Explore topic-wise InterviewSolutions in .

AAARRRGGGHHH!!!

Looks good. How is the computer running now?very good!!!!! thank you soooo sooo much for your help Sounds good.

Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the BOX next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

What do you mean by it disappeared? Is it just auto hiding?OKAY, I've finally redone all the PREVIOUS steps and will post the results. No results were found for both Super antispyware, and Malwarebytes, but I have included what was found in Hijack This.

[attachment deleted by admin]Please see my previous question.

Hi, this is my 1st post on this forum. I have a problem with Ad-Aware 2008. BASICALLY I was unable to run a scan yesterday, keep getting messages about not having administrative rights or "fatal error 1920" messages. Have used Ad-Aware in various VERSIONS for a couple years now & this is the 1st time i've had a problem. I was advised to uninstall then re-install Ad-Aware but windows won't let me uninstall it, keep getting the same error messages over again. tried a system restore & that didn't work either. Even tried downloading the latest Ad-Aware Anniversary edition but it couldn't install due to not being able to uninstall the old program. I have found a couple of THREADS on the Lavasoft forum about this & tried their fixes but they do not work. I fear that some kind of virus/worm has got onto my PC somehow as it also runs a lot slower than before.
Any advice would be much appreciated as I really am not having any luck with this one.
Hope someone can help.

Hi.
What does it mean when there is a virus symbol on the shutdown button. It isn't removed by the antivirus software avg free grisoft and spybot search and destroy which I ran earlier.
Whats this virus symbol look like?WINDOWS security orange SHIELD with a black ! in it. davedat...

This icon?


It MEANS: A program that's not part of Windows needs your permission to start. It has a valid digital signature indicating its name and its publisher, which helps to ensure that the program is what it claims to be. Make sure that this is a program that you intended to run.
or that one?? That just means there are updates that need installedthanks I thought the LATEST updates were downloaded because there were updates ALREADY today but there were three more important updates just nowI had one for the Microsoft Malicious Software Tool today also.

Hey,
Here are the two logs that were generated.
Thanks again,

[attachment deleted by admin]Do you have a log from ComboFix? I just ran combofix, here is the log
thanks

[attachment deleted by admin]Did you uninstall Nod 32?

Download Security Check from one of the following links and save it to your Desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.[/list]

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.No i didn't, i do not know how....


[attachment deleted by admin]Run the NOD32 Removal Tool http://www.nod32.nl/download/tool/nod32removal.exe

Restart the computer when it's complete.

----------

How is the computer running now?hey,
so i ran the NOD32 removal program, and it came up with this warning, ("er zijn geen NOD32 verwijderen onderdelen aangetroffen op de computer.") Which means, "there none NOD32 removes components has been found on the computer." Any IDEA? Im rather annoyed by this program...
Thanks eh?
Anyways it shouldnt matter, what is a little more protection eh?
Thanks Again, i am now done with this computer i will be incontact when i have more difficulty (which i am sure that i will. ) thanks again!I think it's just showing in the Security Center but not actually installed.

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

• Delete:
• ComboFix and its associated FILES and folders.
• VundoFix backups, if present
• The C:\Deckard folder, if present
• The C:_OtMoveIt folder, if present

• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

Every time i try to open my incredimail, i got the message :

The correct version of flash is not currently INSTALLED. Flash by Macromedia is a popular animation plug-in and is a required Incredimail component. A very SIMPLE Flash installation page will SOON open.

The installation from that page never be able to be installed, it never worked.
What i did was:
#to download the latest version of incredimail
#Downloaded the lastest " Adobe Flash Player 10 Plugin
#same for Adobe Shockwave Player 11
after all that the result is the same, can't open and get the message.

With my Yahoo! Messenger , after the little windows with all the contacts open, the windows close after a 50 seconds and the icon in the tray too.
What i did was :
#downloaded the latest version
but the results are the same.



A few days ago , I had a chat on Yahoo! Messenger with my cousin in Belgium and she had a computer back
from repair and she is not a guru in computing we chated on a windows of Yahoo! Messenger looking very old version . I WANTED her to download the latest version before we keep chating but she could not do it, so we keep going on that old windows. Could someone took the opportunity to download a virus or malware
on our PC?

I don't know what to do to put back my pc in good order and i need help.
Thanks
My PC is on XP 3 desktop
I use my Acronis to put my PC to working and ok now

Hi,

I have another laptop that seems to have gone all wonky. It is a Toshiba Laptop that was originally for VISTA but the company wanted it to run XP PROFESSIONAL so they rigged it for XP. It has up to Service Pack 3 installed.

I'm able to follow the removal steps up until SAS and Malware. Both programs can be downloaded but they won't execute from the desktop. I've even tried to rename Malware to just mbam and still didn't work. I can't even seem to install Hijack this either.HijackThis doesn't need installing - it should just run from the route of the main drive.

Try PUTTING in the C:\ directory then reboot and access safe mode (F8 on boot up). Try running what scans you can there. You most likely won't be able to install anything in safe mode though.Hi thanks for the reply. I put the Hijack This in the c:\ root and then rebooted into safe mode. I tried to run it from there and same thing, nothing happens...i know it may sound stupid , ( if it is don't say so ) , did you try and right click and open them it works for me when they stall , harryThanks for the advice unfortunately I did try that and "run as" also, still no luck Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden DEVICES.

* Scroll down to Non-plug and Play Drivers and click the plus icon to open those drivers.
* Search for any of the following:

- Seneka.sys <- Or anything beginning with Seneka
- clbdriver.sys <- Or anything beginning with clbdriver
- TDSSserv.sys <- Or anything beginning with TDSS

* Let me know if you find them or not.
* If you do find it, right click on it, and select DISABLE. Do not try to uninstall them.
* Now reboot and see if you can run the scans that would not run.

I did a VIRUS and spyware scan of my computer (XP) and they both found stuff and removed them and said to restart. After restart I click on my user account and ENTER my password and it goes as NORMAL and then I see my desktop for a split second and it logs me off. I tried to boot from disk and it asks me for administrator password? Anyone have any insight to this problem of mine? Any help would be greatly appreciated!Can you get into Safe Mode?unfortunatly the comp is asking for a password when i try to enter safe mode and i havent made any password. I read in another posting that there is no password but if i dont enter the pw it just restarts the comp.You've tried all available accounts in Safe Mode? None work?

Do you have the WINDOWS XP CD?yes ive tried all accounts and i do have the XP cd but its that password thing.My virus scanner is AVG Free version if this helps?You're GOING to want to perform a Repair Install.

http://www.michaelstevenstech.com/XPrepairinstall.htm

So I got this nice LITTLE virus this afternoon and Spybot S&D and McAfee managed to supposedly delete the files concerned with it.
But the original file that contained the virus was still on my system and if tried to delete would just open up the virus all over again, Joy.

Now I already shut down my system restore before anything else.
Then I closed all programs incase it was holding onto anything.

Then the bad MOVE....I shut down my computer, usually a good idea this time not so much.

Now when I restart my machine for some reason all that will start is WinRAR and it opens up with the folder that contains the file which contains the virus. No windows interface....nothing.

So I'm now at a loss. Basically at the moment I am running programs by going through WinRAR to the specific folder and getting it to run that way.

I can get CTRL, ALT, DELETE to work so can view all tasks and can't see anything too out of the blue on my processses list.

Any advice? Since right now I'm seeing my only option to be to reformat my whole computer but it seems like this should be easier to sort?Can you reboot into safe mode and try ACCESSING the file to delete it?No I couldn't because it was asking me for my password in safe mode but my keyboard was DISABLED somehow.
EITHER way I decided to just reformat my machine lol I had enough of it lol.

Ok here it goes
My friends computer has been really screwed up. He GAVE it to me today to try and fix.
it is an ACER T180 Running Win xp pro This is a box stock machine...

I have followed the steps in the forum, and I have the log files. I have spent several hours working on this computer, and have pulled out Hundreds of infected files but I still have more that are showing up. Could someone take a look at the logs and let me know what else to do... Thank you
Cbarnard

[attachment deleted by admin]Disable Spybot's TeaTimer

While TeaTimer is an excellent tool for the prevention of spyware, it can also interfere with HijackThis fixes. Please disable TeaTimer for now until you are clean.

1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol). Choose Exit Spybot S&D RESIDENT
2. Run Spybot S&D
3. Go to the Mode menu, and make sure Advanced Mode is selected.
4. On the left hand side, choose Tools > Resident
uncheck Resident TeaTimer and OK any prompt and Restart your computer.

Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

If TeaTimer will not turn off then uninstall Spybot until we are done cleaning.

----------

1. Close all open Web browsers.
2. From the Start menu in Windows select Control Panel.
3. Select Add or Remove Programs.
4. In Add or Remove Programs select any of the following: (the names may be slightly different)

- Ask.com
- Ask Bar
- Ask Desktop Search
- Ask Search
- Ask Toolbar

5. Click Change/Remove for each and uninstall all found.

----------

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ASK.COM

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFixHere is the log file Evilfantasy

Sorry about the tea timer I forgot about it... I have deleted the entry as you asked. I was going to delete it before but I wanted a second opinion... Thank you

[attachment deleted by admin]Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

File::
c:\windows\ixonygiga.lib
c:\documents and settings\All Users\Application Data\tinuw.vbs
c:\windows\bemy.sys
c:\windows\system32\lyjepusali.bin
c:\program files\Common Files\onozedago.reg
c:\windows\ilykysexuv.db
c:\windows\pezeryxef._sy
c:\program files\Common Files\opykawoni.dll

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freezehere is that logfile:


[attachment deleted by admin]You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More INFORMATION:

• ViewMgr.exe - Useless
  
• Viewpoint to Plunge Into Adware

• Viewpoint
  
• Viewpoint Manager
  
• Viewpoint Media Player
  
• Viewpoint Toolbar
  
• Viewpoint Experience Technology

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

• Delete:
• ComboFix and its associated files and folders.
• VundoFix backups, if present
• The C:\Deckard folder, if present
• The C:_OtMoveIt folder, if present

• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

• Start
• Run
• type: CLEANMGR.EXE
  
• Press Enter.

• Temporary Internet Files
• Downloaded Program Files
• Recycle Bin
• Temporary Files

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

I am receiving a message regarding an illegal action occurring in C:/program files/WINDOWS. I read up on a previous problem regarding this malware, and FOLLOWED your INSTRUCTIONS of "read this before requesting..."

I have a Gateway tablet M-285e with Windows XP Pro Tablet Edition, 3 gigs of RAM, and an Intel Centrino Duo processor.

The requested logs are attached. Any information is much appreciated.
Thanks for your time.

[ATTACHMENT deleted by admin]

Hi,this morning i was UPDATING my
anti spyware programs a squared free
malware bites,And SPYWAREBLASRTER,
spywareblaster had 91 updates so i
downloaded them, NEXT Deep scan with
Asquared free and found this,
sdset.up.exe Packed win32.prepatch jiA2 HIGH risk..
spywareblaster.exe. I sent details to a squared,
removed infection sucsesfully and used Revo advansed
uninstall,all seems WELL now if you already KNEW about
this sorry for repeating it,Sorry for long post.........P..........

Try this.

1. Download IEFix.zip and run it.
2. Click the APPLY button.
3. You'll be prompted for the Operating System CD or the Service Pack Files location.


If you don't have the Windows installation CD, and if the installation source files are not present in the hard disk, you may click Cancel when you see a dialog box pop up TYPE (or copy/paste) this FILE path:

Code: [Select]c:\windows\ServicePackFiles\i386

Or

Code: [Select]C:\Windows\ServicePackFiles
IEFix will CONTINUE with DLL registration part.

Oh yeah!, you're good!, uh huh, uh huh, uh huh!


Question:

Do I click "cancel" or type the URL?

OR Do I click cancel and type the URL?I haven't ran that in a while so I might be a little off. Whenever you get the dialog box then type in the file location then click OK.Thanks, here goes.Well that gave me a message that it wasn't supported by IE7. So I took a break and will get back with you tomorrow to see if you have any more ideas and I will ask around at work to see if I can borrow a CD for Windows XP.

You have been so helpful. Have a good night.Hello, I was wondering about the IEFix.exe because I haven't been able to ask anyone at work about a CD. If the IEFix doesn't support IE 7 then could I download an older version of Internet Explorer, run the IEFix and have the same effect?You can uninstall IE7 and it will revert to IE6 automatically. It will?? Who'd thought? So if I were to do that... uninstall my IE 7 then I would automatically have IE 6 on my machine and I could run the IEFix.exe again to see what happens?Sounds like a plan. Can't guarantee it will work but it's worth a try.

pc is infected and does not stay open for long.i also tried to go in safe mode and shuts off as well.i have WIN xp.is there a way that i could get in and run a spyware through the cd rom.pls help.

thks
mo The description of your problem is a BIT vague. For example, is it a laptop or desktop? What makes you think it's infected? When you SAY shuts off, you mean the computer completely turns off, yes? Can you give us greater DETAIL on the symptoms of the problems? When did they start? What are some of the things you did around the time the problem started? Etc.

Assuming you have access to another computer, you could TRY: http://www.ultimatebootcd.com/

There are a few anti-virus programs on there that can be run before entering Windows.

my friends pc had trouble with a blue screen on SATURDAY , then on sunday got an

erorr ( no code ) and said PHYSICAL dumping taking place , and to-night the pc will not turn on

keeps trying to reboot , windows XP , ie7 , harryYou have TOLD other people before not to double post. Then you do it yourself? sorry , but no i told them not to bump , the PROBLEM gets worse as the days go on

Hello all,

I'm having trouble with a computer that is running Windows XP and having a svchost.exe error.

Instruction at "0x7564d27e" referenced memory at "0x00000060". the memory could not be "read". Press on OK to terminate the program.

Now this error never goes away, I've tried investigating it and can't seem to find a solution, I'm hoping someone here can help me.

I've gone through the steps for Malware Removal and I'm attaching my logs here, please let me know if you need additional information as well!

Thanks in ADVANCE for all your help!

[attachment deleted by admin]Before you begin the SDFix instructions you should copy these instructions in a Notepad file and save them to your desktop or print them for easy reference. Much of SDFix will be done in Safe mode and you will be unable to access this web page after booting into Safe mode.

Download SDFix by AndyManchesta and save it to your desktop.

When using this tool, you must use the Administrator's account or an account with Administrative rights

* Now, double-click on the SDFix icon that should now be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button.
* A window will now open showing SDFix being extracted into the C:\SDFix folder.
* Once the installation program has finished extracting SDFix, it will open a Notepad with further instructions.
* DO NOT use it just yet.

Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow KEYS to navigate and select the option to run Windows in "Safe Mode".

When your computer has started in safe mode, and you see the desktop, close all open Windows.

* Click on the Start button, click on the Run menu option, and type the following text from the Code Box into the Open: field then click the OK button.

Code: [Select]C:\SDFix\RunThis.bat
* SDFix window will open containing some brief info and a disclaimer on the use of the tool.
* Type Y on your keyboard and then press Enter to begin the cleanup process.
* It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
* Copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log (from normal boot mode).
Thanks evilfantasy for taking the time to look at these. I've attached the new log files.

[attachment deleted by admin]Go to Add/Remove Programs and uninstall:

• My Web Search Bar Search Scope Monitor

• F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

• O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code: [Select]REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"My Web Search Bar Search Scope Monitor"=-

Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.

Delete the fixme.reg from the Desktop.

Now continue on with ComboFix.

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then HIT Enter.

• Delete:
• ComboFix and its associated files and folders.
• VundoFix backups, if present
• The C:\Deckard folder, if present
• The C:_OtMoveIt folder, if present

• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

I don't really know whether my computer has (again) a virus or something or not. But please scan this anyway. btw, MBAM and SAS showed me that I'm clean. But the HJT a particular (no name) that I was curious of..
---------------------------------------------------------------------------------------------------
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

[attachment deleted by admin]That's just an empty BHO from Yahoo. It can be safely fixed.

Open HijackThis and SELECT Do a system scan only.

Place a check mark next to the following entries: (if there)

• R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
  
• O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
  
• O20 - AppInit_DLLs:
  

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\WINDOWS nt\currentversion\winlogon\notify\psfus]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
i did it, here's the latest log:


ComboFix 09-02-19.01 - Adeeba 2009-02-22 18:02:12.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3581.2540 [GMT -3:00]
Running from: c:\users\Adeeba\Desktop\ComboFix.exe
Command switches used :: c:\users\Adeeba\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-22 to 2009-02-22 )))))))))))))))))))))))))))))))
.

2009-02-22 17:12 . 2009-02-22 17:12d--------c:\users\All Users\Malwarebytes
2009-02-22 17:12 . 2009-02-22 17:12d--------c:\users\Adeeba\AppData\Roaming\Malwarebytes
2009-02-22 17:12 . 2009-02-22 17:12d--------c:\programdata\Malwarebytes
2009-02-22 17:12 . 2009-02-22 17:12d--------c:\program files\Malwarebytes' Anti-MALWARE
2009-02-22 17:12 . 2009-02-11 10:1938,496--a------c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-22 17:12 . 2009-02-11 10:1915,504--a------c:\windows\System32\drivers\mbam.sys
2009-02-18 13:35 . 2009-02-18 13:46d--------c:\users\Adeeba\AppData\Roaming\Dev-Cpp
2009-02-18 13:34 . 2009-02-18 13:34d--------C:\Dev-Cpp
2009-02-18 10:05 . 2008-12-05 01:261,244,672--a------c:\windows\System32\mcmde.dll
2009-02-18 10:05 . 2008-12-05 01:29428,032--a------c:\windows\System32\EncDec.dll
2009-02-18 10:05 . 2008-12-05 01:28292,352--a------c:\windows\System32\psisdecd.dll
2009-02-18 10:05 . 2008-12-05 01:28217,088--a------c:\windows\System32\psisrndr.ax
2009-02-18 10:05 . 2008-12-05 01:29177,152--a------c:\windows\System32\mpg2splt.ax
2009-02-18 10:05 . 2008-12-05 01:2780,896--a------c:\windows\System32\MSNP.ax
2009-02-18 10:05 . 2008-12-05 01:2768,608--a------c:\windows\System32\Mpeg2Data.ax
2009-02-18 10:05 . 2008-12-05 01:2757,856--a------c:\windows\System32\MSDvbNP.ax
2009-02-11 19:09 . 2009-02-11 19:09118--a------c:\windows\System32\MRT.INI
2009-02-07 23:08 . 2009-02-08 01:10d--------c:\windows\BDOSCAN8
2009-01-24 23:09 . 2009-02-12 20:16d--------c:\users\Adeeba\random

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 20:42---------d-----wc:\programdata\Symantec
2009-02-22 18:46---------d-----wc:\programdata\Roxio
2009-02-12 06:00---------d-----wc:\program files\Windows Mail
2009-02-11 19:15---------d-----wc:\users\Adeeba\AppData\Roaming\LimeWire
2009-01-21 23:08---------d-----wc:\programdata\CyberLink
2009-01-15 04:1652,736----a-wc:\windows\AppPatch\iebrshim.dll
2009-01-08 01:3927,934----a-wc:\users\All Users\nvModes.dat
2009-01-08 01:3927,934----a-wc:\programdata\nvModes.dat
2009-01-06 21:35---------d-----wc:\users\Adeeba\AppData\Roaming\DivX
2009-01-06 21:32---------d-----wc:\program files\DivX
2009-01-06 21:32---------d-----wc:\program files\Common Files\PX Storage Engine
2009-01-06 19:23806----a-wc:\windows\system32\drivers\SYMEVENT.INF
2009-01-06 19:23124,464----a-wc:\windows\system32\drivers\SYMEVENT.SYS
2009-01-06 19:2310,635----a-wc:\windows\system32\drivers\SYMEVENT.CAT
2009-01-06 19:23---------d-----wc:\program files\Symantec
2008-12-29 16:20---------d-----wc:\users\Guest\AppData\Roaming\vlc
2008-12-10 19:17174--sha-wc:\program files\desktop.ini
2008-10-05 02:370----a-wc:\users\Adeeba\AppData\Roaming\wklnhst.dat
2008-09-04 22:0076--sh--rc:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((( [emailprotected]_15.59.16.77 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-22 18:55:28262,144--sha-wc:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-22 21:06:22262,144--sha-wc:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-02-22 18:55:28262,144--sha-wc:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-22 21:06:22262,144--sha-wc:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-02-22 18:55:1216,384--sha-wc:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-22 21:06:1216,384--sha-wc:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-22 18:55:1232,768--sha-wc:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-22 21:06:1232,768--sha-wc:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-22 18:55:1216,384--sha-wc:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-22 21:06:1216,384--sha-wc:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-22 18:56:536,076----a-wc:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1626518161-2929080396-116505275-1000_UserData.bin
+ 2009-02-22 20:48:156,092----a-wc:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1626518161-2929080396-116505275-1000_UserData.bin
- 2009-02-22 18:56:5372,356----a-wc:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-22 20:48:1572,356----a-wc:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-22 17:18:3943,140----a-wc:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-22 20:48:1443,140----a-wc:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 01:13721408--a------c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 01:13721408--a------c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-09-05 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"FactFinder"="c:\program files\Microsoft FactFinder\ff.exe" [2001-06-22 81920]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"WMPNSCFG"="c:\program files\Windows MEDIA Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-04-09 166432]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-09 13515296]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-09 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-04-09 92704]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-16 3444736]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-19 185872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"MRT"="c:\windows\system32\MRT.exe" [2009-02-03 21244864]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-02-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-09-04 19:12 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification PackagesREG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7B3C4EB0-20B3-4B89-B248-E7810C130E59}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{627A842B-3E8F-4799-8213-1861B640F3D1}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{AC91ED12-8024-4F90-8F4A-C628C30B6DD7}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{0DFC109E-7369-4ADC-9E57-33354C1291D6}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{57656B01-03BC-482E-999C-C75AA8FD923B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9FFA8897-FF49-48DC-A83A-3C507F856C54}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3DDA4CA1-59F3-409D-B5A4-A7C6CA5D3558}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{EF8B4C7D-510D-412C-88FF-0C61E0323733}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{1020596F-1992-4F0B-BC16-78FF0BC3340F}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{E5558807-9126-4799-B51D-94498BC8F93D}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{C2D15551-E4C0-49B7-B83F-8A3ACEF8DA08}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{821A94FD-6723-401C-AAE0-1059373787BC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{602E7440-16D9-4512-A78E-980FE6A2406D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090212.002\IDSvix86.sys [2009-02-16 270384]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2008-09-04 73728]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-10-27 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-07 99376]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [2008-09-05 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [2008-09-05 7424]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2008-06-13 41008]
S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\System32\drivers\cmo_bus.sys [2008-10-05 58352]
S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\System32\drivers\cmo_mdfl.sys [2008-10-05 8304]
S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\System32\drivers\cmo_mdm.sys [2008-10-05 93904]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [2007-05-29 23888]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [2008-09-05 209408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc790409-b5e1-11dd-8c0e-002268995227}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-01-19 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Adeeba.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 14:19]

2009-02-22 c:\windows\Tasks\User_Feed_Synchronization-{A17C346D-D918-4BF3-888D-B1FAD8D6E04B}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 06:45]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {8EAB7167-A061-4B3E-95F2-205C02AA3EA6} = 196.3.132.1 196.3.132.4
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 18:06:25
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(652)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll

- - - - - - - > 'Explorer.exe'(1952)
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
c:\program files\Microsoft FactFinder\FFMH.DLL
c:\users\Adeeba\AppData\Local\Temp\catchme.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Fingerprint Reader Suite\upeksvr.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\BCMWLTRY.EXE
c:\windows\System32\wlanext.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\System32\stacsv.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\combofix\hidec.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Fingerprint Reader Suite\psqltray.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Dell Support Center\gs_agent\dsc.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\combofix\Catchme.tmp
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-02-22 18:11:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-22 21:10:05
ComboFix2.txt 2009-02-22 19:01:42

Pre-Run: 78,872,215,552 bytes free
Post-Run: 78,635,069,440 bytes free

242--- E O F ---2009-02-18 17:31:34





thanks

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.
• The above procedure will:
• Delete the following:
• ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.
.
----------

Use the

• Click on SCAN NOW
  
• Click Accept.
  
• The program will then begin downloading the latest definition files.
• Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  
• The scan will take a while, so be patient and let it finish.

• Next, in the Save as prompt, Save in area, select: Desktop.
  
• In the File name area use KScan, or something similar.
  
• In Save as type: click the drop arrow and select: Text file [*.txt]
  
• Then, click: Save

I have zonealarm pro installed on my system and the virus check stated i had a possible virus and said that it was unable to remove. I think i may have it safely quarantined at the moment. i have followed the initial instructions and have posted my logs. Any help to see if I am now safe would be appreciated.


[attachment deleted by admin]Use the Kaspersky Lab Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

• Click on SCAN NOW
  
• Click Accept.
  
• The program will then begin downloading the latest definition files.
• Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  
• The scan will take a while, so be patient and let it finish.

• Next, in the Save as prompt, Save in area, select: Desktop.
  
• In the File name area use KScan, or something similar.
  
• In Save as type: click the drop arrow and select: Text file [*.txt]
  
• Then, click: Save

• Go to Start, then Programs, then Accessories, then System Tools
  
• Choose System Restore
  
• When the program starts, make sure that Create a Restore Point is checked, the click Next
  
• Give the restore point a name, then click Create, then Close to complete

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any UPDATES are needed.
• Update anything listed.

So I very stupidly and accidentally downloaded a rootkit and my comps a mess. I tried this removal kit thing that some university put ONLINE to help get rid of it, but it didn't really work. I don't even want my comp anymore, but my music and photos and personal files are on there. My question is is it safe to transfer my files to an external hard drive with the rootkit still on my comp or will it infect the external hardrive as well? Are the files infected? Do I need to get rid of the rootkit first? PLEASE HELP ME!!!How do you know it's a rootkit?

Rootkits very seldom come alone. There is USUALLY some other form of malware along with them so it's best to either wipe the drive or clean it. We can help with the cleaning and you won't loose anything.

Just need to work with me and we will get it taken care of. First we need to find it.

Download Rooter.exe to your desktop

* Double click Rooter.exe to start the tool.
* A DOS window will appear and show the scan progress.
* Once complete a notepad file containing the report will open.
* COPY & paste the results in your next reply.
* Close notepad and Rooter will close.

A log will also save at %systemdrive%\Rooter.txt (Where %systemdrive% is usually C: or the drive that you have Windows installed).

----------

Download TrendMicro HijackThis.exe (HJT) to the Desktop.

• Double-click on HJTInstall.
• Click on the Install button.
  
• It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
  
• Upon install, HijackThis should open for you.
• Click on the Do a system scan and save a log file button
  
• HijackThis will scan and then a log will open in notepad.
• Copy and then paste the entire contents of the log in your post.
  
• Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

• R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newfirstpage.com/?cm=612470<=1&it=2008-10-17%2020%3A26%3A25&dt=2008-11-02%2014%3A44%3A46&q=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
• O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdwsb.exe] C:\WINDOWS\system32\kdwsb.exe
• O20 - AppInit_DLLs: kcjxib.dll mxzdbw.dll

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

• Delete:
• ComboFix and its associated files and folders.
• VundoFix backups, if present
• The C:\Deckard folder, if present
• The C:_OtMoveIt folder, if present

• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

this is not my PC , my FRIEND has a blue screen with a message in some SORT of

code and text saying , physical dump TAKING place , she uses xp ie7 , any way to help , harry

Hey, I was recently infected by win32.backdoor-dnm. I have followed the steps in your "Read this before requesting malware help" thread. I use IE and it keeps redirecting me to a site selling "anti-virus" and after a few minutes it shuts down. I also keep getting "windows" security warnings that also will send me to the antivirus site. Since I followed the steps in the "read this before ..." thread it hasn't happened, so maybe it's fixed? But I'm not sure how to tell.

Here are my logs.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/05/2009 at 01:23 AM

Application Version : 4.25.1014

Core Rules Database Version : 3785
Trace Rules Database Version: 1742

Scan type : Complete Scan
Total Scan Time : 02:28:59

Memory items scanned : 499
Memory threats detected : 0
Registry items scanned : 5469
Registry threats detected : 0
File items scanned : 74588
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\ROGER\Cookies\[emailprotected][2].txt

Trojan.Unclassified
C:\WINDOWS\SYSTEM32\MPFSERVICEFAILURECOUNT.TXT



Malwarebytes' Anti-Malware 1.34
Database version: 1825
Windows 5.1.2600 Service Pack 3

3/6/2009 4:28:54 PM
mbam-log-2009-03-06 (16-28-54).txt

Scan type: Quick Scan
Objects scanned: 61397
Time elapsed: 6 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\realtecks (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\ROGER\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ROGER\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ROGER\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\ROGER\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ROGER\Application Data\AdwareAlert\Log\2009 Mar 04 - 01_18_46 PM_296.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ROGER\Application Data\AdwareAlert\Log\2009 Mar 04 - 04_41_20 PM_473.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ROGER\Application Data\AdwareAlert\Log\2009 Mar 04 - 04_56_30 PM_261.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ROGER\Application Data\AdwareAlert\Log\2009 Mar 04 - 05_38_25 PM_642.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ROGER\Application Data\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\END (Trojan.FakeAlert) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:04, on 3/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\PROGRA~1\AVGANT~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\AVGANT~1\avgamsvr.exe
C:\PROGRA~1\AVGANT~1\avgupsvc.exe
C:\PROGRA~1\AVGANT~1\avgemc.exe
C:\WINDOWS\runservice.exe
I:\Program Files\Alcohol\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVGANT~1\avgfwsrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
I:\Program Files\Hijack This\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dodgers.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.dodgers.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dodgers.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [DISC DETECTOR] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] "C:\Program Files\D-Link\AirPlus G\AirGCFG.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\AVGANT~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] "C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\AVGANT~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\AVGANT~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\AVGANT~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\AVGANT~1\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167269231652
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O20 - Winlogon Notify: !SASWinLogon - I:\Program Files\SuperAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGANT~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGANT~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGANT~1\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGANT~1\avgfwsrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - H:\Acid Pro\Shared Plug-ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - I:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - I:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - H:\Acid Pro\Shared Plug-ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - I:\Program Files\Alcohol\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 7466 bytes


As far as I can tell, it has worked but I would love to get a second opinion. Any info will be greatly appreciated.
ThanksHey, can anyone help me? All I'm wondering is if this virus is gone.hey just read the "don't bump your thread" post. i didn't intentionally mena to bump my thread. sorry about that. i'll be patient.Open HijackThis and select Do a system scan only.

Place a CHECK mark next to the following entries: (if there)

O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

Why didn't you update AVG antivirus?

How is the computer running now?Hey, thanks for your help. I ran hijackthis and fixed the file you told me to. As far as AVG goes, it still updates itself and the liscence says it won't expire for another couple of years. I'm not really sure how that works, a friend of mine set it up for me. So far my computer hasn't been acting up. No popups about the virus and I'm able to open IE without any problems. Also, do you recommend I use Firefox instead of IE? Thanks.You should update AVG to the new 8.0 version.

Set a New Restore Point to PREVENT possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

• Go to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

You don't NECESSARILY have to USE the Intellipoint software. Try uninstalling it then restart the computer. WINDOWS should install any drivers necessary for the mouse to WORK.

Hi!!
I am new to this forum and ALSO a newbie to software stuff. I don’t have much knowledge about computers. I use my computer just to send or receive emails. While checking my mails I get lots of pop ups which are advertisements. EARLIER the number of these pop ups was less but off late it has become very difficult to check my emails because when I try to close them it freezes my system and only OPTION left is to restart the pc. I don’t have any antivirus software installed on my PC and now I am bound to look for one.
Also while doing my bit of research on the net I came across two software : Internet security software http://www.ecostsoftware.com/symantec/norton-internet-security-2009_p3974 and antivirus software http://www.ecostsoftware.com/symantec/norton-antivirus-2009-1-user-3-pcs_p3987 . Is there any difference between the two? Which one should I opt for? Sorry for an amateurish post!One of them is Norton Internet Security 2009 and the other one is Norton Antivirus 2009.

You can compare the two products here:
http://www.symantec.com/norton/antivirus
(when you get to that page, click on Compare Related Products)

Note: DO NOT get Norton 360.
Note2: There are other Free Antivirus programs out there that do just as well as paid ones if you're INTERESTED.

.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LEXMARK X5100 Series"="c:\program files\Lexmark X5100 Series\lxbabmgr.exe" [2003-03-04 86100]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-03 136600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-05 1601304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"SiSPower"="SiSPower.dll" [2006-03-09 c:\windows\system32\SiSPower.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"nltide_3"="advpack.dll" [2008-12-20 c:\windows\system32\advpack.dll]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-05-26 262144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-05 21:49 10520 c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 09:36 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 03:01 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-01 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-01 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-01 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-01 298264]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-02-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2009-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet CONNECTION Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {77538FC7-CE52-4704-9865-494FE92BC320} - hxxp://www.ultimatebaseballonline.com/myubo/launchubo.OCX
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\01mfm28n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\01mfm28n.default\extensions\[emailprotected]\platform\WINNT_x86-msvc\plugins\npmnqmp07061050.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\01mfm28n.default\extensions\[emailprotected]\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLC\npvlc.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 20:15:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(488)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Lexmark X5100 Series\lxbabmon.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion TIME: 2009-02-19 20:17:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-20 01:17:36
ComboFix2.txt 2009-01-06 04:04:20
ComboFix3.txt 2008-12-05 21:42:08

Pre-Run: 25,664,077,824 bytes free
Post-Run: 25,654,018,048 bytes free

399--- E O F ---2009-02-19 08:05:08




and i tried the eset scanner AMD it said my browser was not supported!!!
hello?A month and a half?

You need to start over with the 3 original logs.igght

I would say your computer is clean. If there are no other issues we can do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the FIELD, type in ComboFix /uninstall
  

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

Should I report a "false positive" to SAS?

Ok. We can do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the FIELD, type in ComboFix /uninstall
  

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

Also i'm still having the issue with windows not automatically logging me in.

Quote from: SuperDave on June 30, 2011, 04:30:28 PM

Sometimes, an important and legit file gets quarantined by mistake. If that happens, we can always recover the file. I usually empty the quarantine folder every few weeks.Yes, it will identify where the files are residing.

Sometimes, an important and legit file gets quarantined by mistake. If that happens, we can always recover the file. I usually empty the quarantine folder every few weeks.Yes, it will identify where the files are residing.

• Place a blank CD-R disc in to your CD burning drive.
• Download OTLPEStd.exe and double-click on it to burn to a CD using an ISO Burner. One can be found here.
  
• Reboot your system using the boot CD you just created.
• Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  
• Change Drivers to Non-Microsoft
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved in drive C:\_OTL\MovedFiles
  
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.
  

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

• Place a blank CD-R disc in to your CD burning drive.
• Download OTLPEStd.exe and double-click on it to burn to a CD using an ISO Burner. One can be found here.
  
• Reboot your system using the boot CD you just created.
• Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  
• Change Drivers to Non-Microsoft
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved in drive C:\_OTL\MovedFiles
  
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.
  

. This of course leads back to taking the hard drive out just to access that data if nothing else.

BTW I got a brand new copy of XP with service pack 2 and three on it.

You can remove the harddrive, slave it to another and get your data. Make sure you scan the data before putting it on another computer.
If it's the same as what you have on your computer, you could try a Recovery. It won't affect your data.

Which method would you suggest I use to get it back running again?

You can start by booting with the OTLPE rescue disk. You may have to change the BIOS in order to boot from the disk.

If you do not know how to set your computer to boot from CD follow the steps here

You can start by booting with the OTLPE rescue disk. You may have to change the BIOS in order to boot from the disk.

If you do not know how to set your computer to boot from CD follow the steps here

You can start by booting with the OTLPE rescue disk. You may have to change the BIOS in order to boot from the disk.

If you do not know how to set your computer to boot from CD follow the steps here

I'm going to go back and check the bios post. Maybe i misunderstood. The CD made with the OTLPE file on it does not start my computer at all. Other CD's that were suggested along the way always booted from the CD without changing the bios. Maybe it's different for this one.

Hi Dave,

Just back from holiday and tried to open Skype again (after reinstalling it before I went away) and this time I finally got an Antivir message:

Virus or unwanted program 'TR/Crypt.ZPACK.Gen2 [trojan]'
detected in file 'C:\Program Files\Skype\Phone\Skype.exe.
Action performed: Deny access

My computer has been off all week and I even unplugged the modem (irrational I know!)

IE seems to be working properly now after following your instructions! Thanks.

Did you uninstall Skype before installing a new version? I don't know why your AV is given you that message. We may as well do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

• Click the CleanUp button.
  
• SELECT Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

That sounds good. If there are no other issues, let's do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

• Click the CleanUp button.
  
• Select Yes when the "BEGIN cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/06/2011 at 09:06 PM

Application Version : 4.52.1000

Core RULES Database Version : 7008
Trace Rules Database Version: 4820

Scan type : Complete Scan
Total Scan Time : 03:05:24

Memory items scanned : 835
Memory threats detected : 21
Registry items scanned : 8163
Registry threats detected : 142
File items scanned : 176054
File threats detected : 474

Trojan.Agent/Gen-Falprod
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\PROGRAM FILES\MICROSOFT WINDOWS ONECARE LIVE\WINSSNOTIFY.EXE
C:\PROGRAM FILES\MICROSOFT WINDOWS ONECARE LIVE\WINSSNOTIFY.EXE
C:\PROGRAM FILES\LAUNCH MANAGER\LMANAGER.EXE
C:\PROGRAM FILES\LAUNCH MANAGER\LMANAGER.EXE
C:\PROGRAM FILES\ACER REGISTRATION\ACE1.EXE
C:\PROGRAM FILES\ACER REGISTRATION\ACE1.EXE
C:\PROGRAM FILES\ACER ASSIST\LAUNCHER.EXE
C:\PROGRAM FILES\ACER ASSIST\LAUNCHER.EXE
C:\ACER\EMPOWERING TECHNOLOGY\EDSMSNFIX.EXE
C:\ACER\EMPOWERING TECHNOLOGY\EDSMSNFIX.EXE
C:\ACER\ACERTOUR\REMINDER.EXE
C:\ACER\ACERTOUR\REMINDER.EXE
C:\ACER\EMPOWERING TECHNOLOGY\EDATASECURITY\EDSLOADER.EXE
C:\ACER\EMPOWERING TECHNOLOGY\EDATASECURITY\EDSLOADER.EXE
C:\PROGRAM FILES\JAVA\JRE6\BIN\JUSCHED.EXE
C:\PROGRAM FILES\JAVA\JRE6\BIN\JUSCHED.EXE
C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE
C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM.EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\USERS\KYLE\APPDATA\ROAMING\MJUSBSP\CDLOADER2.EXE
C:\USERS\KYLE\APPDATA\ROAMING\MJUSBSP\CDLOADER2.EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE
C:\PROGRAM FILES\STEAM\STEAM.EXE
C:\PROGRAM FILES\STEAM\STEAM.EXE
C:\PROGRAM FILES\ITUNES\ITUNESHELPER.EXE
C:\PROGRAM FILES\ITUNES\ITUNESHELPER.EXE
C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
[SynTPEnh] C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
[eDataSecurity Loader] C:\ACER\EMPOWERING TECHNOLOGY\EDATASECURITY\EDSLOADER.EXE
[LManager] C:\PROGRA~1\LAUNCH~1\LMANAGER.EXE
C:\PROGRA~1\LAUNCH~1\LMANAGER.EXE
[eDSMSNfix] C:\ACER\EMPOWERING TECHNOLOGY\EDSMSNFIX.EXE
[Acer Product Registration] C:\PROGRAM FILES\ACER REGISTRATION\ACE1.EXE
[Acer Assist Launcher] C:\PROGRAM FILES\ACER ASSIST\LAUNCHER.EXE
[Acer Tour Reminder] C:\ACER\ACERTOUR\REMINDER.EXE
[OneCareUI] C:\PROGRAM FILES\MICROSOFT WINDOWS ONECARE LIVE\WINSSNOTIFY.EXE
[SunJavaUpdateSched] C:\PROGRAM FILES\JAVA\JRE6\BIN\JUSCHED.EXE
[QuickTime Task] C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE
[iTunesHelper] C:\PROGRAM FILES\ITUNES\ITUNESHELPER.EXE
[Malwarebytes' Anti-Malware (reboot)] C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE
[ISUSPM Startup] C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
[ISUSScheduler] C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE
[ISUSPM Startup] C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM.EXE
[cdloader] C:\USERS\KYLE\APPDATA\ROAMING\MJUSBSP\CDLOADER2.EXE
[swg] C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE
[Steam] C:\PROGRAM FILES\STEAM\STEAM.EXE
[Messenger (Yahoo!)] C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOMESSENGER.EXE
C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOMESSENGER.EXE
[Google Update] C:\USERS\KYLE\APPDATA\LOCAL\GOOGLE\UPDATE\GOOGLEUPDATE.EXE
C:\USERS\KYLE\APPDATA\LOCAL\GOOGLE\UPDATE\GOOGLEUPDATE.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\LManager.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\LManager.EXE#Path
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe#Path
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\MSNMSGR.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\MSNMSGR.EXE#Path
C:\WINDOWS\FONTS\EBX8M4.COM
C:\WINDOWS\TEMP\LLXF\SETUP.EXE
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-8F5FE660.pf
C:\Windows\Prefetch\ISSCH.EXE-67938A78.pf
C:\Windows\Prefetch\ISUSPM .EXE-8C161833.pf
C:\Windows\Prefetch\ITUNESHELPER.EXE-FCF4252E.pf
C:\Windows\Prefetch\MSNMSGR.EXE-9974F251.pf
C:\Windows\Prefetch\STEAM.EXE-8B1DBB8A.pf
C:\Windows\Prefetch\WINSSNOTIFY.EXE-E648C4D5.pf
C:\Windows\Prefetch\YAHOOMESSENGER.EXE-FB86A911.pf

Adware.Tracking Cookie
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
.doubleclick.net [ C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
C:\Users\Kyle\AppData\Local\Temp\Cookies\[emailprotected][2].txt
C:\Users\Kyle\AppData\Local\Temp\Cookies\[emailprotected][2].txt
2mdn.net [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
a.ads2.msads.net [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
ads1.msn.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
bannerfarm.ace.advertising.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
beta.naked.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
cdn4.specificclick.net [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
content.oddcast.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
content.yieldmanager.edgesuite.net [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
convoad.technoratimedia.net [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
files.adbrite.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
files.youporn.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
freeporn.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
gallery.teenpinkvideos.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
googleads.g.doubleclick.net [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
hs.interpolls.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
i.*adult URL* [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
ia.media-imdb.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
interclick.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
m1.2mdn.net [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
media.ign.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
media.jambocast.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
media.mtvnservices.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
media.onsugar.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
media.scanscout.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
media.socialvibe.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
media.tattomedia.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
media.wfaa.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
media01.kyte.tv [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
media1.break.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
msnbcmedia.msn.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
naiadsystems.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
objects.tremormedia.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
oddcast.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
papprd.vantage-media.net [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
porn.gonzo-movies.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
*censored*.dreammovies.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
richmedia247.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
s0.2mdn.net [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
SECURE-us.imrworldwide.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
static.discoverymedia.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
static.sexsearch.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
static.youporn.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
templates.mediaforge.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
uclick.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
udn.specificclick.net [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
video-transcripts.findlaw.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
www.crackle.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
www.dump.porntele.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
www.freeporn.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
www.kinxxx.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
www.maxporn.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
www.media2cn.info [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
www.naiadsystems.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
www.pornhub.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
www.ziporn.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
wwwstatic.megaporn.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
yieldmanager.edgesuite.net [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
youporn.videobox.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZA5463N ]
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][3].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][3].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][4].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][5].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][7].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][3].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][3].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][3].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][5].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected]media[2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][3].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][3].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][4].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][3].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][3].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][5].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][6].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][7].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][8].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][3].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][3].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][4].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][5].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][3].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][5].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][6].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][4].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][3].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][4].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][3].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][4].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected]rget.db.advertising[2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][3].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][3].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][10].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][11].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][3].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][4].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][5].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][6].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][7].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][8].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][9].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][3].txt
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][4].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt

Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-560816815-3849694210-249611362-1000\SOFTWARE\FunWebProducts
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version
All processes killed
========== OTL ==========
========== FILES ==========
C:\Users\Kyle\AppData\Local\Temp\RtkBtMnt.exe moved successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kyle
->Temp folder emptied: 633665586 bytes
->Temporary Internet Files folder emptied: 42445332 bytes
->Java cache emptied: 15492878 bytes
->FireFox cache emptied: 44935939 bytes
->Google Chrome cache emptied: 9498871 bytes
->Opera cache emptied: 40331458 bytes
->Flash cache emptied: 214581 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 59846284 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 807.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05062011_212804

Files\Folders moved on Reboot...
File\Folder C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\
Content.IE5\N2F9O6QB(54)\00;ord=1302024385839;u=i_8244773960578074628%7Cm_175506;
dcopt=ist;tile=1;um=0;us=13;eb_trk=175506;pr=20;xp=20;np=20;uz=;cg=
4464f21312e0a0aa14b10751ff38dfeb[1].htm not found!
File\Folder C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G48RJ7S6(95)\W5lBHNsawNlbnRpdHlob3Zlcl9jbwR1cmwDaHR0cDovL3VzLm1nNi5tYWlsLnlhaG9vLmNvbS9kYy9sYXVuY2g_
Lmd4PTEmLnJhbmQ9YzNpaXFtdjBoNmd0MgR2aXN pYmxlAzAEd2lraUlkAwR3dAMwLjQyNjgy[1] not found!
File\Folder C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\261IQPX2(52)\
00;ord=1302024385839;u=i_8244744755065835024%7Cm_175506;dcopt=ist;tile=1;um=0;us=13;eb_trk=175506;pr=20;xp=20;np=20;uz=;cg=4464f21312e0a0aa14b10751ff38dfeb[1].htm not found!
File\Folder C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BH4XQVI8(91)\40134;origin=msn;pmt=;freeplay=y;userfreeplay=n;login=n;country=;locale=en_US;firstrun=n;firstsession=n;sz=358x336;
ord=587976912;NonPmt=n;subtier=;trialdaysleft=0;[1] not found!
File\Folder C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BH4XQVI8(91)\=40134;origin=msn;pmt=;freeplay=y;userfreeplay=n;login=n;country=;locale=en_US;firstrun=n;firstsession=n;sz=735x80;ord=
666080939;NonPmt=n;subtier=;trialdaysleft=0;[1] not found!

Registry entries deleted on Reboot...
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.
Ok that's all the replies for the 3 programs that you had me download.Just let me know if there is anything else that needs to be done Please let me know what's happening with your computer now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

I'll try to find someone that has the CD, but apparently it's becoming pretty common to not receive a Windows CD with a new computer. Do I have other routes to getting a CD, or other options entirely?Quote from: shag on September 02, 2011, 08:11:01 PM

I'll try to find someone that has the CD, but apparently it's becoming pretty common to not receive a Windows CD with a new computer.

I was able to re-load windows from the Recovery Console.

Hello!

Well I am having serious computer trouble, its just started up from out of the blue.

I was running out out disk space so I decided to go remove or delete a few programs. When I went to the Add/Remove Programs list I deleted a few things but some other programs when I clicked on it, it didnt have any button at all. No remove or delete one. Win Zip in particular.

What should I do? I really need to get rid of these old programs.

Please Help! Thanks in advance.jalapino started another thread:
Quote

Yet another problem, I have a few folders hidden from plain view but now all of a sudden I'm unable to show them. I click show hidden files and folders and when I click okay nothing happends. I go back to the list and see that it has switched back to 'do not show hidden files and folders' once again.

This is really getting annoying, please help!!

From reading this and your other post, it sounds like you might have a virus or your Windows installation has gone bad.

I'll let Broni or one of the other malware guys pick this up though.

Print these instructions out.

1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RESTART COMPUTER!

2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.

help please,im using windows XP,my avast detected a VIRUS on my pc and after moving it to chest and i reboot,the PROBLEM suddenly occurred , every time windows login system32 OPENS up Download and run Mike Lin's Startup Control PANEL (http://www.mlin.net/StartupCPL.shtml). LOOK for an entry that loads from your \system32 folder and uncheck it and then reboot. Let us know if that fixes it.

Hey,

Apparantly someone logged into my hotmail last night at 3am, a friend told me and pasted the conversation; nothing interesting the person posing as me SAID one word. I was just WONDERING what I should do now? Everything is in my email account, every ONLINE service I use. The worst thing is my address.

I've ran a virus scan using Avast - no infected files. I use Windows XP SP3, Windows firewall and Avast free edition - I keep all my software up-to-date.

I also have a laptop that runs Ubuntu 10.10 - I'm pretty sure linux is safe by design HOWEVER I do also have a firewall and am currently running a virus scan on that as well.

The only thing is when my friend pasted the conversation - the screen name also had my surname and I use only my first name for any TYPE of chat client. The person was using profile picture though.

Any advice would be great.
Thanks.Change your password.I've just changed it. Would it really make a difference though - if someone's already had free access to my email (could have already saved them etc)?

hi dave .things didn't run like you said but here is the findings from the scan.again in safe mode only
3/4 of the screen is SHOWING on the left.had to drag the screen around to see what was needed.
Status: Deleted (events: 1)
9/6/2011 7:16:41 PMDeletedTrojan program Exploit.Java.CVE-2010-4452.aC:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\12\3cc664c-3f5d5e56High

dave also when on reboot the dell splash screen then the windows splash screen only show 3/4 of the screen the rest is black. this was never like that before i started having a problem.Can you try another monitor on that computer?ok tried another monitor and everything worked right.so some setting must be wrong with this one.
after it boots to windows the screen is fine only the dell and windows splash screens are not
centered. and in safe mode the screen is off to the side?also did you see anything thta was wrong
as far as malware or virus? thanks dave for helping me out . not sure why combofix won't run. but at startup avast give me a warning that i should not open c:\combofit\pev.3xe Quote

did you see anything thta was wrong as far as malware or virus?

not sure why combofix won't run. but at startup avast give me a warning that i should not open c:\combofit\pev.3xe

but if you think
everything looks good i'll let it be.still not sure why the 3/4 splash screens and safemode?

yes i was able to run the avp scan . the results are in message reply #15 do i need to run that again?

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

dave i can't thank you enough .this is running much much better than it was.i'm glad there are people like you out there to help us out.i did install most of the programs you said. will do more
later. thakns again.

I can't seem to run the ESET scan,

I tick yes to accept terms and conditionds, and press start, nothing happens for a few minutes then it askes me to install an add-on

OnlineScanner.cab from 'ESET, spol.s r.o.'.

I press install every time, and an Internet Explorer message pops up saying

To display the webpage again, the web browser needs to resend the information you've previously submitted.
If you were making a purchase, you should click Cancel to avoid a duplicate transaction. Otherwise, click Retry to display the webpage again

So I press Retry and it takes me back to the Term's and Conditions page??

Any ideas??
sorry bout that

i just pushed cancel to resend the info and it seemeed to work

scaning nowI'm not sure if the scan finshed completely i wasn't there wathchin, but it took over 4 hours to do 50%, then within the next hour it was done, i don't think it was connected to the net the whole time

should i start again??


This was the log found in the program file

[emailprotected] as CAB hook log:
OnlineScanner.ocx - registred OK



This was the found threats

C:\Users\Jake\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7c88068a-2bd1c06dJava/Agent.BV trojandeleted - quarantined
C:\Users\Jake\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\2b29fca3-15523528a variant of Java/Agent.BR trojandeleted - quarantined
C:\Users\Jake\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\38e63bec-429dc16bJava/Agent.BV trojandeleted - quarantined
C:\Users\Jake\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\5ad4b738-1a7b0624Java/Agent.BV trojandeleted - quarantined
Quote

should i start again??

A program on your computer has corrupted your default search provider setting for internet explorer.
Internet Explorer has reset this setting to your original search provider, Google (www.google.com).
Internet Explorer will now open Search Settings, where you can change this setting or install more search providers.

I press OK and a Manage Add Ons window opens where google is already enabled as default so i press close, but it happens every time??

and most of the auto complete's dont show up or my my most popular sites when i open a new tab??

any ideas??

aslo do you have any suggestions about my external hard drive that wont load??

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

When trying to INSTALL the Eset ESS-5 program I got the strong recommendation to uninstall an F-Secure anti-virus before continue with the Eset.

The procedure given by Eset to uninstall F-Secure anti-virus was not solution at all because in my CONTROL Panel > Add or remove programs there's no F-Secure.

I used F-Secure Blacklight months ago, but even though I understand that this self-executable program leaves nothing in the PC, I still suspect that what Eset finds is some Blacklight leftover.

According to F-Secure home page:

«BlackLight is not installed in the normal sense. It is a simple executable FILE that is downloaded into your computer and it can be run by double-clicking on the file. There are no items in the "start"-menu or keys in the registry. "Uninstallation" of BlackLight simply means deleting the file. Location of the file is dependant on how you downloaded the file and which browser you used. If you downloaded the file with IE and chose "run", blbeta.exe is USUALLY stored in "C:\DOCUMENTS and Settings\<username>\Local Settings\Temporary Internet Files».

but it has been impossible for me to find any blbeta in my PC.

Does anybody know how to find that "thing" that Eset detects?
You can try running the F-Secure removal tool.

F-Secure products - F-Secure Uninstallation toolThanks, but I already said that F-Secure uninstallation tools procedure is looking for F-Secure in Control Panel > Add or remove programs, and I have no F-Secure there.

Hi first of all THANKS for reading this and please help me, and I am so sincerely thankful that there's EVEN a forum like this here. Let me get to the chase thoguh.

Yesterday morning my other(good) computer started acting funky. When I tried to open links on the internet, it would just read it as download, and after downloading it would just link to a strange version of the website. Not just one link, any link. But I had to go to school so I just turned it off and hoped it would work in the morning.

But I got back and its reliving this computer game I play called Starcraft. It's pressing and typing things I would while I play the game, even redoing chat's I had on facebook/word document. It's so odd. The mouse has a mind of its own and I can't stay over something for too long or it automatically selects it.

I spent all of yesterday removing viruses which I found via avast, search and destroy, and malebyte antivirus. I think I did it right, although you can certainly comment with helpful TIPS. But its still being funky.

I can just RUN all the anti VIRUS at the same time, right? Why isn't it doing anything? I'm so hopeless. I dont know what to do. I just need help so much thanks for listening. Any words would be helpful.

As a side note even as of now while I'm rerunning the anti virus stuff, the computer just opens random files. Does that slow it down? I think it went through my checking at some point too.Double post. Locked

I was wondering if ANYONE has ever USED the PC Pitstop PC MATIC free test drive?? I wanted to give it a try but scared to DOWNLOAD anything to my PC, in fear of malicious software

I received a 2002 HP desktop with XP as the OS. It was free, so the price was right. LOL However, it seems to have a virus that I can't get rid of. Would replacing the hard drive get rid of the problem, or is the virus stored in the RAM some how? I've replaced hard drives in desk tops before so this wouldn't be difficult for me, and spending $80 for a desktop that works and does what I need it to do would be great! Thanks for your input!Nothing is stored in RAM when the power is off. You could just format the drive USING a Windows CD and re-INSTALL.

Actually you should delete the existing partition, then format, then reinstall. This will take care of any virus in the boot sector / mbr.Quote from: Allan on September 14, 2011, 12:32:21 PM

Actually you should delete the existing partition, then format, then reinstall. This will take care of any virus in the boot sector / mbr.

sorry I missed this do you still want log?

Ok. Let's try this:

WINDOWS XP

IF folder C:\DOCUMENTS and Settings\user_name\Local Settings\Temp\smtmp EXIST...

COPY all content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\1
and paste it to this folder:
C:\Documents and Settings\All Users\Start Menu

Copy all content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\2
and paste it to this folder:
C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch

Copy all content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\3
and paste it to this folder:
C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar

Copy all content of this folder:
C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\4
and paste it to this folder:
C:\Documents and Settings\All Users\Desktop

Edited.Edited.

This is a good BLOG post from Tom Kelchner over at Sunbelt. Looks LIKE the bad guys are starting to use the online scanners as BAIT. NOT the real VirusTotal.com

Sophos ALSO reported on this only with different information. FREE FakeAV at Virus-Total (That’s not VirusTotal)

Well,
I am currently on my laptop and my anti-virus has been shut off, because I just stopped paying for it. ( kinda lame that you need to REPAY to keep it ) but now, not even 1 week later, i keep getting Windows Security Alerts, saying applications cannot be executed because it is infected. I can't run very much it without getting the same warning over and over. I was wondering if there is hope on getting this solved, or if there is any way to FIX this. My windows security is enabled so..
I do not understand, my computer JUST became unprotected. and bam
any help would be great!
very much appreciated..
Hello. Welcome to CH.

It seems you might have a little rogue infection. The message about files being infected, is a trojan popping the message up, and then shutting down the programs you try to start up.

Let's do a quick run and see what rogue is running:

Please download Cheetah-Anti-Rogue, and save to your Desktop.

• Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
• Double-click on Cheetah-Anti-Rogue.cmd to start.
• It will finish quickly and launch a log.
• Post the contents of it in your next reply.

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.bat" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

• MBAM log
• SAS log
• ESET log