Application cannot be executed. The file *** is infected.

[clarizard]

Hi,

I have read previous posts regarding this issue so have started by scanning with SUPERAntiSpyware, Malwarebytes Anti-Malware and Hijack this. I have patsed the logs onto this message in the hope someone can assist me with this problem. Basically out of the blue keep getting various application cannot be executed messages popping up at the bottom of the screen and it advises me to buy AV Security Suite and tells me my pc has no protection even though i currently use both Avast and AVG. Hope the logs give some clues and can help with this problem.

Clare

exeHelper by Raktor
Build 20100414
Run at 17:43:11 on 06/19/10
exeHelper by Raktor
Build 20100414
Run at 17:43:38 on 06/19/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Trace Rules Database Version: 2869

Scan type       : Complete Scan
Total Scan Time : 04:02:44

Memory items scanned      : 735
Memory threats detected   : 0
Registry items scanned    : 7558
Registry threats detected : 5
File items scanned        : 226198
File threats detected     : 1051

Trojan.Agent/Gen-Faldesc
   [gqhctjia] C:\USERS\HOME\APPDATA\LOCAL\HAITTVVGH\QAWTVCETSSD.EXE
   C:\USERS\HOME\APPDATA\LOCAL\HAITTVVGH\QAWTVCETSSD.EXE
   C:\USERS\HOME\APPDATA\LOCAL\20998873.EXE
   C:\Windows\Prefetch\20998873.EXE-D87583FA.pf
   C:\Windows\Prefetch\QAWTVCETSSD.EXE-BB6117EE.pf

Adware.Tracking Cookie
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\home@2o7[1].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\[email protected][1].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\[email protected][1].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\home@adrevolver[2].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\[email protected][1].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\[email protected][1].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\home@adtech[1].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\home@advertising[1].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\home@adviva[2].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\home@apmebf[2].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\home@atdmt[1].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\[email protected][1].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\home@burstbeacon[2].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\home@burstnet[1].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\[email protected][2].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\home@clicksor[2].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\[email protected][2].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\[email protected][3].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\home@doubleclick[1].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\[email protected][1].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\[email protected][2].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\[email protected][2].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\[email protected][2].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\[email protected][2].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\[email protected][1].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\[email protected][1].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\home@fastclick[1].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\home@hitbox[2].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\home@imrworldwide[2].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\home@mediaplex[2].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\home@myroitracking[1].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\[email protected][1].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\home@questionmarket[1].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\home@revsci[1].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\[email protected][1].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\home@serving-sys[2].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\home@smartadserver[2].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\home@specificclick[2].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\[email protected][2].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\home@tradedoubler[1].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\[email protected][1].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\[email protected][1].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\[email protected][1].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\[email protected][2].txt
   C:\Users\Home\AppData\Local\Temp\Low\Cookies\home@zedo[1].txt
   acvs.mediaonenetwork.net [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   broadcast.piximedia.fr [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   cdn.insights.gravity.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   cdn4.specificclick.net [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   cdn5.specificclick.net [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   cloud.video.unrulymedia.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   convoad.technoratimedia.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   ds.serving-sys.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   ec.atdmt.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   gw.callingbanners.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   ia.media-imdb.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   img-cdn.mediaplex.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   input.insights.gravity.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   m1.emea.2mdn.net [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   media.disneyinternational.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   media.mtvnservices.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   media.scanscout.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   media.socialvibe.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   media1.clubpenguin.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   media1.thegamehomepage.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   objects.tremormedia.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   s0.2mdn.net [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   secure-uk.imrworldwide.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   serving-sys.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   spe.atdmt.com [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   static.2mdn.net [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   trinity-adserver-003.co.uk [ C:\Users\Home\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DDBYD644 ]
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@247realmedia[10].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@247realmedia[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@247realmedia[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@247realmedia[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@247realmedia[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@247realmedia[5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@247realmedia[6].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@247realmedia[7].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@247realmedia[9].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@2o7[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@2o7[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@2o7[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@ad-indicator[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][10].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][11].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][6].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][7].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][8].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][9].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adbrite[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adbrite[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adbrite[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adcentriconline[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adecn[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adrevolver[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adrevolver[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][6].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][7].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][8].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adtech[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adtech[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@advertising[10].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@advertising[11].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@advertising[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@advertising[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@advertising[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@advertising[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@advertising[5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@advertising[6].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@advertising[7].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@advertising[8].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@advertising[9].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adviva[10].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adviva[11].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adviva[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adviva[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adviva[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adviva[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adviva[5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adviva[6].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adviva[7].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adviva[8].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adviva[9].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@adxpose[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@apmebf[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@apmebf[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@apmebf[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@apmebf[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@apmebf[5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@apmebf[6].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@atdmt[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@atdmt[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@atdmt[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@atdmt[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@atdmt[5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@atdmt[6].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@atwola[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@atwola[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@audience2media[11].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@audience2media[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@audience2media[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@audience2media[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@audience2media[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@audience2media[5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@audience2media[6].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@audience2media[8].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@audience2media[9].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@azjmp[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@bluestreak[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@bluestreak[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@bluestreak[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][10].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][11].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][6].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][7].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][8].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][9].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@burstbeacon[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@burstbeacon[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@burstnet[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@burstnet[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@casalemedia[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@casalemedia[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][6].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@chitika[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@chitika[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@chitika[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@clickbank[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@clicknkids[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@clicknkids[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@clicknkids[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@clicksor[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@clicksor[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@clicksor[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@clicktorrent[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@cltomedia[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@cltomedia[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@cltomedia[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@collective-media[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@collective-media[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][10].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][11].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][6].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][7].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][8].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][9].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@dealtime[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@dmtracker[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@dmtracker[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@doubleclick[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@doubleclick[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@doubleclick[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@doubleclick[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@fastclick[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@fastclick[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@fastclick[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@fibromyalgia-support[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@gostats[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@hitbox[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@hitbox[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@imrworldwide[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@imrworldwide[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@insightexpressai[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@insightexpressai[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@interclick[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@invitemedia[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@invitemedia[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@invitemedia[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@invitemedia[5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@kanoodle[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@kontera[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@kontera[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@kontera[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@lfstmedia[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@lfstmedia[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@lfstmedia[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@lfstmedia[5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][10].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][6].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][7].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][8].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][9].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@media6degrees[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@media6degrees[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@media6degrees[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@media6degrees[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@media6degrees[5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@media6degrees[6].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@media6degrees[7].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@media6degrees[9].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@mediaplex[10].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@mediaplex[11].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@mediaplex[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@mediaplex[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@mediaplex[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@mediaplex[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@mediaplex[5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@mediaplex[6].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@mediaplex[7].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@mediaplex[8].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@mediaplex[9].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@mediatraffic[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@myroitracking[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@overture[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@pointroll[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@pointroll[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@pointroll[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@pro-market[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@pro-market[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@qksrv[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@questionmarket[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@questionmarket[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@questionmarket[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@questionmarket[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@questionmarket[5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@questionmarket[6].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@questionmarket[8].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@revsci[10].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@revsci[11].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@revsci[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@revsci[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@revsci[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@revsci[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@revsci[5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@revsci[6].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@revsci[7].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@revsci[8].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@revsci[9].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][7].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][11].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][6].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][7].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][8].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][9].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@serving-sys[10].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@serving-sys[11].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@serving-sys[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@serving-sys[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@serving-sys[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@serving-sys[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@serving-sys[5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@serving-sys[6].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@serving-sys[7].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@serving-sys[8].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@serving-sys[9].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@smartadserver[10].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@smartadserver[11].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@smartadserver[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@smartadserver[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@smartadserver[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@smartadserver[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@smartadserver[5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@smartadserver[6].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@smartadserver[7].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@smartadserver[8].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@smartadserver[9].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@specificclick[10].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@specificclick[11].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@specificclick[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@specificclick[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@specificclick[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@specificclick[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@specificclick[5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@specificclick[6].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@specificclick[7].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@specificclick[8].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@specificclick[9].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@statcounter[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@statcounter[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@superstats[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@tacoda[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@tacoda[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@tacoda[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@tacoda[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@tacoda[6].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@tacoda[7].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][6].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][7].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@tradedoubler[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@tradedoubler[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@tradedoubler[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@tradedoubler[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@trafficmp[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@trafficmp[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@traveladvertising[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@traveladvertising[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@tribalfusion[10].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@tribalfusion[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@tribalfusion[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@tribalfusion[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@tribalfusion[4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@tribalfusion[5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@tribalfusion[6].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@tribalfusion[7].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@tribalfusion[8].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@tribalfusion[9].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][10].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][11].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][6].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][7].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][8].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][9].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][6].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][7].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@xiti[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@xiti[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@yadro[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@yieldmanager[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@yieldmanager[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@zanox[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@zanox[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@zanox[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@zanox[5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@zedo[1].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@zedo[2].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@zedo[3].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@zedo[5].txt
   C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\Low\home@zoombanner[1].txt
   acvs.mediaonenetwork.net [ D:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\4QV6JXLG ]
   atdmt.com [ D:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\4QV6JXLG ]
   cdn4.specificclick.net [ D:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\4QV6JXLG ]
   ds.serving-sys.com [ D:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\4QV6JXLG ]
   ec.atdmt.com [ D:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\4QV6JXLG ]
   interclick.com [ D:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\4QV6JXLG ]
   m.uk.2mdn.net [ D:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\4QV6JXLG ]
   m1.2mdn.net [ D:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\4QV6JXLG ]
   m1.emea.2mdn.net [ D:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\4QV6JXLG ]
   macromedia.com [ D:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\4QV6JXLG ]
   media.scanscout.com [ D:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\4QV6JXLG ]
   media.socialvibe.com [ D:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\4QV6JXLG ]
   media.tattomedia.com [ D:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\4QV6JXLG ]
   media1.thegamehomepage.com [ D:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\4QV6JXLG ]
   spe.atdmt.com [ D:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\4QV6JXLG ]
   virginmedia.a.mms.mavenapps.net [ D:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\4QV6JXLG ]
   www.media.perthnow.com.au [ D:\Documents and Settings\User\Application Data\Macromedia\Flash Player\#SharedObjects\4QV6JXLG ]
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][3].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\user@247realmedia[1].txt
   D:\Documents and Settings\User\Cookies\user@2o7[1].txt
   D:\Documents and Settings\User\Cookies\user@77tracking[2].txt
   D:\Documents and Settings\User\Cookies\user@77tracking[3].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][3].txt
   D:\Documents and Settings\User\Cookies\user@adbureau[1].txt
   D:\Documents and Settings\User\Cookies\user@adecn[1].txt
   D:\Documents and Settings\User\Cookies\user@adecn[2].txt
   D:\Documents and Settings\User\Cookies\user@adinterax[1].txt
   D:\Documents and Settings\User\Cookies\user@adinterax[3].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][3].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][3].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][3].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\user@adtech[1].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\user@advertising[2].txt
   D:\Documents and Settings\User\Cookies\user@advertstream[1].txt
   D:\Documents and Settings\User\Cookies\user@adviva[2].txt
   D:\Documents and Settings\User\Cookies\user@adxpose[1].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\user@apmebf[2].txt
   D:\Documents and Settings\User\Cookies\user@apmebf[3].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][3].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\user@atdmt[1].txt
   D:\Documents and Settings\User\Cookies\user@atwola[1].txt
   D:\Documents and Settings\User\Cookies\user@atwola[2].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\user@azjmp[2].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\user@bizrate[1].txt
   D:\Documents and Settings\User\Cookies\user@bizrate[3].txt
   D:\Documents and Settings\User\Cookies\user@bravenet[1].txt
   D:\Documents and Settings\User\Cookies\[email protected][1].txt
   D:\Documents and Settings\User\Cookies\[email protected][2].txt
   D:\Documents and Settings\User\Cookies\[email protected]

[clarizard]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4216

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

19/06/2010 22:37:39
mbam-log-2010-06-19 (22-37-39).txt

Scan type: Quick scan
Objects scanned: 129805
Time elapsed: 7 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Users\Home\AppData\Local\afinudowubucudi.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tpodixipabusax (Trojan.Hiloti) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\umedujikapakukak (Trojan.Agent.U) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Home\AppData\Local\afinudowubucudi.dll (Trojan.Hiloti) -> Delete on reboot.
C:\Users\Home\AppData\Local\Temp\Low\ECA1.tmp (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Users\Home\AppData\Local\Temp\0.09030337933670274.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Home\AppData\Local\Temp\0.21629866094265837.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Home\AppData\Local\amgfxib.dll (Trojan.Agent.U) -> Delete on reboot.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:45:24, on 19/06/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICKE.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sun\StarOffice 9\program\soffice.exe
C:\Program Files\Sun\StarOffice 9\program\soffice.bin
C:\Windows\System32\mobsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R285 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICKE.EXE /FU "C:\Windows\TEMP\E_SC343.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Tpodixipabusax] rundll32.exe "C:\Users\Home\AppData\Local\afinudowubucudi.dll",Startup
O4 - HKCU\..\Run: [Umedujikapakukak] rundll32.exe "C:\Users\Home\AppData\Local\amgfxib.dll",Startup
O4 - Startup: StarOffice 9.lnk = C:\Program Files\Sun\StarOffice 9\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {0920DBB1-D098-4ACE-9DDD-7A6F18A9ED66} (HomeVendGasCard Class) - https://britishgastopup.paypoint.com/HomeVend.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx
O16 - DPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} (KeyBox Class) - https://bg.itronenergypoint.net/IHVConnect/KeyBoxControl.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{671C2FDC-D275-4FA1-8460-6CE192C07B71}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32\nvSCPAPISvr.exe

--
End of file - 8425 bytes

[SuperDave]

Hello  and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
================================

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

===============================

P2P - I see you have P2P software installed on your machine. (uTorrent)
We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

==========================

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

C:\Users\Home\AppData\Local\afinudowubucudi.dll
C:\Users\Home\AppData\Local\amgfxib.dll
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

=================================

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript


Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

[clarizard]

 Results of screen317's Security Check version 0.99.4 
 Windows Vista Service Pack 2 (UAC is enabled)
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 avast! Free Antivirus   
 AVG 9.0     
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 HijackThis 2.0.2   
 Java(TM) 6 Update 7 
 Out of date Java installed!
 Adobe Flash Player 10.0.32.18 
Adobe Reader 9.1
Out of date Adobe Reader installed!
 Mozilla Firefox (3.5.9) Firefox Out of Date! 
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 AVG avgwdsvc.exe
 AVG avgtray.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
 Alwil Software Avast5 AvastSvc.exe 
 Alwil Software Avast5 AvastUI.exe 
````````````````````````````````
DNS Vulnerability Check:
 GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````


I was unable to perform the Jottis Malware scan as it kept telling me file not found. Check name and try agin. This happened with both file names and i wasn't able to copy and paste directly into the box. When i clicked on the box next to browse it opened up a new box with all my files to search for what i wanted to attach.
Did the hijackthis fix.

[SuperDave]

You are running two Anti-Virus programs on your computer (avast! Free Antivirus and  AVG 9.0) which is a no-no. One will have to be disabled.

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

============================

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==============================

I was unable to perform the Jottis Malware scan as it kept telling me file not found. Check name and try agin. This happened with both file names and i wasn't able to copy and paste directly into the box. When i clicked on the box next to browse it opened up a new box with all my files to search for what i wanted to attach.
Did the hijackthis fix.

No. We'll try another scan.

=======================================

Download ComboFix by sUBs from one of the below links. 

Important! You MUST save ComboFix to your desktop

link # 1
Link # 2

Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click on ComboFix.exe & follow the prompts.

Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.
 
Post the contents of that log in your next reply.

Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.

[clarizard]

Hope i did everything correctly!

ComboFix 10-06-20.01 - Home 20/06/2010  21:12:58.3.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3071.1781 [GMT 1:00]
Running from: c:\users\Home\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((   Files Created from 2010-05-20 to 2010-06-20  )))))))))))))))))))))))))))))))
.

2010-06-20 20:17 . 2010-06-20 20:17   --------   d-----w-   c:\users\Public\AppData\Local\temp
2010-06-20 20:17 . 2010-06-20 20:17   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-06-20 19:59 . 2010-06-20 19:59   --------   d-----w-   c:\users\Home\AppData\Roaming\Yahoo!
2010-06-20 19:59 . 2010-06-20 19:59   --------   d-----w-   c:\programdata\Yahoo! Companion
2010-06-20 19:59 . 2010-06-20 19:59   --------   d-----w-   c:\program files\Yahoo!
2010-06-20 19:59 . 2010-06-20 19:59   --------   d-----w-   c:\program files\CCleaner
2010-06-20 19:20 . 2010-06-20 19:20   --------   d-----w-   c:\windows\Sun
2010-06-20 19:18 . 2010-06-20 19:18   411368   ----a-w-   c:\windows\system32\deployJava1.dll
2010-06-20 13:03 . 2010-06-20 13:14   --------   d-----w-   c:\program files\QuickTime
2010-06-20 13:03 . 2010-06-20 13:03   --------   d-----w-   c:\programdata\Apple Computer
2010-06-20 13:03 . 2010-06-20 13:03   --------   d-----w-   c:\program files\Common Files\Apple
2010-06-20 13:02 . 2010-06-20 13:02   --------   d-----w-   c:\users\Home\AppData\Local\Apple
2010-06-20 13:02 . 2010-06-20 13:02   --------   d-----w-   c:\program files\Apple Software Update
2010-06-20 13:02 . 2010-06-20 13:02   --------   d-----w-   c:\programdata\Apple
2010-06-19 17:15 . 2010-06-19 17:15   --------   d-----w-   c:\users\Home\AppData\Roaming\Malwarebytes
2010-06-19 17:15 . 2010-04-29 14:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-19 17:15 . 2010-06-19 17:15   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-06-19 17:15 . 2010-06-19 17:15   --------   d-----w-   c:\programdata\Malwarebytes
2010-06-19 17:15 . 2010-04-29 14:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-06-19 17:13 . 2010-06-19 17:37   --------   d-----w-   c:\program files\Trend Micro
2010-06-19 16:46 . 2010-06-19 16:46   63488   ----a-w-   c:\users\Home\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-19 16:46 . 2010-06-19 16:46   52224   ----a-w-   c:\users\Home\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-19 16:46 . 2010-06-19 16:46   117760   ----a-w-   c:\users\Home\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-19 16:46 . 2010-06-19 16:46   --------   d-----w-   c:\users\Home\AppData\Roaming\SUPERAntiSpyware.com
2010-06-19 16:46 . 2010-06-19 16:46   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2010-06-19 16:46 . 2010-06-19 16:46   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-06-19 14:56 . 2010-06-19 21:17   --------   d-----w-   c:\users\Home\AppData\Local\haittvvgh
2010-06-18 15:34 . 2010-06-19 14:27   120   ----a-w-   c:\users\Home\AppData\Local\Fyiromukimupew.dat
2010-06-18 15:34 . 2010-06-19 08:54   0   ----a-w-   c:\users\Home\AppData\Local\Spebupovilomet.bin
2010-06-05 16:41 . 2010-06-05 16:40   36864   ----a-w-   C:\nphssb.dll
2010-06-05 16:41 . 2010-06-05 16:40   45056   ----a-w-   c:\windows\system32\HSSICore.dll
2010-06-05 16:41 . 2010-06-05 16:40   184320   ----a-w-   c:\windows\system32\OESICore.dll
2010-06-05 16:41 . 2010-06-05 16:41   --------   d-----w-   c:\programdata\Homestead
2010-06-05 16:40 . 2010-06-05 16:38   98136   ----a-w-   c:\windows\gzip.exe
2010-06-05 16:38 . 2010-06-05 16:38   --------   d-----w-   c:\program files\Intuit
2010-05-30 14:22 . 2010-05-30 14:22   --------   d-----w-   c:\users\Home\AppData\Local\WinZip
2010-05-26 10:55 . 2010-04-23 14:13   2048   ----a-w-   c:\windows\system32\tzres.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-20 20:14 . 2009-11-12 11:29   --------   d-----w-   c:\users\Home\AppData\Roaming\uTorrent
2010-06-20 19:46 . 2010-01-29 17:49   --------   d-----w-   c:\program files\Cheat Engine
2010-06-20 19:27 . 2009-06-26 08:41   56784   ----a-w-   c:\programdata\nvModes.dat
2010-06-20 19:24 . 2009-06-25 15:34   --------   d-----w-   c:\program files\Common Files\Adobe
2010-06-20 19:18 . 2009-11-20 17:18   --------   d-----w-   c:\program files\Java
2010-06-20 19:07 . 2010-04-16 13:29   0   ----a-w-   c:\users\Home\AppData\Local\prvlcl.dat
2010-06-20 15:03 . 2009-06-25 15:50   --------   d-----w-   c:\programdata\NVIDIA
2010-06-19 15:05 . 2009-11-13 17:41   --------   d-----w-   c:\users\Home\AppData\Roaming\vlc
2010-06-18 16:31 . 2009-11-29 18:38   2776   --sha-w-   c:\programdata\KGyGaAvL.sys
2010-06-18 16:31 . 2009-11-29 18:38   2776   --sha-w-   c:\programdata\KGyGaAvL.sys
2010-06-15 19:19 . 2009-11-19 20:27   --------   d-----w-   c:\users\Home\AppData\Roaming\Vso
2010-06-15 13:30 . 2009-11-27 17:33   --------   d-----w-   c:\users\Home\AppData\Roaming\dvdcss
2010-06-13 09:49 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2010-06-05 12:05 . 2010-04-01 14:39   --------   d-----w-   c:\program files\LG Electronics
2010-06-05 11:39 . 2009-11-20 17:32   1   ----a-w-   c:\users\Home\AppData\Roaming\StarOffice\9\user\uno_packages\cache\stamp.sys
2010-06-01 11:37 . 2010-02-16 16:49   242896   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2010-06-01 11:37 . 2010-02-16 16:49   29584   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2010-05-26 17:06 . 2010-06-12 08:25   34304   ----a-w-   c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-12 08:25   289792   ----a-w-   c:\windows\system32\atmfd.dll
2010-05-14 21:40 . 2009-11-14 12:55   --------   d-----w-   c:\program files\Google
2010-05-06 20:59 . 2010-02-16 15:34   165032   ----a-w-   c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-02-16 15:35   46672   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-02-16 15:35   164048   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-02-16 15:35   23376   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:34 . 2010-02-16 15:35   51792   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2010-05-06 20:33 . 2010-02-16 15:35   19024   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2010-05-04 05:59 . 2010-06-12 08:25   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-12 08:25   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-12 08:25   71680   ----a-w-   c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-12 08:25   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-12 08:25   2037248   ----a-w-   c:\windows\system32\win32k.sys
2010-04-28 18:39 . 2010-04-28 18:39   --------   d-----w-   c:\users\Home\AppData\Roaming\Arkadium
2010-04-28 18:38 . 2010-04-28 18:38   --------   d-----w-   c:\programdata\Trymedia
2010-04-28 18:26 . 2010-04-28 18:26   --------   d-----w-   c:\program files\Mahjongg Dimensions Deluxe
2010-04-28 15:42 . 2010-04-28 15:42   --------   d-----w-   c:\programdata\AGI
2010-04-23 16:31 . 2010-04-23 16:31   106432   ----a-w-   c:\windows\system32\drivers\AnyDVD.sys
2010-04-14 16:47 . 2010-02-16 15:34   38848   ----a-w-   c:\windows\system32\avastSS.scr
2010-04-05 17:01 . 2010-06-12 08:25   67072   ----a-w-   c:\windows\system32\asycfilt.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2009-11-20 19:16   194912   ------w-   c:\program files\Yontoo Layers Client\YontooIEClient.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-11-12 289584]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-06-01 3513280]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-13 6139904]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13785632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-18 532808]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-18 16712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-01 2065248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]

c:\users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
StarOffice 9.lnk - c:\program files\Sun\StarOffice 9\program\quickstart.exe [2008-9-12 113152]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-10-13 495432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):df,07,f0,cd,0f,c6,ca,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 135664]
R3 FXDrv32;FXDrv32;E:\FXDrv32.sys

S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-05 52872]
S1 aswSP;aswSP;

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-05 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-01 242896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 aswFsBlk;aswFsBlk;

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-05 916760]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-05 308064]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [2009-06-10 232960]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 19:13]

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 19:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
TCP: {671C2FDC-D275-4FA1-8460-6CE192C07B71} = 208.67.222.222,208.67.220.220
DPF: {0920DBB1-D098-4ACE-9DDD-7A6F18A9ED66} - hxxps://britishgastopup.paypoint.com/HomeVend.cab
DPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} - hxxps://bg.itronenergypoint.net/IHVConnect/KeyBoxControl.cab
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\2i35h2xu.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-20 21:17
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6072)
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
.
Completion time: 2010-06-20  21:20:32
ComboFix-quarantined-files.txt  2010-06-20 20:20
ComboFix2.txt  2010-06-20 19:50

Pre-Run: 221,587,808,256 bytes free
Post-Run: 221,561,864,192 bytes free

- - End Of File - - 19C4E66FB8A0969DCE9472C7CB230FC3

[SuperDave]

Ok. Thank you. Let's run one more scan.

I'd like us to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Please run another Security Check scan and post the log also.

[clarizard]

Ok, here is the Eset log.

C:\Qoobox\Quarantine\C\Users\Home\AppData\Local\20998874.exe.vir   a variant of Win32/Cimag.CQ trojan   cleaned by deleting - quarantined
C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\6738e363-4524a1f7   probably a variant of Java/TrojanDownloader.Agent.AB trojan   cleaned by deleting - quarantined
C:\Users\Home\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\38104072-511a0ab6   probably a variant of Java/TrojanDownloader.Agent.AB trojan   cleaned by deleting - quarantined
D:\Documents and Settings\User\Local Settings\Temp\cas7.tmp   a variant of Win32/PrimeCasino application   cleaned by deleting - quarantined
D:\Microgaming\Casino\CasinoAction\install.exe   a variant of Win32/PrimeCasino application   cleaned by deleting - quarantined


 Results of screen317's Security Check version 0.99.4 
 Windows Vista Service Pack 2 (UAC is enabled)
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 avast! Free Antivirus   
 AVG 9.0     
 ESET Online Scanner v3   
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 CCleaner     
 Java(TM) 6 Update 20 
 Java(TM) 6 Update 7 
 Out of date Java installed!
 Adobe Flash Player 10.0.32.18 
 Mozilla Firefox (3.5.9) Firefox Out of Date! 
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 AVG avgwdsvc.exe
 AVG avgtray.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
 Alwil Software Avast5 AvastSvc.exe 
 Alwil Software Avast5 AvastUI.exe 
````````````````````````````````
DNS Vulnerability Check:
 GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

[SuperDave]

The Security Check still shows that you're running two AV programs; avast! Free Antivirus and  AVG 9.0   As I mentioned before, you will need to disable one of them. Please do this for me.

Add or Remove Programs

1. Click on the Windows Start button and click on the Control Panel
2. In the Control Panel window, double-click Add or Remove Programs icon.
3. When the Add or Remove Programs window has fully populated, check for Java(TM) 6 Update 7 and uninstall it.

=======================

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

==========================

Download OTC by OldTimer and save it to your desktop.

1. Double-click OTC to run it.
2. Click the CleanUp! button.
3. Select Yes when the "Begin cleanup Process?" prompt appears.
4. If you are prompted to Reboot during the cleanup, select Yes
5. OTC should delete itself once it finishes, if not delete it yourself.

=========================

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

============================

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[clarizard]

Thank you very much for all your time and help. Just one more quick question, when you advised me to disable one of my antivirus i disabled AVG and i never restarted it. Can it reactivate itself somehow? And also in your opinion, which of the 2 antivirus i have installed would you say would be the better one to keep enabled, the AVG or the Avast?

Thanks once again

Clare

[SuperDave]

Hello Clare. If you're not going to use AVG again, it would be best to uninstall it. As for which is best, I'm heavily in favor of MicroSoft Security Essentials here.  It's not a resource hog like other free AV's and there's no registration to worry along with at 98% efficiency rating. Plus, it updates itself and is free to all registered owners of Windows. There is also another scanning tool already installed on your computer by MS. It's called Malicious Software Removal Tool. Here are the instructions how to run it. It's a good idea to run this every so often just for your own peace of mind.
Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

[Hankster58]

I got hit out of the Blue with this one also. I don't go to "questionable places"... but after going to a "news site" link, this darn thing popped up!! Best I can tell.. it plants itself on your computer, won't allow most functions, blocks out your AV software etc..... won't allow a "online based scan via IE as it won't allow it to connect, all the while IT tries to do a scan for you, and says you need to but THEIR AV program so fix your computer!!!! AV antivirus, no maker name given.... whole thing is some sort of scam.. I finally got Spybot S&D to run, and it found a file FRAUD.SYSGUARD... had 7 extensions in there!! Cleaned that out, and then I ran Malwarebytes, which now would run again, then Checked MS essentials... I was ok. This outfit, whoever they are, needs to have their butts kicked for this crap!!! Really had me going for a bit there!!!
By the Way MS Security Essentials is pretty darned good! But I keep S&D and Malwarebytes on the desktop as my big 3 defense!! Works good.....

[clarizard]

Thanks SuperDave, will run that now. Cheers for sorting my machine out!

Tell me about it Hankster58. Thought my computer was gonna die and never recover! Thank god for SuperDave