Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected. Hijack This Log.


  • This topic is locked This topic is locked
11 replies to this topic

#1 Bobboy

Bobboy

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 25 February 2007 - 07:28 PM

Internet Explorer Security Plugin 2006,
Internet Security Add-On, Public Messenger V. 2.03,
System Alert pop-up,
and Video Access ActiveX Object 2.07.

Also I have the "protection bar"

Logfile of HijackThis v1.99.1
Scan saved at 7:23:18 PM, on 2/25/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\HJT\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rvb.roosterteeth.com/home.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video Access ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LanzarL2007] "C:\Users\Bob\AppData\Local\Temp\{6670AB55-B61E-4735-9300-56F736D1A445}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [{0A8C124E-0290-DD3C-B476-FD349E1147E8}] C:\Users\Bob\AppData\Roaming\blacky2.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} (Gogs Class) - http://app.ipop.co.kr/gogsweb/gogsweb.cab
O16 - DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} (Launcher Class) - http://app.ipop.co.kr/ipop/ipopx.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

All help greatly appreciated.

BC AdBot (Login to Remove)

 


#2 sjpritch25

sjpritch25

  • Security Colleague
  • 911 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:10:43 AM

Posted 25 February 2007 - 09:09 PM

Welcome to BC :thumbsup:

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Posted Image
Select option #1 - Search by typing 1 and press Enter
Posted Image
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

IMPORTANT: Do NOT run any other options until you are asked to do so!
Microsoft MVP Consumer Security--2007-2010

#3 Bobboy

Bobboy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 25 February 2007 - 09:38 PM

Vista is unsupported by Smitfraudfix. :thumbsup:. Can anything else work?

#4 sjpritch25

sjpritch25

  • Security Colleague
  • 911 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:10:43 AM

Posted 25 February 2007 - 10:12 PM

Sorry, this wiil work

Download and scan with SUPERAntiSypware Free for Home Users
alternate site
  • Double-click SUPERAntiSypware.exe to install and use the default settings for installation.
  • Run SUPERAntiSypware and update the definitions before scanning by selecting "Check for Udates".
  • When done, select "Scan for Harmful Software".
  • There are three scanning options available. Choose "Perform Complete Scan" and click "Next".
  • When done, a Scan Summary will appear with potentially harmful items that were detected. Click "OK".
  • Place a checkmark next to items you wish to remove/quarantine and Click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked to Reboot, please do.
  • After Reboot, double-click on SuperAnti-Spyware icon on your Deskto[
  • Click Preferences, Click the Statistics/Logs Tab.
  • Under Scanner logs, Double-click SuperAnti-Spyware Scan Log.
  • It will open in your default test editor (such as Notepad or WordPad).
  • Please Highlight everything in the Notepad, then right-click and choose copy.
  • In your next reply, please post those results and include a fresh Hijackthis log.
  • Select close to exit the program.
Note: If you encounter any problems while downloading the updates, manually download and unzip them from here.
Microsoft MVP Consumer Security--2007-2010

#5 sjpritch25

sjpritch25

  • Security Colleague
  • 911 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:10:43 AM

Posted 25 February 2007 - 10:23 PM

Can you tell me what happened when you tried to run smitfraudfix, because it will work??????
Microsoft MVP Consumer Security--2007-2010

#6 Bobboy

Bobboy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 01 March 2007 - 09:37 PM

Sorry dog, i havent been on for a while. When I opened up smitfraudfix, i got a message that said the version of windows wasnt compatible. And the RUN background thingy was red, not blue. -.- Hope it helps. Scanning now....

#7 sjpritch25

sjpritch25

  • Security Colleague
  • 911 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:10:43 AM

Posted 01 March 2007 - 09:44 PM

That's okay, i found out that it no longer compatible. SuperAnti-Spyware can clean this infection. Please follow my last instructions. Thanks.
Microsoft MVP Consumer Security--2007-2010

#8 Bobboy

Bobboy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 01 March 2007 - 10:49 PM

:thumbsup: Hoped i helped with helping future people.... that need help. O.o So far the scan is going good. I'll post with the updates in a sec or tomarrow.

#9 Bobboy

Bobboy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 02 March 2007 - 08:58 PM

SUPER scan log

SUPERAntiSpyware Scan Log
Generated 03/02/2007 at 01:34 AM

Application Version : 3.5.1016

Core Rules Database Version : 3192
Trace Rules Database Version: 1202

Scan type : Complete Scan
Total Scan Time : 03:57:21

Memory items scanned : 600
Memory threats detected : 1
Registry items scanned : 5856
Registry threats detected : 27
File items scanned : 534102
File threats detected : 351

Trojan.Media-Codec
C:\PROGRAM FILES\VIDEO ACCESS ACTIVEX OBJECT\IESPLUGIN.DLL
C:\PROGRAM FILES\VIDEO ACCESS ACTIVEX OBJECT\IESPLUGIN.DLL
HKCR\CLSID\{84938242-5C5B-4A55-B6B9-A1507543B418}
HKCR\CLSID\{84938242-5C5B-4A55-B6B9-A1507543B418}\Implemented Categories
HKCR\CLSID\{84938242-5C5B-4A55-B6B9-A1507543B418}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{84938242-5C5B-4A55-B6B9-A1507543B418}\InprocServer32
HKCR\CLSID\{84938242-5C5B-4A55-B6B9-A1507543B418}\InprocServer32#ThreadingModel
HKU\S-1-5-21-2778269008-815615704-2637933957-1000\Software\Internet Security
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object#ProductionEnvironment
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object#URLInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object#Publisher
C:\Program Files\Video Access ActiveX Object\ot.ico
C:\Program Files\Video Access ActiveX Object\pmunst.exe
C:\Program Files\Video Access ActiveX Object\ts.ico
C:\Program Files\Video Access ActiveX Object\uninst.exe
C:\Program Files\Video Access ActiveX Object
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{84938242-5C5B-4A55-B6B9-A1507543B418}

Adware.Tracking Cookie
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\bob@revsci[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\bob@ads.revsci[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\bob@ad-indicator[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\bob@www.claxonmedia[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\bob@enhance[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\bob@doubleclick[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\bob@atwola[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\bob@cpvfeed[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\bob@www.pestcapture[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\bob@imrworldwide[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\bob@advertising[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\bob@azjmp[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@2.adbrite[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@2o7[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@3.adbrite[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@4.adbrite[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@a.websponsors[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ad-indicator[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ad.adocean[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ad.yieldmanager[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ad.zanox[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ad1.clickhype[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ad2.billboard[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ad2.ip[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@adbrite[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@adinterax[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@adjuggler[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@adknowledge[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@adopt.euroclick[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@adopt.specificclick[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@adrevolver[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ads.adbrite[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ads.addynamix[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ads.cnn[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ads.goyk[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ads.mediamayhemcorp[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ads.newgrounds[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ads.pointroll[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ads.realtechnetwork[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ads.revsci[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ads.wowhead[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@adult.hotmovies[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@adultadworld[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@advertising[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@anad.tacoda[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@anat.tacoda[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@as-us.falkag[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@atdmt[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@atwola[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@azjmp[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@banners.guns[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@belnk[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@bluestreak[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@bs.serving-sys[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@burstnet[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@c5.zedo[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@campaign.indieclick[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@casalemedia[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@click.cybertvpartner[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@click.zoopartners[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@clicksor[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@clicktorrent[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@counter-strike[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@counter.hitslink[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@cpvfeed[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@cruisingforsex[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@cz3.clickzs[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@data2.perf.overture[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@doubleclick[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ehg-ifilm.hitbox[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ehg-vmixmediainc.hitbox[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@fastclick[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@focalex[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@gostats[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@h.starware[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@hitbox[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@imrworldwide[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ingenuity.advertserve[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@interclick[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@kanoodle[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@keywordmax[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@kmpads[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@media.adrevolver[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@media.fastclick[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@media.injectnet[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@media.pc.ign[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@media.xbox360.ign[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@media303[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@mediamatters[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@mediaplex[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@mediaservices.myspace[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@overture[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@partner2profit[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@podtrac.advertserve[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@precisionclick[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@publishers.clickbooth[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@qnsr[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@questionmarket[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@realmedia[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@revsci[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@sec1.liveperson[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@sec1.liveperson[3].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@server.counter-strike[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@server.cpmstar[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@serving-sys[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@sixapart.adbureau[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@specificclick[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@statcounter[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@stats.bigdrum[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@tacoda[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@toplist[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@tracker.myspacemaps[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@trafficmp[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@tribalfusion[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@try.starware[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@valueclick[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@vmix.adbureau[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@warlog[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@web.cruisingforsex[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.3dstats[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.addfreestats[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.burstbeacon[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.burstnet[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.claxonmedia[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.googleadservices[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.googleadservices[3].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.googleadservices[4].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.googleadservices[5].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.vibrantmedia[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.xxxpower[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www1.claxonmedia[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www3.addfreestats[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@xiti[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@xxxpower[1].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@yadro[2].txt
C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@zedo[2].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@a.websponsors[1].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad-cross.co[2].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad-indicator[2].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[1].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad1.clickhype[2].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad1.dmcmedia.co[2].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad1.targetgraph[1].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adinterax[1].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adknowledge[2].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adopt.hbmediapro[2].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adopt.specificclick[2].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.morpheus[2].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.newgrounds[1].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.realtechnetwork[1].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@aff.primaryads[1].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@anat.tacoda[2].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atwola[1].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bannerspace[2].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@belnk[1].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@burstnet[2].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clicksor[1].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clicktorrent[2].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@data2.perf.overture[1].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@directtrack[1].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@dist.belnk[2].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@edge.ru4[1].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@gtb15.acecounter[2].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@interclick[1].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@kanoodle[1].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.ps3.ign[1].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.snapvine[1].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media303[2].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@millnicmedia.directtrack[2].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@nac.nasmedia.co[2].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@nextag[2].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@realmedia.co[1].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sec1.liveperson[2].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@server.cpmstar[1].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@serving.rpowermedia[1].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sslc1.acecounter[2].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@trafficmp[2].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstbeacon[1].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstnet[1].txt
C:\Windows.old\Documents and Settings\HP_Administrator\Cookies\hp_administrator@xiti[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\bob@ad-indicator[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\bob@ads.revsci[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\bob@advertising[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\bob@atwola[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\bob@azjmp[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\bob@cpvfeed[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\bob@doubleclick[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\bob@enhance[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\bob@imrworldwide[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\bob@revsci[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\bob@www.claxonmedia[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@2.adbrite[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@2o7[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@3.adbrite[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@4.adbrite[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@a.websponsors[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ad-indicator[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ad.adocean[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ad.yieldmanager[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ad.zanox[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ad1.clickhype[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ad2.billboard[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ad2.ip[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@adbrite[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@adinterax[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@adjuggler[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@adknowledge[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@adopt.euroclick[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@adopt.specificclick[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@adrevolver[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ads.adbrite[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ads.addynamix[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ads.cnn[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ads.goyk[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ads.mediamayhemcorp[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ads.newgrounds[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ads.pointroll[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ads.realtechnetwork[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ads.revsci[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ads.wowhead[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@adult.hotmovies[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@adultadworld[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@advertising[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@anad.tacoda[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@anat.tacoda[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@as-us.falkag[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@atdmt[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@atwola[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@azjmp[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@banners.guns[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@belnk[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@bluestreak[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@bs.serving-sys[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@burstnet[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@c5.zedo[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@campaign.indieclick[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@casalemedia[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@click.cybertvpartner[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@click.zoopartners[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@clicksor[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@clicktorrent[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@counter-strike[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@counter.hitslink[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@cpvfeed[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@cruisingforsex[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@cz3.clickzs[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@data2.perf.overture[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@doubleclick[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ehg-ifilm.hitbox[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ehg-vmixmediainc.hitbox[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@fastclick[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@focalex[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@gostats[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@h.starware[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@hitbox[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@imrworldwide[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@ingenuity.advertserve[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@interclick[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@kanoodle[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@keywordmax[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@kmpads[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@media.adrevolver[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@media.fastclick[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@media.injectnet[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@media.pc.ign[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@media.xbox360.ign[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@media303[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@mediamatters[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@mediaplex[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@mediaservices.myspace[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@overture[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@partner2profit[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@podtrac.advertserve[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@precisionclick[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@publishers.clickbooth[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@qnsr[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@questionmarket[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@realmedia[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@revsci[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@sec1.liveperson[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@sec1.liveperson[3].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@server.counter-strike[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@server.cpmstar[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@serving-sys[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@sixapart.adbureau[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@specificclick[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@statcounter[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@stats.bigdrum[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@tacoda[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@toplist[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@tracker.myspacemaps[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@trafficmp[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@tribalfusion[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@try.starware[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@valueclick[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@vmix.adbureau[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@warlog[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@web.cruisingforsex[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.3dstats[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.addfreestats[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.burstbeacon[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.burstnet[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.claxonmedia[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.googleadservices[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.googleadservices[3].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.googleadservices[4].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.googleadservices[5].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.vibrantmedia[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www.xxxpower[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www1.claxonmedia[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@www3.addfreestats[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@xiti[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@xxxpower[1].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@yadro[2].txt
C:\Windows.old.000\Documents and Settings\Bob\AppData\Roaming\Microsoft\Windows\Cookies\Low\bob@zedo[2].txt
C:\Windows.old.000\Users\73hl337B0bb0y\AppData\Roaming\Microsoft\Windows\Cookies\Low\73hl337b0bb0y@3.adbrite[1].txt
C:\Windows.old.000\Users\73hl337B0bb0y\AppData\Roaming\Microsoft\Windows\Cookies\Low\73hl337b0bb0y@adsrevenue[2].txt
C:\Windows.old.000\Users\73hl337B0bb0y\AppData\Roaming\Microsoft\Windows\Cookies\Low\73hl337b0bb0y@clicksor[1].txt
C:\Windows.old.000\Users\73hl337B0bb0y\AppData\Roaming\Microsoft\Windows\Cookies\Low\73hl337b0bb0y@clicktorrent[2].txt
C:\Windows.old.000\Users\73hl337B0bb0y\AppData\Roaming\Microsoft\Windows\Cookies\Low\73hl337b0bb0y@imrworldwide[2].txt
C:\Windows.old.000\Users\73hl337B0bb0y\AppData\Roaming\Microsoft\Windows\Cookies\Low\73hl337b0bb0y@login.tracking101[2].txt
C:\Windows.old.000\Users\73hl337B0bb0y\AppData\Roaming\Microsoft\Windows\Cookies\Low\73hl337b0bb0y@precisionclick[1].txt
C:\Windows.old.000\Users\73hl337B0bb0y\AppData\Roaming\Microsoft\Windows\Cookies\Low\73hl337b0bb0y@precisionclick[2].txt
C:\Windows.old.000\Users\73hl337B0bb0y\AppData\Roaming\Microsoft\Windows\Cookies\Low\73hl337b0bb0y@warlog[2].txt
C:\Windows.old.000\Users\73hl337B0bb0y\AppData\Roaming\Microsoft\Windows\Cookies\Low\73hl337b0bb0y@www.burstnet[2].txt

Trojan.Security Toolbar
C:\ProgramData\Microsoft\Windows\Start Menu\Online Security Guide.url
C:\ProgramData\Microsoft\Windows\Start Menu\Security Troubleshooting.url

Malware.SpyDawn
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\InprocServer32
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\InprocServer32#ThreadingModel
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\ProgID
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\TypeLib
HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\VersionIndependentProgID
C:\USERS\BOB\APPDATA\LOCAL\TEMP\AV9CA9.EXE
C:\WINDOWS.OLD.000\DOCUMENTS AND SETTINGS\BOB\APPDATA\LOCAL\TEMP\AV9CA9.EXE

Adware.VSToolbar
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0003658.DLL

Browser Hijacker.Favorites
C:\USERS\ALL USERS\MICROSOFT\WINDOWS\START MENU\ONLINE SECURITY GUIDE.URL
C:\USERS\ALL USERS\MICROSOFT\WINDOWS\START MENU\SECURITY TROUBLESHOOTING.URL
C:\USERS\BOB\FAVORITES\ONLINE SECURITY TEST.URL
C:\WINDOWS.OLD.000\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\WINDOWS\START MENU\ONLINE SECURITY GUIDE.URL
C:\WINDOWS.OLD.000\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\WINDOWS\START MENU\SECURITY TROUBLESHOOTING.URL
C:\WINDOWS.OLD.000\DOCUMENTS AND SETTINGS\BOB\FAVORITES\ONLINE SECURITY TEST.URL
C:\WINDOWS.OLD.000\PROGRAMDATA\APPLICATION DATA\MICROSOFT\WINDOWS\START MENU\ONLINE SECURITY GUIDE.URL
C:\WINDOWS.OLD.000\PROGRAMDATA\APPLICATION DATA\MICROSOFT\WINDOWS\START MENU\SECURITY TROUBLESHOOTING.URL
C:\WINDOWS.OLD.000\PROGRAMDATA\START MENU\ONLINE SECURITY GUIDE.URL
C:\WINDOWS.OLD.000\PROGRAMDATA\START MENU\SECURITY TROUBLESHOOTING.URL
C:\WINDOWS.OLD.000\USERS\ALL USERS\MICROSOFT\WINDOWS\START MENU\ONLINE SECURITY GUIDE.URL
C:\WINDOWS.OLD.000\USERS\ALL USERS\MICROSOFT\WINDOWS\START MENU\SECURITY TROUBLESHOOTING.URL

Trojan.Downloader-Gen/Installer
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\LOCAL SETTINGS\TEMP\B121.EXE

Malware.SpywareQuake
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\LOCAL SETTINGS\TEMP\SA12F.EXE

Adware.ClickSpring/PuritySCAN
C:\WINDOWS.OLD\WINDOWS\SYSTEM32\WCPCC.EXE


HJT scan log:

Logfile of HijackThis v1.99.1
Scan saved at 8:56:11 PM, on 3/2/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\notepad.exe
C:\HJT\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rvb.roosterteeth.com/home.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LanzarL2007] "C:\Users\Bob\AppData\Local\Temp\{6670AB55-B61E-4735-9300-56F736D1A445}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [{0A8C124E-0290-DD3C-B476-FD349E1147E8}] C:\Users\Bob\AppData\Roaming\blacky2.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} (Gogs Class) - http://app.ipop.co.kr/gogsweb/gogsweb.cab
O16 - DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} (Launcher Class) - http://app.ipop.co.kr/ipop/ipopx.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown

#10 sjpritch25

sjpritch25

  • Security Colleague
  • 911 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:10:43 AM

Posted 03 March 2007 - 02:26 AM

Your log is clean!!!! :thumbsup: How is everything running???
Microsoft MVP Consumer Security--2007-2010

#11 Bobboy

Bobboy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 04 March 2007 - 07:03 PM

Yay!! <Insert random sound effects here> Everything is running fine. As far as I can tell. Laggy speed has been cleared up and popups and stuff are completely gone. Had to reinstall google toolbar tho >_<

#12 sjpritch25

sjpritch25

  • Security Colleague
  • 911 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:10:43 AM

Posted 04 March 2007 - 09:20 PM

Your Welcome!!!! :thumbsup:

Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

To SET A NEW RESTORE POINT:
  • Right-Click on the Computer icon in the Desktop, and chooose Properties.
  • In the left pane, click System Protection.
  • If you are prompted for an Administrator password or confirmation, type the password or provide confirmation.
    Posted Image
  • Click the System Protection Tab and then click Create.
    Posted Image
  • In the System Protection dialog box, type a description, and then click Create.
    Posted Image
======================================

Here is some useful information on keeping your computer clean:
  • Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
  • If you don't have a Firewall installed, please choose from the following:
  • If you don't have a Anti-Virus installed, please download the following free program:
  • Here are two great Preventive programs:
    • SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.
    • IESpyads adds a long list of bad sites to your Restricted sites in Internet Explorer and protects against drive by downloads.
  • Surf Safe with McAfee's SiteAdisor. SiteAdisor will work with Internet Explorer and Mozilla Firefox. SiteAdisor is a browser plugin that assigns a safety rating to domains listed in your search engine. SiteAdvisor uses the following color codes to indicate the safety level of each site.
    • Red for Warning
    • Yellow for Use Caution
    • Green for Safe
    • Grey for Unknown
    Here are the link to install SiteAdisor in Internet Explorer and Firefox
  • Anti-Spyware Programs I Recommend:
  • For Even More Information On Securing Your Computer read Tony Klein's So How Did I Get Infected In The First Place]

Microsoft MVP Consumer Security--2007-2010




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users