc1} - c:\windows\system32\jekesoyu.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll
LSA: Notification Packages = scecli pesazolo.dll

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-6-15 128016]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 klif;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2008-7-18 296976]
R2 avp;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-7-3 303376]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-4-13 1174152]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-4-4 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2007-1-31 114016]

=============== Created Last 30 ================

2010-01-19 03:57:46 0 ---ha-w- c:\windows\system32\BIT4414.tmp
2010-01-19 03:57:38 0 ---ha-w- c:\windows\system32\BIT440F.tmp
2010-01-19 03:57:37 3155 --sh--w- c:\windows\system32\pazifiga.dll
2010-01-19 03:57:37 3151 --sh--w- c:\windows\system32\rahohoru.dll
2010-01-18 15:56:53 3155 --sh--w- c:\windows\system32\morirogi.dll
2010-01-18 15:56:53 3151 --sh--w- c:\windows\system32\jibafepo.dll
2010-01-18 03:56:36 3151 --sh--w- c:\windows\system32\wugonihi.dll
2010-01-18 03:56:12 3155 --sh--w- c:\windows\system32\dofoferu.dll
2010-01-17 15:56:26 3151 --sh--w- c:\windows\system32\gijimebe.dll
2010-01-17 15:56:04 3155 --sh--w- c:\windows\system32\luruwono.dll
2010-01-17 03:56:12 3151 --sh--w- c:\windows\system32\pubinibu.dll
2010-01-17 03:55:49 3151 --sh--w- c:\windows\system32\futewege.dll
2010-01-16 15:56:14 3155 --sh--w- c:\windows\system32\tapidudi.dll
2010-01-16 15:55:53 3151 --sh--w- c:\windows\system32\jewehobo.dll
2010-01-16 03:56:40 3155 --sh--w- c:\windows\system32\nisuniga.dll
2010-01-16 03:56:40 3151 --sh--w- c:\windows\system32\zodewujo.dll
2010-01-15 15:55:32 3151 --sh--w- c:\windows\system32\nedekaje.dll
2010-01-15 15:55:11 3155 --sh--w- c:\windows\system32\runeloni.dll
2010-01-15 03:55:38 3155 --sh--w- c:\windows\system32\notabage.dll
2010-01-15 03:55:00 3151 --sh--w- c:\windows\system32\bimedufo.dll
2010-01-14 03:55:22 3145 --sh--w- c:\windows\system32\yagesafa.dll
2010-01-14 03:55:21 3149 --sh--w- c:\windows\system32\fakalize.dll
2010-01-13 15:55:05 3155 --sh--w- c:\windows\system32\vasugabe.dll
2010-01-13 15:55:05 3151 --sh--w- c:\windows\system32\putijite.dll
2010-01-13 03:54:48 3155 --sh--w- c:\windows\system32\hozutufu.dll
2010-01-12 15:54:13 3143 --sh--w- c:\windows\system32\jejegefo.dll
2010-01-12 15:53:51 3151 --sh--w- c:\windows\system32\newahoha.dll
2010-01-12 03:54:10 3155 --sh--w- c:\windows\system32\yofematu.dll
2010-01-12 03:54:10 3145 --sh--w- c:\windows\system32\jugaliyo.dll
2010-01-11 15:53:27 3151 --sh--w- c:\windows\system32\sogibiwo.dll
2010-01-11 15:53:26 3155 --sh--w- c:\windows\system32\hitusoli.dll
2010-01-11 03:53:13 3151 --sh--w- c:\windows\system32\hiyanuhe.dll
2010-01-11 03:53:11 3149 --sh--w- c:\windows\system32\rihodage.dll
2010-01-10 15:52:55 3155 --sh--w- c:\windows\system32\biwuhehi.dll
2010-01-10 15:52:55 3151 --sh--w- c:\windows\system32\sopubifi.dll
2010-01-10 03:53:06 3154 --sh--w- c:\windows\system32\lumosozu.dll
2010-01-10 03:53:06 3150 --sh--w- c:\windows\system32\demobiho.dll
2010-01-09 03:53:50 3148 --sh--w- c:\windows\system32\volorume.dll
2010-01-09 03:53:50 3134 --sh--w- c:\windows\system32\bihorugi.dll
2010-01-08 01:42:14 50180 ----a-w- c:\windows\system32\logon.exe

==================== Find3M ====================

2009-12-03 23:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 23:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 14:36:11 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-28 06:54:16 634632 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-10-28 06:52:46 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2006-08-10 02:09:48 251 ----a-w- c:\program files\wt3d.ini
2006-07-11 17:05:18 13717000 ----a-w- c:\program files\GoogleEarthWin.exe
2006-05-27 02:37:52 5649544 ----a-w- c:\program files\HPPSE1.9.1.3-2ENU.exe
2006-05-26 04:29:38 22569392 ----a-w- c:\program files\hp_53_enu.exe
2006-05-24 22:44:37 2216960 ----a-w- c:\program files\pdf995s.exe
1601-01-01 00:03:28 38400 --sha-w- c:\windows\system32\bumefoni.dll
2008-07-12 22:36:44 152 --sh--r- c:\windows\system32\E01295E59D.sys
1601-01-01 00:03:28 61440 --sha-w- c:\windows\system32\feguzevi.dll
1601-01-01 00:03:52 51712 --sha-w- c:\windows\system32\gilanova.dll
1601-01-01 00:03:52 51712 --sha-w- c:\windows\system32\gosurike.dll
1601-01-01 00:03:28 51712 --sha-w- c:\windows\system32\gudafuze.dll
1601-01-01 00:03:28 92672 --sha-w- c:\windows\system32\jekesoyu.dll
2008-07-12 22:36:44 7520 --sha-w- c:\windows\system32\KGyGaAvL.sys
1601-01-01 00:03:28 91648 --sha-w- c:\windows\system32\leyavemo.dll
1601-01-01 00:03:28 52736 --sha-w- c:\windows\system32\mitapimu.dll
1601-01-01 00:03:28 38400 --sha-w- c:\windows\system32\nutobuvo.dll
1601-01-01 00:03:52 51712 --sha-w- c:\windows\system32\pesazolo.dll
1601-01-01 00:03:28 40448 --sha-w- c:\windows\system32\sosilega.dll
1601-01-01 00:03:28 92160 --sha-w- c:\windows\system32\tanezobu.dll
2008-11-13 15:40:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111320081114\index.dat
2009-08-25 04:47:29 27713312 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-25 04:47:29 1204256 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-25 04:51:32 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat

============= FINISH: 21:01:08.02 ===============

Attached Files


Edited by megslc, 19 January 2010 - 12:12 AM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:01 PM

Posted 19 January 2010 - 08:17 AM

Hello! smile.gif
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT



  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 megslc

megslc
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Salt Lake City, Utah
  • Local time:10:01 AM

Posted 19 January 2010 - 11:48 PM

Hi Sam, thanks for offering to help me.
I started following your instructions but ran into a snag right off. I'm usually pretty good at following instructions but I can't get past Step 1. I began the download of Malwarebytes A-M from the first link to CNet. I had to click on the yellow bar that popped up across the top of the web page to allow the download and followed the prompts without changes any of the default settings. When the green progress bar in the 'Finishing App' box got to the end, another "setup" box with an X in a red circle appeared saying "unable to execute file: c:\ProgramFiles/Malwarebytes Anti-malware/mbam.exe. Create process failed: code 2. The system cannot find the file specified". I then had to click the OK but the same message honked at me! Clicked OK again and "Completing setup" Wizard box came up so I clicked Finish?? MBAM never automatically started. Lost my internet connection. Uninstalled MBAM and had to re-boot, then tried to download again but all of the above just repeated. So then I tried double clicking on the Desktop icon install again and this timethe installation went through OK, no Code 2 error!! MBAM didn't auto open so I went to Program files and tried to open from there but shortcut failed after a rotating flashlight search. I tried looking for the .exe file via explorer and could NOT find it in the Program Files/Malwa.... file. What am I doing wrong?

P.S. Earlier today my husband was on the internet and got redirected to //ooo4mito.com/in.cgi?98...... something to do with "Cyber Security". Another one of those 'click here to download fix' creepy things!

Edited by megslc, 20 January 2010 - 12:08 AM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:01 PM

Posted 20 January 2010 - 08:14 AM

The malware infection is blocking Malwarebytes from running as it should. Let's skip it for now and proceed with creating the OTL log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 megslc

megslc
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Salt Lake City, Utah
  • Local time:10:01 AM

Posted 21 January 2010 - 12:04 AM

It took 1/2 hour but here they are...see attached. . .


OTL logfile created on: 1/20/2010 9:40:23 PM - Run 1
OTL by OldTimer - Version 3.1.25.3 Folder = C:\Documents and Settings\Marsha Goff\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 166.00 Mb Available Physical Memory | 33.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.21 Gb Total Space | 14.48 Gb Free Space | 28.27% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 18.54 Gb Free Space | 99.63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GOFFMAIN
Current User Name: Marsha Goff
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/20 21:38:53 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marsha Goff\Desktop\OTL.exe
PRC - [2009/10/27 23:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/03 14:56:14 | 00,303,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2009/07/03 14:45:24 | 00,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
PRC - [2008/10/28 15:42:30 | 00,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/10/28 15:42:12 | 00,181,544 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008/04/13 17:12:30 | 00,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/05 20:51:28 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/02/09 20:59:26 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2005/10/14 18:50:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/09/09 02:24:30 | 00,102,400 | ---- | M] () -- C:\Program Files\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2005/09/08 17:20:46 | 00,110,592 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
PRC - [2005/04/04 17:58:30 | 03,502,080 | ---- | M] () -- C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
PRC - [2005/04/04 17:58:30 | 00,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
PRC - [2005/04/04 17:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe


========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 00,092,672 | -HS- | M] () -- C:\WINDOWS\system32\jekesoyu.dll
MOD - [2099/01/01 12:00:00 | 00,051,712 | -HS- | M] () -- C:\WINDOWS\system32\gilanova.dll
MOD - [2010/01/20 21:38:53 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marsha Goff\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/07/03 14:56:14 | 00,303,376 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (avp)
SRV - [2009/04/25 22:19:08 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/10/28 15:42:30 | 00,156,968 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/06/22 21:37:06 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/09 20:59:26 | 01,174,152 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005/09/09 02:24:30 | 00,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005/04/04 17:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
SRV - [2004/11/19 09:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2004/03/18 15:55:48 | 00,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net?cid=NET_mmhpset
IE - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\S-1-5-21-2086523684-1127310016-860246366-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2086523684-1127310016-860246366-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\S-1-5-21-2086523684-1127310016-860246366-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2086523684-1127310016-860246366-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2086523684-1127310016-860246366-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2086523684-1127310016-860246366-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2086523684-1127310016-860246366-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2086523684-1127310016-860246366-1008\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2086523684-1127310016-860246366-1008\S-1-5-21-2086523684-1127310016-860246366-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2007/03/29 18:51:38 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2086523684-1127310016-860246366-1008\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2086523684-1127310016-860246366-1008\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [yekakupan] C:\WINDOWS\System32\jekesoyu.DLL ()
O4 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005..\Run: [Desktop Software] C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe File not found
O4 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005..\Run: [TClockEx] C:\Documents and Settings\Marsha Goff\Desktop\TClockEx\TCLOCKEX.EXE (Dale Nurden)
O4 - HKU\S-1-5-21-2086523684-1127310016-860246366-1008..\Run: [Drive] C:\Documents and Settings\All Users\Application Data\N1\N1i.exe File not found
O4 - HKU\S-1-5-21-2086523684-1127310016-860246366-1008..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKU\S-1-5-21-2086523684-1127310016-860246366-1008..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2086523684-1127310016-860246366-1008..\Run: [TClockEx] C:\Documents and Settings\All Users\Start Menu\Programs\TClockEx\TCLOCKEX.EXE (Dale Nurden)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Marsha Goff\Start Menu\Programs\Startup\Event Reminder.lnk = C:\pmw\PMREMIND.EXE ()
O4 - Startup: C:\Documents and Settings\Marsha Goff\Start Menu\Programs\Startup\ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe File not found
O4 - Startup: C:\Documents and Settings\Marsha Goff\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2086523684-1127310016-860246366-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\..Trusted Domains: cmcflex.com ([webmail] https in Trusted sites)
O15 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\..Trusted Domains: delta.com ([connect] https in Trusted sites)
O15 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\..Trusted Domains: 4 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2086523684-1127310016-860246366-1008\..Trusted Domains: delta.com ([connect] https in Trusted sites)
O15 - HKU\S-1-5-21-2086523684-1127310016-860246366-1008\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1192810068578 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab (HPObjectInstaller Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (gilanova.dll) - C:\WINDOWS\System32\gilanova.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\jekesoyu.dll) - C:\WINDOWS\system32\jekesoyu.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (logon.exe) - C:\WINDOWS\System32\logon.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: lehofujaf - {0779654b-94ef-41c0-ae82-41b575d81fc1} - C:\WINDOWS\system32\jekesoyu.dll ()
O22 - SharedTaskScheduler: {0779654b-94ef-41c0-ae82-41b575d81fc1} - mujuzedij - C:\WINDOWS\system32\jekesoyu.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Marsha Goff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marsha Goff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (ntoskrnl.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{b3b17266-d300-11da-a3d9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{b3b17266-d300-11da-a3d9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3b17266-d300-11da-a3d9-806d6172696f}\Shell\AutoRun\command - "" = E:\cdsetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 02:22:48 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (206158430208)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/20 21:38:53 | 00,546,816 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marsha Goff\Desktop\OTL.exe
[2010/01/19 21:44:37 | 03,696,032 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marsha Goff\Desktop\mbam-rules.exe
[2010/01/19 21:19:16 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/19 21:19:13 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/19 21:16:21 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marsha Goff\Desktop\mbam-setup.exe
[2010/01/18 21:07:58 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Marsha Goff\Desktop\RootRepeal.exe
[2010/01/16 19:22:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/11/13 08:43:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/07/11 09:52:03 | 13,717,000 | ---- | C] (Macrovision Corporation) -- C:\Program Files\GoogleEarthWin.exe
[2006/06/20 17:06:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/05/26 19:37:52 | 05,649,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\HPPSE1.9.1.3-2ENU.exe
[2006/05/25 21:29:38 | 22,569,392 | ---- | C] (Hewlett-Packard Company ) -- C:\Program Files\hp_53_enu.exe
[2006/04/23 13:08:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2005/08/16 02:49:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/08/16 02:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/08/16 02:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2099/01/01 12:00:00 | 00,092,672 | -HS- | M] () -- C:\WINDOWS\System32\jekesoyu.dll
[2099/01/01 12:00:00 | 00,092,160 | -HS- | M] () -- C:\WINDOWS\System32\tanezobu.dll
[2099/01/01 12:00:00 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\leyavemo.dll
[2099/01/01 12:00:00 | 00,061,440 | -HS- | M] () -- C:\WINDOWS\System32\feguzevi.dll
[2099/01/01 12:00:00 | 00,052,736 | -HS- | M] () -- C:\WINDOWS\System32\mitapimu.dll
[2099/01/01 12:00:00 | 00,051,712 | -HS- | M] () -- C:\WINDOWS\System32\pesazolo.dll
[2099/01/01 12:00:00 | 00,051,712 | -HS- | M] () -- C:\WINDOWS\System32\gudafuze.dll
[2099/01/01 12:00:00 | 00,051,712 | -HS- | M] () -- C:\WINDOWS\System32\gosurike.dll
[2099/01/01 12:00:00 | 00,051,712 | -HS- | M] () -- C:\WINDOWS\System32\gilanova.dll
[2099/01/01 12:00:00 | 00,040,448 | -HS- | M] () -- C:\WINDOWS\System32\sosilega.dll
[2099/01/01 12:00:00 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\nutobuvo.dll
[2099/01/01 12:00:00 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\bumefoni.dll
[2010/01/20 21:44:55 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\resegupi
[2010/01/20 21:42:06 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Marsha Goff\NTUSER.DAT
[2010/01/20 21:38:53 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marsha Goff\Desktop\OTL.exe
[2010/01/20 21:33:42 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/20 21:00:01 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\tzdaihdg.job
[2010/01/20 20:58:41 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\dapatudi.dll
[2010/01/20 20:58:32 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\yobijowu.dll
[2010/01/20 15:45:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/20 15:45:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/20 15:45:37 | 52,653,6704 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/20 00:07:07 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Marsha Goff\ntuser.ini
[2010/01/20 00:06:46 | 01,670,930 | -H-- | M] () -- C:\Documents and Settings\Marsha Goff\Local Settings\Application Data\IconCache.db
[2010/01/19 21:44:40 | 03,696,032 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marsha Goff\Desktop\mbam-rules.exe
[2010/01/19 21:22:20 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marsha Goff\Desktop\mbam-setup.exe
[2010/01/19 20:58:12 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\kehebuge.dll
[2010/01/19 20:58:12 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\vuwotafa.dll
[2010/01/19 19:28:16 | 00,003,760 | ---- | M] () -- C:\Documents and Settings\Marsha Goff\My Documents\Medical permission slip for Cass.wpd
[2010/01/19 08:57:55 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\zijifusi.dll
[2010/01/19 08:57:21 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\kisebuyu.dll
[2010/01/18 23:18:01 | 01,734,806 | ---- | M] () -- C:\Documents and Settings\Marsha Goff\Desktop\Z009.pdf
[2010/01/18 23:16:03 | 01,549,793 | ---- | M] () -- C:\Documents and Settings\Marsha Goff\Desktop\Z008.pdf
[2010/01/18 23:14:10 | 02,489,909 | ---- | M] () -- C:\Documents and Settings\Marsha Goff\Desktop\Z007.pdf
[2010/01/18 22:36:24 | 00,000,152 | ---- | M] () -- C:\WINDOWS\X-Sums98.ini
[2010/01/18 21:09:12 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Marsha Goff\Desktop\settings.dat
[2010/01/18 21:07:58 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Marsha Goff\Desktop\RootRepeal.exe
[2010/01/18 20:57:37 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\pazifiga.dll
[2010/01/18 20:57:37 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\rahohoru.dll
[2010/01/18 20:57:36 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Marsha Goff\Desktop\dds.scr
[2010/01/18 08:56:53 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\morirogi.dll
[2010/01/18 08:56:53 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\jibafepo.dll
[2010/01/17 20:56:36 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\wugonihi.dll
[2010/01/17 20:56:12 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\dofoferu.dll
[2010/01/17 08:56:26 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\gijimebe.dll
[2010/01/17 08:56:04 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\luruwono.dll
[2010/01/16 20:56:12 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\pubinibu.dll
[2010/01/16 20:55:49 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\futewege.dll
[2010/01/16 08:56:14 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\tapidudi.dll
[2010/01/16 08:55:53 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\jewehobo.dll
[2010/01/15 20:56:40 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\nisuniga.dll
[2010/01/15 20:56:40 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\zodewujo.dll
[2010/01/15 08:55:32 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\nedekaje.dll
[2010/01/15 08:55:11 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\runeloni.dll
[2010/01/14 20:55:38 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\notabage.dll
[2010/01/14 20:55:00 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\bimedufo.dll
[2010/01/13 20:55:22 | 00,003,145 | -HS- | M] () -- C:\WINDOWS\System32\yagesafa.dll
[2010/01/13 20:55:21 | 00,003,149 | -HS- | M] () -- C:\WINDOWS\System32\fakalize.dll
[2010/01/13 08:55:05 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\vasugabe.dll
[2010/01/13 08:55:05 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\putijite.dll
[2010/01/12 20:54:48 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\hozutufu.dll
[2010/01/12 08:54:13 | 00,003,143 | -HS- | M] () -- C:\WINDOWS\System32\jejegefo.dll
[2010/01/12 08:53:51 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\newahoha.dll
[2010/01/11 20:54:10 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\yofematu.dll
[2010/01/11 20:54:10 | 00,003,145 | -HS- | M] () -- C:\WINDOWS\System32\jugaliyo.dll
[2010/01/11 08:53:27 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\sogibiwo.dll
[2010/01/11 08:53:26 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\hitusoli.dll
[2010/01/10 20:53:13 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\hiyanuhe.dll
[2010/01/10 20:53:11 | 00,003,149 | -HS- | M] () -- C:\WINDOWS\System32\rihodage.dll
[2010/01/10 08:52:55 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\biwuhehi.dll
[2010/01/10 08:52:55 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\sopubifi.dll
[2010/01/09 20:53:06 | 00,003,154 | -HS- | M] () -- C:\WINDOWS\System32\lumosozu.dll
[2010/01/09 20:53:06 | 00,003,150 | -HS- | M] () -- C:\WINDOWS\System32\demobiho.dll
[2010/01/08 20:53:50 | 00,003,148 | -HS- | M] () -- C:\WINDOWS\System32\volorume.dll
[2010/01/08 20:53:50 | 00,003,134 | -HS- | M] () -- C:\WINDOWS\System32\bihorugi.dll
[2010/01/07 20:46:37 | 01,030,656 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Check Register.xls
[2010/01/07 18:41:37 | 00,050,180 | ---- | M] () -- C:\WINDOWS\System32\logon.exe
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\jekesoyu.dll
[2099/01/01 12:00:00 | 00,092,160 | -HS- | C] () -- C:\WINDOWS\System32\tanezobu.dll
[2099/01/01 12:00:00 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\leyavemo.dll
[2099/01/01 12:00:00 | 00,061,440 | -HS- | C] () -- C:\WINDOWS\System32\feguzevi.dll
[2099/01/01 12:00:00 | 00,052,736 | -HS- | C] () -- C:\WINDOWS\System32\mitapimu.dll
[2099/01/01 12:00:00 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\pesazolo.dll
[2099/01/01 12:00:00 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\gudafuze.dll
[2099/01/01 12:00:00 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\gosurike.dll
[2099/01/01 12:00:00 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\gilanova.dll
[2099/01/01 12:00:00 | 00,040,448 | -HS- | C] () -- C:\WINDOWS\System32\sosilega.dll
[2099/01/01 12:00:00 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\nutobuvo.dll
[2099/01/01 12:00:00 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\bumefoni.dll
[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\resegupi
[2010/01/20 20:58:41 | 00,003,155 | -HS- | C] () -- C:\WINDOWS\System32\dapatudi.dll
[2010/01/20 20:58:32 | 00,003,151 | -HS- | C] () -- C:\WINDOWS\System32\yobijowu.dll
[2010/01/19 20:58:11 | 00,003,155 | -HS- | C] () -- C:\WINDOWS\System32\kehebuge.dll
[2010/01/19 20:58:11 | 00,003,151 | -HS- | C] () -- C:\WINDOWS\System32\vuwotafa.dll
[2010/01/19 08:57:55 | 00,003,155 | -HS- | C] () -- C:\WINDOWS\System32\zijifusi.dll
[2010/01/19 08:57:21 | 00,003,151 | -HS- | C] () -- C:\WINDOWS\System32\kisebuyu.dll
[2010/01/18 23:18:01 | 01,734,806 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Desktop\Z009.pdf
[2010/01/18 23:16:03 | 01,549,793 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Desktop\Z008.pdf
[2010/01/18 23:14:10 | 02,489,909 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Desktop\Z007.pdf
[2010/01/18 21:09:12 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Desktop\settings.dat
[2010/01/18 20:57:37 | 00,003,155 | -HS- | C] () -- C:\WINDOWS\System32\pazifiga.dll
[2010/01/18 20:57:37 | 00,003,151 | -HS- | C] () -- C:\WINDOWS\System32\rahohoru.dll
[2010/01/18 20:57:36 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Desktop\dds.scr
[2010/01/18 08:56:53 | 00,003,155 | -HS- | C] () -- C:\WINDOWS\System32\morirogi.dll
[2010/01/18 08:56:53 | 00,003,151 | -HS- | C] () -- C:\WINDOWS\System32\jibafepo.dll
[2010/01/17 20:56:36 | 00,003,151 | -HS- | C] () -- C:\WINDOWS\System32\wugonihi.dll
[2010/01/17 20:56:12 | 00,003,155 | -HS- | C] () -- C:\WINDOWS\System32\dofoferu.dll
[2010/01/17 08:56:26 | 00,003,151 | -HS- | C] () -- C:\WINDOWS\System32\gijimebe.dll
[2010/01/17 08:56:04 | 00,003,155 | -HS- | C] () -- C:\WINDOWS\System32\luruwono.dll
[2010/01/16 20:56:12 | 00,003,151 | -HS- | C] () -- C:\WINDOWS\System32\pubinibu.dll
[2010/01/16 20:55:49 | 00,003,151 | -HS- | C] () -- C:\WINDOWS\System32\futewege.dll
[2010/01/16 08:56:14 | 00,003,155 | -HS- | C] () -- C:\WINDOWS\System32\tapidudi.dll
[2010/01/16 08:55:53 | 00,003,151 | -HS- | C] () -- C:\WINDOWS\System32\jewehobo.dll
[2010/01/15 20:56:40 | 00,003,155 | -HS- | C] () -- C:\WINDOWS\System32\nisuniga.dll
[2010/01/15 20:56:40 | 00,003,151 | -HS- | C] () -- C:\WINDOWS\System32\zodewujo.dll
[2010/01/15 08:55:32 | 00,003,151 | -HS- | C] () -- C:\WINDOWS\System32\nedekaje.dll
[2010/01/15 08:55:11 | 00,003,155 | -HS- | C] () -- C:\WINDOWS\System32\runeloni.dll
[2010/01/14 20:55:38 | 00,003,155 | -HS- | C] () -- C:\WINDOWS\System32\notabage.dll
[2010/01/14 20:55:00 | 00,003,151 | -HS- | C] () -- C:\WINDOWS\System32\bimedufo.dll
[2010/01/13 20:55:22 | 00,003,145 | -HS- | C] () -- C:\WINDOWS\System32\yagesafa.dll
[2010/01/13 20:55:21 | 00,003,149 | -HS- | C] () -- C:\WINDOWS\System32\fakalize.dll
[2010/01/13 08:55:05 | 00,003,155 | -HS- | C] () -- C:\WINDOWS\System32\vasugabe.dll
[2010/01/13 08:55:05 | 00,003,151 | -HS- | C] () -- C:\WINDOWS\System32\putijite.dll
[2010/01/12 20:54:48 | 00,003,155 | -HS- | C] () -- C:\WINDOWS\System32\hozutufu.dll
[2010/01/12 08:54:13 | 00,003,143 | -HS- | C] () -- C:\WINDOWS\System32\jejegefo.dll
[2010/01/12 08:53:51 | 00,003,151 | -HS- | C] () -- C:\WINDOWS\System32\newahoha.dll
[2010/01/11 20:54:10 | 00,003,155 | -HS- | C] () -- C:\WINDOWS\System32\yofematu.dll
[2010/01/11 20:54:10 | 00,003,145 | -HS- | C] () -- C:\WINDOWS\System32\jugaliyo.dll
[2010/01/11 08:53:27 | 00,003,151 | -HS- | C] () -- C:\WINDOWS\System32\sogibiwo.dll
[2010/01/11 08:53:26 | 00,003,155 | -HS- | C] () -- C:\WINDOWS\System32\hitusoli.dll
[2010/01/10 20:53:13 | 00,003,151 | -HS- | C] () -- C:\WINDOWS\System32\hiyanuhe.dll
[2010/01/10 20:53:11 | 00,003,149 | -HS- | C] () -- C:\WINDOWS\System32\rihodage.dll
[2010/01/10 08:52:55 | 00,003,155 | -HS- | C] () -- C:\WINDOWS\System32\biwuhehi.dll
[2010/01/10 08:52:55 | 00,003,151 | -HS- | C] () -- C:\WINDOWS\System32\sopubifi.dll
[2010/01/09 20:53:06 | 00,003,154 | -HS- | C] () -- C:\WINDOWS\System32\lumosozu.dll
[2010/01/09 20:53:06 | 00,003,150 | -HS- | C] () -- C:\WINDOWS\System32\demobiho.dll
[2010/01/08 20:53:50 | 00,003,148 | -HS- | C] () -- C:\WINDOWS\System32\volorume.dll
[2010/01/08 20:53:50 | 00,003,134 | -HS- | C] () -- C:\WINDOWS\System32\bihorugi.dll
[2010/01/08 06:47:18 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\tzdaihdg.job
[2010/01/07 18:42:14 | 00,050,180 | ---- | C] () -- C:\WINDOWS\System32\logon.exe
[2008/06/24 20:48:41 | 00,001,160 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI
[2008/06/24 20:47:03 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2008/02/26 19:38:47 | 00,000,212 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2007/05/19 11:56:46 | 00,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2007/05/19 11:55:35 | 00,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2007/05/10 02:01:29 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/02/28 21:11:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/02/04 11:37:01 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/02/03 15:28:35 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/02/03 15:23:02 | 00,000,044 | ---- | C] () -- C:\WINDOWS\PERFV100V350.ini
[2007/01/31 09:50:15 | 00,001,617 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2006/11/06 22:19:41 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2006/11/06 22:16:18 | 00,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2006/11/06 22:16:17 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2006/11/06 22:16:17 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/11/05 15:15:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2006/10/01 15:35:54 | 00,032,256 | ---- | C] () -- C:\WINDOWS\System32\Decln.dll
[2006/10/01 15:35:54 | 00,014,629 | ---- | C] () -- C:\WINDOWS\System32\Declw.dll
[2006/08/09 19:09:48 | 00,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/05/26 16:10:48 | 00,001,151 | ---- | C] () -- C:\WINDOWS\_isenv31.ini
[2006/05/26 16:10:48 | 00,000,521 | ---- | C] () -- C:\WINDOWS\_iserr31.ini
[2006/05/26 16:10:48 | 00,000,196 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006/05/24 17:35:20 | 00,005,523 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/05/24 15:44:37 | 02,216,960 | ---- | C] () -- C:\Program Files\pdf995s.exe
[2006/05/03 08:39:58 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2006/04/29 18:27:32 | 00,000,152 | ---- | C] () -- C:\WINDOWS\X-Sums98.ini
[2006/04/29 18:26:19 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\BW32000C.DLL
[2006/04/29 18:26:19 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\BW320007.DLL
[2006/04/28 18:42:04 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/28 14:47:26 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/23 18:29:00 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Application Data\PFP120JPR.{PB
[2006/04/23 18:29:00 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Application Data\PFP120JCM.{PB
[2006/04/23 18:22:27 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/04/23 13:03:58 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/23 13:01:04 | 00,007,520 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/23 13:01:04 | 00,000,152 | RHS- | C] () -- C:\WINDOWS\System32\E01295E59D.sys
[2006/04/23 12:48:24 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Local Settings\Application Data\fusioncache.dat
[2006/04/13 09:05:54 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/13 09:02:30 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/13 08:57:12 | 00,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/04/13 08:27:54 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 06:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 12:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[1999/01/22 11:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2006/06/26 20:10:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/01/03 10:46:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2006/09/08 16:05:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/10/11 10:26:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/04/24 19:52:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2008/03/08 22:26:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2007/03/29 18:43:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/04/13 08:53:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/10/21 18:51:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2007/02/04 10:34:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cassie Goff\Application Data\EPSON
[2006/12/22 16:45:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cassie Goff\Application Data\Image Zone Express
[2006/12/18 19:47:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cassie Goff\Application Data\Leadertech
[2006/09/21 18:59:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cassie Goff\Application Data\WildTangent
[2007/02/03 17:18:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dennis Goff\Application Data\EPSON
[2006/04/24 13:40:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dennis Goff\Application Data\Leadertech
[2009/01/22 20:09:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goff Family Internet\Application Data\alot
[2007/02/12 19:22:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goff Family Internet\Application Data\EPSON
[2007/08/08 08:56:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goff Family Internet\Application Data\Image Zone Express
[2006/05/10 17:18:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goff Family Internet\Application Data\Leadertech
[2006/06/29 21:40:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goff Family Internet\Application Data\Opera
[2006/11/06 22:19:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goff Family Internet\Application Data\pdf995
[2006/09/08 16:05:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goff Family Internet\Application Data\PlayFirst
[2006/09/07 15:00:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goff Family Internet\Application Data\WildTangent
[2007/11/07 17:43:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marsha Goff\Application Data\EPSON
[2006/06/25 16:52:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marsha Goff\Application Data\Image Zone Express
[2006/05/13 15:35:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marsha Goff\Application Data\Leadertech
[2007/11/24 20:30:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marsha Goff\Application Data\pdf995
[2009/04/24 19:53:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marsha Goff\Application Data\Stardock
[2008/06/24 20:47:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marsha Goff\Application Data\The Complete Genealogy Reporter - FTB
[2010/01/20 21:00:01 | 00,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\tzdaihdg.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 03:00:00 | 16,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 03:00:00 | 16,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/13 08:06:26 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/11/13 08:06:26 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 21:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 21:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 03:00:00 | 16,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 03:00:00 | 16,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/13 08:06:26 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/11/13 08:06:26 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 20:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 20:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 20:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/03 20:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 03:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 03:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 03:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 03:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 03:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 03:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 17:11:51 | 01,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2009/10/29 00:46:50 | 00,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/10/29 00:46:51 | 00,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2004/08/10 03:00:00 | 00,068,768 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mmsystem.dll
[2008/04/13 17:12:00 | 01,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[2004/08/10 03:00:00 | 00,005,120 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell.dll
[20 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Marsha Goff\My Documents\Sara E. Johnson 1944:SummaryInformation
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4295826C
< End of report >

Attached Files


Edited by Buckeye_Sam, 21 January 2010 - 08:02 AM.


#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:01 PM

Posted 21 January 2010 - 08:10 AM


Please do not attach log files unless specifically requested to do so. Just copy the text in the log and then paste it directly into your reply.
It makes it much easier for me to review the information if I can see it all in one place.



Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    MOD - [2099/01/01 12:00:00 | 00,092,672 | -HS- | M] () -- C:\WINDOWS\system32\jekesoyu.dll
    MOD - [2099/01/01 12:00:00 | 00,051,712 | -HS- | M] () -- C:\WINDOWS\system32\gilanova.dll
    O4 - HKLM..\Run: [yekakupan] C:\WINDOWS\System32\jekesoyu.DLL ()
    O4 - HKU\S-1-5-21-2086523684-1127310016-860246366-1008..\Run: [Drive] C:\Documents and Settings\All Users\Application Data\N1\N1i.exe File not found
    O20 - AppInit_DLLs: (gilanova.dll) - C:\WINDOWS\System32\gilanova.dll ()
    O20 - AppInit_DLLs: (c:\windows\system32\jekesoyu.dll) - C:\WINDOWS\system32\jekesoyu.dll ()
    O21 - SSODL: lehofujaf - {0779654b-94ef-41c0-ae82-41b575d81fc1} - C:\WINDOWS\system32\jekesoyu.dll ()
    O22 - SharedTaskScheduler: {0779654b-94ef-41c0-ae82-41b575d81fc1} - mujuzedij - C:\WINDOWS\system32\jekesoyu.dll ()
    [20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2099/01/01 12:00:00 | 00,092,672 | -HS- | M] () -- C:\WINDOWS\System32\jekesoyu.dll
    [2099/01/01 12:00:00 | 00,092,160 | -HS- | M] () -- C:\WINDOWS\System32\tanezobu.dll
    [2099/01/01 12:00:00 | 00,091,648 | -HS- | M] () -- C:\WINDOWS\System32\leyavemo.dll
    [2099/01/01 12:00:00 | 00,061,440 | -HS- | M] () -- C:\WINDOWS\System32\feguzevi.dll
    [2099/01/01 12:00:00 | 00,052,736 | -HS- | M] () -- C:\WINDOWS\System32\mitapimu.dll
    [2099/01/01 12:00:00 | 00,051,712 | -HS- | M] () -- C:\WINDOWS\System32\pesazolo.dll
    [2099/01/01 12:00:00 | 00,051,712 | -HS- | M] () -- C:\WINDOWS\System32\gudafuze.dll
    [2099/01/01 12:00:00 | 00,051,712 | -HS- | M] () -- C:\WINDOWS\System32\gosurike.dll
    [2099/01/01 12:00:00 | 00,051,712 | -HS- | M] () -- C:\WINDOWS\System32\gilanova.dll
    [2099/01/01 12:00:00 | 00,040,448 | -HS- | M] () -- C:\WINDOWS\System32\sosilega.dll
    [2099/01/01 12:00:00 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\nutobuvo.dll
    [2099/01/01 12:00:00 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\bumefoni.dll
    [2010/01/20 21:00:01 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\tzdaihdg.job
    [2010/01/20 20:58:41 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\dapatudi.dll
    [2010/01/20 20:58:32 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\yobijowu.dll
    [2010/01/19 20:58:12 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\kehebuge.dll
    [2010/01/19 20:58:12 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\vuwotafa.dll
    [2010/01/19 08:57:55 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\zijifusi.dll
    [2010/01/19 08:57:21 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\kisebuyu.dll
    [2010/01/18 20:57:37 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\pazifiga.dll
    [2010/01/18 20:57:37 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\rahohoru.dll
    [2010/01/18 08:56:53 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\morirogi.dll
    [2010/01/18 08:56:53 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\jibafepo.dll
    [2010/01/17 20:56:36 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\wugonihi.dll
    [2010/01/17 20:56:12 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\dofoferu.dll
    [2010/01/17 08:56:26 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\gijimebe.dll
    [2010/01/17 08:56:04 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\luruwono.dll
    [2010/01/16 20:56:12 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\pubinibu.dll
    [2010/01/16 20:55:49 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\futewege.dll
    [2010/01/16 08:56:14 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\tapidudi.dll
    [2010/01/16 08:55:53 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\jewehobo.dll
    [2010/01/15 20:56:40 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\nisuniga.dll
    [2010/01/15 20:56:40 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\zodewujo.dll
    [2010/01/15 08:55:32 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\nedekaje.dll
    [2010/01/15 08:55:11 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\runeloni.dll
    [2010/01/14 20:55:38 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\notabage.dll
    [2010/01/14 20:55:00 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\bimedufo.dll
    [2010/01/13 20:55:22 | 00,003,145 | -HS- | M] () -- C:\WINDOWS\System32\yagesafa.dll
    [2010/01/13 20:55:21 | 00,003,149 | -HS- | M] () -- C:\WINDOWS\System32\fakalize.dll
    [2010/01/13 08:55:05 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\vasugabe.dll
    [2010/01/13 08:55:05 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\putijite.dll
    [2010/01/12 20:54:48 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\hozutufu.dll
    [2010/01/12 08:54:13 | 00,003,143 | -HS- | M] () -- C:\WINDOWS\System32\jejegefo.dll
    [2010/01/12 08:53:51 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\newahoha.dll
    [2010/01/11 20:54:10 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\yofematu.dll
    [2010/01/11 20:54:10 | 00,003,145 | -HS- | M] () -- C:\WINDOWS\System32\jugaliyo.dll
    [2010/01/11 08:53:27 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\sogibiwo.dll
    [2010/01/11 08:53:26 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\hitusoli.dll
    [2010/01/10 20:53:13 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\hiyanuhe.dll
    [2010/01/10 20:53:11 | 00,003,149 | -HS- | M] () -- C:\WINDOWS\System32\rihodage.dll
    [2010/01/10 08:52:55 | 00,003,155 | -HS- | M] () -- C:\WINDOWS\System32\biwuhehi.dll
    [2010/01/10 08:52:55 | 00,003,151 | -HS- | M] () -- C:\WINDOWS\System32\sopubifi.dll
    [2010/01/09 20:53:06 | 00,003,154 | -HS- | M] () -- C:\WINDOWS\System32\lumosozu.dll
    [2010/01/09 20:53:06 | 00,003,150 | -HS- | M] () -- C:\WINDOWS\System32\demobiho.dll
    [2010/01/08 20:53:50 | 00,003,148 | -HS- | M] () -- C:\WINDOWS\System32\volorume.dll
    [2010/01/08 20:53:50 | 00,003,134 | -HS- | M] () -- C:\WINDOWS\System32\bihorugi.dll


    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.


===================



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 megslc

megslc
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Salt Lake City, Utah
  • Local time:10:01 AM

Posted 22 January 2010 - 12:43 AM

Hi Sam! I followed your instructions with and below are the three logs that you requested. I don't know if it matters but after each reboot I got an error box titled RUNDLL and showing "Error loading C:/windows/system32/jekesoyu.dll. The specific module could not be found" I clicked OK each time and then all was OK except a few Kaspersky threat warnings that eventually disappeared too quickly for me to note what they were about ...except one that relates to login.exe. I have also noted lately that when we change users we get a message saying that login.exe is still in use by another user. Maybe that is another entirely different issue but I thought I should mention it in case it is related. So here are the logs.....

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\yekakupan deleted successfully.
C:\WINDOWS\system32\jekesoyu.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2086523684-1127310016-860246366-1008\Software\Microsoft\Windows\CurrentVersion\Run\\Drive deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:gilanova.dll deleted successfully.
C:\WINDOWS\system32\gilanova.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\jekesoyu.dll deleted successfully.
File C:\WINDOWS\system32\jekesoyu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\lehofujaf deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0779654b-94ef-41c0-ae82-41b575d81fc1}\ deleted successfully.
File C:\WINDOWS\system32\jekesoyu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{0779654b-94ef-41c0-ae82-41b575d81fc1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0779654b-94ef-41c0-ae82-41b575d81fc1}\ deleted successfully.
File C:\WINDOWS\system32\jekesoyu.dll not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\jikosige.dll.tmp deleted successfully.
C:\WINDOWS\System32\pujeloya.dll.tmp deleted successfully.
C:\WINDOWS\System32\SET13E.tmp deleted successfully.
C:\WINDOWS\System32\SET13F.tmp deleted successfully.
C:\WINDOWS\System32\SET140.tmp deleted successfully.
C:\WINDOWS\System32\SET145.tmp deleted successfully.
C:\WINDOWS\System32\SET14D.tmp deleted successfully.
C:\WINDOWS\System32\SET14F.tmp deleted successfully.
C:\WINDOWS\System32\SET164.tmp deleted successfully.
C:\WINDOWS\System32\SET16D.tmp deleted successfully.
C:\WINDOWS\System32\SET172.tmp deleted successfully.
C:\WINDOWS\System32\SET173.tmp deleted successfully.
C:\WINDOWS\System32\SET174.tmp deleted successfully.
C:\WINDOWS\System32\SET175.tmp deleted successfully.
C:\WINDOWS\System32\SET18C.tmp deleted successfully.
C:\WINDOWS\System32\SET193.tmp deleted successfully.
C:\WINDOWS\System32\SET19B.tmp deleted successfully.
C:\WINDOWS\System32\SET1A2.tmp deleted successfully.
C:\WINDOWS\System32\zogaledu.dll.tmp deleted successfully.
C:\WINDOWS\002952_.tmp deleted successfully.
File C:\WINDOWS\System32\jekesoyu.dll not found.
C:\WINDOWS\system32\tanezobu.dll moved successfully.
C:\WINDOWS\system32\leyavemo.dll moved successfully.
C:\WINDOWS\system32\feguzevi.dll moved successfully.
C:\WINDOWS\system32\mitapimu.dll moved successfully.
C:\WINDOWS\system32\pesazolo.dll moved successfully.
C:\WINDOWS\system32\gudafuze.dll moved successfully.
C:\WINDOWS\system32\gosurike.dll moved successfully.
File C:\WINDOWS\System32\gilanova.dll not found.
C:\WINDOWS\system32\sosilega.dll moved successfully.
C:\WINDOWS\system32\nutobuvo.dll moved successfully.
C:\WINDOWS\system32\bumefoni.dll moved successfully.
C:\WINDOWS\tasks\tzdaihdg.job moved successfully.
C:\WINDOWS\system32\dapatudi.dll moved successfully.
C:\WINDOWS\system32\yobijowu.dll moved successfully.
C:\WINDOWS\system32\kehebuge.dll moved successfully.
C:\WINDOWS\system32\vuwotafa.dll moved successfully.
C:\WINDOWS\system32\zijifusi.dll moved successfully.
C:\WINDOWS\system32\kisebuyu.dll moved successfully.
C:\WINDOWS\system32\pazifiga.dll moved successfully.
C:\WINDOWS\system32\rahohoru.dll moved successfully.
C:\WINDOWS\system32\morirogi.dll moved successfully.
C:\WINDOWS\system32\jibafepo.dll moved successfully.
C:\WINDOWS\system32\wugonihi.dll moved successfully.
C:\WINDOWS\system32\dofoferu.dll moved successfully.
C:\WINDOWS\system32\gijimebe.dll moved successfully.
C:\WINDOWS\system32\luruwono.dll moved successfully.
C:\WINDOWS\system32\pubinibu.dll moved successfully.
C:\WINDOWS\system32\futewege.dll moved successfully.
C:\WINDOWS\system32\tapidudi.dll moved successfully.
C:\WINDOWS\system32\jewehobo.dll moved successfully.
C:\WINDOWS\system32\nisuniga.dll moved successfully.
C:\WINDOWS\system32\zodewujo.dll moved successfully.
C:\WINDOWS\system32\nedekaje.dll moved successfully.
C:\WINDOWS\system32\runeloni.dll moved successfully.
C:\WINDOWS\system32\notabage.dll moved successfully.
C:\WINDOWS\system32\bimedufo.dll moved successfully.
C:\WINDOWS\system32\yagesafa.dll moved successfully.
C:\WINDOWS\system32\fakalize.dll moved successfully.
C:\WINDOWS\system32\vasugabe.dll moved successfully.
C:\WINDOWS\system32\putijite.dll moved successfully.
C:\WINDOWS\system32\hozutufu.dll moved successfully.
C:\WINDOWS\system32\jejegefo.dll moved successfully.
C:\WINDOWS\system32\newahoha.dll moved successfully.
C:\WINDOWS\system32\yofematu.dll moved successfully.
C:\WINDOWS\system32\jugaliyo.dll moved successfully.
C:\WINDOWS\system32\sogibiwo.dll moved successfully.
C:\WINDOWS\system32\hitusoli.dll moved successfully.
C:\WINDOWS\system32\hiyanuhe.dll moved successfully.
C:\WINDOWS\system32\rihodage.dll moved successfully.
C:\WINDOWS\system32\biwuhehi.dll moved successfully.
C:\WINDOWS\system32\sopubifi.dll moved successfully.
C:\WINDOWS\system32\lumosozu.dll moved successfully.
C:\WINDOWS\system32\demobiho.dll moved successfully.
C:\WINDOWS\system32\volorume.dll moved successfully.
C:\WINDOWS\system32\bihorugi.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 322608 bytes
->Temporary Internet Files folder emptied: 498669 bytes

User: All Users

User: Cassie Goff
->Temp folder emptied: 81033212 bytes
->Temporary Internet Files folder emptied: 8173711 bytes
->Java cache emptied: 3889224 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Dennis Goff
->Temp folder emptied: 9411725 bytes
->Temporary Internet Files folder emptied: 363564110 bytes
->Java cache emptied: 618438 bytes

User: Goff Family Internet
->Temp folder emptied: 3563467606 bytes
->Temporary Internet Files folder emptied: 261917841 bytes
->Java cache emptied: 10866654 bytes

User: Guest
->Temp folder emptied: 2311 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 13339236 bytes

User: Marsha Goff
->Temp folder emptied: 1064699877 bytes
->Temporary Internet Files folder emptied: 267396203 bytes
->Java cache emptied: 2819109 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35040046 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23906362 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 60635 bytes
RecycleBin emptied: 557102629 bytes

Total Files Cleaned = 5,978.00 mb


OTL by OldTimer - Version 3.1.25.3 log created on 01212010_161339

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

-------------------------------------
OTL logfile created on: 1/21/2010 4:35:15 PM - Run 2
OTL by OldTimer - Version 3.1.25.3 Folder = C:\Documents and Settings\Marsha Goff\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 118.00 Mb Available Physical Memory | 24.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.21 Gb Total Space | 20.37 Gb Free Space | 39.78% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 18.54 Gb Free Space | 99.63% Space Free | Partition Type: NTFS
Drive E: | 193.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GOFFMAIN
Current User Name: Marsha Goff
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/20 21:38:53 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marsha Goff\Desktop\OTL.exe
PRC - [2009/10/27 23:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/03 14:56:14 | 00,303,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2009/07/03 14:45:24 | 00,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
PRC - [2008/10/28 15:42:30 | 00,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/10/28 15:42:12 | 00,181,544 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008/04/13 17:12:30 | 00,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/05 20:51:28 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/02/09 20:59:26 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2005/10/14 18:50:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/09/09 02:24:30 | 00,102,400 | ---- | M] () -- C:\Program Files\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2005/09/08 17:20:46 | 00,110,592 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
PRC - [2005/04/04 17:58:30 | 03,502,080 | ---- | M] () -- C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
PRC - [2005/04/04 17:58:30 | 00,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
PRC - [2005/04/04 17:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe


========== Modules (SafeList) ==========

MOD - [2010/01/20 21:38:53 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marsha Goff\Desktop\OTL.exe
MOD - [2009/08/25 04:48:02 | 00,109,072 | ---- | M] (Kaspersky Lab) -- c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll
MOD - [2009/07/03 14:48:52 | 00,012,304 | ---- | M] (Kaspersky Lab) -- c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/07/03 14:56:14 | 00,303,376 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (avp)
SRV - [2009/04/25 22:19:08 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/10/28 15:42:30 | 00,156,968 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/06/22 21:37:06 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/09 20:59:26 | 01,174,152 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005/09/09 02:24:30 | 00,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005/04/04 17:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
SRV - [2004/11/19 09:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2004/03/18 15:55:48 | 00,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009/07/03 12:11:24 | 00,296,976 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)
DRV - [2009/06/15 13:01:00 | 00,128,016 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/05/16 19:59:44 | 00,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/05/13 16:46:52 | 00,031,760 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2008/12/15 19:41:32 | 00,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2008/04/13 11:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/04/09 09:56:22 | 00,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 00,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 00,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/05 14:51:52 | 00,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/04/13 08:53:16 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/11/16 19:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/10/14 19:15:18 | 01,302,812 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/09/20 17:27:20 | 00,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2005/09/12 01:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 03:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 03:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 03:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 03:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 03:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 03:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 03:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 10:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 10:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 03:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/07/07 21:55:01 | 00,051,088 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2005/07/07 21:55:01 | 00,021,744 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2005/07/07 21:55:01 | 00,016,496 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/04/25 00:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/14 06:30:46 | 00,155,648 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2004/08/10 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 20:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/12/03 16:44:58 | 00,013,566 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2003/11/17 19:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 19:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 19:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/04/09 16:48:08 | 00,011,043 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2002/04/30 23:16:52 | 00,114,016 | ---- | M] (Nortel Networks) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
DRV - [2001/08/17 12:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 12:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 11:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net?cid=NET_mmhpset
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2007/03/29 18:51:38 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [yekakupan] C:\WINDOWS\System32\jekesoyu.DLL File not found
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TClockEx] C:\Documents and Settings\Marsha Goff\Desktop\TClockEx\TCLOCKEX.EXE (Dale Nurden)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Marsha Goff\Start Menu\Programs\Startup\Event Reminder.lnk = C:\pmw\PMREMIND.EXE ()
O4 - Startup: C:\Documents and Settings\Marsha Goff\Start Menu\Programs\Startup\ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe File not found
O4 - Startup: C:\Documents and Settings\Marsha Goff\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: cmcflex.com ([webmail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: delta.com ([connect] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 4 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1192810068578 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab (HPObjectInstaller Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O20 - AppInit_DLLs: (c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\kasper~1\kasper~2\mzvkbd3.dll c:\progra~1\kasper~1\kasper~2\kloehk.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - AppInit_DLLs: (gilanova.dll c:\windows\system32\jekesoyu.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (logon.exe) - C:\WINDOWS\System32\logon.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: lehofujaf - {0779654b-94ef-41c0-ae82-41b575d81fc1} - C:\WINDOWS\System32\jekesoyu.dll File not found
O22 - SharedTaskScheduler: {0779654b-94ef-41c0-ae82-41b575d81fc1} - mujuzedij - C:\WINDOWS\System32\jekesoyu.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Marsha Goff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marsha Goff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (ntoskrnl.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/04/12 16:22:52 | 00,000,000 | R--D | M] - E:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2002/07/31 16:40:12 | 00,151,552 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/04/12 10:29:11 | 00,000,057 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2001/09/05 04:23:24 | 00,056,320 | R--- | M] (InstallShield Software Corporation)
O33 - MountPoints2\{b3b17266-d300-11da-a3d9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{b3b17266-d300-11da-a3d9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3b17266-d300-11da-a3d9-806d6172696f}\Shell\AutoRun\command - "" = E:\CDSetup.exe -- [2005/03/07 11:54:58 | 00,807,936 | R--- | M] (Cosmi Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/21 16:13:39 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/20 21:38:53 | 00,546,816 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marsha Goff\Desktop\OTL.exe
[2010/01/19 21:44:37 | 03,696,032 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marsha Goff\Desktop\mbam-rules.exe
[2010/01/19 21:19:16 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/19 21:19:13 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/19 21:16:21 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marsha Goff\Desktop\mbam-setup.exe
[2010/01/18 21:07:58 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Marsha Goff\Desktop\RootRepeal.exe
[2010/01/16 19:22:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/11/13 08:43:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/07/11 09:52:03 | 13,717,000 | ---- | C] (Macrovision Corporation) -- C:\Program Files\GoogleEarthWin.exe
[2006/06/20 17:06:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/05/26 19:37:52 | 05,649,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\HPPSE1.9.1.3-2ENU.exe
[2006/05/25 21:29:38 | 22,569,392 | ---- | C] (Hewlett-Packard Company ) -- C:\Program Files\hp_53_enu.exe
[2006/04/23 13:08:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2005/08/16 02:49:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/08/16 02:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/08/16 02:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/01/21 16:27:41 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/21 16:25:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/21 16:25:51 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/21 16:25:48 | 52,653,6704 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/21 16:24:46 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Marsha Goff\NTUSER.DAT
[2010/01/21 16:24:46 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Marsha Goff\ntuser.ini
[2010/01/21 16:23:31 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\resegupi
[2010/01/20 23:09:24 | 01,670,890 | -H-- | M] () -- C:\Documents and Settings\Marsha Goff\Local Settings\Application Data\IconCache.db
[2010/01/20 21:38:53 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marsha Goff\Desktop\OTL.exe
[2010/01/19 21:44:40 | 03,696,032 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marsha Goff\Desktop\mbam-rules.exe
[2010/01/19 21:22:20 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marsha Goff\Desktop\mbam-setup.exe
[2010/01/19 19:28:16 | 00,003,760 | ---- | M] () -- C:\Documents and Settings\Marsha Goff\My Documents\Medical permission slip for Cass.wpd
[2010/01/18 22:36:24 | 00,000,152 | ---- | M] () -- C:\WINDOWS\X-Sums98.ini
[2010/01/18 21:09:12 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Marsha Goff\Desktop\settings.dat
[2010/01/18 21:07:58 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Marsha Goff\Desktop\RootRepeal.exe
[2010/01/18 20:57:36 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Marsha Goff\Desktop\dds.scr
[2010/01/07 20:46:37 | 01,030,656 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Check Register.xls
[2010/01/07 18:41:37 | 00,050,180 | ---- | M] () -- C:\WINDOWS\System32\logon.exe
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 18:35:55 | 00,000,626 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/03 10:46:38 | 00,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2010/01/01 21:59:17 | 00,002,429 | ---- | M] () -- C:\Documents and Settings\Marsha Goff\Desktop\WordPerfect.lnk
[2010/01/01 21:34:42 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Marsha Goff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/01 18:54:45 | 00,307,101 | ---- | M] () -- C:\Documents and Settings\Marsha Goff\Desktop\Thanksgiving Point Mom Jane.jpg
[2009/12/24 12:50:01 | 01,846,820 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Christmas tags new.wpd
[2009/12/22 21:13:27 | 01,092,710 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Christmas Tags 4.wpd

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\resegupi
[2010/01/18 21:09:12 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Desktop\settings.dat
[2010/01/18 20:57:36 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Desktop\dds.scr
[2010/01/07 18:42:14 | 00,050,180 | ---- | C] () -- C:\WINDOWS\System32\logon.exe
[2010/01/01 18:54:41 | 00,307,101 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Desktop\Thanksgiving Point Mom Jane.jpg
[2008/06/24 20:48:41 | 00,001,160 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI
[2008/06/24 20:47:03 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2008/02/26 19:38:47 | 00,000,212 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2007/05/19 11:56:46 | 00,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2007/05/19 11:55:35 | 00,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2007/05/10 02:01:29 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/02/28 21:11:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/02/04 11:37:01 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/02/03 15:28:35 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/02/03 15:23:02 | 00,000,044 | ---- | C] () -- C:\WINDOWS\PERFV100V350.ini
[2007/01/31 09:50:15 | 00,001,617 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2006/11/06 22:19:41 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2006/11/06 22:16:18 | 00,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2006/11/06 22:16:17 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2006/11/06 22:16:17 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/11/05 15:15:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2006/10/01 15:35:54 | 00,032,256 | ---- | C] () -- C:\WINDOWS\System32\Decln.dll
[2006/10/01 15:35:54 | 00,014,629 | ---- | C] () -- C:\WINDOWS\System32\Declw.dll
[2006/08/09 19:09:48 | 00,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/05/26 16:10:48 | 00,001,151 | ---- | C] () -- C:\WINDOWS\_isenv31.ini
[2006/05/26 16:10:48 | 00,000,521 | ---- | C] () -- C:\WINDOWS\_iserr31.ini
[2006/05/26 16:10:48 | 00,000,196 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006/05/24 17:35:20 | 00,005,523 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/05/24 15:44:37 | 02,216,960 | ---- | C] () -- C:\Program Files\pdf995s.exe
[2006/05/03 08:39:58 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2006/04/29 18:27:32 | 00,000,152 | ---- | C] () -- C:\WINDOWS\X-Sums98.ini
[2006/04/29 18:26:19 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\BW32000C.DLL
[2006/04/29 18:26:19 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\BW320007.DLL
[2006/04/28 18:42:04 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/28 14:47:26 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/23 18:29:00 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Application Data\PFP120JPR.{PB
[2006/04/23 18:29:00 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Application Data\PFP120JCM.{PB
[2006/04/23 18:22:27 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/04/23 13:03:58 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/23 13:01:04 | 00,007,520 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/23 13:01:04 | 00,000,152 | RHS- | C] () -- C:\WINDOWS\System32\E01295E59D.sys
[2006/04/23 12:48:24 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Local Settings\Application Data\fusioncache.dat
[2006/04/13 09:05:54 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/13 09:02:30 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/13 08:57:12 | 00,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/04/13 08:27:54 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 06:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 12:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[1999/01/22 11:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Marsha Goff\My Documents\Sara E. Johnson 1944:SummaryInformation
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4295826C
< End of report >
--------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/21/2010 at 07:15 PM

Application Version : 4.33.1000

Core Rules Database Version : 4504
Trace Rules Database Version: 2317

Scan type : Complete Scan
Total Scan Time : 01:35:51

Memory items scanned : 533
Memory threats detected : 0
Registry items scanned : 6039
Registry threats detected : 3
File items scanned : 107151
File threats detected : 1085

Trojan.Media-Codec
HKU\S-1-5-21-2086523684-1127310016-860246366-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84938242-5C5B-4A55-B6B9-A1507543B418}

Adware.Tracking Cookie
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@specificclick[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@uk.sitestat[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@realmedia[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@dmtracker[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@server.iad.liveperson[3].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@perf.overture[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@www6.addfreestats[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@tribalfusion[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@socialmedia[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@doubleclick[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@imrworldwide[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@advertising[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@adopt.specificclick[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@bonneville.112.2o7[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@hitbox[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@kaspersky.122.2o7[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@tripod[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@ads.pointroll[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@adserver.adtechus[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@adrevolver[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@christmasscreensavers[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@dynamic.media.adrevolver[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@adlegend[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@richmedia.yahoo[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@media6degrees[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@centralmediaserver[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@bizrate[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@mediaplex[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@thumbplay.112.2o7[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@statcounter[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@thunderbolt.adjuggler[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@ehg-verizon.hitbox[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@ehg-theactivenetwork.hitbox[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@sales.liveperson[3].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@trafficmp[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@roiservice[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@adopt.euroclick[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@burstbeacon[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@adinterax[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@serving-sys[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@collective-media[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@questionmarket[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@media.adrevolver[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@zedo[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@revsci[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@rotator.dex.adjuggler[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@edge.ru4[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@service.liveperson[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@gettyimages.122.2o7[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@www.burstbeacon[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@audubonscreensaver[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@123count[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@media.adrevolver[3].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@statse.webtrendslive[3].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@insightexpressai[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@www.discountelectronics[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@thefind[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@ad.yieldmanager[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@sales.liveperson[4].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@sonasmultimedia[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@azjmp[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@lfstmedia[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@2o7[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@at.atwola[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@media.sensis.com[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@apmebf[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@webreports.digitalinsight[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@invitemedia[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@atdmt[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@trvlnet.adbureau[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@philips.112.2o7[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@traveladvertising[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@247realmedia[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@overture[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@bs.serving-sys[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@service.liveperson[3].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@adbrite[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@ads.associatedcontent[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@network.realmedia[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@media.adfrontiers[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@ads.cnn[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@ads.acherryontop[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@casalemedia[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@tacoda[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@statse.webtrendslive[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@specificmedia[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@fastclick[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@ads.bridgetrack[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@burstnet[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@clickbank[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@interland.122.2o7[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@ads.lasvegas[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@macu.122.2o7[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@ads.lycos[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@ads.imarketservices[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@flightstats[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@counter.hitslink[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@webstat[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@bravenet[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@rev.remnantmedianetwork[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@sales.liveperson[6].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@mediatraffic[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@adbureau[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@cdn4.specificclick[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@pro-market[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@hertz.122.2o7[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@pointroll[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@content.yieldmanager[3].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@oasn04.247realmedia[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@sonyelectronicssupportus.112.2o7[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@server.iad.liveperson[5].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@server.iad.liveperson[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@lockedonmedia[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@server.iad.liveperson[4].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@giftscom.122.2o7[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@www.googleadservices[4].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@elite202[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@linksynergy[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@www.stopzilla[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@nextag[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@cgm.adbureau[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@ad.wsod[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@data.coremetrics[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@optimize.indieclick[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@dtag.112.2o7[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@media.legacy[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@paypal.112.2o7[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@yieldmanager[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@interclick[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@pfizer.122.2o7[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@ehg-comcast.hitbox[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@stat.onestat[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@viacom.adbureau[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@ads.scrapbook[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@stats1.clicktracks[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@iacas.adbureau[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@discountelectronics[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@chitika[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@server.iad.liveperson[6].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@www.burstnet[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@marriottinternational.122.2o7[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@stopzilla[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@oasn03.247realmedia[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@content.yieldmanager[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@highbeam.122.2o7[1].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@ads.undertone[2].txt
C:\Documents and Settings\Marsha Goff\Cookies\marsha_goff@mediaresponder[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie goff@ad.yieldmanager[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie goff@adopt.euroclick[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie goff@ads.ecrush[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie goff@ads.pointroll[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie goff@anad.tacoda[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie goff@atwola[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie goff@belnk[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie goff@casalemedia[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie goff@centralmediaserver[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie goff@clickbank[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie goff@commission-junction[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie goff@dist.belnk[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie goff@doubleclick[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie goff@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie goff@interclick[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie goff@serving-sys[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie goff@seventeen[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie goff@smileycentral[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie goff@test.coremetrics[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie goff@tvshowfind[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie goff@www.burstbeacon[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie goff@www.findarticles[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@2o7[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@ad.yieldmanager[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@adbrite[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@adopt.euroclick[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@adopt.specificclick[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@ads.bridgetrack[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@ads.pointroll[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@adserver.adtechus[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@advertising[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@apmebf[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@atdmt[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@bs.serving-sys[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@burstnet[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@casalemedia[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@cdn4.specificclick[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@collective-media[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@content.yieldmanager[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@content.yieldmanager[3].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@coolsavings[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@cpvfeed[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@dmtracker[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@doubleclick[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@drivecleaner[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@eas.apm.emediate[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@ehg-warnerbrothers.hitbox[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@fastclick[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@go.drivecleaner[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@go.drivecleaner[3].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@heavycom.122.2o7[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@helpmyteen[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@imrworldwide[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@insightexpressai[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@interclick[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@invitemedia[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@kontera[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@lfstmedia[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@media.adrevolver[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@media.mtvnservices[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@media6degrees[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@mediaplex[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@network.realmedia[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@overture[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@prospect.adbureau[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@questionmarket[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@realmedia[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@revsci[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@richmedia.yahoo[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@rotator.dex.adjuggler[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@serving-sys[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@sitestat.mayoclinic[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@sitestat.mayoclinic[3].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@socialmedia[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@specificclick[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@specificmedia[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@tacoda[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@teenadvice.about[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@teencentral[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@teenlineonline[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@teenmag[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@teentoday.co[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@thunderbolt.adjuggler[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@trafficmp[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@tribalfusion[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@tribalfusion[3].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@winantivirus[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@www.arbookfind[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@www.burstnet[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@www.coolsavings[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@www.drivecleaner[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@www.helpmyteen[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@www.linktrack66[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@www.lotsofpornmovies[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@www.seventeen[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@www.teenlineonline[2].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@www.teenmag[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@www.winantivirus[1].txt
C:\Documents and Settings\Cassie Goff\Cookies\cassie_goff@zedo[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@15minutesfree.nakedsword[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@247realmedia[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@2o7[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@a.findarticles[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@ad.yieldmanager[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@ad.zanox[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@ad1.clickhype[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@adbrite[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@adbrite[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@adbureau[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@adecn[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@adlegend[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@adopt.specificclick[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@adrevolver[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@ads.ad4game[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@ads.adap[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@ads.addynamix[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@ads.blogtalkradio[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@ads.clicksor[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@ads.crakmedia[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@ads.funadvice[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@ads.gplusmedia[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@ads.imarketservices[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@ads.ozonemedia.co[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@ads.pointroll[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@ads.veoh[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@adserver.adtechus[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@adtech[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@adultadworld[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@adultdvdserotica[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@adultfriendfinder[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@adv.exbii[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@advertising[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@affiliates.commissionaccount[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@apmebf[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@at.atwola[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@atdmt[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@atdmt[3].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@audit.median[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@banner509[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@banners.wweek[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@blackbleepwhite[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@blackmotherbleepers[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@bs.serving-sys[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@bubblebutts.sexpornhost[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@burstbeacon[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@burstnet[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@c7.zedo[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@casalemedia[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@cdn4.specificclick[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@cgm.adbureau[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@click.superpaysys[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@clickaider[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@clicktorrent[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@collective-media[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@content.yieldmanager[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@counter.hitslink[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@counter15.sextracker[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@counter8.sextracker[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@couplesseduceteens[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@cs.sexcounter[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@data.coremetrics[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@dealtime[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@dhdmedia[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@dmtracker[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@doubleclick[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@dynamic.media.adrevolver[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@eb.adbureau[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@euroclick[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@eyewonder[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@fastclick[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@femalefirst.co[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@findarticles[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@findwhat[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@free-porn-free-porn-free[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@free.porndirt[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@freesexdoor[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@bleeparoo[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@bleepmommy[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@bleepphent[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@girls-want-sex[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@girlwithaonetrackmind.blogspot[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@gostats[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@handjobporno[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@hisfirstgaysex[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@hornyandhappy[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@hornymatches[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@hosts4porn[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@hqthefilmsxxx[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@hqthefilmsxxx[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@hqthefilmsxxx[3].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@humornsex[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@humornsex[3].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@iacas.adbureau[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@ice.112.2o7[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@ie-stat.bmmetrix[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@image.masterstats[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@imagevenue.advertserve[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@imrworldwide[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@indextools[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@insightexpressai[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@interclick[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@inthecrack[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@invitemedia[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@jerkmycock.megapornmall[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@keywordmax[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@kontera[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@media.adrevolver[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@media.punjabilokvirsa[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@media6degrees[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@mediaplex[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@men4sexnow[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@msnbc.112.2o7[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@msnportal.112.2o7[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@myadultreviews[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@myroitracking[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@oasn04.247realmedia[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@onlinerewardcenter[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@overture[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@paulmarkhamteens[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@paycounter[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@pointroll[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@pornblograbbit[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@pornforwomen.thumblogger[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@pornsickle[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@pornspinner[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@pro-market[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@programs.wegcash[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@questionmarket[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@rb4.worldsex[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@rb4.worldsex[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@realmedia[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@realsexcash[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@redirect.clickshield[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@revsci[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@roughmaturesex[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@roughmaturesex[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@serv.clicksor[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@server.iad.liveperson[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@serving-sys[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@serw.clicksor[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@sexandsubmission[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@sexmovievault[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@sexreactor[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@sexuality.about[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@sexybattleboard[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@sexyfunpics[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@sexzool[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@specificclick[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@specificmedia[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@spylog[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@stat.dealtime[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@statcounter[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@stats.adbrite[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@tacoda[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@teenstakeitbig[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@thebestporn[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@toplist[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@track.vivid[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@tracking.admarketplace[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@trafficmp[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@tribalfusion[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@trvlnet.adbureau[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@upspiral[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@viacom.adbureau[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@videoegg.adbureau[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@web4.realtracker[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@websponsors[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@worldsex[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.adbrite[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.adultdvdserotica[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.adultplayersclub[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.bigcocksex[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.burstbeacon[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.burstnet[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.couplesseduceteens[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.femalefirst.co[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.free-porn-free-porn-free[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.freepornsexlog[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.bleeparoo[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.googleadservices[10].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.googleadservices[11].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.googleadservices[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.googleadservices[3].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.googleadservices[4].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.googleadservices[5].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.googleadservices[7].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.herfirstlesbiansex[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.hisfirstgaysex[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.hornyoldbleepers[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.inthecrack[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.inthecrack[3].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.kinxxx[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.matureladyxxx[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.momsandbleepers[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.momsandbleepers[3].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.motherbleepingporn[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.pornminded[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.pornonavigate[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.sexandsubmission[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.sexmosaic[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.sexyfunpics[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.sinfulmaturesex[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.tracklead[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www.xxxasiandesire[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www2.everythingfreeporn[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@www6.addfreestats[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@xiti[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@xxxalternative[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@xxxporntheater[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@yadro[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@yieldmanager[1].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@yourpornpal[2].txt
C:\Documents and Settings\Dennis Goff\Cookies\dennis_goff@zedo[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@1.adbrite[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@105-bmp.googleadservices[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@112.2o7[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@122.2o7[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@123count[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@247realmedia[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@247realmedia[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@2o7[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@3.adbrite[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@a.findarticles[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@a1.interclick[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@account.toontown[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@acvs.mediaonenetwork[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ad.associatedcontent[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ad.targetingmarketplace[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ad.thehill[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ad.wsod[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ad.xplusone[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ad.yieldmanager[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ad.yieldmanager[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ad.zanox[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ad1.clickhype[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ad2.adnetinteractive[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adbrite[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adbrite[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adbureau[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adcentriconline[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adfarm1.adition[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adfi.adbureau[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adinsert.buddymedia[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adinterax[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adinterax[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adinterax[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adinterax[4].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adlegend[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adlegend[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@admarketplace[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@admse012.adbureau[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adopt.euroclick[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adopt.euroclick[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adopt.specificclick[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adopt.specificclick[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adrevolver[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adrevolver[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.acherryontop[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.ad4game[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.adap[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.adbrite[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.addesktop[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.addesktop[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.addynamix[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.addynamix[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.artsopolis[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.as4x.tmcs.ticketmaster[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.audxch[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.bleepingcomputer[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.bluelithium[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.bridgetrack[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.cellfish[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.clicksor[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.cnn[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.cnn[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.financialcontent[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.ft[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.ft[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.funadvice[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.hairboutique[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.healthcare[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.imarketservices[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.lucidmedia[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.lycos[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.milkandcookies[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.nba[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.nebuadserving[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.networldmedia[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.pgatour[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.pointroll[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.pointroll[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.predictad[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.pugetsoundsoftware[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.realtechnetwork[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.realtechnetwork[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.realtechnetwork[4].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.revsci[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.scrapbook[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.shorttail[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.socialreach[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.starfields[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.teleint[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.undertone[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.us.e-planning[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.veoh[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.warmnetworks[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads.widgetbucks[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ads5.offermatica[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adserv.brandaffinity[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adserver.adreactor[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adserver.adtechus[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adserver.matchcraft[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adserver.oddschecker[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adserver3.teracent[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adserving.cpxinteractive[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adtech[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adv.webmd[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@advertising[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@advertising[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@advertising[4].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adverts.ladyoak[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adviva[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@adxpose[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@aff.primaryads[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@alamo-push.worldmedia[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@alamo-push.worldmedia[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@americafirstcreditunion.122.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@apmebf[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@apmebf[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@at.atwola[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@atdmt[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@atdmt[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@atdmt[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@atdmt[4].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@atwola[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@azjmp[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@azjmp[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@banners.bannersource[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@bannertherapy[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@beacon.dmsinsights[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@bet.burstnet[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@bfast[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@bfast[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@bizjournals.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@bizrate[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@bizrate[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@blockbuster.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@bluestreak[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@bluestreak[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@bobit.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@bonneville.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@bravenet[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@bridge1.admarketplace[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@broadwaycom.122.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@brookstone.122.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@bs.serving-sys[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@bs.serving-sys[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@burstbeacon[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@burstnet[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@burstnet[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@buzznet.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@care2.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@casalemedia[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@casalemedia[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@caselaw.lp.findlaw[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@cbs.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@cbsdigitalmedia.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@cct.clickable[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@cdn4.specificclick[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@centralmediaserver[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@centralmediaserver[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@chitika[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@click.tvprocessing[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@clickability[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@clickaider[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@clickbank[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@clicknotes[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@clickshift[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@clicksor[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@cms.trafficmp[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@collective-media[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@commission-junction[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@content.yieldmanager[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@content.yieldmanager[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@cookie.neuroticmedia[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@counter.hitslink[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@counter.hitslink[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@counter.surfcounters[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@counter2.hitslink[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@countryliving[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@counttonine[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@coxhsi.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@coxhsi.112.2o7[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@cratebarrel.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@cz3.clickzs[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@cz4.clickzs[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@cz6.clickzs[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@d.mediaforceads[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@d.precisionadnetwork[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@data.coremetrics[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@data.coremetrics[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@dc.tremormedia[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@dealtime[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@dillards.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@dmtracker[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@doubleclick[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@doubleclick[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@drivecleaner[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@dtag.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@dtag.112.2o7[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@dynamic.media.adrevolver[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@e-2dj6wfkyqgd5mco.stats.esomniture[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@e-2dj6wflookdpwcp.stats.esomniture[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@e-2dj6wflykod5agp.stats.esomniture[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@e-2dj6whlysgazefp.stats.esomniture[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@e-2dj6whlyskdjseo.stats.esomniture[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@e-2dj6wjl4umazaho.stats.esomniture[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@e-2dj6wjlicoczsco.stats.esomniture[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@e-2dj6wjloehdpkdp.stats.esomniture[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@e-2dj6wjny-1mazkc.stats.esomniture[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@eas.apm.emediate[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@eb.adbureau[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ecnext.advertserve[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ecnext.advertserve[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@edge.ru4[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@edge.ru4[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-aha.hitbox[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-apollointeractive.hitbox[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-aviatechllc.hitbox[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-bbbsorg.hitbox[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-bestbuy.hitbox[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-bizjournals.hitbox[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-comcast.hitbox[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-csaa.hitbox[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-findlaw.hitbox[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-foxsports.hitbox[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-hollywood.hitbox[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-hollywoodmedia.hitbox[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-idgentertainment.hitbox[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-kodak.hitbox[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-legacy.hitbox[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-mgmmirageoperations.hitbox[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-myspaceinc.hitbox[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-nestleusainc.hitbox[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-nexusmedia.hitbox[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-officeworld.hitbox[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-penguingroupusa.hitbox[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-theactivenetwork.hitbox[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-theviptour.hitbox[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-verizon.hitbox[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-viacom.hitbox[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-viacom.hitbox[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-vzw.hitbox[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-vzw.hitbox[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-warnerbrothers.hitbox[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-wsseurope.hitbox[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-youtube.hitbox[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-zoom.hitbox[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-zoomerang.hitbox[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ehg-zvents.hitbox[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@electronicarts.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@electronicarts.112.2o7[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@eqtracking[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@euroclick[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@evenmorestats[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@eyewonder[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ez-tracks[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@eztracks.aavalue[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@fastclick[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@fastclick[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@findarticles[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@findhardwaresuppliesnow[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@findlaw[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@findlaw[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@findwhat[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@flairviewtravel.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@flightdiscount[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@flightstats[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@franklincovey.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@frostclick[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@furrygoat[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@fusetv.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@giftscom.122.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@goodstats1[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@google.lucidmedia[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@greatschools.122.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@hearstmagazines.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@hearstmagazines.112.2o7[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@hertz.122.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@highbeam.122.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@hitbox[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@hitbox[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@homestore.122.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@honfurniture.122.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@host-d.oddcast[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@hotelscom.122.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@hotlog[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@htmlgear.tripod[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@iacas.adbureau[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ice.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ice.112.2o7[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ileadztracker[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@image.masterstats[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@imediablast[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@imrworldwide[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@imrworldwide[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@incentaclick[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@indexstats[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@indextools[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@indigio.122.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@insightexpressai[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@insightexpressai[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@inteletrack[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@interclick[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@intermundomedia[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@invitemedia[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@jarmediatrack[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@jra.advertserve[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@kaboose.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@kaboose.112.2o7[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@kanoodle[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@kaspersky.122.2o7[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@keybank.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@keywordmax[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@kiplinger.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@kontera[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@kronos.bravenetmedia[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@leeenterprises.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@leeenterprises.112.2o7[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@lfstmedia[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@license.nmp.neuroticmedia[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@link.mercent[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@linksynergy[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@linksynergy[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@lockedonmedia[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@login.tracking101[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@login.tracking101[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@lsftmedia[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@lucidmedia[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@lynxtrack[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@m1.webstats.motigo[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@macu.122.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@marketlive.122.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@marriottinternational.122.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@maxis.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@maxserving[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@medhelpinternational.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@media.adfrontiers[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@media.adrevolver[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@media.adrevolver[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@media.adrevolver[4].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@media.causes[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@media.hotels[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@media.legacy[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@media.medhelp[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@media.mtvnservices[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@media.photobucket[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@media.sensis.com[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@media.wtoc[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@media2.gamook[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@media6degrees[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@mediaonenetwork[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@mediaonenetwork[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@mediaplex[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@mediaplex[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@mediaresponder[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@mediatraffic[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@mediawebmonster[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@meetupcom.122.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@mercury.bravenet[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@microsoftwlcashback.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@msnbc.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@msnportal.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@myaccount.verizonwireless[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@myap.liveperson[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@myroitracking[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@network.realmedia[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@network.realmedia[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@networldmedia[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@neuroticmedia[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@nextag[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@oasn03.247realmedia[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@oasn04.247realmedia[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@onestopinternet.122.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@optimize.indieclick[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@optimize.indieclick[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@optimost[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@orangecounty.cox[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@overture[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@overture[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@parentingteens.about[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@partner2profit[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@partner2profit[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@partsearch.122.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@pathfinder[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@paypal.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@perf.overture[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@perf.overture[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@phg.hitbox[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@phg.hitbox[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@pluckit.demandmedia[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@pointroll[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@precisionclick[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@precisionclick[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@primediamags[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@prnewswire.122.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@pro-market[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@pro-market[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@pview.findlaw[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@qksrv[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@qnsr[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@qnsr[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@questionmarket[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@questionmarket[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@radarstats[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@randomhouse.122.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@realmedia[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@realmedia[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@realmedia[4].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@rev.remnantmedianetwork[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@revenue[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@revenue[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@reveremultimedia[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@revsci[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@revsci[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@richmedia.yahoo[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@richmedia.yahoo[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@richmedia.yahoo[4].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@richmedia.yahoo[5].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@rm.yieldmanager[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@roiservice[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@roiservice[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ru4[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@run.av1-best-click[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@s.clickability[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@sales.liveperson[10].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@sales.liveperson[11].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@sales.liveperson[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@sales.liveperson[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@sales.liveperson[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@sales.liveperson[4].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@sales.liveperson[5].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@sales.liveperson[7].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@sales.liveperson[8].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@sales.liveperson[9].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@scanner.msscanner[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@scrapbooking.email.primedia[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@server.cpmstar[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@server.cpmstar[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@server.iad.liveperson[10].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@server.iad.liveperson[11].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@server.iad.liveperson[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@server.iad.liveperson[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@server.iad.liveperson[4].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@server.iad.liveperson[5].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@server.iad.liveperson[6].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@server.iad.liveperson[7].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@server.iad.liveperson[8].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@server.iad.liveperson[9].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@serving-sys[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@serving-sys[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@seventeenchallenge.hotims[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@seventeen[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@shopping.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@silo.thefind[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@sitestat.mayoclinic[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@sitestat.mayoclinic[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@sitestat.mayoclinic[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@sixtgmbh.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@smartadserver[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@smartmoney.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@smileycentral[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@snap9.advertserve[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@socialmedia[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@spamblockerutility[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@specificclick[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@specificclick[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@specificmedia[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@spylog[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@stat.dealtime[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@stat.onestat[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@statcounter[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@statcounter[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@stats.adbrite[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@stats.drivecleaner[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@stats.manticoretechnology[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@stats.paypal[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@stats.townnews[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@stats1.reliablestats[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@stats2.reliablestats[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@statse.webtrendslive[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@statse.webtrendslive[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@statse.webtrendslive[4].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@stopzilla[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@stylebakeryteen[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@superstats[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@surveymonkey.122.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@t.pointroll[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@tacoda[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@tacoda[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@target.db.advertising[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@taylorgifts.122.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@tds.best-click-go[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@technologyquestions[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@teenadvice.about[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@teenspot[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@teen[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@thefind[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@thestreet.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ticketsnow.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@ticketsnow[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@toseeka[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@track.bestbuy[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@track.bestbuy[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@track.cbs[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@track.effiliation[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@track.mtrgsrv[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@track.searchignite[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@trackalyzer[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@tracking.admarketplace[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@tracking.foundry42[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@tracking.foundry42[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@tracking.gajmp[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@tracking.realtor[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@tradedoubler[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@traditionalsiemens[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@traffic-go[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@trafficmp[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@trafficmp[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@traveladvertising[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@travelchannel.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@tremor.adbureau[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@tribalfusion[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@tribalfusion[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@tribalfusion[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@trinitymirror.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@tripod[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@trvlnet.adbureau[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@upclick[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@usatoday1.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@usatoday1.112.2o7[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@user-activity-tracking[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@usnews.122.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@usoc.122.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@utahcountyliving[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@valueclick[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@viacom.adbureau[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@viamtvcom.112.2o7[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@viamtvnvideo.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@videoegg.adbureau[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@visabureau.122.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@vitamine.networldmedia[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@warnerbros.112.2o7[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@waterfrontmedia.112.2o7[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@webads.hookedmediagroup[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@webreports.digitalinsight[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@webreports.digitalinsight[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@websponsors[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@windowsmedia[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.0stats[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.arbookfind[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.burstbeacon[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.burstbeacon[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.burstnet[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.clickmanage[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.countrycurtains[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.countryliving[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.counttonine[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.darkbloodprincess20.tripod[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.discountpc[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.drivecleaner[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.ecoretrack[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.etracker[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.ez-tracks[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.findarticles[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.findstuff[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.googleadservices[10].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.googleadservices[11].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.googleadservices[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.googleadservices[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.googleadservices[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.googleadservices[4].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.googleadservices[5].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.googleadservices[6].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.googleadservices[8].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.incentaclick[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.jartrack[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.justclicklocal[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.linktrack66[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.seventeen[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.simmonsmedia[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.stopzilla[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.stylebakeryteen[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.technologyquestions[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.ticketsnow[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.tltrack[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.traveladvertising[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.windowsmedia[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www.womens-health-questions[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www3.addfreestats[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www7.addfreestats[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@www8.addfreestats[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@xiti[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@xiti[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@yadro[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@yadro[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@yieldmanager[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@yieldmanager[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@zedo[1].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@zedo[2].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@zedo[3].txt
C:\Documents and Settings\Goff Family Internet\Cookies\goff_family_internet@zionsbank.112.2o7[1].txt

Rogue.Agent/Gen
HKLM\SOFTWARE\16945025
HKLM\SOFTWARE\16945025#FirstRun

Application.PowerReg Scheduler
C:\WINDOWS\PSS\POWERREG SCHEDULER V3.EXESTARTUP

Adware.Vundo/Variant-[Fixed]
C:\_OTL\MOVEDFILES\01212010_161339\C_WINDOWS\SYSTEM32\BUMEFONI.DLL
C:\_OTL\MOVEDFILES\01212010_161339\C_WINDOWS\SYSTEM32\GILANOVA.DLL
C:\_OTL\MOVEDFILES\01212010_161339\C_WINDOWS\SYSTEM32\GOSURIKE.DLL
C:\_OTL\MOVEDFILES\01212010_161339\C_WINDOWS\SYSTEM32\GUDAFUZE.DLL
C:\_OTL\MOVEDFILES\01212010_161339\C_WINDOWS\SYSTEM32\MITAPIMU.DLL
C:\_OTL\MOVEDFILES\01212010_161339\C_WINDOWS\SYSTEM32\NUTOBUVO.DLL
C:\_OTL\MOVEDFILES\01212010_161339\C_WINDOWS\SYSTEM32\PESAZOLO.DLL
C:\_OTL\MOVEDFILES\01212010_161339\C_WINDOWS\SYSTEM32\SOSILEGA.DLL

Adware.Vundo/Variant-SR
C:\_OTL\MOVEDFILES\01212010_161339\C_WINDOWS\SYSTEM32\DAPATUDI.DLL
C:\_OTL\MOVEDFILES\01212010_161339\C_WINDOWS\SYSTEM32\NOTABAGE.DLL

Adware.Vundo Variant
C:\_OTL\MOVEDFILES\01212010_161339\C_WINDOWS\SYSTEM32\DOFOFERU.DLL
C:\_OTL\MOVEDFILES\01212010_161339\C_WINDOWS\SYSTEM32\LURUWONO.DLL
C:\_OTL\MOVEDFILES\01212010_161339\C_WINDOWS\SYSTEM32\PUBINIBU.DLL

Adware.Vundo/Variant-Vx
C:\_OTL\MOVEDFILES\01212010_161339\C_WINDOWS\SYSTEM32\FEGUZEVI.DLL

Adware.Vundo/Variant-Senorita
C:\_OTL\MOVEDFILES\01212010_161339\C_WINDOWS\SYSTEM32\JEKESOYU.DLL
C:\_OTL\MOVEDFILES\01212010_161339\C_WINDOWS\SYSTEM32\LEYAVEMO.DLL
C:\_OTL\MOVEDFILES\01212010_161339\C_WINDOWS\SYSTEM32\TANEZOBU.DLL

Adware.Vundo/Variant
C:\_OTL\MOVEDFILES\01212010_161339\C_WINDOWS\SYSTEM32\VUWOTAFA.DLL
------------------------------



#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:01 PM

Posted 22 January 2010 - 09:10 AM

We got most of it with that last step but we still have some more to clean out.
Let's try Malwarebytes again now and see if it will work for us.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.



Even if Malwarebytes doesn't work, proceed with this next step.




Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O4 - HKLM..\Run: [yekakupan] C:\WINDOWS\System32\jekesoyu.DLL File not found
    O20 - AppInit_DLLs: (gilanova.dll c:\windows\system32\jekesoyu.dll) - File not found
    O21 - SSODL: lehofujaf - {0779654b-94ef-41c0-ae82-41b575d81fc1} - C:\WINDOWS\System32\jekesoyu.dll File not found
    O22 - SharedTaskScheduler: {0779654b-94ef-41c0-ae82-41b575d81fc1} - mujuzedij - C:\WINDOWS\System32\jekesoyu.dll File not found

    :Commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.



Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 megslc

megslc
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Salt Lake City, Utah
  • Local time:10:01 AM

Posted 22 January 2010 - 08:23 PM

Sam, Malwarebytes downloaded and ran fine this time. Here is the report:

Malwarebytes' Anti-Malware 1.44
Database version: 3618
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

1/22/2010 4:34:05 PM
mbam-log-2010-01-22 (16-34-05).txt

Scan type: Quick Scan
Objects scanned: 152535
Time elapsed: 9 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\gvtl (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\N1 (Rogue.AntiVirus1) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yekakupan (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe logon.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\logon.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
-------------

Next Report: ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\yekakupan not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:gilanova.dll c:\windows\system32\jekesoyu.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\lehofujaf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0779654b-94ef-41c0-ae82-41b575d81fc1}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{0779654b-94ef-41c0-ae82-41b575d81fc1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0779654b-94ef-41c0-ae82-41b575d81fc1}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Cassie Goff
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dennis Goff
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Goff Family Internet
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Marsha Goff
->Temp folder emptied: 160634 bytes
->Temporary Internet Files folder emptied: 1850153 bytes
->Java cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.00 mb


OTL by OldTimer - Version 3.1.25.3 log created on 01222010_172742

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



OTL log ...............................................................

OTL logfile created on: 1/22/2010 5:50:13 PM - Run 3
OTL by OldTimer - Version 3.1.25.3 Folder = C:\Documents and Settings\Marsha Goff\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 128.00 Mb Available Physical Memory | 25.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.21 Gb Total Space | 20.23 Gb Free Space | 39.51% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 18.54 Gb Free Space | 99.63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GOFFMAIN
Current User Name: Marsha Goff
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/20 21:38:53 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marsha Goff\Desktop\OTL.exe
PRC - [2010/01/05 07:56:02 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/10/27 23:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/10/28 15:42:30 | 00,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/10/28 15:42:12 | 00,181,544 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008/04/13 17:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 17:12:30 | 00,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/05 20:51:28 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/02/09 20:59:26 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2005/10/14 18:50:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/09/09 02:24:30 | 00,102,400 | ---- | M] () -- C:\Program Files\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2005/09/08 17:20:46 | 00,110,592 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
PRC - [2005/04/04 17:58:30 | 03,502,080 | ---- | M] () -- C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
PRC - [2005/04/04 17:58:30 | 00,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
PRC - [2005/04/04 17:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe


========== Modules (SafeList) ==========

MOD - [2010/01/20 21:38:53 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marsha Goff\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/07/03 14:56:14 | 00,303,376 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (avp)
SRV - [2009/04/25 22:19:08 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/10/28 15:42:30 | 00,156,968 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/06/22 21:37:06 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/09 20:59:26 | 01,174,152 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005/09/09 02:24:30 | 00,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005/04/04 17:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
SRV - [2004/11/19 09:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2004/03/18 15:55:48 | 00,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net?cid=NET_mmhpset
IE - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\S-1-5-21-2086523684-1127310016-860246366-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2007/03/29 18:51:38 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005..\Run: [Desktop Software] C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe File not found
O4 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005..\Run: [TClockEx] C:\Documents and Settings\Marsha Goff\Desktop\TClockEx\TCLOCKEX.EXE (Dale Nurden)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Marsha Goff\Start Menu\Programs\Startup\Event Reminder.lnk = C:\pmw\PMREMIND.EXE ()
O4 - Startup: C:\Documents and Settings\Marsha Goff\Start Menu\Programs\Startup\ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe File not found
O4 - Startup: C:\Documents and Settings\Marsha Goff\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\..Trusted Domains: cmcflex.com ([webmail] https in Trusted sites)
O15 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\..Trusted Domains: delta.com ([connect] https in Trusted sites)
O15 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\..Trusted Domains: 4 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1192810068578 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab (HPObjectInstaller Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O20 - AppInit_DLLs: (c:\progra~1\google\google~1\goec62~1.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - AppInit_DLLs: (c:\progra~1\google\google~1\goec62~1.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - AppInit_DLLs: (c:\progra~1\kasper~1\kasper~2\mzvkbd3.dll) - c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (c:\progra~1\kasper~1\kasper~2\kloehk.dll) - c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (gilanova.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\jekesoyu.dll) - C:\WINDOWS\System32\jekesoyu.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Marsha Goff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marsha Goff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (ntoskrnl.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{b3b17266-d300-11da-a3d9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{b3b17266-d300-11da-a3d9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3b17266-d300-11da-a3d9-806d6172696f}\Shell\AutoRun\command - "" = E:\cdsetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 02:22:48 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17736316556935168)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/21 17:34:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/21 17:33:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marsha Goff\Application Data\SUPERAntiSpyware.com
[2010/01/21 17:33:47 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/21 17:32:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/21 16:13:39 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/20 21:38:53 | 00,546,816 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marsha Goff\Desktop\OTL.exe
[2010/01/19 21:44:37 | 03,696,032 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marsha Goff\Desktop\mbam-rules.exe
[2010/01/19 21:19:16 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/19 21:19:13 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/19 21:16:21 | 05,115,832 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marsha Goff\Desktop\mbam-setup.exe
[2010/01/18 21:07:58 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Marsha Goff\Desktop\RootRepeal.exe
[2010/01/16 19:22:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/11/13 08:43:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/07/11 09:52:03 | 13,717,000 | ---- | C] (Macrovision Corporation) -- C:\Program Files\GoogleEarthWin.exe
[2006/06/20 17:06:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/05/26 19:37:52 | 05,649,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\HPPSE1.9.1.3-2ENU.exe
[2006/05/25 21:29:38 | 22,569,392 | ---- | C] (Hewlett-Packard Company ) -- C:\Program Files\hp_53_enu.exe
[2006/04/23 13:08:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2005/08/16 02:49:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/08/16 02:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/08/16 02:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/01/22 17:30:36 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/22 17:29:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/22 17:29:09 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/22 17:29:07 | 52,653,6704 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/22 17:28:04 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Marsha Goff\NTUSER.DAT
[2010/01/22 17:28:04 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Marsha Goff\ntuser.ini
[2010/01/22 16:19:47 | 05,115,832 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marsha Goff\Desktop\mbam-setup.exe
[2010/01/21 17:33:57 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/21 17:31:12 | 07,520,288 | ---- | M] () -- C:\Documents and Settings\Marsha Goff\Desktop\SUPERAntiSpyware.exe
[2010/01/21 16:23:31 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\resegupi
[2010/01/20 23:09:24 | 01,670,890 | -H-- | M] () -- C:\Documents and Settings\Marsha Goff\Local Settings\Application Data\IconCache.db
[2010/01/20 21:38:53 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marsha Goff\Desktop\OTL.exe
[2010/01/19 21:44:40 | 03,696,032 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marsha Goff\Desktop\mbam-rules.exe
[2010/01/19 19:28:16 | 00,003,760 | ---- | M] () -- C:\Documents and Settings\Marsha Goff\My Documents\Medical permission slip for Cass.wpd
[2010/01/18 22:36:24 | 00,000,152 | ---- | M] () -- C:\WINDOWS\X-Sums98.ini
[2010/01/18 21:09:12 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Marsha Goff\Desktop\settings.dat
[2010/01/18 21:07:58 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Marsha Goff\Desktop\RootRepeal.exe
[2010/01/18 20:57:36 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Marsha Goff\Desktop\dds.scr

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\resegupi
[2010/01/21 17:33:57 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/21 17:31:04 | 07,520,288 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Desktop\SUPERAntiSpyware.exe
[2010/01/18 21:09:12 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Desktop\settings.dat
[2010/01/18 20:57:36 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Desktop\dds.scr
[2008/06/24 20:48:41 | 00,001,160 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI
[2008/06/24 20:47:03 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2008/02/26 19:38:47 | 00,000,212 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2007/05/19 11:56:46 | 00,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2007/05/19 11:55:35 | 00,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2007/05/10 02:01:29 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/02/28 21:11:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/02/04 11:37:01 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/02/03 15:28:35 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/02/03 15:23:02 | 00,000,044 | ---- | C] () -- C:\WINDOWS\PERFV100V350.ini
[2007/01/31 09:50:15 | 00,001,617 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2006/11/06 22:19:41 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2006/11/06 22:16:18 | 00,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2006/11/06 22:16:17 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2006/11/06 22:16:17 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/11/05 15:15:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2006/10/01 15:35:54 | 00,032,256 | ---- | C] () -- C:\WINDOWS\System32\Decln.dll
[2006/10/01 15:35:54 | 00,014,629 | ---- | C] () -- C:\WINDOWS\System32\Declw.dll
[2006/08/09 19:09:48 | 00,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/05/26 16:10:48 | 00,001,151 | ---- | C] () -- C:\WINDOWS\_isenv31.ini
[2006/05/26 16:10:48 | 00,000,521 | ---- | C] () -- C:\WINDOWS\_iserr31.ini
[2006/05/26 16:10:48 | 00,000,196 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006/05/24 17:35:20 | 00,005,523 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/05/24 15:44:37 | 02,216,960 | ---- | C] () -- C:\Program Files\pdf995s.exe
[2006/05/03 08:39:58 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2006/04/29 18:27:32 | 00,000,152 | ---- | C] () -- C:\WINDOWS\X-Sums98.ini
[2006/04/29 18:26:19 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\BW32000C.DLL
[2006/04/29 18:26:19 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\BW320007.DLL
[2006/04/28 18:42:04 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/28 14:47:26 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/23 18:29:00 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Application Data\PFP120JPR.{PB
[2006/04/23 18:29:00 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Application Data\PFP120JCM.{PB
[2006/04/23 18:22:27 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/04/23 13:03:58 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/23 13:01:04 | 00,007,520 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/23 13:01:04 | 00,000,152 | RHS- | C] () -- C:\WINDOWS\System32\E01295E59D.sys
[2006/04/23 12:48:24 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Local Settings\Application Data\fusioncache.dat
[2006/04/13 09:05:54 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/13 09:02:30 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/13 08:57:12 | 00,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/04/13 08:27:54 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 06:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 12:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[1999/01/22 11:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2006/06/26 20:10:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/01/03 10:46:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2006/09/08 16:05:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/10/11 10:26:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/04/24 19:52:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2008/03/08 22:26:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2007/03/29 18:43:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/04/13 08:53:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/10/21 18:51:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2007/02/04 10:34:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cassie Goff\Application Data\EPSON
[2006/12/22 16:45:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cassie Goff\Application Data\Image Zone Express
[2006/12/18 19:47:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cassie Goff\Application Data\Leadertech
[2006/09/21 18:59:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cassie Goff\Application Data\WildTangent
[2007/02/03 17:18:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dennis Goff\Application Data\EPSON
[2006/04/24 13:40:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dennis Goff\Application Data\Leadertech
[2009/01/22 20:09:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goff Family Internet\Application Data\alot
[2007/02/12 19:22:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goff Family Internet\Application Data\EPSON
[2007/08/08 08:56:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goff Family Internet\Application Data\Image Zone Express
[2006/05/10 17:18:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goff Family Internet\Application Data\Leadertech
[2006/06/29 21:40:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goff Family Internet\Application Data\Opera
[2006/11/06 22:19:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goff Family Internet\Application Data\pdf995
[2006/09/08 16:05:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goff Family Internet\Application Data\PlayFirst
[2006/09/07 15:00:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goff Family Internet\Application Data\WildTangent
[2007/11/07 17:43:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marsha Goff\Application Data\EPSON
[2006/06/25 16:52:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marsha Goff\Application Data\Image Zone Express
[2006/05/13 15:35:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marsha Goff\Application Data\Leadertech
[2007/11/24 20:30:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marsha Goff\Application Data\pdf995
[2009/04/24 19:53:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marsha Goff\Application Data\Stardock
[2008/06/24 20:47:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marsha Goff\Application Data\The Complete Genealogy Reporter - FTB

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 03:00:00 | 16,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 03:00:00 | 16,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/13 08:06:26 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/11/13 08:06:26 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 21:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 21:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 03:00:00 | 16,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 03:00:00 | 16,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/13 08:06:26 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/11/13 08:06:26 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 20:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 20:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 20:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/03 20:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 03:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 03:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 03:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 03:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 03:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 03:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 17:11:51 | 01,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2009/10/29 00:46:50 | 00,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/10/29 00:46:51 | 00,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2005/10/14 18:45:38 | 00,135,168 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\igfxdev.dll
[2004/08/10 03:00:00 | 00,012,288 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mmdrv.dll
[2004/08/10 03:00:00 | 00,068,768 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mmsystem.dll
[2008/04/13 17:11:58 | 00,069,632 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msconf.dll
[2009/10/29 00:46:58 | 00,193,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msrating.dll
[2008/04/13 17:12:00 | 01,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[2004/08/10 03:00:00 | 00,005,120 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Marsha Goff\My Documents\Sara E. Johnson 1944:SummaryInformation
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4295826C
< End of report >
------------------------------------------------------------


Hope I got these all done right! My PC seems to be running great so far!

#10 megslc

megslc
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Salt Lake City, Utah
  • Local time:10:01 AM

Posted 23 January 2010 - 02:45 PM

Sam,
I will be out of town the first part of next week so please don't think I will be ignoring whatever response you have for my last post. I will check back as soon as I get back to my PC. Thanks, Marsha

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:01 PM

Posted 24 January 2010 - 03:25 AM

Ok, no problem.

Looks like there's just a bit more left.


Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O20 - AppInit_DLLs: (gilanova.dll) - File not found
    O20 - AppInit_DLLs: (c:\windows\system32\jekesoyu.dll) - C:\WINDOWS\System32\jekesoyu.dll File not found

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 megslc

megslc
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Salt Lake City, Utah
  • Local time:10:01 AM

Posted 29 January 2010 - 02:22 AM

OK, I'm back! Ran fix and got the following:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:gilanova.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\jekesoyu.dll deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Cassie Goff
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dennis Goff
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Goff Family Internet
->Temp folder emptied: 4047580 bytes
->Temporary Internet Files folder emptied: 6679063 bytes
->Java cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Marsha Goff
->Temp folder emptied: 684266 bytes
->Temporary Internet Files folder emptied: 46978985 bytes
->Java cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 564864 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 56.00 mb


OTL by OldTimer - Version 3.1.25.3 log created on 01282010_235118

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


--------------------------------
And here is a new OTL log . . . . I x'd the "Scan All Users" box and then clicked Quick Scan, leaving the Custom area blank. Hope this is correct...if not let me know!

OTL logfile created on: 1/29/2010 12:13:23 AM - Run 4
OTL by OldTimer - Version 3.1.25.3 Folder = C:\Documents and Settings\Marsha Goff\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 139.00 Mb Available Physical Memory | 28.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.21 Gb Total Space | 19.84 Gb Free Space | 38.74% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 18.54 Gb Free Space | 99.63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GOFFMAIN
Current User Name: Marsha Goff
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/20 21:38:53 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marsha Goff\Desktop\OTL.exe
PRC - [2010/01/05 07:56:02 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/10/27 23:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/10/28 15:42:30 | 00,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/10/28 15:42:12 | 00,181,544 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008/04/13 17:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 17:12:30 | 00,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/05 20:51:28 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/02/09 20:59:26 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2005/10/14 18:50:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/09/09 02:24:30 | 00,102,400 | ---- | M] () -- C:\Program Files\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2005/09/08 17:20:46 | 00,110,592 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
PRC - [2005/04/04 17:58:30 | 03,502,080 | ---- | M] () -- C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
PRC - [2005/04/04 17:58:30 | 00,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
PRC - [2005/04/04 17:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe


========== Modules (SafeList) ==========

MOD - [2010/01/20 21:38:53 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marsha Goff\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/07/03 14:56:14 | 00,303,376 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (avp)
SRV - [2009/04/25 22:19:08 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/10/28 15:42:30 | 00,156,968 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/06/22 21:37:06 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/09 20:59:26 | 01,174,152 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005/09/09 02:24:30 | 00,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005/04/04 17:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
SRV - [2004/11/19 09:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2004/03/18 15:55:48 | 00,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net?cid=NET_mmhpset
IE - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\S-1-5-21-2086523684-1127310016-860246366-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2007/03/29 18:51:38 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005..\Run: [Desktop Software] C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe File not found
O4 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005..\Run: [TClockEx] C:\Documents and Settings\Marsha Goff\Desktop\TClockEx\TCLOCKEX.EXE (Dale Nurden)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Marsha Goff\Start Menu\Programs\Startup\Event Reminder.lnk = C:\pmw\PMREMIND.EXE ()
O4 - Startup: C:\Documents and Settings\Marsha Goff\Start Menu\Programs\Startup\ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe File not found
O4 - Startup: C:\Documents and Settings\Marsha Goff\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\..Trusted Domains: cmcflex.com ([webmail] https in Trusted sites)
O15 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\..Trusted Domains: delta.com ([connect] https in Trusted sites)
O15 - HKU\S-1-5-21-2086523684-1127310016-860246366-1005\..Trusted Domains: 4 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1192810068578 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab (HPObjectInstaller Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O20 - AppInit_DLLs: (c:\progra~1\google\google~1\goec62~1.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - AppInit_DLLs: (c:\progra~1\google\google~1\goec62~1.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - AppInit_DLLs: (c:\progra~1\kasper~1\kasper~2\mzvkbd3.dll) - c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (c:\progra~1\kasper~1\kasper~2\kloehk.dll) - c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Marsha Goff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marsha Goff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (ntoskrnl.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{b3b17266-d300-11da-a3d9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{b3b17266-d300-11da-a3d9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3b17266-d300-11da-a3d9-806d6172696f}\Shell\AutoRun\command - "" = E:\cdsetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/21 17:34:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/21 17:33:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marsha Goff\Application Data\SUPERAntiSpyware.com
[2010/01/21 17:33:47 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/21 17:32:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/21 16:13:39 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/20 21:38:53 | 00,546,816 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marsha Goff\Desktop\OTL.exe
[2010/01/19 21:19:16 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/19 21:19:13 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/16 19:22:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/11/13 08:43:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/07/11 09:52:03 | 13,717,000 | ---- | C] (Macrovision Corporation) -- C:\Program Files\GoogleEarthWin.exe
[2006/06/20 17:06:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/05/26 19:37:52 | 05,649,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\HPPSE1.9.1.3-2ENU.exe
[2006/05/25 21:29:38 | 22,569,392 | ---- | C] (Hewlett-Packard Company ) -- C:\Program Files\hp_53_enu.exe
[2006/04/23 13:08:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2005/08/16 02:49:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/08/16 02:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/08/16 02:30:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/01/28 23:55:23 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/28 23:54:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/28 23:53:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/28 23:53:53 | 52,653,6704 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/28 23:52:50 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Marsha Goff\NTUSER.DAT
[2010/01/28 23:52:50 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Marsha Goff\ntuser.ini
[2010/01/23 12:40:53 | 02,233,534 | -H-- | M] () -- C:\Documents and Settings\Marsha Goff\Local Settings\Application Data\IconCache.db
[2010/01/22 22:04:35 | 01,033,728 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Check Register.xls
[2010/01/21 17:33:57 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/21 17:31:12 | 07,520,288 | ---- | M] () -- C:\Documents and Settings\Marsha Goff\Desktop\SUPERAntiSpyware.exe
[2010/01/21 16:23:31 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\resegupi
[2010/01/20 21:38:53 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marsha Goff\Desktop\OTL.exe
[2010/01/19 19:28:16 | 00,003,760 | ---- | M] () -- C:\Documents and Settings\Marsha Goff\My Documents\Medical permission slip for Cass.wpd
[2010/01/18 22:36:24 | 00,000,152 | ---- | M] () -- C:\WINDOWS\X-Sums98.ini
[2010/01/18 21:09:12 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Marsha Goff\Desktop\settings.dat

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\resegupi
[2010/01/21 17:33:57 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/21 17:31:04 | 07,520,288 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Desktop\SUPERAntiSpyware.exe
[2010/01/18 21:09:12 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Desktop\settings.dat
[2008/06/24 20:48:41 | 00,001,160 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI
[2008/06/24 20:47:03 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2008/02/26 19:38:47 | 00,000,212 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2007/05/19 11:56:46 | 00,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2007/05/19 11:55:35 | 00,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2007/05/10 02:01:29 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/02/28 21:11:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/02/04 11:37:01 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/02/03 15:28:35 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/02/03 15:23:02 | 00,000,044 | ---- | C] () -- C:\WINDOWS\PERFV100V350.ini
[2007/01/31 09:50:15 | 00,001,617 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2006/11/06 22:19:41 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2006/11/06 22:16:18 | 00,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2006/11/06 22:16:17 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2006/11/06 22:16:17 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/11/05 15:15:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2006/10/01 15:35:54 | 00,032,256 | ---- | C] () -- C:\WINDOWS\System32\Decln.dll
[2006/10/01 15:35:54 | 00,014,629 | ---- | C] () -- C:\WINDOWS\System32\Declw.dll
[2006/08/09 19:09:48 | 00,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/05/26 16:10:48 | 00,001,151 | ---- | C] () -- C:\WINDOWS\_isenv31.ini
[2006/05/26 16:10:48 | 00,000,521 | ---- | C] () -- C:\WINDOWS\_iserr31.ini
[2006/05/26 16:10:48 | 00,000,196 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006/05/24 17:35:20 | 00,005,523 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/05/24 15:44:37 | 02,216,960 | ---- | C] () -- C:\Program Files\pdf995s.exe
[2006/05/03 08:39:58 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2006/04/29 18:27:32 | 00,000,152 | ---- | C] () -- C:\WINDOWS\X-Sums98.ini
[2006/04/29 18:26:19 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\BW32000C.DLL
[2006/04/29 18:26:19 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\BW320007.DLL
[2006/04/28 18:42:04 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/28 14:47:26 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/23 18:29:00 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Application Data\PFP120JPR.{PB
[2006/04/23 18:29:00 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Application Data\PFP120JCM.{PB
[2006/04/23 18:22:27 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/04/23 13:03:58 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/23 13:01:04 | 00,007,520 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/23 13:01:04 | 00,000,152 | RHS- | C] () -- C:\WINDOWS\System32\E01295E59D.sys
[2006/04/23 12:48:24 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Marsha Goff\Local Settings\Application Data\fusioncache.dat
[2006/04/13 09:05:54 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/13 09:02:30 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/13 08:57:12 | 00,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/04/13 08:27:54 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 06:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 12:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[1999/01/22 11:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2006/06/26 20:10:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/01/03 10:46:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2006/09/08 16:05:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/10/11 10:26:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/04/24 19:52:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2008/03/08 22:26:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2007/03/29 18:43:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/04/13 08:53:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/10/21 18:51:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2007/02/04 10:34:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cassie Goff\Application Data\EPSON
[2006/12/22 16:45:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cassie Goff\Application Data\Image Zone Express
[2006/12/18 19:47:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cassie Goff\Application Data\Leadertech
[2006/09/21 18:59:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cassie Goff\Application Data\WildTangent
[2007/02/03 17:18:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dennis Goff\Application Data\EPSON
[2006/04/24 13:40:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dennis Goff\Application Data\Leadertech
[2009/01/22 20:09:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goff Family Internet\Application Data\alot
[2007/02/12 19:22:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goff Family Internet\Application Data\EPSON
[2007/08/08 08:56:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goff Family Internet\Application Data\Image Zone Express
[2006/05/10 17:18:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goff Family Internet\Application Data\Leadertech
[2006/06/29 21:40:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goff Family Internet\Application Data\Opera
[2006/11/06 22:19:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goff Family Internet\Application Data\pdf995
[2006/09/08 16:05:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goff Family Internet\Application Data\PlayFirst
[2006/09/07 15:00:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Goff Family Internet\Application Data\WildTangent
[2007/11/07 17:43:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marsha Goff\Application Data\EPSON
[2006/06/25 16:52:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marsha Goff\Application Data\Image Zone Express
[2006/05/13 15:35:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marsha Goff\Application Data\Leadertech
[2007/11/24 20:30:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marsha Goff\Application Data\pdf995
[2009/04/24 19:53:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marsha Goff\Application Data\Stardock
[2008/06/24 20:47:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marsha Goff\Application Data\The Complete Genealogy Reporter - FTB

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Marsha Goff\My Documents\Sara E. Johnson 1944:SummaryInformation
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4295826C
< End of report >






#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:01 PM

Posted 29 January 2010 - 08:53 AM

Looks pretty good to me. How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 megslc

megslc
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Salt Lake City, Utah
  • Local time:10:01 AM

Posted 30 January 2010 - 12:50 AM

clapping.gif It's doing great. Thank you so much. Do you think I should start up my Windows Automatic Updates again? Also, I noticed a few days ago when I googled myself, that a lot of the the information I posted from the logs comes up and reveals some of our favorites, file names, etc. Should I be worried about that or is there a way to get rid of it? In any case, I tryly appreciate the time you've spent to help me. Thanks again, Marsha

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:01 PM

Posted 30 January 2010 - 08:35 AM

Yes, it's a good idea to have Windows Automatic updates enabled now. The logs won't show any personal or private information unless there's something in particular in a filename that you have created. And even then I don't think there's much to worry about unless for some reason your full address or ss# would pop up. I don't see anything in your logs that i would be concerned about anyone else seeing. Regardless, once it hits the Google cache there's not much that can be done about it.

Here are just a few final steps for you and then some recommendations.


Now we'll remove OTL and some of the other tools we've used.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  1. Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  2. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  3. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  4. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  5. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  6. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  7. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  8. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

thumbup.gif smile.gif







Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users