Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Java virus? error on cmdlnime.dll and vmain.class


  • This topic is locked This topic is locked
16 replies to this topic

#1 caution

caution

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:53 PM

Posted 25 February 2011 - 08:29 PM

Hi,

I think I have virus on my system but not sure.

Avast found some malware today and wanted to do a boot scan which I did.
The results showed the following:

c:\Users\...\Appdata\LocalLow\Sun\Java\Deployment\cache\6.0\29 \7adbb65d-366c9185\__________vload.class

and

c:\Users\Appdata\..\LocalLow\Sun\Java\Deployment\cache\6.0\29 \7adbb65d-366c9185\vmain.class

Previously Avast found this


c:\Users\...\Appdata\\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A61TN2LR\173755598.bat


Now when I reboot the system I get the error message stating:

c:\Users\...\Appdata\\Local\Temp\cmdlnime


I don't know if they are all related, but seem to be.

My system has been running slow and Avast is blocking more malware than normal lately

I had ran malawarebytes a couple days ago and it found nothing. This was run after avast picked up the 173755598.bat file. I have not run it again.


Please let me know your thoughts on this. Your response would be much appreciated.

Thanks
M

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:53 PM

Posted 03 March 2011 - 08:52 PM

Hello and :welcome: to BleepingComputer.

Let's see what we're dealing with here.

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4
  • Before we begin, you should disable any anti-malware software you have installed so it does not interfere with RKill running. This is because some anti-malware software mistakenly detects RKill as malicious. Please refer to this page if you are not sure how to disable your security software.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply
***************************************************

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link

IMPORTANT!!! - when you save the file, rename it to something random, such as bubbles.exe This must be done before beginning the download!

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

~Blade


In your next reply, please include the following:
Malwarebytes Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 caution

caution
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:53 PM

Posted 07 March 2011 - 08:08 AM

Hi and thanks for responding! Sorry for the delay, I was out of town this weekend. I will run your instructions today (Monday).
Just some more info, I have an entry for 'doskPost' in startup. I have disabled this but can't find any reference to it on the web.

M

Edited by caution, 07 March 2011 - 08:25 AM.


#4 caution

caution
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:53 PM

Posted 07 March 2011 - 09:03 AM

Here are the MBam results

Malwarebytes' Anti-

Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5980

Windows 6.0.6001

Service Pack 1
Internet Explorer

7.0.6001.18000

3/7/2011 8:52:00 AM
mbam-log-2011-03-07

(08-52-00).txt

Scan type: Quick scan
Objects scanned:

153673
Time elapsed: 7 minute

(s), 0 second(s)

Memory Processes

Infected: 0
Memory Modules

Infected: 0
Registry Keys Infected:

0
Registry Values

Infected: 0
Registry Data Items

Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes

Infected:
(No malicious items

detected)

Memory Modules

Infected:
(No malicious items

detected)

Registry Keys Infected:
(No malicious items

detected)

Registry Values

Infected:
(No malicious items

detected)

Registry Data Items

Infected:
(No malicious items

detected)

Folders Infected:
(No malicious items

detected)

Files Infected:
(No malicious items

detected)


Remember I had already ran a Avast scan prior to posting on here.

Thanks,

M

Edited by caution, 07 March 2011 - 09:06 AM.


#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:53 PM

Posted 07 March 2011 - 01:55 PM

Hello.

Let's cross check those results with another scan.

Download TFC by OldTimer to your desktop.
(TFC only cleans temp folders. It will not clean URL history, prefetch, or cookies).
Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job.
Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean

NOTE:
It's normal after running TFC that the PC will be slower to boot the first time.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.


***************************************************

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (uncheck all others):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". When logging in, log in under the account that you normally use; do NOT log in under the account titled "Admin" or "Administrator" unless this account is the one used normally.

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

~Blade


In your next reply, please include the following:
SUPERAntiSpyware Log
How is the computer running now?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#6 caution

caution
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:53 PM

Posted 07 March 2011 - 06:41 PM

Hey Blade,

Haven't used computer much the last four days, I was out of town. And today I have spent running scans, so can't give a good idea of how it is running.

This message about file not being found 'c:\Users\...\Appdata\\Local\Temp\cmdlnime' would appear when I rebooted. I looked at startup and noticed an entry for dosKPost. I disabled this late last week and no longer got the message but wondering if this has something to do with a virus. I got the error message after I ran avast and quarantined the two java files from my first post.

Anyways, here is the log for SAS

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/07/2011 at 06:14 PM

Application Version : 4.33.1000

Core Rules Database Version : 6545
Trace Rules Database Version: 4357

Scan type : Complete Scan
Total Scan Time : 01:39:18

Memory items scanned : 276
Memory threats detected : 0
Registry items scanned : 7363
Registry threats detected : 0
File items scanned : 169319
File threats detected : 666

Adware.Tracking Cookie
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\M****@ads.niden[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\M****@media.mtvnservices[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\M****@chitika[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\M****@golfdiscountsuperstore[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\M****@elitegolfshopper[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\M****@mediaplex[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\M****@ads.pointroll[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\M****@bs.serving-sys[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\M****@www.mediabistro[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\M****@server.iad.liveperson[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\M****@kaspersky.122.2o7[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\M****@ads.techguy[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\M****@doubleclick[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\M****@atdmt[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\M****@2o7[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\M****@pbteen[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\M****@ad.yieldmanager[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\M****@viacom.adbureau[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\M****@msnportal.112.2o7[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\M****@perf.overture[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\M****@serving-sys[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\M****@overture[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@a1.interclick[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@ad.wsod[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@ad.yieldmanager[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@adbrite[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@adecn[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@adlegend[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@ads.bleepingcomputer[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@ads.ookla[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@ads.pointroll[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@ads.pubmatic[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@ads.undertone[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@adserver.adtechus[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@adtech[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@advertising[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@adxpose[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@apmebf[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@ar.atwola[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@ar.atwola[3].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@ar.atwola[4].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@at.atwola[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@atdmt[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@atwola[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@bs.serving-sys[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@burstbeacon[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@burstnet[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@casalemedia[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@chitika[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@citi.bridgetrack[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@collective-media[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@content.yieldmanager[3].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@counter.hitslink[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@csc.112.2o7[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@dmtracker[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@doubleclick[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@dupont.122.2o7[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@e-2dj6wjlycmcpkco.stats.esomniture[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@ext-us.bestofmedia[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@fastclick[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@imrworldwide[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@in.getclicky[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@interclick[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@intermundomedia[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@invitemedia[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@kitchen-counter-tops[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@legolas-media[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@lucidmedia[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@media.fans.sabres.nhl[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@media6degrees[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@mediabrandsww[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@mediaplex[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@msnbc.112.2o7[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@nhl.112.2o7[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@pointroll[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@questionmarket[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@realmedia[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@replacementcounters[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@revsci[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@ru4[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@server.cpmstar[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@serving-sys[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@smartadserver[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@statcounter[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@tacoda.at.atwola[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@tracking.foxnews[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@traffic.prod.cobaltgroup[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@trafficmp[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@tribalfusion[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@user.lucidmedia[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@www.burstbeacon[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@www.burstnet[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@www.kitchen-counter-tops[2].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@xiti[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@yieldmanager[1].txt
C:\Users\M****\AppData\Roaming\Microsoft\Windows\Cookies\Low\M****@zedo[1].txt
.statcounter.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.statcounter.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.specificclick.net [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.specificclick.net [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.specificclick.net [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.specificclick.net [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.specificclick.net [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.specificclick.net [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
cdn4.specificclick.net [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.specificclick.net [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
cdn4.specificclick.net [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.specificclick.net [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.specificclick.net [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.tribalfusion.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
eas.apm.emediate.eu [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.fastclick.net [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.fastclick.net [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.fastclick.net [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.doubleclick.net [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
eas.apm.emediate.eu [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.fastclick.net [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.mediaplex.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.mediaplex.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.media6degrees.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.media6degrees.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.media6degrees.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.clicksor.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.clicksor.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.clicksor.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.clicksor.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.clicksor.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.clicksor.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.myroitracking.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.server.cpmstar.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.server.cpmstar.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.server.cpmstar.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.server.cpmstar.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.atdmt.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.atdmt.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.atdmt.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.imrworldwide.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.imrworldwide.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.serving-sys.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.bs.serving-sys.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.serving-sys.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.serving-sys.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.serving-sys.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.serving-sys.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.serving-sys.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.serving-sys.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.serving-sys.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.adlegend.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.burstnet.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.burstnet.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.247realmedia.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.apmebf.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.e-2dj6wdkyandjmlq.stats.esomniture.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.advertising.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.advertising.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.advertising.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.advertising.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.specificmedia.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.revsci.net [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.2o7.net [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.2o7.net [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.msnportal.112.2o7.net [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.adbrite.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
media.ntsserve.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
media.ntsserve.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.adserver.adtechus.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.adopt.euroclick.com [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
.adopt.specificclick.net [ C:\Users\M****\AppData\Roaming\Mozilla\Firefox\Profiles\idg5qa5o.default\cookies.txt ]
C:\Users\M****\Documents\cookies\M****@112.2o7[2].txt
C:\Users\M****\Documents\cookies\M****@122.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@123count[1].txt
C:\Users\M****\Documents\cookies\M****@247realmedia[2].txt
C:\Users\M****\Documents\cookies\M****@2o7[1].txt
C:\Users\M****\Documents\cookies\M****@a.findarticles[1].txt
C:\Users\M****\Documents\cookies\M****@a.websponsors[1].txt
C:\Users\M****\Documents\cookies\M****@ad.associatedcontent[1].txt
C:\Users\M****\Documents\cookies\M****@ad.flux[1].txt
C:\Users\M****\Documents\cookies\M****@ad.hinet[1].txt
C:\Users\M****\Documents\cookies\M****@ad.pitattomatch[1].txt
C:\Users\M****\Documents\cookies\M****@ad.pitta.ne[1].txt
C:\Users\M****\Documents\cookies\M****@ad.proxad[2].txt
C:\Users\M****\Documents\cookies\M****@ad.us-ec.adtechus[1].txt
C:\Users\M****\Documents\cookies\M****@ad.wanderlist[1].txt
C:\Users\M****\Documents\cookies\M****@ad.yieldmanager[2].txt
C:\Users\M****\Documents\cookies\M****@ad1.clickhype[1].txt
C:\Users\M****\Documents\cookies\M****@ad2.pl.mediainter[2].txt
C:\Users\M****\Documents\cookies\M****@ad2.pl.mediainter[3].txt
C:\Users\M****\Documents\cookies\M****@adbrite[1].txt
C:\Users\M****\Documents\cookies\M****@adcentriconline[2].txt
C:\Users\M****\Documents\cookies\M****@adecn[1].txt
C:\Users\M****\Documents\cookies\M****@adlegend[1].txt
C:\Users\M****\Documents\cookies\M****@adopt.euroclick[2].txt
C:\Users\M****\Documents\cookies\M****@adopt.specificclick[2].txt
C:\Users\M****\Documents\cookies\M****@adp.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@adrevolver[2].txt
C:\Users\M****\Documents\cookies\M****@ads.active[2].txt
C:\Users\M****\Documents\cookies\M****@ads.ad4game[1].txt
C:\Users\M****\Documents\cookies\M****@ads.ad4game[2].txt
C:\Users\M****\Documents\cookies\M****@ads.adbrite[1].txt
C:\Users\M****\Documents\cookies\M****@ads.addesktop[2].txt
C:\Users\M****\Documents\cookies\M****@ads.addynamix[1].txt
C:\Users\M****\Documents\cookies\M****@ads.adultswim[1].txt
C:\Users\M****\Documents\cookies\M****@ads.apn.co[1].txt
C:\Users\M****\Documents\cookies\M****@ads.as4x.tmcs.ticketmaster[2].txt
C:\Users\M****\Documents\cookies\M****@ads.as4x.tmcs[2].txt
C:\Users\M****\Documents\cookies\M****@ads.aws.sitepoint[1].txt
C:\Users\M****\Documents\cookies\M****@ads.bleepingcomputer[1].txt
C:\Users\M****\Documents\cookies\M****@ads.bridgetrack[2].txt
C:\Users\M****\Documents\cookies\M****@ads.cluster01.oasis.zmh.zope[1].txt
C:\Users\M****\Documents\cookies\M****@ads.cnn[1].txt
C:\Users\M****\Documents\cookies\M****@ads.conjelco[2].txt
C:\Users\M****\Documents\cookies\M****@ads.createreach[1].txt
C:\Users\M****\Documents\cookies\M****@ads.digitalpressconsortium[1].txt
C:\Users\M****\Documents\cookies\M****@ads.emedtv[1].txt
C:\Users\M****\Documents\cookies\M****@ads.expotv[1].txt
C:\Users\M****\Documents\cookies\M****@ads.funadvice[2].txt
C:\Users\M****\Documents\cookies\M****@ads.gamesbannernet[1].txt
C:\Users\M****\Documents\cookies\M****@ads.glispa[1].txt
C:\Users\M****\Documents\cookies\M****@ads.guru3d[2].txt
C:\Users\M****\Documents\cookies\M****@ads.hypem[1].txt
C:\Users\M****\Documents\cookies\M****@ads.loveshack[1].txt
C:\Users\M****\Documents\cookies\M****@ads.lucidmedia[1].txt
C:\Users\M****\Documents\cookies\M****@ads.majorschampionships[2].txt
C:\Users\M****\Documents\cookies\M****@ads.mediamayhemcorp[1].txt
C:\Users\M****\Documents\cookies\M****@ads.mobiledia[1].txt
C:\Users\M****\Documents\cookies\M****@ads.monster[1].txt
C:\Users\M****\Documents\cookies\M****@ads.nebuadserving[2].txt
C:\Users\M****\Documents\cookies\M****@ads.netrition[1].txt
C:\Users\M****\Documents\cookies\M****@ads.newworld[1].txt
C:\Users\M****\Documents\cookies\M****@ads.nexstardigital[2].txt
C:\Users\M****\Documents\cookies\M****@ads.pgatour[2].txt
C:\Users\M****\Documents\cookies\M****@ads.pga[1].txt
C:\Users\M****\Documents\cookies\M****@ads.pointroll[2].txt
C:\Users\M****\Documents\cookies\M****@ads.pponline.co[1].txt
C:\Users\M****\Documents\cookies\M****@ads.pricescan[1].txt
C:\Users\M****\Documents\cookies\M****@ads.pugetsoundsoftware[1].txt
C:\Users\M****\Documents\cookies\M****@ads.realtechnetwork[1].txt
C:\Users\M****\Documents\cookies\M****@ads.satelliteguys[2].txt
C:\Users\M****\Documents\cookies\M****@ads.sun[2].txt
C:\Users\M****\Documents\cookies\M****@ads.techguy[1].txt
C:\Users\M****\Documents\cookies\M****@ads.telegraph.co[1].txt
C:\Users\M****\Documents\cookies\M****@ads.us.e-planning[1].txt
C:\Users\M****\Documents\cookies\M****@ads.vlaze[2].txt
C:\Users\M****\Documents\cookies\M****@ads.wamba[1].txt
C:\Users\M****\Documents\cookies\M****@ads.widgetbucks[1].txt
C:\Users\M****\Documents\cookies\M****@ads2.blastro[1].txt
C:\Users\M****\Documents\cookies\M****@ads2.slickdeals[2].txt
C:\Users\M****\Documents\cookies\M****@ads3.blastro[2].txt
C:\Users\M****\Documents\cookies\M****@ads4.blastro[1].txt
C:\Users\M****\Documents\cookies\M****@adserver.adreactor[1].txt
C:\Users\M****\Documents\cookies\M****@adserver.adtechus[1].txt
C:\Users\M****\Documents\cookies\M****@adserver.inventorspot[1].txt
C:\Users\M****\Documents\cookies\M****@adserver.petpeoplesplace[2].txt
C:\Users\M****\Documents\cookies\M****@adserver.toptenreviews[2].txt
C:\Users\M****\Documents\cookies\M****@adstats.cdfreaks[1].txt
C:\Users\M****\Documents\cookies\M****@adtech[1].txt
C:\Users\M****\Documents\cookies\M****@adv.xboard[2].txt
C:\Users\M****\Documents\cookies\M****@advertising[2].txt
C:\Users\M****\Documents\cookies\M****@advertstream[1].txt
C:\Users\M****\Documents\cookies\M****@adviva[1].txt
C:\Users\M****\Documents\cookies\M****@affiliates.commissionaccount[2].txt
C:\Users\M****\Documents\cookies\M****@alpha.adwaves[1].txt
C:\Users\M****\Documents\cookies\M****@americancancersocietyinc.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@anad.tacoda[2].txt
C:\Users\M****\Documents\cookies\M****@anat.tacoda[1].txt
C:\Users\M****\Documents\cookies\M****@anheuserbusch.122.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@aoltmz.122.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@apmebf[1].txt
C:\Users\M****\Documents\cookies\M****@apnonline.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@app.insightgrit[1].txt
C:\Users\M****\Documents\cookies\M****@articleclick[1].txt
C:\Users\M****\Documents\cookies\M****@associatedcontent.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@at.atwola[1].txt
C:\Users\M****\Documents\cookies\M****@atdmt[2].txt
C:\Users\M****\Documents\cookies\M****@atlas.entrepreneur[2].txt
C:\Users\M****\Documents\cookies\M****@audit.median[1].txt
C:\Users\M****\Documents\cookies\M****@azjmp[2].txt
C:\Users\M****\Documents\cookies\M****@banners.battleon[1].txt
C:\Users\M****\Documents\cookies\M****@bear-tracker[1].txt
C:\Users\M****\Documents\cookies\M****@bellglobemediapublishing.122.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@bfast[1].txt
C:\Users\M****\Documents\cookies\M****@bigcountryhomepage[2].txt
C:\Users\M****\Documents\cookies\M****@bizrate.co[2].txt
C:\Users\M****\Documents\cookies\M****@bizrate[1].txt
C:\Users\M****\Documents\cookies\M****@blethenmaine.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@blockbuster.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@bluestreak[2].txt
C:\Users\M****\Documents\cookies\M****@bonniercorp.122.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@borders.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@bordersmedia[2].txt
C:\Users\M****\Documents\cookies\M****@brandonadvertising.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@bravenet[1].txt
C:\Users\M****\Documents\cookies\M****@bs.serving-sys[1].txt
C:\Users\M****\Documents\cookies\M****@buildabear.122.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@burstnet[2].txt
C:\Users\M****\Documents\cookies\M****@buycom.122.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@c.blogads[2].txt
C:\Users\M****\Documents\cookies\M****@caloriecount.about[1].txt
C:\Users\M****\Documents\cookies\M****@calpis.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@canoe.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@cartoonnetwork.122.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@casalemedia[1].txt
C:\Users\M****\Documents\cookies\M****@cast.trustclick.ne[2].txt
C:\Users\M****\Documents\cookies\M****@cbs.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@cgm.adbureau[2].txt
C:\Users\M****\Documents\cookies\M****@chitika[2].txt
C:\Users\M****\Documents\cookies\M****@citi.bridgetrack[1].txt
C:\Users\M****\Documents\cookies\M****@click.brainer[2].txt
C:\Users\M****\Documents\cookies\M****@clickaider[2].txt
C:\Users\M****\Documents\cookies\M****@clickbank[2].txt
C:\Users\M****\Documents\cookies\M****@clicktorrent[1].txt
C:\Users\M****\Documents\cookies\M****@cnetasiapacific.122.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@cnetaustralia.122.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@cnt4.millioncounter[2].txt
C:\Users\M****\Documents\cookies\M****@collective-media[2].txt
C:\Users\M****\Documents\cookies\M****@commission-junction[2].txt
C:\Users\M****\Documents\cookies\M****@commonsensemedia[1].txt
C:\Users\M****\Documents\cookies\M****@counter.hitslink[1].txt
C:\Users\M****\Documents\cookies\M****@counter.surfcounters[1].txt
C:\Users\M****\Documents\cookies\M****@countercentral[1].txt
C:\Users\M****\Documents\cookies\M****@countrymusic.about[1].txt
C:\Users\M****\Documents\cookies\M****@couponchief.122.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@crackberry[1].txt
C:\Users\M****\Documents\cookies\M****@crackle[1].txt
C:\Users\M****\Documents\cookies\M****@crackserialkeygen[2].txt
C:\Users\M****\Documents\cookies\M****@creditcardscom.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@creview.adbureau[1].txt
C:\Users\M****\Documents\cookies\M****@csc.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@data.coremetrics[1].txt
C:\Users\M****\Documents\cookies\M****@dealnews.122.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@dealtime[2].txt
C:\Users\M****\Documents\cookies\M****@digg.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@dillards.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@divx.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@dmtracker[1].txt
C:\Users\M****\Documents\cookies\M****@doubleclick[2].txt
C:\Users\M****\Documents\cookies\M****@dynamic.media.adrevolver[2].txt
C:\Users\M****\Documents\cookies\M****@e-2dj6wakykpajmhq.stats.esomniture[2].txt
C:\Users\M****\Documents\cookies\M****@e-2dj6wcmicmczefp.stats.esomniture[2].txt
C:\Users\M****\Documents\cookies\M****@e-2dj6wcmyqmd5sbp.stats.esomniture[2].txt
C:\Users\M****\Documents\cookies\M****@e-2dj6wdlowhcpwep.stats.esomniture[2].txt
C:\Users\M****\Documents\cookies\M****@e-2dj6wfkiklc5sdq.stats.esomniture[2].txt
C:\Users\M****\Documents\cookies\M****@e-2dj6wfkoulazodq.stats.esomniture[1].txt
C:\Users\M****\Documents\cookies\M****@e-2dj6wfl4apdpibp.stats.esomniture[2].txt
C:\Users\M****\Documents\cookies\M****@e-2dj6wflocpazslo.stats.esomniture[2].txt
C:\Users\M****\Documents\cookies\M****@e-2dj6wgmyqkdjodq.stats.esomniture[2].txt
C:\Users\M****\Documents\cookies\M****@e-2dj6whkyooczolp.stats.esomniture[2].txt
C:\Users\M****\Documents\cookies\M****@e-2dj6whliolc5weo.stats.esomniture[2].txt
C:\Users\M****\Documents\cookies\M****@e-2dj6wjk4cgdpebo.stats.esomniture[2].txt
C:\Users\M****\Documents\cookies\M****@e-2dj6wjkoqpazseo.stats.esomniture[2].txt
C:\Users\M****\Documents\cookies\M****@e-2dj6wjliwndpwbp.stats.esomniture[1].txt
C:\Users\M****\Documents\cookies\M****@e-2dj6wjlyamdpoep.stats.esomniture[2].txt
C:\Users\M****\Documents\cookies\M****@e-2dj6wjlycpazahp.stats.esomniture[2].txt
C:\Users\M****\Documents\cookies\M****@e-2dj6wjlyqgdjogo.stats.esomniture[2].txt
C:\Users\M****\Documents\cookies\M****@e-2dj6wjnygjcpsho.stats.esomniture[2].txt
C:\Users\M****\Documents\cookies\M****@e-2dj6wjnyundjmdp.stats.esomniture[2].txt
C:\Users\M****\Documents\cookies\M****@e2.emediate[1].txt
C:\Users\M****\Documents\cookies\M****@eas.apm.emediate[2].txt
C:\Users\M****\Documents\cookies\M****@eb.adbureau[2].txt
C:\Users\M****\Documents\cookies\M****@edge.ru4[1].txt
C:\Users\M****\Documents\cookies\M****@ehg-accuweather.hitbox[1].txt
C:\Users\M****\Documents\cookies\M****@ehg-adidas.hitbox[2].txt
C:\Users\M****\Documents\cookies\M****@ehg-comcast.hitbox[1].txt
C:\Users\M****\Documents\cookies\M****@ehg-corusentertainment.hitbox[1].txt
C:\Users\M****\Documents\cookies\M****@ehg-crossfit.hitbox[1].txt
C:\Users\M****\Documents\cookies\M****@ehg-ctv.hitbox[2].txt
C:\Users\M****\Documents\cookies\M****@ehg-dig.hitbox[2].txt
C:\Users\M****\Documents\cookies\M****@ehg-directv.hitbox[1].txt
C:\Users\M****\Documents\cookies\M****@ehg-fastweb.hitbox[2].txt
C:\Users\M****\Documents\cookies\M****@ehg-foxsports.hitbox[1].txt
C:\Users\M****\Documents\cookies\M****@ehg-futurepub.hitbox[2].txt
C:\Users\M****\Documents\cookies\M****@ehg-gatehousemedia.hitbox[2].txt
C:\Users\M****\Documents\cookies\M****@ehg-globalgamingleague.hitbox[2].txt
C:\Users\M****\Documents\cookies\M****@ehg-groupernetworks.hitbox[1].txt
C:\Users\M****\Documents\cookies\M****@ehg-hersheyentertainment.hitbox[2].txt
C:\Users\M****\Documents\cookies\M****@ehg-hollywoodmedia.hitbox[2].txt
C:\Users\M****\Documents\cookies\M****@ehg-homesandland.hitbox[1].txt
C:\Users\M****\Documents\cookies\M****@ehg-ingersollrand.hitbox[2].txt
C:\Users\M****\Documents\cookies\M****@ehg-ittoolbox.hitbox[2].txt
C:\Users\M****\Documents\cookies\M****@ehg-jellyfish.hitbox[1].txt
C:\Users\M****\Documents\cookies\M****@ehg-jigsaw.hitbox[1].txt
C:\Users\M****\Documents\cookies\M****@ehg-jobster.hitbox[1].txt
C:\Users\M****\Documents\cookies\M****@ehg-kingstontechnology.hitbox[1].txt
C:\Users\M****\Documents\cookies\M****@ehg-laptops.hitbox[1].txt
C:\Users\M****\Documents\cookies\M****@ehg-legacy.hitbox[2].txt
C:\Users\M****\Documents\cookies\M****@ehg-mccormick.hitbox[1].txt
C:\Users\M****\Documents\cookies\M****@ehg-medtronic.hitbox[2].txt
C:\Users\M****\Documents\cookies\M****@ehg-meevee.hitbox[1].txt
C:\Users\M****\Documents\cookies\M****@ehg-mgnlimited.hitbox[1].txt
C:\Users\M****\Documents\cookies\M****@ehg-nestleusainc.hitbox[2].txt
C:\Users\M****\Documents\cookies\M****@ehg-parademag.hitbox[1].txt
C:\Users\M****\Documents\cookies\M****@ehg-pennwell.hitbox[1].txt
C:\Users\M****\Documents\cookies\M****@ehg-researchinmotion.hitbox[2].txt
C:\Users\M****\Documents\cookies\M****@ehg-rodale.hitbox[2].txt
C:\Users\M****\Documents\cookies\M****@ehg-roomandboard.hitbox[1].txt
C:\Users\M****\Documents\cookies\M****@ehg-superwarehouse.hitbox[1].txt
C:\Users\M****\Documents\cookies\M****@ehg-techtarget.hitbox[2].txt
C:\Users\M****\Documents\cookies\M****@ehg-theactivenetwork.hitbox[2].txt
C:\Users\M****\Documents\cookies\M****@ehg-tmgolf.hitbox[2].txt
C:\Users\M****\Documents\cookies\M****@ehg-usbc.hitbox[2].txt
C:\Users\M****\Documents\cookies\M****@ehg-veohnetworksinc.hitbox[1].txt
C:\Users\M****\Documents\cookies\M****@ehg-verizon.hitbox[2].txt
C:\Users\M****\Documents\cookies\M****@ehg-warnerbrothers.hitbox[2].txt
C:\Users\M****\Documents\cookies\M****@ehg-zoom.hitbox[1].txt
C:\Users\M****\Documents\cookies\M****@electronicarts.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@elitedealssupport[1].txt
C:\Users\M****\Documents\cookies\M****@elitedeals[1].txt
C:\Users\M****\Documents\cookies\M****@encyclomedia[2].txt
C:\Users\M****\Documents\cookies\M****@entrepreneur.122.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@etoys.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@extrovert.122.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@eyewonder[1].txt
C:\Users\M****\Documents\cookies\M****@ez-tracks[2].txt
C:\Users\M****\Documents\cookies\M****@fastclick[2].txt
C:\Users\M****\Documents\cookies\M****@findarticles[1].txt
C:\Users\M****\Documents\cookies\M****@findthatgiftforhim[2].txt
C:\Users\M****\Documents\cookies\M****@fl01.ct2.comclick[2].txt
C:\Users\M****\Documents\cookies\M****@giftscom.122.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@gjacket.adbureau[1].txt
C:\Users\M****\Documents\cookies\M****@glb.adtechus[1].txt
C:\Users\M****\Documents\cookies\M****@go.globaladsales[2].txt
C:\Users\M****\Documents\cookies\M****@golfdiscount[2].txt
C:\Users\M****\Documents\cookies\M****@guthyrenker.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@harpo.122.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@hc2.humanclick[2].txt
C:\Users\M****\Documents\cookies\M****@hc2.humanclick[3].txt
C:\Users\M****\Documents\cookies\M****@healthgrades.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@hearstmagazines.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@hitbox[1].txt
C:\Users\M****\Documents\cookies\M****@homeaway.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@hotlog[2].txt
C:\Users\M****\Documents\cookies\M****@hulu.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@iacas.adbureau[2].txt
C:\Users\M****\Documents\cookies\M****@ice.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@ie-stat.bmmetrix[1].txt
C:\Users\M****\Documents\cookies\M****@images.crossmediaservices[1].txt
C:\Users\M****\Documents\cookies\M****@imperium.adbureau[2].txt
C:\Users\M****\Documents\cookies\M****@imrworldwide[2].txt
C:\Users\M****\Documents\cookies\M****@indexstats[1].txt
C:\Users\M****\Documents\cookies\M****@indextools[2].txt
C:\Users\M****\Documents\cookies\M****@infospacellc.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@insightexpressai[1].txt
C:\Users\M****\Documents\cookies\M****@interclick[1].txt
C:\Users\M****\Documents\cookies\M****@internetmarketinginitiative.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@jenklairkids.sitetracker[2].txt
C:\Users\M****\Documents\cookies\M****@kaboose.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@kanoodle[1].txt
C:\Users\M****\Documents\cookies\M****@keywordmax[1].txt
C:\Users\M****\Documents\cookies\M****@kidsource.advertserve[1].txt
C:\Users\M****\Documents\cookies\M****@kontera[1].txt
C:\Users\M****\Documents\cookies\M****@leeenterprises.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@levelwing.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@linksynergy.walmart[1].txt
C:\Users\M****\Documents\cookies\M****@linksynergy[1].txt
C:\Users\M****\Documents\cookies\M****@linuxquestions[1].txt
C:\Users\M****\Documents\cookies\M****@livenation.122.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@login.tracking101[1].txt
C:\Users\M****\Documents\cookies\M****@madisonsquaregarden.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@marinermarketing.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@marketlive.122.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@maxmedia.educationworld[2].txt
C:\Users\M****\Documents\cookies\M****@medhelpinternational.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@media.adrevolver[1].txt
C:\Users\M****\Documents\cookies\M****@media.adrevolver[3].txt
C:\Users\M****\Documents\cookies\M****@media.homestore[1].txt
C:\Users\M****\Documents\cookies\M****@media.legacy[2].txt
C:\Users\M****\Documents\cookies\M****@media.medhelp[1].txt
C:\Users\M****\Documents\cookies\M****@media.mtvnservices[2].txt
C:\Users\M****\Documents\cookies\M****@media.wii.ign[2].txt
C:\Users\M****\Documents\cookies\M****@media.zoominfo[2].txt
C:\Users\M****\Documents\cookies\M****@media6degrees[1].txt
C:\Users\M****\Documents\cookies\M****@mediaonenetwork[1].txt
C:\Users\M****\Documents\cookies\M****@mediaplex[2].txt
C:\Users\M****\Documents\cookies\M****@mediataskmaster[2].txt
C:\Users\M****\Documents\cookies\M****@metacafe.122.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@microsoftconsumermarketing.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@microsoftoffice.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@microsoftwga.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@microsoftwindows.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@microsoftwlsearchcrm.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@mp3-track[1].txt
C:\Users\M****\Documents\cookies\M****@msnbc.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@msnportal.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@multiply.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@mycounter.tinycounter[2].txt
C:\Users\M****\Documents\cookies\M****@myroitracking[1].txt
C:\Users\M****\Documents\cookies\M****@mytracks[1].txt
C:\Users\M****\Documents\cookies\M****@nano-tech-discount-electronics[1].txt
C:\Users\M****\Documents\cookies\M****@nbcuniversal.122.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@nebuad.adjuggler[1].txt
C:\Users\M****\Documents\cookies\M****@network.alluremedia.com[2].txt
C:\Users\M****\Documents\cookies\M****@network.realmedia[1].txt
C:\Users\M****\Documents\cookies\M****@newsinteractive.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@nextag[2].txt
C:\Users\M****\Documents\cookies\M****@nhl.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@nielsen.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@nike.112.2o7[2].txt
C:\Users\M****\Documents\cookies\M****@nintendo.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@oasc05.247realmedia[1].txt
C:\Users\M****\Documents\cookies\M****@offers.animaladnetwork[2].txt
C:\Users\M****\Documents\cookies\M****@optimize.indieclick[1].txt
C:\Users\M****\Documents\cookies\M****@overture[1].txt
C:\Users\M****\Documents\cookies\M****@parentstv.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@partner2profit[1].txt
C:\Users\M****\Documents\cookies\M****@partners.tattomedia[1].txt
C:\Users\M****\Documents\cookies\M****@paypal.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@perf.overture[1].txt
C:\Users\M****\Documents\cookies\M****@phg.hitbox[1].txt
C:\Users\M****\Documents\cookies\M****@philips.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@pointandclickgames.wikidot[1].txt
C:\Users\M****\Documents\cookies\M****@pointnclickgames[1].txt
C:\Users\M****\Documents\cookies\M****@pro-market[1].txt
C:\Users\M****\Documents\cookies\M****@prospect.adbureau[2].txt
C:\Users\M****\Documents\cookies\M****@qksrv[2].txt
C:\Users\M****\Documents\cookies\M****@qnsr[1].txt
C:\Users\M****\Documents\cookies\M****@questionmarket[2].txt
C:\Users\M****\Documents\cookies\M****@rakuten.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@realmedia[1].txt
C:\Users\M****\Documents\cookies\M****@reduxads.valuead[2].txt
C:\Users\M****\Documents\cookies\M****@resortquest.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@revenue[2].txt
C:\Users\M****\Documents\cookies\M****@revsci[1].txt
C:\Users\M****\Documents\cookies\M****@revsci[2].txt
C:\Users\M****\Documents\cookies\M****@richmedia.yahoo[2].txt
C:\Users\M****\Documents\cookies\M****@roiservice[2].txt
C:\Users\M****\Documents\cookies\M****@rotator.adjuggler[2].txt
C:\Users\M****\Documents\cookies\M****@rsfind[2].txt
C:\Users\M****\Documents\cookies\M****@s.clickability[2].txt
C:\Users\M****\Documents\cookies\M****@sales.liveperson[2].txt
C:\Users\M****\Documents\cookies\M****@sales.liveperson[3].txt
C:\Users\M****\Documents\cookies\M****@sales.liveperson[4].txt
C:\Users\M****\Documents\cookies\M****@sales.liveperson[5].txt
C:\Users\M****\Documents\cookies\M****@sales.liveperson[6].txt
C:\Users\M****\Documents\cookies\M****@sales.liveperson[7].txt
C:\Users\M****\Documents\cookies\M****@sales.liveperson[8].txt
C:\Users\M****\Documents\cookies\M****@sales.liveperson[9].txt
C:\Users\M****\Documents\cookies\M****@samsclub.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@serv.clicksor[1].txt
C:\Users\M****\Documents\cookies\M****@server.cpmstar[1].txt
C:\Users\M****\Documents\cookies\M****@server.iad.liveperson[10].txt
C:\Users\M****\Documents\cookies\M****@server.iad.liveperson[11].txt
C:\Users\M****\Documents\cookies\M****@server.iad.liveperson[1].txt
C:\Users\M****\Documents\cookies\M****@server.iad.liveperson[2].txt
C:\Users\M****\Documents\cookies\M****@server.iad.liveperson[3].txt
C:\Users\M****\Documents\cookies\M****@server.iad.liveperson[4].txt
C:\Users\M****\Documents\cookies\M****@server.iad.liveperson[5].txt
C:\Users\M****\Documents\cookies\M****@server.iad.liveperson[6].txt
C:\Users\M****\Documents\cookies\M****@server.iad.liveperson[7].txt
C:\Users\M****\Documents\cookies\M****@server.iad.liveperson[9].txt
C:\Users\M****\Documents\cookies\M****@server.lon.liveperson[1].txt
C:\Users\M****\Documents\cookies\M****@server.lon.liveperson[2].txt
C:\Users\M****\Documents\cookies\M****@serving-sys[2].txt
C:\Users\M****\Documents\cookies\M****@sharewellgroup.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@shop.crackberry[1].txt
C:\Users\M****\Documents\cookies\M****@shopping.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@silo.thefind[1].txt
C:\Users\M****\Documents\cookies\M****@sitestat.mayoclinic[1].txt
C:\Users\M****\Documents\cookies\M****@sitestat.mayoclinic[2].txt
C:\Users\M****\Documents\cookies\M****@sixapart.adbureau[1].txt
C:\Users\M****\Documents\cookies\M****@smartmoney.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@softonic.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@sonyelectronicssupportus.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@sonymediasoftware.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@specificclick[1].txt
C:\Users\M****\Documents\cookies\M****@specificmedia[2].txt
C:\Users\M****\Documents\cookies\M****@spylog[1].txt
C:\Users\M****\Documents\cookies\M****@stat.dealtime[2].txt
C:\Users\M****\Documents\cookies\M****@stat.onestat[1].txt
C:\Users\M****\Documents\cookies\M****@statcounter[1].txt
C:\Users\M****\Documents\cookies\M****@stats.gamestop[1].txt
C:\Users\M****\Documents\cookies\M****@stats.jamon[2].txt
C:\Users\M****\Documents\cookies\M****@stats.manticoretechnology[1].txt
C:\Users\M****\Documents\cookies\M****@stats.spine-health[1].txt
C:\Users\M****\Documents\cookies\M****@statse.webtrendslive[1].txt
C:\Users\M****\Documents\cookies\M****@supermediastore[1].txt
C:\Users\M****\Documents\cookies\M****@superstats[1].txt
C:\Users\M****\Documents\cookies\M****@surfline.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@tacoda[1].txt
C:\Users\M****\Documents\cookies\M****@technologyquestions[1].txt
C:\Users\M****\Documents\cookies\M****@teengrowth[1].txt
C:\Users\M****\Documents\cookies\M****@teenvogue[2].txt
C:\Users\M****\Documents\cookies\M****@test.coremetrics[1].txt
C:\Users\M****\Documents\cookies\M****@thefind[2].txt
C:\Users\M****\Documents\cookies\M****@thumbplay.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@timeinc.122.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@tizer.mediarotator[1].txt
C:\Users\M****\Documents\cookies\M****@tns-counter[1].txt
C:\Users\M****\Documents\cookies\M****@toplist[1].txt
C:\Users\M****\Documents\cookies\M****@torstardigital.122.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@track.affiliate-b[1].txt
C:\Users\M****\Documents\cookies\M****@track.bestbuy[2].txt
C:\Users\M****\Documents\cookies\M****@track.cbs[1].txt
C:\Users\M****\Documents\cookies\M****@track.dhl-usa[1].txt
C:\Users\M****\Documents\cookies\M****@track.offerpoint[1].txt
C:\Users\M****\Documents\cookies\M****@trackalyzer[1].txt
C:\Users\M****\Documents\cookies\M****@tracking.foundry42[1].txt
C:\Users\M****\Documents\cookies\M****@tracking.foundry42[2].txt
C:\Users\M****\Documents\cookies\M****@tracking.foxnews[1].txt
C:\Users\M****\Documents\cookies\M****@trackmatics[1].txt
C:\Users\M****\Documents\cookies\M****@tradedoubler[1].txt
C:\Users\M****\Documents\cookies\M****@traffic.buyservices[1].txt
C:\Users\M****\Documents\cookies\M****@trafficmp[2].txt
C:\Users\M****\Documents\cookies\M****@tremor.adbureau[2].txt
C:\Users\M****\Documents\cookies\M****@tribalfusion[2].txt
C:\Users\M****\Documents\cookies\M****@trinitymirror.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@tripod[1].txt
C:\Users\M****\Documents\cookies\M****@trvlnet.adbureau[2].txt
C:\Users\M****\Documents\cookies\M****@usatoday1.112.2o7[2].txt
C:\Users\M****\Documents\cookies\M****@vacationtraditions[1].txt
C:\Users\M****\Documents\cookies\M****@valueclick.ne[1].txt
C:\Users\M****\Documents\cookies\M****@valueclick[1].txt
C:\Users\M****\Documents\cookies\M****@viacom.adbureau[1].txt
C:\Users\M****\Documents\cookies\M****@viacomedycentralrl.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@viamtvcom.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@videoegg.adbureau[1].txt
C:\Users\M****\Documents\cookies\M****@vlc-media-player.en.softonic[1].txt
C:\Users\M****\Documents\cookies\M****@warez[1].txt
C:\Users\M****\Documents\cookies\M****@warnerbros.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@waterfrontmedia.112.2o7[1].txt
C:\Users\M****\Documents\cookies\M****@web4.realtracker[2].txt
C:\Users\M****\Documents\cookies\M****@webmasterplan[2].txt
C:\Users\M****\Documents\cookies\M****@weborama[1].txt
C:\Users\M****\Documents\cookies\M****@webtrack.dhlglobalmail[2].txt
C:\Users\M****\Documents\cookies\M****@webtrends.moxymedia[1].txt
C:\Users\M****\Documents\cookies\M****@webtrends.moxymedia[2].txt
C:\Users\M****\Documents\cookies\M****@wii.findnearby[1].txt
C:\Users\M****\Documents\cookies\M****@wiitracker.weebly[1].txt
C:\Users\M****\Documents\cookies\M****@www.accountonline[2].txt
C:\Users\M****\Documents\cookies\M****@www.addfreestats[1].txt
C:\Users\M****\Documents\cookies\M****@www.animaltracksdvm[2].txt
C:\Users\M****\Documents\cookies\M****@www.burstbeacon[2].txt
C:\Users\M****\Documents\cookies\M****@www.burstnet[2].txt
C:\Users\M****\Documents\cookies\M****@www.clickerpicker[1].txt
C:\Users\M****\Documents\cookies\M****@www.clickmanage[2].txt
C:\Users\M****\Documents\cookies\M****@www.counter160[1].txt
C:\Users\M****\Documents\cookies\M****@www.countryliving.co[2].txt
C:\Users\M****\Documents\cookies\M****@www.elitedeals[2].txt
C:\Users\M****\Documents\cookies\M****@www.encyclomedia[2].txt
C:\Users\M****\Documents\cookies\M****@www.ez-tracks[1].txt
C:\Users\M****\Documents\cookies\M****@www.ezytrack[1].txt
C:\Users\M****\Documents\cookies\M****@www.findgift[1].txt
C:\Users\M****\Documents\cookies\M****@www.googleadservices[2].txt
C:\Users\M****\Documents\cookies\M****@www.googleadservices[4].txt
C:\Users\M****\Documents\cookies\M****@www.googleadservices[6].txt
C:\Users\M****\Documents\cookies\M****@www.googleadservices[7].txt
C:\Users\M****\Documents\cookies\M****@www.googleadservices[8].txt
C:\Users\M****\Documents\cookies\M****@www.googleadservices[9].txt
C:\Users\M****\Documents\cookies\M****@www.linuxquestions[1].txt
C:\Users\M****\Documents\cookies\M****@www.pstats[2].txt
C:\Users\M****\Documents\cookies\M****@www.supermediastore[1].txt
C:\Users\M****\Documents\cookies\M****@www.technologyquestions[2].txt
C:\Users\M****\Documents\cookies\M****@www3.addfreestats[1].txt
C:\Users\M****\Documents\cookies\M****@www5.addfreestats[2].txt
C:\Users\M****\Documents\cookies\M****@www6.addfreestats[2].txt
C:\Users\M****\Documents\cookies\M****@www7.addfreestats[1].txt
C:\Users\M****\Documents\cookies\M****@www8.addfreestats[1].txt
C:\Users\M****\Documents\cookies\M****@xiti[1].txt
C:\Users\M****\Documents\cookies\M****@yadro[1].txt
C:\Users\M****\Documents\cookies\M****@yieldmanager[1].txt
C:\Users\M****\Documents\cookies\M****@zedo[2].txt

#7 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:53 PM

Posted 09 March 2011 - 01:34 PM

Hello.

This message about file not being found 'c:\Users\...\Appdata\\Local\Temp\cmdlnime' would appear when I rebooted. I looked at startup and noticed an entry for dosKPost. I disabled this late last week and no longer got the message but wondering if this has something to do with a virus. I got the error message after I ran avast and quarantined the two java files from my first post.


Yep. . . that's part of the infection. . . and needs to be removed. Not hard to do. . . but I do need a more detailed log so I can target it accurately. I am shifting this topic to the Malware Logs forum for this purpose.

First, please undo whatever you did to disable the entry so that it will show up properly.

***************************************************
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results. Please note that I do not require Attach.txt, DDS.txt is sufficient.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

~Blade


In your next reply, please include the following:
DDS.txt

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#8 caution

caution
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:53 PM

Posted 09 March 2011 - 04:42 PM

Blade,

I allowed the dosKPost in startup. Also, I wasn't sure how far you wanted me to go to recreate the issue I was having so I tried to restore the two java file through Avast. They were in quarantine and I selected restore, but when I went to look for them I couldn't find them at the path specified, so I really don't know if they were restored or not.


DDS.txt
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by m**** at 16:23:51.76 on Wed 03/09/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1195 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: McAfee VirusScan *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\m****\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6071119
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6071119
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [doskPost] rundll32 "c:\users\m****\appdata\local\temp\cmdlnime.dll",CreateProcessNotify
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; .NET4.0C)" -"http://www.bbc.co.uk/schools/numbertime/games/test.shtml"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Home Theater SchSvr] "c:\program files\common files\intervideo\schsvr\SchSvr.exe"
mRun: [WINCINEMAMGR] "c:\program files\intervideo\common\bin\WinCinemaMgr.exe"
mRun: [WINREMOTE] "c:\program files\intervideo\common\bin\WinRemote.exe"
mRun: [DSS]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700}
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F}
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://aol.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} - hxxp://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab
DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://games.bigfishgames.com/en_nightshift-legacy-the-jaguars-eye/online/Nightshift2Web.1.0.0.9.cab
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-hotel-mahjong/zylomplayer.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/cinematycoon.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/popzuma/popcaploader_v10.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\m****\appdata\roaming\mozilla\firefox\profiles\idg5qa5o.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-25 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-8 301528]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-11-27 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2007-11-18 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-8 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-10-8 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-8 42184]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-9-16 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-10-21 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-11-27 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-11-27 35272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2006-10-20 37296]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-4 30192]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-11-27 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-11-27 40552]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-9-5 16896]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-10-21 606736]
.
=============== Created Last 30 ================
.
2011-03-07 13:16:31 -------- d-----w- c:\progra~2\PCDr
2011-03-07 13:16:07 -------- d-----w- c:\users\m****\appdata\roaming\PCDr
2011-03-03 13:22:43 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{f56ffb9d-0570-43c9-b0e6-317ad2c0fdf0}\mpengine.dll
2011-02-27 14:32:10 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-02-27 14:30:35 -------- d-----w- c:\users\m****\appdata\roaming\SUPERAntiSpyware.com
2011-02-27 14:30:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-26 00:42:26 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-09 02:26:14 2038784 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 02:26:11 3548048 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-09 02:26:11 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-09 02:26:10 3600272 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-09 02:26:01 634648 ----a-w- c:\program files\internet explorer\iexplore.exe
.
==================== Find3M ====================
.
2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-08 07:50:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 05:57:10 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-28 14:57:35 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 15:40:24 833024 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 15:37:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 14:12:59 389632 ----a-w- c:\windows\system32\html.iec
2010-12-20 13:51:45 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 15:49:30 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
============= FINISH: 16:25:03.32 ===============

Thanks for your help!

M

#9 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:53 PM

Posted 11 March 2011 - 11:41 AM

Hello.

First, we need to back up the registry.

Download ERUNT from Derfisch or MVPS and save it to your desktop.

Please follow Step 4 onwards of the Installing & Using ERUNT guide to back up your registry. Skip Step 19 for now.

***************************************************

Please open a Notepad file: (From the Start Menu, click Run and type notepad in the window that appears.)
  • Copy the contents of the below code box into the notepad window.
  • Save the file as fixit.reg on your desktop: (Important! make sure you change the "Save As Type" to "All Files")
    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    doskPost=-
    
  • Close the notepad window and click on the fixit.reg file on your Desktop. Allow the file to be merged into the registry.

~Blade


In your next reply, please include the following:
Another DDS.txt log, generated just as you did before
How is the computer running now?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#10 caution

caution
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:53 PM

Posted 12 March 2011 - 12:55 PM

Hey Blade,

Just some questions before I run the reg fix, just so I can understand what is being done. I don't understand what is being done by the reg change you are making.

I followed the path that you listed for the reg fix in reg edit and the doskpost wasn't appearing there. Should it be there?

Also, I disabled doskpost at startup and rebooted after I ran the first DDS for you, it was slowing down my system. Do I need to reactivate and reboot before I run the .reg file?

Thanks again for you help.

#11 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:53 PM

Posted 13 March 2011 - 01:40 AM

Also, I disabled doskpost at startup and rebooted after I ran the first DDS for you, it was slowing down my system. Do I need to reactivate and reboot before I run the .reg file?


That's probably why it didn't show up in regedit, and yes, you do need to re-enable it before running the fix.

All the reg fix is doing is removing the startup entry.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#12 caution

caution
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:53 PM

Posted 13 March 2011 - 10:33 AM

Blade,

You were right! Once I activated it again it appeared in regedit.

Attached is the DDS.txt but the entry is still there. I ran the fixit.reg 3x. Once with double clicking and allowing it to be added, once right clicking and selecting merge and then one more time by creating a new fixit.reg. My OS is Vista, don't know if that has anything to do with it.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by m**** at 11:23:33.27 on Sun 03/13/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1008 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: McAfee VirusScan *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\m****\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6071119
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6071119
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [doskPost] rundll32 "c:\users\m****\appdata\local\temp\cmdlnime.dll",CreateProcessNotify
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; .NET4.0C)" -"http://www.bbc.co.uk/schools/numbertime/games/test.shtml"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Home Theater SchSvr] "c:\program files\common files\intervideo\schsvr\SchSvr.exe"
mRun: [WINCINEMAMGR] "c:\program files\intervideo\common\bin\WinCinemaMgr.exe"
mRun: [WINREMOTE] "c:\program files\intervideo\common\bin\WinRemote.exe"
mRun: [DSS]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700}
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F}
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://aol.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} - hxxp://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab
DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://games.bigfishgames.com/en_nightshift-legacy-the-jaguars-eye/online/Nightshift2Web.1.0.0.9.cab
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-hotel-mahjong/zylomplayer.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/cinematycoon.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/popzuma/popcaploader_v10.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\m****\appdata\roaming\mozilla\firefox\profiles\idg5qa5o.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-25 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-8 301528]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-11-27 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2007-11-18 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-8 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-10-8 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-8 42184]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-9-16 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-10-21 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-11-27 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-11-27 35272]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-9-6 16896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2006-10-20 37296]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-5 30192]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-11-27 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-11-27 40552]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-10-21 606736]
.
=============== Created Last 30 ================
.
2011-03-07 13:16:31 -------- d-----w- c:\progra~2\PCDr
2011-03-07 13:16:07 -------- d-----w- c:\users\m****\appdata\roaming\PCDr
2011-03-03 13:22:43 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{f56ffb9d-0570-43c9-b0e6-317ad2c0fdf0}\mpengine.dll
2011-02-27 14:32:10 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-02-27 14:30:35 -------- d-----w- c:\users\m****\appdata\roaming\SUPERAntiSpyware.com
2011-02-27 14:30:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-26 00:42:26 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
.
==================== Find3M ====================
.
2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-08 07:50:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 05:57:10 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:25:17 2038784 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 14:57:35 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 15:40:24 833024 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 15:37:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 14:12:59 389632 ----a-w- c:\windows\system32\html.iec
2010-12-20 13:51:45 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 15:49:30 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
============= FINISH: 11:27:04.32 ===============

#13 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:53 PM

Posted 14 March 2011 - 05:59 AM

Hello.

Sorry about that. . . I made a mistake with the script. Let's try again. Please make sure that you have the doskPost entry enabled.

***************************************************

Please open a Notepad file: (From the Start Menu, click Run and type notepad in the window that appears.)
  • Copy the contents of the below code box into the notepad window.
  • Save the file as fixit.reg on your desktop: (Important! make sure you change the "Save As Type" to "All Files")
    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "doskPost"=-
    
  • Close the notepad window and click on the fixit.reg file on your Desktop. Allow the file to be merged into the registry.

~Blade


In your next reply, please include the following:
Another DDS.txt log, generated just as you did before
How is the computer running now?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#14 caution

caution
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:53 PM

Posted 14 March 2011 - 09:33 AM

Blade,

The entry was finally deleted! PC seems ok, nothing really strange happening. Can I delete DDS.scr now or are you going to want more .txt files?

Here is the DDS.txt

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by M**** at 10:24:55.02 on Mon 03/14/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1033 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: McAfee VirusScan *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Users\M****\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6071119
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6071119
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; .NET4.0C)" -"http://www.bbc.co.uk/schools/numbertime/games/test.shtml"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Home Theater SchSvr] "c:\program files\common files\intervideo\schsvr\SchSvr.exe"
mRun: [WINCINEMAMGR] "c:\program files\intervideo\common\bin\WinCinemaMgr.exe"
mRun: [WINREMOTE] "c:\program files\intervideo\common\bin\WinRemote.exe"
mRun: [DSS]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700}
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F}
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://aol.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} - hxxp://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab
DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://games.bigfishgames.com/en_nightshift-legacy-the-jaguars-eye/online/Nightshift2Web.1.0.0.9.cab
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-hotel-mahjong/zylomplayer.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/cinematycoon.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/popzuma/popcaploader_v10.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\M****\appdata\roaming\mozilla\firefox\profiles\idg5qa5o.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-25 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-8 301528]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-11-27 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2007-11-18 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-8 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-10-8 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-8 42184]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-9-16 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-10-21 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-11-27 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-11-27 35272]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-9-6 16896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2006-10-20 37296]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-5 30192]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-11-27 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-11-27 40552]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-10-21 606736]
.
=============== Created Last 30 ================
.
2011-03-07 13:16:31 -------- d-----w- c:\progra~2\PCDr
2011-03-07 13:16:07 -------- d-----w- c:\users\M****\appdata\roaming\PCDr
2011-03-03 13:22:43 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{f56ffb9d-0570-43c9-b0e6-317ad2c0fdf0}\mpengine.dll
2011-02-27 14:32:10 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-02-27 14:30:35 -------- d-----w- c:\users\M****\appdata\roaming\SUPERAntiSpyware.com
2011-02-27 14:30:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-26 00:42:26 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
.
==================== Find3M ====================
.
2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-08 07:50:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 05:57:10 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:25:17 2038784 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 14:57:35 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 15:40:24 833024 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 15:37:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 14:12:59 389632 ----a-w- c:\windows\system32\html.iec
2010-12-20 13:51:45 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 15:49:30 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
============= FINISH: 10:28:24.64 ===============

#15 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:53 PM

Posted 14 March 2011 - 11:22 AM

Hello.

You should be okay to delete dds.scr now. :)

Your machine appears to be clean!

***************************************************

I highly recommend that you read through the below set of very helpful suggestions and implement them; they will help protect you from reinfection

Disable and Enable System Restore. - You should disable and enable system restore to make sure there are no infected files found in a restore point. You can find instructions on how to disable and enable system restore here: Windows XP System Restore Guide or Windows Vista System Restore Guide

Re-enable system restore with instructions from tutorial above.

Next, please hide your System Files. To do this, please refer to the following guide and reverse its steps: "How To See Hidden Files in Windows."


This should give you a good start into malware free pc usage. However I suggest you visit the following additional information listed below:
I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache! Posted Image
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

For a nice list of freeware programs in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.

Another recommendation, is to download HostsMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  • Double-click the Downloaded installer and install the tool to a location of your choice
  • Via the Startmenu, navigate to HostsMan and run the program.[list=a]
  • Click "Hosts" in the menu
  • Click "Manage Updates" in the submenu
  • Out of the choices available, select at least one of them (I have MVPS Host as my main one)
  • Click "Add Update." After that you will only need to click on the Update button to retrieve updates:
  • Click the X to exit the program.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users