Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed Trojan but can't get window update


  • This topic is locked This topic is locked
62 replies to this topic

#1 milz45

milz45

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 10 September 2010 - 07:33 AM

Hello.
My laptop started acting strange. Scrolling on pages within IE became disabled at times. Then it started redirecting us to various sites. I ran Malwarebytes and several infected files listed as Trojans (see below). It indicated they had been removed but an additional scan indicated they had not. I've since been able to scan vai malwarebytes and not find anything, but IE is still redirecting and blocking microsoftupdate.com. It's running Windows XP professional, version 2002, service pack 3. I've had window firewall enabled and sophos as my antivirus. Any help would be appreciated.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4558

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/9/2010 9:30:41 PM
mbam-log-2010-09-09 (21-30-41).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 255430
Time elapsed: 1 hour(s), 16 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Documents and Settings\All Users\Application Data\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spservice (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{96afbe69-c3b0-4b00-8578-d933d2896ee2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96afbe69-c3b0-4b00-8578-d933d2896ee2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\All Users\Application Data\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.

Edited by Budapest, 12 September 2010 - 06:01 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~BP


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:59 AM

Posted 15 September 2010 - 02:11 AM

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 milz45

milz45
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 15 September 2010 - 09:55 AM

Thanks, Budapest! I will try this as soon as I get home and post results.

#4 milz45

milz45
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 16 September 2010 - 05:40 AM

I followed your instructions. I wasn't, however, able to run SAS in safe mode. For some reason, whenever I typed my login/password in safe mode it would not accept it. I'm certain I was typing the correct login/password, so I don't know what was going on with that. I could boot normally and use the same username/password and get in without issue. Ran SAS in normal mode. It found a bunch of tracking cookies, but that's it. Here's the log ...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/15/2010 at 11:04 PM

Application Version : 4.43.1000

Core Rules Database Version : 5514
Trace Rules Database Version: 3326

Scan type : Complete Scan
Total Scan Time : 01:21:40

Memory items scanned : 480
Memory threats detected : 0
Registry items scanned : 7227
Registry threats detected : 0
File items scanned : 60521
File threats detected : 905

Adware.Tracking Cookie
C:\Documents and Settings\smiller1\Cookies\smiller1@CA7IRZ5P.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@smartadserver[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@countryliving[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@hearstmagazines.112.2o7[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@e-2dj6wfkyeldjgco.stats.esomniture[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@content.yieldmanager[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@buycom.122.2o7[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@pro-market[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@zedo[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@yieldmanager[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@nextag[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@shinystat[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@fastclick[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@www.countryliving[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.shutterfly[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@eas.apm.emediate[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CA22U2WT.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@m1.webstats.motigo[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@122.2o7[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@flagandbanner[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adknowledge[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CA1DR579.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@247realmedia[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CA68EY1W.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@homestore.122.2o7[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CAEN7NU0.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@bridge1.admarketplace[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CAS9LNOC.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@overture[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@apmebf[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CA4KF55V.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adtech[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@oasn04.247realmedia[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adserver.adtechus[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@pointclickhome[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@mediamediawebmonstermedia[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@www.burstnet[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@lucidmedia[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ru4[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@bluestreak[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.esm1[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@marketlive.122.2o7[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@at.atwola[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@insightexpressai[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@netcentral.advertserve[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CASRVP1X.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@tribalfusion[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CAEZN12E.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@msnbc.112.2o7[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CAMNKEBN.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adxpose[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@www.googleadservices[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@mediaplex[11].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CARIZLG9.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adcentriconline[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@gsicace.112.2o7[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@lumberliquidators.112.2o7[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CAPDFJ71.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@data.coremetrics[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CABN84OF.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CA37AGU6.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@msnservices.112.2o7[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@premierfarnell.112.2o7[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@target.db.advertising[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@casalemedia[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CAX6O0XD.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@questionmarket[11].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CAY6IYSP.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@tacoda[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@realmedia[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CA7J2VL1.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@server.iad.liveperson[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CAZXVQMC.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@apartmentfinder[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@traffic.buyservices[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@paypal.112.2o7[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@bs.serving-sys[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.undertone[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CA3XR7HU.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CAWVXDDN.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@cdn1.trafficmp[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@trafficmp[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CAY6W0LF.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CANEGIXZ.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adbrite[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@virginmedia[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@stats.paypal[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@collective-media[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@e-2dj6wfkycjdzmfp.stats.esomniture[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@statcounter[11].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@dc.tremormedia[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CA9K15MH.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@statse.webtrendslive[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@mediawebmonster[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@vitacost.122.2o7[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@media.adfrontiers[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CARZO64G.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@serving-sys[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CABIYUEM.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@www.federatedmedia[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@kontera[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@n-traffic[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@microsoftmachinetranslation.112.2o7[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@w3counter[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.infinisource[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CACXCKW2.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@www.googleadservices[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@prnewswire.122.2o7[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@www.googleadservices[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@dmtracker[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@videoegg.adbureau[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@chitika[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@tracking.realtor[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@content.yieldmanager[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@counter.surfcounters[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@shopica[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@advertise[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@admarketplace[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@2o7[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@bravenet[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@in.getclicky[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@calfinder[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@xiti[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@federatedmedia[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@citychiccountrymouse.blogspot[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@media.remodelista[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@www.flagandbanner[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@www.apartmentfinder[1].txt
a.media.abcfamily.go.com [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
ads1.msn.com [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
bannerfarm.ace.advertising.com [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
cdn1.eyewonder.com [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
cdn4.specificclick.net [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
convoad.technoratimedia.com [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
core.insightexpressai.com [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
googleads.g.doubleclick.net [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
host-a.oddcast.com [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
interclick.com [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
ll.media.abc.com [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
m1.2mdn.net [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
media.cnbc.com [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
media.ign.com [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
media.mtvnservices.com [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
media.nbcnewyork.com [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
media.scanscout.com [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
media.tattomedia.com [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
mediastore.verizonwireless.com [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
motifcdn2.doubleclick.net [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
msnbcmedia.msn.com [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
oddcast.com [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
s0.2mdn.net [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
savordayton.watchclickwin.com [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
secure-us.imrworldwide.com [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
securityclick.net [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
serving-sys.com [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
spe.atdmt.com [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
speed.pointroll.com [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
static.2mdn.net [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
udn.specificclick.net [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
zedo.com [ C:\Documents and Settings\dsmith2\Application Data\Macromedia\Flash Player\#SharedObjects\H9KJFURC ]
C:\Documents and Settings\dsmith2\Cookies\dsmith2@247realmedia[2].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@2o7[2].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@ad.wsod[2].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@ad.yieldmanager[2].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@adbrite[2].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@adinterax[2].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@advertising[1].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@atdmt[1].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@collective-media[1].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@doubleclick[1].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@fastclick[1].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@guthyrenker.112.2o7[1].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@insightexpressai[2].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@interclick[2].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@invitemedia[2].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@movieticketscom.122.2o7[1].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@myaccount.verizonwireless[1].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@overture[2].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@overture[3].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@questionmarket[1].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@realmedia[1].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@revsci[1].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@richmedia.yahoo[1].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@specificclick[1].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@specificclick[3].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@statse.webtrendslive[1].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@statse.webtrendslive[2].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@tacoda[1].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@track.dhl-usa[1].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@trafficmp[2].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@tribalfusion[2].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@webstats.aetna[1].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@webstats.aetna[2].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@www.googleadservices[1].txt
C:\Documents and Settings\dsmith2\Cookies\dsmith2@zedo[1].txt
cdn.eyewonder.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\3LKVAH2T ]
core.insightexpressai.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\3LKVAH2T ]
media.heavy.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\3LKVAH2T ]
media.ign.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\3LKVAH2T ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\3LKVAH2T ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\3LKVAH2T ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\3LKVAH2T ]
msnbcmedia.msn.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\3LKVAH2T ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\3LKVAH2T ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\3LKVAH2T ]
serving-sys.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\3LKVAH2T ]
C:\Documents and Settings\NetworkService\Cookies\system@2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.candystand[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.candystand[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.wsod[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.zanox[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad2.adfarm1.adition[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad2.adfarm1.adition[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@adecn[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adecn[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adecn[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adfarm1.adition[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adfarm1.adition[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adlegend[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@admarketplace[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.bridgetrack[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.cpxcenter[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.gossipcenter[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.intergi[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.lycos[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adtech[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@bridge1.admarketplace[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstbeacon[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstnet[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn.jemamedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn1.trafficmp[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn1.trafficmp[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn1.trafficmp[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@chitika[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@click.blue-square-media[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@click.fastpartner[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[10].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@eas.apm.emediate[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@edgeadx[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@enhance[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@enhance[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@enhance[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@enhance[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@feed.validclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@intermundomedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@legolas-media[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@myroitracking[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@overture[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@overture[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@p178t1s1362533.kronos.bravenetmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@picadmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@picadmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@popularscreensavers[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@pubads.g.doubleclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@top5countdown.mevio[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@viacom.adbureau[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstbeacon[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.titusmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.titusmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.trafficengine[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.trafficengine[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.trafficengine[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[5].txt
a.ads2.msads.net [ C:\Documents and Settings\smiller1\Application Data\Macromedia\Flash Player\#SharedObjects\GVP00001 ]
ads2.msads.net [ C:\Documents and Settings\smiller1\Application Data\Macromedia\Flash Player\#SharedObjects\GVP00001 ]
b.ads2.msads.net [ C:\Documents and Settings\smiller1\Application Data\Macromedia\Flash Player\#SharedObjects\GVP00001 ]
cdn4.specificclick.net [ C:\Documents and Settings\smiller1\Application Data\Macromedia\Flash Player\#SharedObjects\GVP00001 ]
core.insightexpressai.com [ C:\Documents and Settings\smiller1\Application Data\Macromedia\Flash Player\#SharedObjects\GVP00001 ]
media10.washingtonpost.com [ C:\Documents and Settings\smiller1\Application Data\Macromedia\Flash Player\#SharedObjects\GVP00001 ]
msnbcmedia.msn.com [ C:\Documents and Settings\smiller1\Application Data\Macromedia\Flash Player\#SharedObjects\GVP00001 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\smiller1\Application Data\Macromedia\Flash Player\#SharedObjects\GVP00001 ]
C:\Documents and Settings\smiller1\Cookies\smiller1@122.2o7[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@247realmedia[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@247realmedia[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@247realmedia[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@247realmedia[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@247realmedia[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@2o7[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@2o7[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@2o7[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@2o7[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@2o7[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@2o7[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@2o7[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@2o7[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@a1.interclick[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@a1.interclick[11].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@a1.interclick[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@a1.interclick[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@a1.interclick[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@a1.interclick[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@a1.interclick[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@a1.interclick[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@a1.interclick[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@a1.interclick[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@a1.interclick[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ad.wsod[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ad.wsod[11].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ad.wsod[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ad.wsod[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ad.wsod[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ad.wsod[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ad.wsod[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ad.wsod[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ad.wsod[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ad.wsod[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ad.yieldmanager[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ad.yieldmanager[11].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ad.yieldmanager[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ad.yieldmanager[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ad.yieldmanager[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ad.yieldmanager[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ad.yieldmanager[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ad.yieldmanager[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ad.yieldmanager[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ad.yieldmanager[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ad.yieldmanager[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adbrite[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adbrite[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adbrite[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adbrite[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adbrite[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adbrite[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adbrite[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adbrite[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adbrite[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adcentriconline[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adecn[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adecn[11].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adecn[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adecn[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adecn[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adecn[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adecn[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adecn[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adecn[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adecn[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adecn[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adlegend[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adlegend[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@admarketplace[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.esm1[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.meredithads[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.pointroll[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.pointroll[11].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.pointroll[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.pointroll[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.pointroll[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.pointroll[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.pointroll[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.pointroll[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.pointroll[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.pointroll[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.pointroll[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.pubmatic[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.pubmatic[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.shutterfly[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.undertone[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.undertone[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.undertone[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.undertone[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.undertone[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.undertone[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adserver.adtechus[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adserver.adtechus[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adserver.adtechus[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adserver.adtechus[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adserver.adtechus[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adserver.adtechus[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adserver.adtechus[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adtech[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adtech[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@advertise[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@advertising[11].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@advertising[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@advertising[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@advertising[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@advertising[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@advertising[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@advertising[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@advertising[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@advertising[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@advertising[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adxpose[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@adxpose[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@apmebf[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@apmebf[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@apmebf[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@apmebf[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@apmebf[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@apmebf[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@apmebf[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@apmebf[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@apmebf[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@at.atwola[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@at.atwola[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@at.atwola[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@at.atwola[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@at.atwola[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@atdmt[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@atdmt[11].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@atdmt[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@atdmt[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@atdmt[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@atdmt[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@atdmt[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@atdmt[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@atdmt[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@atdmt[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@atdmt[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@atwola[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@banner.adchemy[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@bizzclick[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@bridge1.admarketplace[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@bs.serving-sys[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@bs.serving-sys[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@bs.serving-sys[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@bs.serving-sys[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@bs.serving-sys[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@bs.serving-sys[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@burstnet[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@burstnet[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@burstnet[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@burstnet[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@burstnet[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@burstnet[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@burstnet[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@burstnet[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@casalemedia[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@casalemedia[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@casalemedia[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@casalemedia[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@casalemedia[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CAUQADX5.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@cdn1.trafficmp[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@cdn4.specificclick[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@cdn4.specificclick[11].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@cdn4.specificclick[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@cdn4.specificclick[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@cdn4.specificclick[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@cdn4.specificclick[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@cdn4.specificclick[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@cdn4.specificclick[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@cdn4.specificclick[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@cdn4.specificclick[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@cdn4.specificclick[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@chitika[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@chitika[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@chitika[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@collective-media[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@collective-media[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@collective-media[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@collective-media[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@collective-media[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@collective-media[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@collective-media[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@collective-media[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@collective-media[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@content.yieldmanager[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@content.yieldmanager[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@content.yieldmanager[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@content.yieldmanager[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@content.yieldmanager[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@content.yieldmanager[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@content.yieldmanager[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@counter.hitslink[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@data.coremetrics[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@data.coremetrics[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@data.coremetrics[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@digitalentertainment.122.2o7[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@doubleclick[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@doubleclick[11].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@doubleclick[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@doubleclick[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@doubleclick[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@doubleclick[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@doubleclick[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@doubleclick[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@doubleclick[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@doubleclick[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@doubleclick[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@eas.apm.emediate[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@eas.apm.emediate[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@eas.apm.emediate[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@eas.apm.emediate[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@eas.apm.emediate[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@eas.apm.emediate[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@eas.apm.emediate[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@eas.apm.emediate[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@espn.112.2o7[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@eyewonder[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@eyewonder[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@eyewonder[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@fastclick[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@fastclick[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@fastclick[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@fastclick[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@fastclick[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@googleads.g.doubleclick[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@googleads.g.doubleclick[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@googleads.g.doubleclick[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@imrworldwide[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@imrworldwide[11].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@imrworldwide[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@imrworldwide[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@imrworldwide[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@imrworldwide[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@imrworldwide[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@imrworldwide[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@imrworldwide[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@imrworldwide[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@in.getclicky[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@insightexpressai[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@insightexpressai[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@insightexpressai[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@insightexpressai[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@insightexpressai[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@insightexpressai[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@insightexpressai[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@interclick[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@interclick[11].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@interclick[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@interclick[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@interclick[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@interclick[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@interclick[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@interclick[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@interclick[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@interclick[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@interclick[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@intermundomedia[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@intermundomedia[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@invitemedia[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@invitemedia[11].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@invitemedia[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@invitemedia[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@invitemedia[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@invitemedia[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@invitemedia[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@invitemedia[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@invitemedia[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@invitemedia[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@invitemedia[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@kontera[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@legolas-media[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@linksynergy[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@linksynergy[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@linksynergy[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@liveperson[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@liveperson[11].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@liveperson[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@liveperson[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@liveperson[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@liveperson[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@liveperson[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@liveperson[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@liveperson[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@liveperson[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@liveperson[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@lucidmedia[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@media.remodelista[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@media.remodelista[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@media6degrees[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@media6degrees[11].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@media6degrees[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@media6degrees[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@media6degrees[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@media6degrees[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@media6degrees[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@media6degrees[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@media6degrees[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@media6degrees[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@media6degrees[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@mediaplex[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@mediaplex[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@mediaplex[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@mediaplex[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@mediaplex[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@mediaplex[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@mediaplex[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@mediaplex[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@mediaplex[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@msnbc.112.2o7[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@msnbc.112.2o7[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@msnportal.112.2o7[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@msnportal.112.2o7[11].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@msnportal.112.2o7[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@msnportal.112.2o7[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@msnportal.112.2o7[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@msnportal.112.2o7[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@msnportal.112.2o7[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@msnportal.112.2o7[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@msnportal.112.2o7[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@msnportal.112.2o7[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@msnportal.112.2o7[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@nextag[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@nextag[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@nextag[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@nextag[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@nextag[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@oasn04.247realmedia[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@oasn04.247realmedia[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@oasn04.247realmedia[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@oasn04.247realmedia[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@oasn04.247realmedia[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@overture[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@overture[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@overture[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@overture[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@pointroll[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@pointroll[11].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@pointroll[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@pointroll[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@pointroll[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@pointroll[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@pointroll[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@pointroll[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@pointroll[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@pointroll[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@pointroll[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@questionmarket[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@questionmarket[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@questionmarket[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@questionmarket[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@questionmarket[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@questionmarket[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@questionmarket[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@questionmarket[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@questionmarket[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@questionmarket[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@realmedia[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@realmedia[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@revsci[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@revsci[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@revsci[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@revsci[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@revsci[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@revsci[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@revsci[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@revsci[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@revsci[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@revsci[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ru4[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ru4[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ru4[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ru4[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ru4[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@sales.liveperson[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@sales.liveperson[11].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@sales.liveperson[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@sales.liveperson[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@sales.liveperson[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@sales.liveperson[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@sales.liveperson[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@sales.liveperson[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@sales.liveperson[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@sales.liveperson[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@sales.liveperson[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@server.iad.liveperson[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@serving-sys[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@serving-sys[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@serving-sys[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@serving-sys[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@serving-sys[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@serving-sys[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@serving-sys[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@serving-sys[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@specificclick[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@specificclick[11].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@specificclick[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@specificclick[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@specificclick[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@specificclick[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@specificclick[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@specificclick[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@specificclick[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@specificclick[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@specificclick[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@specificmedia[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@specificmedia[11].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@specificmedia[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@specificmedia[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@specificmedia[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@specificmedia[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@specificmedia[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@specificmedia[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@specificmedia[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@specificmedia[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@specificmedia[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@statcounter[10].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@statcounter[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@statcounter[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@statcounter[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@statcounter[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@statcounter[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@statcounter[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@statcounter[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@statcounter[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@statcounter[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@statse.webtrendslive[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@steelhousemedia[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@tacoda[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@tacoda[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@tacoda[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@tacoda[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@tacoda[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@tacoda[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@target.db.advertising[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@target.db.advertising[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@target.db.advertising[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@thefind[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@timeinc.122.2o7[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@tracking.veille-referencement[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@trafficmp[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@trafficmp[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@trafficmp[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@trafficmp[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@trafficmp[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@trafficmp[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@transunioninteractive.122.2o7[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@tribalfusion[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@tribalfusion[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@tribalfusion[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@tribalfusion[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@tribalfusion[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@tribalfusion[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@tribalfusion[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@tribalfusion[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@tribalfusion[9].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@videoegg.adbureau[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@walmart.112.2o7[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@www.burstnet[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@www.burstnet[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@www.burstnet[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@www.burstnet[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@www.burstnet[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@www.burstnet[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@www.burstnet[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@www.findgift[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@www.googleadservices[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@www.googleadservices[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@www.googleadservices[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@www.googleadservices[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@www.googleadservices[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@yieldmanager[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@yieldmanager[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@zedo[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@zedo[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@zedo[3].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@zedo[4].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@zedo[5].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@zedo[6].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@zedo[7].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@zedo[8].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@zedo[9].txt


#5 milz45

milz45
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 16 September 2010 - 09:18 AM

Also, my wife turned it on this morning and was met by a large red warning from 'Microsoft Security Essentials' telling her there were a trojan and to run a scan. It had a list of about 40 different antivirus software, after about 10 seconds it listed 4 packages for free download that were supposedly the only one's that could remove the threat. She didn't download any of them, thankfully. Some of them listed were 'Red Cross', 'Pest Remover?' and I can't remember the other 2. It's essentially locked up at this point.

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:59 AM

Posted 16 September 2010 - 05:30 PM

Try this:

http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 milz45

milz45
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 16 September 2010 - 09:08 PM

I downloaded and scanned with TDSSkiller. It found the TDSS virus and said it would be removed after reboot. During reboot it locked on the 'logging off' screen. I had to shutdown via the power button and restart. I then rescanned with TDSSKiller and it rebooted successfully. However, each time I run TDSSKiller, it still finds the TDSS virus. I ran it about 4 times and it just kept showing up even after it was detected and rebooted. I then ran SUPERAntiSpyware (see below) and it found more adware tracking cookies and some trojans. Reboot after that scan failed on the 'logging off' screen. Ran TDSSKiller once more and got the same result ... TDSS found but not removed after reboot. What should my next step be?

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/16/2010 at 09:40 PM

Application Version : 4.43.1000

Core Rules Database Version : 5514
Trace Rules Database Version: 3326

Scan type : Complete Scan
Total Scan Time : 01:29:49

Memory items scanned : 482
Memory threats detected : 0
Registry items scanned : 7233
Registry threats detected : 0
File items scanned : 63143
File threats detected : 54

Adware.Tracking Cookie
C:\Documents and Settings\smiller1\Cookies\smiller1@doubleclick[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@imrworldwide[2].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@microsoftsto.112.2o7[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@pointroll[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@CARIZLG9.txt
C:\Documents and Settings\smiller1\Cookies\smiller1@questionmarket[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@bs.serving-sys[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@atdmt[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@ads.pointroll[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@kaspersky.122.2o7[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@statcounter[1].txt
C:\Documents and Settings\smiller1\Cookies\smiller1@serving-sys[1].txt
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\3LKVAH2T ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\3LKVAH2T ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\3LKVAH2T ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\3LKVAH2T ]
C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adecn[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.myadplatform[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pubmatic[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.smartadx[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bet.122.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn.jemamedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@click.searchnation[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clicksor[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@d.mediadakine[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediadakine[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@myroitracking[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@oasn04.247realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@smartadx[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.topdaofinder[2].txt
a.ads2.msads.net [ C:\Documents and Settings\smiller1\Application Data\Macromedia\Flash Player\#SharedObjects\GVP00001 ]
ads2.msads.net [ C:\Documents and Settings\smiller1\Application Data\Macromedia\Flash Player\#SharedObjects\GVP00001 ]
b.ads2.msads.net [ C:\Documents and Settings\smiller1\Application Data\Macromedia\Flash Player\#SharedObjects\GVP00001 ]

Trojan.Agent/Gen-Exploit
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\UPDATE\SEUPD.EXE
C:\DOCUMENTS AND SETTINGS\SMILLER1\LOCAL SETTINGS\TEMP\TCPQPOO.EXE
C:\DOCUMENTS AND SETTINGS\SMILLER1\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\KJYDHK5X\QDLSN[1].HTM
C:\WINDOWS\Prefetch\SEUPD.EXE-2FB2852F.pf


#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:59 AM

Posted 16 September 2010 - 10:07 PM

Please post a DDS log as explained in step 7 here:

http://www.bleepingcomputer.com/forums/topic34773.html
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 milz45

milz45
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 17 September 2010 - 06:37 AM

DDS (Ver_10-03-17.01) - NTFSx86
Run by smiller1 at 6:37:50.23 on Fri 09/17/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.691 [GMT -4:00]

AV: Sophos Anti-Virus *On-access scanning enabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {C7C29115-F6ED-4E65-9ED2-49AC02217E71}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\iPass\iPassConnect\iPCAgent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\TEMP\sophos_autoupdate1.dir\alupdate.exe
C:\Documents and Settings\smiller1\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uStart Page = hxxp://www.google.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [CARPService] carpserv.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [Communicator] "c:\program files\microsoft office communicator\Communicator.exe"
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sophos~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{176130bc-99a1-41fe-a78b-56045e33ad70}\Icon3E5562ED7.ico
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243613387353
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 nwprovau
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2010-1-20 152192]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2010-1-20 24064]
R2 iPCAgent;iPCAgent;c:\program files\ipass\ipassconnect\iPCAgent.exe [2007-10-30 90112]
R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;c:\windows\system32\drivers\mdc80211.sys [2007-10-30 15793]
R2 Peakcan;Peakcan;c:\windows\system32\drivers\Peakcan.sys [2010-5-24 255872]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-1-20 104488]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-1-20 93736]
R2 Sophos Agent;Sophos Agent;c:\program files\sophos\remote management system\ManagementAgentNT.exe [2010-2-3 278528]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2009-10-21 175144]
R2 Sophos Message Router;Sophos Message Router;c:\program files\sophos\remote management system\RouterNT.exe [2010-2-3 802816]
S2 gupdate1ca15458ca18aa0;Google Update Service (gupdate1ca15458ca18aa0);c:\program files\google\update\GoogleUpdate.exe [2009-8-4 133104]
S3 pcan_usb;PCAN-USB Device Driver;c:\windows\system32\drivers\pcan_usb.sys [2009-5-14 201175]
S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [2010-1-20 23928]
S3 TmProxy;OfficeScan NT Proxy Service;"c:\program files\trend micro\officescan client\tmproxy.exe" --> c:\program files\trend micro\officescan client\TmProxy.exe [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-1-20 14976]

=============== Created Last 30 ================

2010-09-16 13:08:19 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-09-16 13:08:19 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-09-16 13:07:48 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-09-16 13:07:48 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-09-16 13:07:19 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-09-16 13:07:19 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-09-16 13:05:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Update
2010-09-16 01:29:45 0 d-----w- c:\docume~1\smiller1\applic~1\SUPERAntiSpyware.com
2010-09-16 01:29:45 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-09-16 01:29:33 0 d-----w- c:\program files\SUPERAntiSpyware
2010-09-07 01:40:35 0 d-----w- c:\docume~1\smiller1\applic~1\Malwarebytes
2010-09-07 01:39:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 01:39:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-07 01:39:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-07 01:39:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-03 00:53:59 664 ----a-w- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================


============= FINISH: 6:40:17.74 ===============

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:59 PM

Posted 17 September 2010 - 05:22 PM

Hi milz45,

I'm taking on your problem from budapest as we need to run some more powerful tools. First though let's see if TDSS has been modifying other areas of your machine.

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#11 milz45

milz45
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 17 September 2010 - 08:45 PM

Thank you, M0le!

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 135):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0x89EBB000 \WINDOWS\system32\KDCOM.DLL
0xF789B000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7987000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF789F000 compbatt.sys
0xF78A3000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7989000 intelide.sys
0xF74D9000 pcmcia.sys
0xF7607000 MountMgr.sys
0xF74BA000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF74A2000 atapi.sys
0xF7717000 cercsr6.sys
0xF748A000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF746A000 fltmgr.sys
0xF7458000 sr.sys
0xF7441000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7414000 NDIS.sys
0xF787D000 Mup.sys
0xF7647000 agp440.sys
0xF7527000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBAFD4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB8BFB000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB8BE7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF777F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8BC3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7787000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8B9A000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF778F000 \SystemRoot\system32\DRIVERS\ozscr.sys
0xBAFC0000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0xB897E000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xBAF2F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB8969000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF7797000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF779F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBAF1F000 \SystemRoot\system32\DRIVERS\serial.sys
0xBAFB8000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8955000 \SystemRoot\system32\DRIVERS\parport.sys
0xBAF0F000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBAEFF000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7667000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8932000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7677000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB8902000 \SystemRoot\system32\drivers\STAC97.sys
0xB88DE000 \SystemRoot\system32\drivers\portcls.sys
0xF7687000 \SystemRoot\system32\drivers\drmk.sys
0xB88BA000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xB87AF000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xB8724000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xB98C1000 \SystemRoot\System32\Drivers\Modem.SYS
0xB8706000 \SystemRoot\system32\DRIVERS\dne2000.sys
0xF7A77000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7697000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBAFB0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB86EF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB98B9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB86DE000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xA968E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xA93D4000 \SystemRoot\system32\DRIVERS\raspti.sys
0xA83D6000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xA9B08000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79F7000 \SystemRoot\system32\DRIVERS\swenum.sys
0xA8378000 \SystemRoot\system32\DRIVERS\update.sys
0xA9CEA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xA9AB8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA8E25000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A01000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA894D000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA93B4000 \SystemRoot\system32\DRIVERS\savonaccessfilter.sys
0x9E312000 \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys
0xF798B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xAE10B000 \SystemRoot\System32\Drivers\Null.SYS
0xF798F000 \SystemRoot\System32\Drivers\Beep.SYS
0xA93A4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA939C000 \SystemRoot\System32\drivers\vga.sys
0xF7991000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7993000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA9394000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA938C000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA842A000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x9E2DF000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x9E286000 \SystemRoot\system32\DRIVERS\tcpip.sys
0x9E25E000 \SystemRoot\system32\DRIVERS\netbt.sys
0x9E23C000 \SystemRoot\System32\drivers\afd.sys
0xA8DE5000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9E21A000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xA8679000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9E1EF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA8412000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
0x9E17F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA8DC5000 \SystemRoot\System32\Drivers\Fips.SYS
0x9E159000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA8D95000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9E141000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79A3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB24D8000 \SystemRoot\System32\drivers\Dxapi.sys
0xA8671000 \SystemRoot\System32\watchdog.sys
0xAF43C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys
0xAEED0000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D6000 \SystemRoot\System32\ati2dvag.dll
0xBFA12000 \SystemRoot\System32\ati3d2ag.dll
0xB98A9000 \SystemRoot\system32\DRIVERS\AegisP.sys
0x9E0ED000 \SystemRoot\system32\DRIVERS\mdc80211.sys
0x9E063000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xA8552000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0x9E0D9000 \SystemRoot\system32\DRIVERS\s24trans.sys
0x9E0E5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9DF4B000 \SystemRoot\system32\DRIVERS\nwrdr.sys
0xB7E0E000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xAF3A8000 \SystemRoot\System32\Drivers\ParVdm.SYS
0x9DEBE000 \SystemRoot\System32\Drivers\Peakcan.sys
0x9DDDE000 \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
0x9DD5F000 \SystemRoot\system32\DRIVERS\srv.sys
0x9DE9A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA93BC000 \SystemRoot\system32\DRIVERS\strmdisp.sys
0x9D6E2000 \SystemRoot\system32\drivers\wdmaud.sys
0x9DCDF000 \SystemRoot\system32\drivers\sysaudio.sys
0x9D694000 \SystemRoot\system32\drivers\kmixer.sys
0x9D4BB000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 49):
0 System Idle Process
4 System
572 C:\WINDOWS\system32\smss.exe
800 csrss.exe
1108 C:\WINDOWS\system32\winlogon.exe
1304 C:\WINDOWS\system32\services.exe
1316 C:\WINDOWS\system32\lsass.exe
1488 C:\WINDOWS\system32\svchost.exe
1588 svchost.exe
1784 C:\WINDOWS\system32\svchost.exe
1848 SavService.exe
364 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
420 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
564 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
732 svchost.exe
848 svchost.exe
1532 C:\WINDOWS\system32\spoolsv.exe
1652 scardsvr.exe
792 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
876 C:\WINDOWS\system32\ati2evxx.exe
924 C:\Program Files\Bonjour\mDNSResponder.exe
1068 svchost.exe
1156 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
308 C:\Program Files\iPass\iPassConnect\iPCAgent.exe
400 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1256 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
1768 C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
304 C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
768 C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
836 C:\Program Files\Sophos\Remote Management System\RouterNT.exe
1036 C:\WINDOWS\system32\svchost.exe
2492 alg.exe
2224 C:\WINDOWS\explorer.exe
2756 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
2824 C:\WINDOWS\system32\carpserv.exe
2832 C:\Program Files\Apoint\Apoint.exe
2840 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
3120 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
3128 C:\WINDOWS\system32\rundll32.exe
3424 C:\WINDOWS\system32\ctfmon.exe
3552 C:\Program Files\Sophos\AutoUpdate\ALMon.exe
3536 C:\Program Files\Apoint\ApntEx.exe
904 C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
3480 C:\WINDOWS\system32\wuauclt.exe
2728 C:\Program Files\Internet Explorer\iexplore.exe
3236 C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
2804 C:\Program Files\Internet Explorer\iexplore.exe
3876 C:\Program Files\Internet Explorer\iexplore.exe
3188 C:\Documents and Settings\smiller1\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHV2040AH, Rev: 00000096

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:59 PM

Posted 17 September 2010 - 08:52 PM

That's passed the test thumbup2.gif

Please run Combofix next

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#13 milz45

milz45
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 17 September 2010 - 09:00 PM

I got it downloaded and ran it. The ComboFix progress bar went all the way to the RT, now I'm stuck with these fault messages 'Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.' If I click 'OK', it just comes back up. I'll keep working at it.

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:59 PM

Posted 17 September 2010 - 09:15 PM

Go here and download and run the .exe association file fix program

Now try Combofix again.


Posted Image
m0le is a proud member of UNITE

#15 milz45

milz45
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 17 September 2010 - 09:16 PM

I'm stuck. I can't get past this fault. The heading is '32788R22FWJFW\iexplore.exe' if that means anything to you. I tried to follow the instructions on turning off Sophos, but the menu option is greyed out in the Configuration menu. I also tried downloading combofix from both locations but they both ran into the same issue. Any ideas?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users