Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: benni9000 on June 24, 2012, 12:59:56 PM
-
Last Wednesday I was on the net when a screen came up saying that I had illegal copies of music, games and programs on my laptop and also claiming that I had been looking at unsuitable content on the internet. It had the Metropolitan police logo, addresse and all the official looking stuff. It also said that they had locked my PC and I had to pay a fine of £100 to unlock it. I couldn't do anything on my laptop. I couldn't even open task manager so I hit the power button and restarted the laptop. When it got into windows the screen came up again. When I restarted the laptop a 3rd time I turned the wifi off and it booted fine without the screen. When I turned the wifi on however the screen came back. After restarting again without the wifi on I scanned my laptop using my my anti virus software Avast but it didn't pick up anything. I then went RMB on start then 'Explore all users' (I use Windows XP) then to here 'C:\Documents and Settings\Benni\Start Menu\Programs\Startup' and found a shortcut called 'ctfmon'. Not something I had installed. I deleted it and it came straight back. I then searched the name on C:\ drive and found some files with the same name. I deleted them. One was an exe file. The shortcut came back to the startup menu but the others didn't. I also looked at the properties of the ctfmon file that kept coming back and look to see where it went to. It went to a RUNDLL file in the windows32 folder. This I couldn't delete as the file was write protected or my hard drive was full. After I had done all of this I turned on my wifi and the malware screen DIDN'T pop up. Yay I thought until I restarted. I hadn't got rid of it and everything was back, but now I had a work around to get onto the internet. I search the Metropolitan police malware on the net and found that it was world wide and a nightmare to get rid of. Google also pointed out to me that I had been infected and recommended some programs to use. I installed McCafee Stinger which didn't find it. So back to the net, that's when I found Computer Hope. I read the read me before requesting malware removal help. I followed the instructions and installed and ran the programs. I have the logs as well for when you request them. Unfortunately during the process I have accidentally blocked a java file using online armour. The file is here C:\windows\system32\javacpl.cpl and now I cant run the program or figure out how to unblock it. Something else that has happened while I was running all the scans and anti spyware and such is that when I boot the laptop up I am missing a RUNDLL file (I think it's the one that was infected) with a message saying 'Error loading jork_O_typ_col.exe The specified module could not be found'. Now it seams that everything has fixed the malware issue, but I think some of the files are still around. I know ctfmon shortcut is still there. I haven't tried anything else as the 'read this' post said not to do anything until instructed so I haven't. I am by no means a computer expert but I'm sure the RUNDLL file is kind of needed by windows or at least is important. Could someone please help me finish this off and get my laptop back to propper working order. The 'read this' post was really helpful and easy to use, I am grateful it was there. I'm not sure if you need the logs posted or not, I did get a Little confused about that so I have left them out until requested.
I hope someone can help
Benni
-
I'm sorry, I can't follow your post at all. As concisely as possible, what's your question?
-
I got Metropolitan Police malware on my laptop. I followed the "read this before requesting malware removal help" post which seems to have stopped it, Now I just need to get rid of the damage? I think there are still some files left on my laptop from the malware and I am missing a RUNDLL file from the windows directory. Also how do I unblock javacpl.cpl which I accidentally blocked with online armour? It's stopping me from running Java when I click on it.
-
Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html
-
here they are.
[year+ old attachment deleted by admin]
-
Sorry, I was supposed to post them this way.
mbam-log-2012-06-23 (19-22-03)
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.23.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Benni :: TRINITY [administrator]
Protection: Enabled
23/06/2012 19:05:23
mbam-log-2012-06-23 (19-22-03).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243523
Time elapsed: 13 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 32
HKCR\CLSID\{597A9974-8CB0-4f41-B61F-ED065738A397} (PUP.RewardsArcade) -> No action taken.
HKCR\CLSID\{25514C64-8321-494e-BD3E-3DBAB3F8CEBA} (PUP.RewardsArcade) -> No action taken.
HKCR\TypeLib\{60BE6B2E-F2F5-4404-AA1E-4381D4A6EEA2} (PUP.RewardsArcade) -> No action taken.
HKCR\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB} (PUP.RewardsArcade) -> No action taken.
HKCR\RewardsArcade.FBApi.1 (PUP.RewardsArcade) -> No action taken.
HKCR\RewardsArcade.FBApi (PUP.RewardsArcade) -> No action taken.
HKCR\RewardsArcade.BHO.1 (PUP.RewardsArcade) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RewardsArcade (PUP.RewardsArcade) -> No action taken.
HKCU\SOFTWARE\QuickyPlaeyrSoft (Trojan.DNSChanger) -> No action taken.
HKCU\Software\ShoppingReport2 (Adware.ShoppingReport2) -> No action taken.
HKLM\SOFTWARE\ScanQuery (Adware.ScanQuery) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScanQuery (Adware.ScanQuery) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SCANQUERY_SERVICE (Adware.ScanQuery) -> No action taken.
Registry Values Detected: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping|{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Data: 8198 -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping|{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Data: 8197 -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Data: -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Data: -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data: http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUman000 -> No action taken.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 28
C:\Program Files\RewardsArcade (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Application Data\ShoppingReport2 (Adware.ShoppingReport2) -> No action taken.
C:\Documents and Settings\Benni\Application Data\ShoppingReport2\cs (Adware.ShoppingReport2) -> No action taken.
C:\Documents and Settings\Benni\Application Data\ShoppingReport2\cs\db (Adware.ShoppingReport2) -> No action taken.
C:\Documents and Settings\Benni\Application Data\ShoppingReport2\cs\dwld (Adware.ShoppingReport2) -> No action taken.
C:\Documents and Settings\Benni\Application Data\ShoppingReport2\cs\report (Adware.ShoppingReport2) -> No action taken.
C:\Documents and Settings\Benni\Application Data\ShoppingReport2\cs\res1 (Adware.ShoppingReport2) -> No action taken.
C:\Documents and Settings\Benni\Start Menu\Programs\QuickyPlaeyr (Trojan.DNSChanger) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64} (Adware.ScanQuery) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome (Adware.ScanQuery) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults (Adware.ScanQuery) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults\preferences (Adware.ScanQuery) -> No action taken.
C:\Program Files\ScanQuery (Adware.ScanQuery) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ScanQuery (Adware.ScanQuery) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498 (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> No action taken.
Files Detected: 68
C:\Program Files\RewardsArcade\RewardsArcade.dll (PUP.RewardsArcade) -> No action taken.
C:\Program Files\RewardsArcade\fb.js (PUP.RewardsArcade) -> No action taken.
C:\Program Files\RewardsArcade\appAPIinternalWrapper.js (PUP.RewardsArcade) -> No action taken.
C:\Program Files\RewardsArcade\jquery.js (PUP.RewardsArcade) -> No action taken.
C:\Program Files\RewardsArcade\json.js (PUP.RewardsArcade) -> No action taken.
C:\Program Files\RewardsArcade\RewardsArcade.exe (PUP.RewardsArcade) -> No action taken.
C:\Program Files\RewardsArcade\Uninstall.exe (PUP.RewardsArcade) -> No action taken.
C:\Program Files\RewardsArcade\UserConfirmation.exe (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Application Data\ShoppingReport2\cs\Config.xml (Adware.ShoppingReport2) -> No action taken.
C:\Documents and Settings\Benni\Application Data\ShoppingReport2\cs\db\Aliases.dbs (Adware.ShoppingReport2) -> No action taken.
C:\Documents and Settings\Benni\Application Data\ShoppingReport2\cs\db\Sites.dbs (Adware.ShoppingReport2) -> No action taken.
C:\Documents and Settings\Benni\Application Data\ShoppingReport2\cs\dwld\WhiteList.xip (Adware.ShoppingReport2) -> No action taken.
C:\Documents and Settings\Benni\Application Data\ShoppingReport2\cs\report\aggr_storage.xml (Adware.ShoppingReport2) -> No action taken.
C:\Documents and Settings\Benni\Application Data\ShoppingReport2\cs\report\send_storage.xml (Adware.ShoppingReport2) -> No action taken.
C:\Documents and Settings\Benni\Application Data\ShoppingReport2\cs\res1\WhiteList.dbs (Adware.ShoppingReport2) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome.manifest (Adware.ScanQuery) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\install.rdf (Adware.ScanQuery) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome\scanquery.jar (Adware.ScanQuery) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults\preferences\prefs.js (Adware.ScanQuery) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon128.png (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> No action taken.
C:\Documents and Settings\Benni\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> No action taken.
(end)
SUPERAntiSpyware Scan Log - 06-23-2012 - 18-40-46
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/23/2012 at 06:40 PM
Application Version : 5.1.1002
Core Rules Database Version : 8788
Trace Rules Database Version: 6600
Scan type : Complete Scan
Total Scan Time : 01:12:34
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 847
Memory threats detected : 0
Registry items scanned : 35420
Registry threats detected : 151
File items scanned : 145639
File threats detected : 653
PUP.MyWebSearch/FunWebProducts
HKLM\SOFTWARE\Fun Web Products
HKLM\SOFTWARE\Fun Web Products#JpegConversionLib
HKLM\SOFTWARE\Fun Web Products#CacheDir
HKLM\SOFTWARE\Fun Web Products\MSNMessenger
HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLFile
HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLDir
HKLM\SOFTWARE\Fun Web Products\ScreenSaver
HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir
HKLM\SOFTWARE\Fun Web Products\Settings
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#ETag
HKLM\SOFTWARE\Fun Web Products\Settings\Promos
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.0
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqUninstalled
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive2
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.1
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.2
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.3
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.4
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.5
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.6
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.7
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.8
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#ETag
HKLM\SOFTWARE\FunWebProducts
HKLM\SOFTWARE\FunWebProducts\Installer
HKLM\SOFTWARE\FunWebProducts\Installer#Dir
HKLM\SOFTWARE\FunWebProducts\Installer#sr
HKLM\SOFTWARE\FunWebProducts\Installer#pl
HKLM\SOFTWARE\FunWebProducts\Installer#CurInstall
HKLM\SOFTWARE\FunWebProducts\Installer#CheckForConnection
HKLM\SOFTWARE\FunWebProducts\Installer#CacheDir
HKU\S-1-5-21-2990146027-3927655144-4261030477-1005\SOFTWARE\MyWebSearch
HKLM\SOFTWARE\MyWebSearch
HKLM\SOFTWARE\MyWebSearch\bar
HKLM\SOFTWARE\MyWebSearch\bar#UseFWB
HKLM\SOFTWARE\MyWebSearch\bar#pid
HKLM\SOFTWARE\MyWebSearch\bar#fwp
HKLM\SOFTWARE\MyWebSearch\bar#tiec
HKLM\SOFTWARE\MyWebSearch\bar#Dir
HKLM\SOFTWARE\MyWebSearch\bar#PluginPath
HKLM\SOFTWARE\MyWebSearch\bar#UninstallString
HKLM\SOFTWARE\MyWebSearch\bar#Id
HKLM\SOFTWARE\MyWebSearch\bar#CurInstall
HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir
HKLM\SOFTWARE\MyWebSearch\bar#sr
HKLM\SOFTWARE\MyWebSearch\bar#pl
HKLM\SOFTWARE\MyWebSearch\bar#CacheDir
HKLM\SOFTWARE\MyWebSearch\bar#ConfigDateStamp
HKLM\SOFTWARE\MyWebSearch\bar#HTMLMenuRevision
HKLM\SOFTWARE\MyWebSearch\bar#sscLabel
HKLM\SOFTWARE\MyWebSearch\bar#sscURL
HKLM\SOFTWARE\MyWebSearch\bar#Flags
HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir
HKLM\SOFTWARE\MyWebSearch\bar#Maximized
HKLM\SOFTWARE\MyWebSearch\bar#Visible
HKLM\SOFTWARE\MyWebSearch\SearchAssistant
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fwp
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Dir
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Id
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#CurInstall
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sr
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pl
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ConfigDateStamp
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ABS
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#DES
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sscEnabled
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#eintl
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fs
HKLM\SOFTWARE\MyWebSearch\SkinTools
HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version
HKLM\Software\FocusInteractive
HKLM\Software\FocusInteractive\bar
HKLM\Software\FocusInteractive\bar\Switches
HKLM\Software\FocusInteractive\bar\Switches#incmail.exe
HKLM\Software\FocusInteractive\bar\Switches#msimn.exe
HKLM\Software\FocusInteractive\bar\Switches#msn.exe
HKLM\Software\FocusInteractive\bar\Switches#outlook.exe
HKLM\Software\FocusInteractive\bar\Switches#waol.exe
HKLM\Software\FocusInteractive\bar\Switches#aim.exe
HKLM\Software\FocusInteractive\bar\Switches#icq.exe
HKLM\Software\FocusInteractive\bar\Switches#icqlite.exe
HKLM\Software\FocusInteractive\bar\Switches#msmsgs.exe
HKLM\Software\FocusInteractive\bar\Switches#msnmsgr.exe
HKLM\Software\FocusInteractive\bar\Switches#ypager.exe
HKLM\Software\FocusInteractive\bar\Switches#au
HKLM\Software\FocusInteractive\bar\Switches#mwsSrcAs.dll
HKLM\Software\FocusInteractive\bar\Switches#ps
HKLM\Software\FocusInteractive\bar\Switches#ok
HKLM\Software\FocusInteractive\bar\Switches#od
HKLM\Software\FocusInteractive\bar\Switches#nk
HKLM\Software\FocusInteractive\bar\Switches#nd
HKLM\Software\FocusInteractive\Email-IM
HKLM\Software\FocusInteractive\Email-IM\0
HKLM\Software\FocusInteractive\Email-IM\0#Toolbar
HKLM\Software\FocusInteractive\Email-IM\0#AppName
HKLM\Software\FocusInteractive\Outlook
C:\Program Files\MyWebSearch\bar\History\search3
C:\Program Files\MyWebSearch\bar\History
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings
C:\Program Files\MyWebSearch\bar
C:\Program Files\MyWebSearch
C:\Program Files\FunWebProducts\ScreenSaver\Images
C:\Program Files\FunWebProducts\ScreenSaver
C:\Program Files\FunWebProducts\Shared
C:\Program Files\FunWebProducts
Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version
Trojan.DNS-Changer (Hi-Jacked DNS)
HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{451623F4-A7AF-4D6E-8A4B-6B4575F5FD17}#NAMESERVER
HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{53E4B888-81F5-4200-87CD-2C5DCA401DC6}#NAMESERVER
HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS\INTERFACES\{451623F4-A7AF-4D6E-8A4B-6B4575F5FD17}#NAMESERVER
HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS\INTERFACES\{53E4B888-81F5-4200-87CD-2C5DCA401DC6}#NAMESERVER
Rootkit.Agent/Gen-GXServ
HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys
HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys#start
HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys#type
Adware.Tracking Cookie
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\NL2MS9T0.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\VIZMOZLP.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\TD88FARK.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\5UNIQ3PY.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\AQ2K7NVL.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\4QHFHBY9.txt [ Cookie:[email protected]/eurosport/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\7K9NIXSE.txt [ Cookie:[email protected]/pagead/conversion/1072624510/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\RTPROEIF.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\UX2NPDNX.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\XEDU7OPJ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\N666H9UK.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\YKRNLY1A.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\2OO7FP33.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\9ISSDHK4.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\VA0ILD7Q.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\ECZW16ZX.txt [ Cookie:[email protected]/eurosport/yahoouk/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\HBRK4EZV.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\6SQOBDUQ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\JKLMM9UF.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\003ANIMN.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\8WBMCXQ0.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\QXS1ATMQ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\JJZFARUJ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\L6HD2PGI.txt [ Cookie:[email protected]/pagead/conversion/1070752702/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\7XI1690K.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\BGO1091I.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\FDJ4ZMMS.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\GPTLCRJW.txt [ Cookie:[email protected]/pagead/conversion/1028445026/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\QFX1V5IB.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\376S5A3A.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\0HA5WH2B.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\D1703L9M.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\HLJK5C0Q.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\FS3SQV2O.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\KNJMQBND.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\FJDP3W68.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\TAZYW5P4.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\V25SZ4EC.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\3B5OJ109.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\OKONVCT7.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\4XR97HUD.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\2N1A73WF.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\6450ZJKQ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\XJOUQGIU.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\RRT5HV3T.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\UNFSLYYK.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\XX0W20XM.txt [ Cookie:[email protected]/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\GO22OT12.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\2MDXBWS6.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\AMANDA\Cookies\5OIRHYJN.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@atdmt[2].txt [ Cookie:[email protected]/ ]
account.goodgamestudios.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KMVXMYBS ]
core.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KMVXMYBS ]
ds.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KMVXMYBS ]
ec.atdmt.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KMVXMYBS ]
gw.callingbanners.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KMVXMYBS ]
ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KMVXMYBS ]
media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KMVXMYBS ]
media.scanscout.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KMVXMYBS ]
media1.clubpenguin.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KMVXMYBS ]
media1.thegamehomepage.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KMVXMYBS ]
memecounter.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KMVXMYBS ]
msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KMVXMYBS ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KMVXMYBS ]
secure-uk.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KMVXMYBS ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KMVXMYBS ]
serving-sys.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KMVXMYBS ]
spe.atdmt.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KMVXMYBS ]
tracking.onefeed.co.uk [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KMVXMYBS ]
.bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.surveymonkey.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.popcapgames.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.linksynergy.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.linksynergy.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.linksynergy.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.linksynergy.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
www.underdogmedia.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\AMANDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\EIWDTQ9M.DEFAULT\COOKIES.SQLITE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /112.2O7 ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][3].TXT [ /112.2O7 ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /122.2O7 ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][3].TXT [ /122.2O7 ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /192COM.112.2O7 ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /192COM.112.2O7 ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@247REALMEDIA[1].TXT [ /247REALMEDIA ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@247REALMEDIA[2].TXT [ /247REALMEDIA ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@2O7[2].TXT [ /2O7 ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@2O7[3].TXT [ /2O7 ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@77TRACKING[1].TXT [ /77TRACKING ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /A1.INTERCLICK ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@ACRONYMFINDER[1].TXT [ /ACRONYMFINDER ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /AD.360YIELD ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /AD.360YIELD ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /AD.APPROVEDFOOD ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /AD.YIELDMANAGER ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /AD.YIELDMANAGER ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][3].TXT [ /AD.YIELDMANAGER ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /AD1.EMEDIATE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /AD2.POPCAP ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@ADBRITE[1].TXT [ /ADBRITE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@ADBRITE[2].TXT [ /ADBRITE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@ADCENTRICONLINE[1].TXT [ /ADCENTRICONLINE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@ADECN[1].TXT [ /ADECN ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@ADFORM[1].TXT [ /ADFORM ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@ADFORM[3].TXT [ /ADFORM ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@ADINTERAX[2].TXT [ /ADINTERAX ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@ADINTERAX[3].TXT [ /ADINTERAX ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /ADS.AD4GAME ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /ADS.ADACADO ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /ADS.ADACADO ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /ADS.ADK2 ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /ADS.AS4X.TMCS.TICKETMASTER ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /ADS.AUDIENCE2MEDIA ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /ADS.AUDIENCE2MEDIA ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /ADS.CNN ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /ADS.GAMESBANNERNET ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /ADS.GAMESFREE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /ADS.GLISPA ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /ADS.GOHOLIDAYS ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /ADS.MONSTER ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /ADS.ODEON.CO ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /ADS.POINTROLL ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /ADS.POINTROLL ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /ADS.PUBMATIC ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /ADS.PUBMATIC ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /ADS.RAASNET ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /ADS.TELEGRAPH.CO ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /ADS.UNDERTONE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][3].TXT [ /ADS.UNDERTONE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /ADS1.MUMSNET ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /ADS1.MUMSNET ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /ADSERVER.ADTECHUS ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /ADSERVER.ADTECHUS ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /ADSERVER.MORE4KIDS ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /ADSERVER1.MOKONO ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@ADTECH[1].TXT [ /ADTECH ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@ADTECH[3].TXT [ /ADTECH ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@ADVERTISING[1].TXT [ /ADVERTISING ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@ADVERTISING[2].TXT [ /ADVERTISING ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@ADVERTISING[3].TXT [ /ADVERTISING ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@ADVERTISING[4].TXT [ /ADVERTISING ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@ADVIVA[1].TXT [ /ADVIVA ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@ADVIVA[2].TXT [ /ADVIVA ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@ADVIVA[3].TXT [ /ADVIVA ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /ADX.BIXEE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /ADX.IBIBO ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@ADXPOSE[1].TXT [ /ADXPOSE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@ADXPOSE[2].TXT [ /ADXPOSE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /AIMFAR.SOLUTION.WEBORAMA ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][3].TXT [ /AIMFAR.SOLUTION.WEBORAMA ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /AMZNMOTHERCARE.122.2O7 ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /AMZNMOTHERCARE.122.2O7 ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@ANDERSELITE[1].TXT [ /ANDERSELITE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@APMEBF[1].TXT [ /APMEBF ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@APMEBF[2].TXT [ /APMEBF ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /AR.ATWOLA ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][3].TXT [ /AR.ATWOLA ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /AT.ATWOLA ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][3].TXT [ /AT.ATWOLA ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@ATDMT[1].TXT [ /ATDMT ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@ATDMT[2].TXT [ /ATDMT ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@ATDMT[3].TXT [ /ATDMT ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@ATDMT[4].TXT [ /ATDMT ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@AUDIENCE2MEDIA[1].TXT [ /AUDIENCE2MEDIA ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@AZJMP[1].TXT [ /AZJMP ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /BANNERS.BATTLEON ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /BIZRATE.CO ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@BIZRATE[2].TXT [ /BIZRATE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@BIZRATE[3].TXT [ /BIZRATE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /BMUK.BURSTNET ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /BMUK.BURSTNET ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@BRAVENET[1].TXT [ /BRAVENET ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /BS.SERVING-SYS ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /BS.SERVING-SYS ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@BURSTNET[2].TXT [ /BURSTNET ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@BURSTNET[3].TXT [ /BURSTNET ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@CASALEMEDIA[2].TXT [ /CASALEMEDIA ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@CASALEMEDIA[3].TXT [ /CASALEMEDIA ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /CDISCOUNT.CO ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@CLICKFUSE[2].TXT [ /CLICKFUSE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@CLICKFUSE[3].TXT [ /CLICKFUSE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@CLICKLIVERPOOL[2].TXT [ /CLICKLIVERPOOL ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /CMPMEDICA.112.2O7 ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /CMPMEDICA.112.2O7 ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /CN.CLICKABLE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@COLLECTIVE-MEDIA[1].TXT [ /COLLECTIVE-MEDIA ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@COLLECTIVE-MEDIA[2].TXT [ /COLLECTIVE-MEDIA ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /CONTENT.YIELDMANAGER ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][3].TXT [ /CONTENT.YIELDMANAGER ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][4].TXT [ /CONTENT.YIELDMANAGER ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][5].TXT [ /CONTENT.YIELDMANAGER ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /COUNTER.SURFCOUNTERS ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /COUNTERS.GIGYA ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /COUNTERS.GIGYA ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@COUNTRYCODE[2].TXT [ /COUNTRYCODE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /CZ5.CLICKZS ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /DC.TREMORMEDIA ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /DEBENHAMS.122.2O7 ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@DIRECTTRACK[1].TXT [ /DIRECTTRACK ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@DISCOUNTTHEATRE[2].TXT [ /DISCOUNTTHEATRE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /DISCOUNTVOUCHERS.CO ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][3].TXT [ /DISCOUNTVOUCHERS.CO ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@DMTRACKER[1].TXT [ /DMTRACKER ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@DMTRACKER[2].TXT [ /DMTRACKER ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@DMTRACKER[3].TXT [ /DMTRACKER ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\AMANDA@DOUBLECLICK[3].TXT [ /DOUBLECLICK ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6AEK4CGCJGFQ.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6AEK4EKDPCFO.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6AEK4ENAZMKP.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6AEK4EPC5WEQ.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6AEK4GMD5WAQ.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6AEK4KKCZELP.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6AEKICMCJGHO.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6AEKIKOCPECO.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6AEKIWOCZWKO.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6AEKOCLAZKBP.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6AEKOEGCPSGP.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6AEKOGPCJOBO.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6AEKOOHAJKEP.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6AEKOQJDZCAO.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6AEKYGPCPEFO.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /E-2DJ6AEKYOGCZEEQ.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6AEKYOLDJKKO.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6AEKYSNDPSKO.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6AEKYUJDPOKO.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6AEKYUOCZCCO.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6AELIAGC5SBO.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6AELYEPD5WFO.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6WAKIKJDZWEP.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6WAKIQGC5SLO.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6WAKOCODPWHP.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6WALICPAZWCQ.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6WALOGKCZMCP.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6WAMIEKCZEEO.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /E-2DJ6WBK4QJDJKEP.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6WBKIWPCPIHP.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /E-2DJ6WBKOUGCZACP.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6WBL4UNCPSKQ.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /E-2DJ6WCK4UJC5OLP.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6WCL4OJCJWBQ.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6WCL4UIDJMHO.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6WCLOCGCZKGP.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6WCLOQNAJCBQ.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6WCMICPCPAEP.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6WCMIEKAZWLQ.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /E-2DJ6WCMYGKC5AAP.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][1].TXT [ /E-2DJ6WDK4OLCPKBP.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\COOKIES\[email protected][2].TXT [ /E-2DJ6WDKOCNCJADP.STATS.ESOMNITURE ]
C:\DOCUMENTS AND SETTINGS\AMANDA\CO
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
You can uninstall these because they are no longer required:
Java(TM) 6 Update 13
Java(TM) 6 Update 33
Java(TM) 6 Update 5
Java(TM) 6 Update 7
While you are there you should also uninstall nectar search toolbar because it could contain spyware.
***************************************************************
Please run MBAM again and clean the infections. Please post the new log.
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
**********************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications-4.html) for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
-
I have removed the following:
Java(TM) 6 Update 33
Java(TM) 6 Update 5
Java(TM) 6 Update 7
nectar search toolbar
Unfortunatly I couldn't uninstall Java(TM) 6 Update 13. I got a fatal instalation error.
MBAM log.
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.26.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Benni :: TRINITY [administrator]
Protection: Enabled
27/06/2012 17:25:32
mbam-log-2012-06-27 (17-25-32).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243687
Time elapsed: 12 minute(s), 57 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Security Check by screen317 log
Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Disabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Java(TM) 6 Update 13
Java version out of Date!
Adobe Flash Player 11.3.300.262
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````[/u]
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Tall Emu Online Armor OAcat.exe
Tall Emu Online Armor oasrv.exe
Tall Emu Online Armor oaui.exe
Tall Emu Online Armor OAhlp.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 15% Defragment your hard drive soon!
````````````````````End of Log``````````````````````[/u]
Combofix log - while this was running MBAM picked up some files it reconed were infected and I quarantined them. Was this right or have I made a mess of things?
ComboFix 12-06-27.01 - Benni 27/06/2012 18:29:36.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1086 [GMT 1:00]
Running from: c:\downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Benni\Application Data\PriceGong
c:\documents and settings\Benni\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\11.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\1391.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\173.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Benni\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Benni\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Benni\WINDOWS
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtection.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe
c:\program files\Search Guard Plus\SearchGuardPlus.exe
c:\program files\Search Guard Plus\SearchGuardPlus.ico
c:\program files\Search Guard Plus\uninstalSGP.exe
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\Search Guard PlusU\uninstalSGPU.exe
c:\program files\SGPSA
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\test
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-26 21:56 . 2012-06-26 21:56 0 ----a-w- c:\windows\system32\REN8F.tmp
2012-06-26 21:56 . 2012-06-26 21:56 0 ----a-w- c:\windows\system32\REN8E.tmp
2012-06-26 21:56 . 2012-06-26 21:56 0 ----a-w- c:\windows\system32\REN8D.tmp
2012-06-23 18:33 . 2012-06-23 18:33 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-23 18:04 . 2012-06-23 18:04 -------- d-----w- c:\documents and settings\Benni\Application Data\Malwarebytes
2012-06-23 18:03 . 2012-06-23 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-23 18:03 . 2012-06-23 18:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-23 18:03 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-23 16:20 . 2012-06-23 16:20 -------- d-----w- c:\documents and settings\Benni\Application Data\SUPERAntiSpyware.com
2012-06-23 16:20 . 2012-06-23 16:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-23 16:20 . 2012-06-23 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-06-23 08:25 . 2012-06-23 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2012-06-23 08:25 . 2012-06-23 08:25 -------- d-----w- c:\documents and settings\Benni\Application Data\OnlineArmor
2012-06-23 08:25 . 2012-05-30 13:43 44592 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2012-06-23 08:25 . 2012-05-30 13:43 31912 ----a-w- c:\windows\system32\drivers\OAnet.sys
2012-06-23 08:25 . 2012-05-30 13:43 27632 ----a-w- c:\windows\system32\drivers\OAmon.sys
2012-06-23 08:25 . 2012-05-30 13:43 208312 ----a-w- c:\windows\system32\drivers\OADriver.sys
2012-06-23 08:24 . 2012-06-24 09:53 -------- d-----w- c:\program files\Online Armor
2012-06-22 20:22 . 2012-06-23 07:05 -------- d-----w- c:\program files\stinger
2012-06-14 16:21 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-05-30 12:59 . 2012-05-30 12:59 4966600 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 19:05 . 2012-04-04 10:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 19:05 . 2011-10-25 20:54 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 18:33 . 2010-07-04 12:21 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 14:19 . 2007-07-30 18:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19 . 2007-07-30 18:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19 . 2004-08-11 16:12 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 14:19 . 2004-08-11 16:12 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 14:19 . 2004-08-11 16:12 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 14:19 . 2007-07-30 18:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 14:19 . 2007-07-30 18:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19 . 2004-08-11 16:12 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 14:19 . 2004-08-11 16:12 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 14:19 . 2004-08-11 16:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 14:19 . 2007-07-30 18:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:19 . 2004-08-11 16:12 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 14:19 . 2004-08-11 16:12 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-11 16:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-11 16:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-11 16:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-08-11 16:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-11 16:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-11 16:00 385024 ------w- c:\windows\system32\html.iec
2012-05-05 18:41 . 2012-05-05 18:41 2476 ----a-w- C:\cc_20120505_194122.reg
2012-05-04 13:16 . 2004-08-11 16:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 21:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-08-11 16:11 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-14 20:05 . 2012-04-14 20:05 6452 ----a-w- C:\cc_20120414_210534.reg
2012-03-29 19:31 . 2012-03-29 19:31 1624 ----a-w- C:\cc_20120329_203128.reg
2012-05-13 22:14 . 2012-04-06 16:17 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"@OnlineArmor GUI"="c:\program files\Online Armor\OAui.exe" [2012-05-30 2346592]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Benni\Start Menu\Programs\Startup\
ctfmon.lnk - c:\windows\system32\rundll32.exe [2004-8-11 33280]
PowerReg Scheduler.exe [2010-12-28 256000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-26 50688]
Skype.lnk - c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe [2012-3-24 371272]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2012-05-30 361800]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 14:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Benni^Start Menu^Programs^Startup^ctfmon.lnk]
path=c:\documents and settings\Benni\Start Menu\Programs\Startup\ctfmon.lnk
backup=c:\windows\pss\ctfmon.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-09-23 17:27 159744 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2008-02-22 11:43 1245184 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-18 14:30 136176 ----atw- c:\documents and settings\Benni\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2004-09-13 10:51 1450096 ------w- c:\program files\Ahead\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 03:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 04:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KADxMain]
2006-11-02 13:05 282624 ----a-w- c:\windows\system32\KADxMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PD0620 STISvc]
2005-05-10 17:03 36864 ----a-r- c:\windows\system32\P0620Pin.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-02-26 09:57 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2007-09-14 09:53 218424 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-12-05 16:24 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]
2007-09-10 08:55 92160 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys [02/03/2010 21:54 20352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [06/11/2011 20:06 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06/11/2011 20:06 337880]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [23/06/2012 09:25 208312]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [23/06/2012 09:25 44592]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [23/06/2012 09:25 27632]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [23/06/2012 09:25 31912]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [19/12/2006 14:21 79432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/11/2011 20:06 20696]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [23/06/2012 19:03 654408]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [23/06/2012 09:24 210920]
R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [23/06/2012 09:24 4382968]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [11/08/2004 17:00 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [02/11/2006 12:32 97536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23/06/2012 19:03 22344]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18/09/2010 17:59 136176]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [30/05/2012 13:56 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29/02/2012 09:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [04/04/2012 11:04 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [18/09/2010 17:59 136176]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [16/02/2012 14:02 33792]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [13/05/2012 23:14 129976]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:05]
.
2012-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-18 16:59]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-18 16:59]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2990146027-3927655144-4261030477-1005Core.job
- c:\documents and settings\Benni\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-02 14:30]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2990146027-3927655144-4261030477-1005UA.job
- c:\documents and settings\Benni\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-02 14:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - c:\documents and settings\Benni\Application Data\Mozilla\Firefox\Profiles\rusocneo.default\
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{8020143D-5926-4394-A04D-DD0B649DA121} - (no file)
WebBrowser-{8020143D-5926-4394-A04D-DD0B649DA121} - (no file)
WebBrowser-{D70F2DE6-51E2-42D4-9077-4CA06CAFC836} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-27 18:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,3c,dc,5a,e8,6b,65,4b,b6,b9,4f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,3c,dc,5a,e8,6b,65,4b,b6,b9,4f,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(768)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
- - - - - - - > 'lsass.exe'(824)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Completion time: 2012-06-27 19:01:08
ComboFix-quarantined-files.txt 2012-06-27 18:01
.
Pre-Run: 73,205,567,488 bytes free
Post-Run: 73,671,028,736 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A436A629F9FA163B0CD50B5027C100F9
-
Unfortunatly I couldn't uninstall Java(TM) 6 Update 13. I got a fatal instalation error.
I had that problem about a month ago. I ended up uninstalling Java and then downloaded the newest version. Please try this:
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
***********************************************
Update your Adobe Reader. get.adobe.com/reader (http://get.adobe.com/reader/).
Be sure to uncheck the Free McAfee Security Scan so it isn't installed.
***********************************************
Total Fragmentation on Drive C:: 15% Defragment your hard drive soon!
You can using the defragger on your computer or this one.
Defraggler (http://majorgeeks.com/Defraggler_d5777.html) is very effective and easy to use.
Important! Be sure to uncheck Install optional Yahoo! Toolbar or Google Chrome during the install process to avoid installing them.
Note: Be sure to clean out temp files and restart the computer just before beginning a defrag.
******************************************
while this was running MBAM picked up some files it reconed were infected and I quarantined them. Was this right or have I made a mess of things?
No problem.
ComboFix is running from the wrong location. Please delete it, download and new one and save it to your DESKTOP.
Re-running ComboFix to remove infections:
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Open notepad and copy/paste the text in the quotebox below into it:
KillAll::
File::
c:\windows\system32\REN8F.tmp
c:\windows\system32\REN8E.tmp
c:\windows\system32\REN8D.tmp
- Save this as CFScript.txt, in the same location as ComboFix.exe
(http://i424.photobucket.com/albums/pp322/digistar/cfscriptb4.gif)
- Referring to the picture above, drag CFScript into ComboFix.exe
- When finished, it shall produce a log for you at C:\ComboFix.txt
- Please post the contents of the log in your next reply.
*****************************************************
Please download aswMBR.exe (http://public.avast.com/%7Egmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg)
Click the "Scan" button to start scan
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
-
I checked which Java I had installed. Apparently I didn't have it, but it was in my control panel. I have run javara and remeoved all the old versions. Java (TM) 6 update 13 is still in my add remove programs directory and still won't uninstall. The latest version is installed but If I try to open it from control panel Online Armour blocks the file java.cpl in C:\WINDOWS\system32. I accidentally blocked it when I first installed it and haven't jet figured out how to allow it to run.
Adobe reader X (10.1.3) installed
Defrag completed
deleted combofix and re-downloaded to desktop. copied that script to notepad. Disabled MBAM and Avast and draged CFscript to combofix as displayed. Combofix ran and froze up. Had to turn the pc off. Tried again but left it for an hour and it still did nothing. Tried it with online armour also disabled and the result was still the same.
do you want me to carry on with the rest of your instructions tomorrow?
-
I accidentally blocked it when I first installed it and haven't jet figured out how to allow it to run.
You will have to get into Armour and remove the block. I'm not sure how to do that because I use Comodo.
do you want me to carry on with the rest of your instructions tomorrow?
Yes please.
Copy and paste the text in the code box below into Notepad.
@echo off
del c:\windows\system32\REN8F.tmp
c:\windows\system32\REN8E.tmp
c:\windows\system32\REN8D.tmp
exit
Then click File > Save as
Save to the Desktop as blackpudding.bat
And Save as type: All Files.
Double-click on blackpudding.bat to run it.
-
Sorry for the delay. I haven't given up. Just had lots of other stuff to do.
I managed to fix the javacpl.cpl block issue.
ASW LOG
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-30 19:17:53
-----------------------------
19:17:53.531 OS Version: Windows 5.1.2600 Service Pack 3
19:17:53.531 Number of processors: 2 586 0x6802
19:17:53.531 ComputerName: TRINITY UserName: Benni
19:18:02.156 Initialize success
19:18:03.437 AVAST engine defs: 12063000
19:18:24.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:18:24.687 Disk 0 Vendor: TOSHIBA_MK1252GSX LV011D Size: 114473MB BusType: 3
19:18:24.750 Disk 0 MBR read successfully
19:18:24.750 Disk 0 MBR scan
19:18:24.750 Disk 0 Windows XP default MBR code
19:18:24.750 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 109 MB offset 63
19:18:24.765 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 114361 MB offset 224910
19:18:24.765 Disk 0 scanning sectors +234436545
19:18:24.859 Disk 0 scanning C:\WINDOWS\system32\drivers
19:18:35.765 Service scanning
19:18:57.250 Modules scanning
19:19:06.937 Disk 0 trace - called modules:
19:19:06.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:19:06.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8abd9ab8]
19:19:06.953 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000089[0x8abe4f18]
19:19:06.953 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8abe3b00]
19:19:07.546 AVAST engine scan C:\WINDOWS
19:19:14.593 AVAST engine scan C:\WINDOWS\system32
19:21:20.703 AVAST engine scan C:\WINDOWS\system32\drivers
19:21:39.984 AVAST engine scan C:\Documents and Settings\Benni
19:27:55.031 AVAST engine scan C:\Documents and Settings\All Users
19:29:10.750 Scan finished successfully
19:30:04.468 Disk 0 MBR has been saved successfully to "C:\Iain\MBR.dat"
19:30:04.562 The log file has been saved successfully to "C:\Iain\aswMBR.txt"
Ran Blackpudding.bat
Got a message saying "Windows canot open this file" REN8E.tmp. to open this file windows needs to know what program created it. get the option of Use web service to find appropriate program or Select program from list. I clicked cancel as I have no idea what to do.
Got a message saying "Windows canot open this file" REN8D.tmp. to open this file windows needs to know what program created it. get the option of Use web service to find appropriate program or Select program from list. I clicked cancel as I have no idea what to do.
no futher messages from running Blackpudding.bat
And I still can't seem to uninstall Java 6 Update 13. Having said that I can't find it either. If I go to Add/Remove programs and click on Java 6 update 13 then click on support information the pop up window tells me there's a read me file in C:\program files\java\jre1.6.0 13. the jre1.6.0 13 does not exist. Has this become a rogue entry in my add/remove programs list?
-
Has this become a rogue entry in my add/remove programs list?
I don't really know why this happened. As I mentioned before, this also happened to me. However, it is nothing serious
Please download: HiJackThis (http://go.trendmicro.com/free-tools/hijackthis/HijackThisInstaller.exe) to your Desktop.
- Double Click the HijackThis icon, located on your Desktop.
- By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
- Accept the license agreement.
- Click the Open the Misc Tools section button.
- Click on the Open Uninstall Manager button.
- Click Java(TM) 6 Update 13 and delete this program.
******************************************************
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
-
Deleted Java 6 update 13 using Hijackthis.
Sysprot Log
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: ADE99000
Module End: ADEB1000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BA648000
Module End: BA64A000
Hidden: Yes
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAddBootEntry
Address: ADEF1DF8
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwAllocateVirtualMemory
Address: ADF7EA5A
Driver Base: ADF73000
Driver End: ADFC4000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwAssignProcessToJobObject
Address: ADEF285E
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwClose
Address: ADF1ED5D
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwConnectPort
Address: AE1CC64C
Driver Base: AE1CA000
Driver End: AE1FB000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwCreateEvent
Address: ADEF72E4
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwCreateEventPair
Address: ADEF7330
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwCreateFile
Address: AE1D3316
Driver Base: AE1CA000
Driver End: AE1FB000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwCreateIoCompletion
Address: ADEF7422
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwCreateKey
Address: ADF1E711
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwCreateMutant
Address: ADEF7252
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwCreatePort
Address: AE1CC46A
Driver Base: AE1CA000
Driver End: AE1FB000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwCreateProcess
Address: AE1CDEE8
Driver Base: AE1CA000
Driver End: AE1FB000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwCreateProcessEx
Address: AE1CA978
Driver Base: AE1CA000
Driver End: AE1FB000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwCreateSection
Address: ADEF7374
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwCreateSemaphore
Address: ADEF729A
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwCreateThread
Address: AE1CB634
Driver Base: AE1CA000
Driver End: AE1FB000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwCreateTimer
Address: ADEF73DC
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwDebugActiveProcess
Address: AE1CBD22
Driver Base: AE1CA000
Driver End: AE1FB000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwDeleteBootEntry
Address: ADEF1E44
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwDeleteKey
Address: ADF1F423
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwDeleteValueKey
Address: ADF1F6D9
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwDuplicateObject
Address: ADEF49A8
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwEnumerateKey
Address: ADF1F28E
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwEnumerateValueKey
Address: ADF1F0F9
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwFreeVirtualMemory
Address: ADF7EB34
Driver Base: ADF73000
Driver End: ADFC4000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwLoadDriver
Address: ADEF1AD6
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwModifyBootEntry
Address: ADEF1E90
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwNotifyChangeKey
Address: ADEF4D1C
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwNotifyChangeMultipleKeys
Address: ADEF2B02
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwOpenEvent
Address: ADEF730E
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwOpenEventPair
Address: ADEF7352
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwOpenFile
Address: AE1D3694
Driver Base: AE1CA000
Driver End: AE1FB000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwOpenIoCompletion
Address: ADEF7446
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwOpenKey
Address: ADF1EA6D
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwOpenMutant
Address: ADEF7278
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwOpenProcess
Address: ADEF4518
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwOpenSection
Address: ADEF73AE
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwOpenSemaphore
Address: ADEF72C2
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwOpenThread
Address: ADEF474C
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwOpenTimer
Address: ADEF7400
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwProtectVirtualMemory
Address: ADF7ECA0
Driver Base: ADF73000
Driver End: ADFC4000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwQueryKey
Address: ADF1EF74
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwQueryObject
Address: ADEF29CE
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwQueryValueKey
Address: ADF1EDC6
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwQueueApcThread
Address: AE1CDA44
Driver Base: AE1CA000
Driver End: AE1FB000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwRenameKey
Address: ADF88B68
Driver Base: ADF73000
Driver End: ADFC4000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwRequestPort
Address: AE1CCCB0
Driver Base: AE1CA000
Driver End: AE1FB000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwRequestWaitReplyPort
Address: AE1CD018
Driver Base: AE1CA000
Driver End: AE1FB000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwRestoreKey
Address: ADF1DD84
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwResumeThread
Address: AE1CC0CE
Driver Base: AE1CA000
Driver End: AE1FB000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwSecureConnectPort
Address: AE1CC86E
Driver Base: AE1CA000
Driver End: AE1FB000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwSetBootEntryOrder
Address: ADEF1EDC
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwSetBootOptions
Address: ADEF1F28
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwSetContextThread
Address: AE1CBBCC
Driver Base: AE1CA000
Driver End: AE1FB000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwSetSystemInformation
Address: ADEF1B46
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwSetSystemPowerState
Address: ADEF1CEA
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwSetValueKey
Address: ADF1F52A
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwShutdownSystem
Address: ADEF1C92
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwSuspendProcess
Address: AE1CC1FE
Driver Base: AE1CA000
Driver End: AE1FB000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwSuspendThread
Address: AE1CBF7A
Driver Base: AE1CA000
Driver End: AE1FB000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwSystemDebugControl
Address: ADEF1D5A
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwTerminateProcess
Address: ADF7ED60
Driver Base: ADF73000
Driver End: ADFC4000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwTerminateThread
Address: AE1CBA66
Driver Base: AE1CA000
Driver End: AE1FB000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwUnloadDriver
Address: AE1CD518
Driver Base: AE1CA000
Driver End: AE1FB000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwVdmControl
Address: ADEF1F74
Driver Base: ADED9000
Driver End: ADF73000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwWriteVirtualMemory
Address: ADF7EBE0
Driver Base: ADF73000
Driver End: ADFC4000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwClose
At Address: 805BC55E
Jump To: ADF91C8C
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
Hooked Function: ObMakeTemporaryObject
At Address: 805BC55E
Jump To: ADF91C8C
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
Hooked Function: ObInsertObject
At Address: 805C2FE2
Jump To: ADF9374C
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
Hooked Function: ObCloseHandle
At Address: 805BC55E
Jump To: ADF91C8C
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
******************************************************************************************
******************************************************************************************
No hidden files/folders found
-
How's your computer running now?
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Here is the ESET Log
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=58554bdb09dce644811fbe806f8fc97c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-03 12:16:40
# local_time=2012-07-03 01:16:40 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 107290 107290 0 0
# compatibility_mode=768 16777215 100 0 75885219 75885219 0 0
# compatibility_mode=6401 16777213 66 100 348807 2879305 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=120787
# found=0
# cleaned=0
# scan_time=9941
The computer seems to be running fine now with the exception of a missing RUNDLL file upon start up. I have mentioned this before in my original post and in my shortend version.
I got Metropolitan Police malware on my laptop. I followed the "read this before requesting malware removal help" post which seems to have stopped it, Now I just need to get rid of the damage? I think there are still some files left on my laptop from the malware and I am missing a RUNDLL file from the windows directory.
I have attache a jpg of the error window as I couldn't seem to get it into the post.
I believe the RUNDLL file was the source of my malware issue. I will explain my reasoning though I could be wrong. When I got the malware it locked up the laptop. It didn't however start until the internet connection was live. So with the internet disconnected I looked in my startup folder by going right mouse button on Start and browsing all users. I found a short cut called cpfmon. I deleted cos I didn't know what it was. Came straight back. So I searched C drive for cpfmon and found a few other files withe the same name. I deleted them and then connected to the internet. No malware issue. When I restarted and connected I got the malware back. So I looked at the properties of the cpfmon shortcut and found where it was linked to, it was a RUNDLL file in the windows directory. Hence why I think the RUNDLL file was the source of the malware or at least what it had infected.
Apart from this missing file everything is ok that I can see. I appreciate all the help you have given.
Thank you
[year+ old attachment deleted by admin]
-
I'm happy that everything is working well but I want to check further on that alert and then we'll so some cleanup.
-
Please download SystemLook from one of the links below and save it to your desktop.
Link # 1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Link # 2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this (http://www.bleepingcomputer.com/forums/topic114351.html) link to see a list of security programs that should be disabled and how to disable them.
Double-click SystemLook.exe to run it.
Copy the contents of the following codebox into the main textfield.
:filefind
jork_0_typ_col.exe
Click the Look button to start the scan.
Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).
When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt
-
SystemLook 30.07.11 by jpshortstuff
Log created at 18:17 on 05/07/2012 by Benni
Administrator - Elevation successful
========== filefind ==========
Searching for "jork_0_typ_col.exe"
No files found.
-= EOF =-
-
Double-click SystemLook.exe to run it.
Copy the contents of the following codebox into the main textfield.
:regfind
jork_0_typ_col.exe
Click the Look button to start the scan.
Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).
When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt
-
Nothing exciting I'm afraid
SystemLook 30.07.11 by jpshortstuff
Log created at 19:39 on 06/07/2012 by Benni
Administrator - Elevation successful
========== regfind ==========
Searching for "jork_0_typ_col.exe"
No data found.
-= EOF =-
-
Please download SystemLook from one of the links below and save it to your desktop.
Link # 1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Link # 2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this (http://www.bleepingcomputer.com/forums/topic114351.html) link to see a list of security programs that should be disabled and how to disable them.
Double-click SystemLook.exe to run it.
Copy the contents of the following codebox into the main textfield.
:regfind
"error loading"
Click the Look button to start the scan.
Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).
When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt
-
I'm afraid there is still no joy
SystemLook 30.07.11 by jpshortstuff
Log created at 18:08 on 08/07/2012 by Benni
Administrator - Elevation successful
========== regfind ==========
Searching for ""error loading""
No data found.
-= EOF =-
-
Please do this even if you don't have your OS disk.Please let me know what happens.
Do you have an XP CD?
If so, place it in your CD ROM drive and follow the instructions below:
•Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.
-
Unfortunatly I don't have the XP CD. I got the lap top with an XP downgrade as I didn't want Windows Vista. I have the Vista CD though.
I followed the FSC /Scannow instructions. It went through it all. There was no message after it finished so I assume everything was ok.
-
Unfortunatly I don't have the XP CD. I got the lap top with an XP downgrade as I didn't want Windows Vista. I have the Vista CD though.
I followed the FSC /Scannow instructions. It went through it all. There was no message after it finished so I assume everything was ok.
If it didn't ask for the XP disk that means all the OS files are ok. I'm at a loss as to what's causing this error.
-
Ok. No worries. Other than that message on startup everything seems to be working ok. I really appreciate the time and effort you've spent helping me sort my laptop out.
Thank you
-
We should do some cleanup before you go.
Download this program and run it Uninstall ComboFix (http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE) .It will remove ComboFix for you
*******************************************
To turn off Windows XP System Restore:
NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.
To turn on Windows XP System Restore:
1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.
************************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
************************************************
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!