|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
taz71498
Forums Admin
Premium Member
Joined: Jan 30, 2004
Posts: 20218
|
 Posted: Wed Jun 25, 2008 8:38 pm Post subject: |
|
|
Actually no, I would like you to do this:
Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New HijackThis log.
|
|
| Back to top |
|
 |
krobi92
Trooper
Joined: May 22, 2008
Posts: 18
|
| Posted: Fri Jun 27, 2008 1:22 am Post subject: New Logs |
|
|
Here are the updated logs:
COMBOFIX:
ComboFix 08-06-20.4 - Krista 2008-06-26 21:13:06.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1784 [GMT -4:00]
Running from: C:\Users\Krista\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Uninstall Fun Web Products.dll
C:\Users\Krista\AppData\Roaming\inst.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 01:06 --------- d-----w C:\Program Files\Lx_cats
2008-06-26 23:54 --------- d-----w C:\ProgramData\Google Updater
2008-06-26 21:43 --------- d-----w C:\Program Files\Datel
2008-06-26 18:55 --------- d-----w C:\Users\Krista\AppData\Roaming\Spare Backup
2008-06-26 13:02 --------- d-----w C:\ProgramData\WildTangent
2008-06-26 12:29 --------- d-----w C:\Users\Krista\AppData\Roaming\SBTT
2008-06-26 12:20 --------- d-----w C:\Program Files\Gateway Games
2008-06-23 01:14 --------- d-----w C:\Program Files\RealArcade
2008-06-23 00:48 --------- d-----w C:\Users\Krista\AppData\Roaming\PlayFirst
2008-06-23 00:48 --------- d-----w C:\ProgramData\PlayFirst
2008-06-22 22:13 --------- d-----w C:\Users\Krista\AppData\Roaming\Oberon Games
2008-06-22 22:13 --------- d-----w C:\ProgramData\Oberon Games
2008-06-22 22:12 --------- d-----w C:\Program Files\WildGames
2008-06-22 16:31 --------- d-----w C:\Program Files\NBC Direct
2008-06-14 15:48 --------- d-----w C:\ProgramData\HipSoft
2008-06-12 01:15 --------- d-----w C:\Program Files\QuickTime
2008-06-12 01:14 --------- d-----w C:\ProgramData\Apple Computer
2008-06-11 17:07 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-06-11 16:39 --------- d-----w C:\Program Files\Windows Mail
2008-06-10 03:12 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-06-09 23:13 --------- d-----w C:\ProgramData\ATTToolbar
2008-06-09 13:59 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-09 13:58 --------- d-----w C:\Users\Krista\AppData\Roaming\Download Manager
2008-06-06 13:45 --------- d-----w C:\Program Files\AMD
2008-06-05 20:04 34,296 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-06-05 20:04 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-06-04 19:58 --------- d-----w C:\Users\Krista\AppData\Roaming\ZoomBrowser EX
2008-06-04 14:06 --------- d-----w C:\Program Files\Google
2008-06-03 11:40 --------- d-----w C:\Program Files\The Weather Channel FW
2008-06-02 23:18 --------- d-----w C:\ProgramData\Sandlot Games
2008-06-02 12:45 --------- d-----w C:\Users\Krista\AppData\Roaming\ATTToolbar
2008-06-02 12:45 --------- d-----w C:\ProgramData\Microsoft Help
2008-06-02 12:45 --------- d-----w C:\Program Files\Yahoo!
2008-06-02 12:45 --------- d-----w C:\Program Files\Microsoft Works
2008-06-02 12:45 --------- d-----w C:\Program Files\Lexmark Toolbar
2008-06-02 12:45 --------- d-----w C:\Program Files\DVDFab Platinum 4
2008-06-02 12:45 --------- d-----w C:\Program Files\ATTToolbar
2008-06-01 23:15 --------- d-----w C:\ProgramData\Sony Online Entertainment
2008-05-31 01:53 356 ----a-w C:\Users\Krista\AppData\Roaming\wklnhst.dat
2008-05-31 00:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-30 03:35 --------- d-----w C:\Program Files\ZonedOut
2008-05-30 03:13 --------- d-----w C:\Users\Krista\AppData\Roaming\Malwarebytes
2008-05-30 03:13 --------- d-----w C:\ProgramData\Malwarebytes
2008-05-30 02:50 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-05-29 19:15 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-29 14:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-28 15:45 --------- d-----w C:\ProgramData\DVD Shrink
2008-05-28 13:36 --------- d-----w C:\Program Files\DVD Shrink
2008-05-28 00:54 --------- d-----w C:\Users\Krista\AppData\Roaming\Vso
2008-05-28 00:54 --------- d-----w C:\Program Files\DVDFab 5
2008-05-27 13:50 --------- d-----w C:\Program Files\Coupons
2008-05-22 14:26 --------- d-----w C:\ProgramData\Yahoo! Companion(1099)
2008-05-22 13:22 --------- d-----w C:\Program Files\Trend Micro
2008-05-17 21:16 --------- d-----w C:\Program Files\ATT Internet Tools
2008-05-11 22:39 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-09 19:58 --------- d-----w C:\ProgramData\ZoomBrowser
2008-05-06 12:43 --------- d-----w C:\Program Files\The Learning Company
2008-05-04 19:44 --------- d-----w C:\ProgramData\Fugazo
2008-05-03 12:14 --------- d-----w C:\Users\Krista\AppData\Roaming\Meridian93
2008-05-03 12:14 --------- d-----w C:\ProgramData\Meridian93
2008-05-03 02:09 --------- d-----w C:\ProgramData\FreshGames
2008-05-03 01:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-02 22:05 --------- d-----w C:\Users\Krista\AppData\Roaming\Sandlot Games
2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-04-23 04:42 428,544 ----a-w C:\Windows\System32\EncDec.dll
2008-04-23 04:42 293,376 ----a-w C:\Windows\System32\psisdecd.dll
2008-04-01 01:16 47,360 ----a-w C:\Users\Krista\AppData\Roaming\pcouffin.sys
2008-03-29 08:19 372,736 ----a-w C:\Windows\System32\ATIDEMGX.dll
2008-03-29 08:19 315,392 ----a-w C:\Windows\System32\atipdlxx.dll
2008-03-29 08:19 159,744 ----a-w C:\Windows\System32\atitmmxx.dll
2008-03-29 08:18 43,520 ----a-w C:\Windows\System32\ati2edxx.dll
2008-03-29 08:18 253,952 ----a-w C:\Windows\System32\Ati2evxx.dll
2008-03-29 08:18 249,856 ----a-w C:\Windows\System32\Oemdspif.dll
2008-03-29 08:17 667,648 ----a-w C:\Windows\System32\Ati2evxx.exe
2008-03-29 08:12 9,662,464 ----a-w C:\Windows\System32\atioglxx.dll
2008-03-29 08:10 1,499,136 ----a-w C:\Windows\System32\atidxx32.dll
2008-03-29 08:05 3,074,560 ----a-w C:\Windows\System32\atiumdag.dll
2008-03-29 07:51 4,088,320 ----a-w C:\Windows\System32\atiumdva.dll
2008-03-29 07:41 47,104 ----a-w C:\Windows\System32\amdpcom32.dll
2008-03-27 20:18 108,144 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-03-23 22:45 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}]
2008-05-15 11:50 1865544 --a------ C:\PROGRA~1\ATTToolbar\ATTToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}"= "C:\PROGRA~1\ATTToolbar\ATTToolbar.dll" [2008-05-15 11:50 1865544]
[HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-94be-fd60bb9aae29}]
[HKEY_CLASSES_ROOT\ATTToolbar.ATTTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}"= C:\PROGRA~1\ATTToolbar\ATTToolbar.dll [2008-05-15 11:50 1865544]
[HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-94be-fd60bb9aae29}]
[HKEY_CLASSES_ROOT\ATTToolbar.ATTTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]
"Sidebar"="C:\Program Files\windows sidebar\sidebar.exe" [2008-01-19 03:33 1233920]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-05-14 13:41 785520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModPS2"="ModPS2Key.exe" [2006-11-07 18:34 53248 C:\Windows\ModPS2Key.exe]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 00:35 4702208 C:\Windows\RtHDVCpl.exe]
"Spare Backup"="C:\Program Files\Spare Backup\SpareBackup.exe" [2007-09-13 20:22 5252936]
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-05-04 02:38 291760]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-03-05 03:40 20480]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-05-04 02:40 312240]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 08:35 176128]
"ReminderApp"="C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe" [2004-09-01 19:34 139264]
"Skytel"="Skytel.exe" [2007-10-10 23:04 1826816 C:\Windows\SkyTel.exe]
"blspcloader"="C:\Program Files\ATT Internet Tools\blsloader.exe" [2008-05-17 17:15 98304]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 21:56 5367664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-07-13 18:56 40072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 03:33 1233920]
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Run Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2008-03-11 10:39:27 1175552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"vidc.VP31"= vp31vfw.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\Windows\pss\BigFix.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2006-11-07 18:08 547840 C:\Windows\zHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
--a------ 2006-09-06 16:12 323216 C:\Program Files\Napster\napster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
--a------ 2005-01-27 13:13 36864 C:\Windows\ShowWnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 16:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0241D97C-CE58-4245-A198-4432D40800ED}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{72E9655D-E874-4772-A021-BC792D5F7150}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E56C60A0-D5B4-4663-BC39-B7C8386A73B8}"= UDP:C:\Program Files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{4C41F1CC-9D65-468E-AD48-29582DEAAB72}"= TCP:C:\Program Files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{5A032594-94B1-4A04-ACA2-EA18E24FDFE9}"= UDP:C:\Program Files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{4D57750D-8695-46AE-B96C-7665A886CDC4}"= TCP:C:\Program Files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{E765C7E3-9A9E-4560-8435-98F32C4FC994}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DBEE7EF5-BFC8-4755-B479-18A9B2D702D6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2C8DE5C8-DD0A-496D-95AF-7284C936978E}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F92997BE-CA91-4FB8-90D5-AB51B4DE0E91}"= UDP:C:\Windows\System32\lxddcoms.exe:Lexmark Communications System
"{F10CC71B-6C73-4F57-B71D-EFE8D8CB2B3D}"= TCP:C:\Windows\System32\lxddcoms.exe:Lexmark Communications System
"{204E4F0E-8351-4AB5-9CB5-A5A90F2E36C2}"= UDP:C:\Program Files\AMD\On Demand\bin\Orb.exe:Orb
"{4FFC0F28-51C6-43D9-A734-01363B889E67}"= TCP:C:\Program Files\AMD\On Demand\bin\Orb.exe:Orb
"{46045CB3-EA75-4CED-8DB2-F411FD2E83BE}"= UDP:C:\Program Files\AMD\On Demand\bin\OrbTray.exe:OrbTray
"{64DBDA14-0668-4244-AF60-DD4731CA363F}"= TCP:C:\Program Files\AMD\On Demand\bin\OrbTray.exe:OrbTray
"{2E22700D-9164-49D3-87A8-724559318B5B}"= UDP:C:\Program Files\AMD\On Demand\bin\OrbIR.exe:OrbIR
"{3212E120-2218-4A96-A004-B5AD6AED3E8A}"= TCP:C:\Program Files\AMD\On Demand\bin\OrbIR.exe:OrbIR
"{7F5D822D-52F0-465A-B0EC-182CE5040CE6}"= UDP:C:\Program Files\AMD\On Demand\bin\OrbStreamerClient.exe:Orb Stream Client
"{5B9A1331-8618-411F-B801-B904700E7490}"= TCP:C:\Program Files\AMD\On Demand\bin\OrbStreamerClient.exe:Orb Stream Client
"{DB01A318-54F2-4442-81C6-E44BFCA02805}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{20CF8E0D-812A-4D19-8229-756B14B21654}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{A2398699-8644-4DEC-A7FC-FC567D5CDCF9}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxddjswx.exe:
"{17CE2B1B-A1AE-4C34-B84E-EA416D4A7AC9}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxddjswx.exe:
"{B6D98062-E1F6-4DDB-AEA8-868ED04A6D09}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxddtime.exe:
"{77571C04-9CD8-4C8E-B093-0F8FF89CCC65}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxddtime.exe:
"{844CCE56-DC98-47ED-B288-65211EF14F2F}"= UDP:C:\Program Files\Lexmark 2500 Series\lxddmon.exe:
"{F546C35E-688F-4B99-8EC5-0963869071C9}"= TCP:C:\Program Files\Lexmark 2500 Series\lxddmon.exe:
"{3AF47A57-5144-42D1-AB42-FC86340DDFF0}"= C:\Program Files\WiFiConnector\NintendoWFCReg.exe:Nintendo Wi-Fi USB Connector
"{360952F3-9797-4D5C-89C9-B17DFC081A5F}"= UDP:C:\Program Files\Lexmark 2500 Series\lxddmon.exe:
"{4A0372CC-CC39-4F11-B7D0-0F90C70B886C}"= TCP:C:\Program Files\Lexmark 2500 Series\lxddmon.exe:
"TCP Query User{FDD64ECC-4207-4858-8CC9-65F09C05EC89}C:\\program files\\amd\\on demand\\bin\\orb.exe"= UDP:C:\program files\amd\on demand\bin\orb.exe:Orb Application
"UDP Query User{538A4928-5745-4D55-9B4D-0EF61A21CBF5}C:\\program files\\amd\\on demand\\bin\\orb.exe"= TCP:C:\program files\amd\on demand\bin\orb.exe:Orb Application
"TCP Query User{9F99194A-5E27-4A14-8066-E0BDDB788317}C:\\program files\\amd\\on demand\\bin\\orbir.exe"= UDP:C:\program files\amd\on demand\bin\orbir.exe:
"UDP Query User{FA5EE875-421E-4D37-9D91-0062EF7B956B}C:\\program files\\amd\\on demand\\bin\\orbir.exe"= TCP:C:\program files\amd\on demand\bin\orbir.exe:
"TCP Query User{AA290A60-8C64-4DC5-AAAE-7B7465823806}C:\\program files\\amd\\on demand\\bin\\orbtray.exe"= UDP:C:\program files\amd\on demand\bin\orbtray.exe:Orb
"UDP Query User{C762A406-DC9D-42F4-9F3D-5102E48B3E06}C:\\program files\\amd\\on demand\\bin\\orbtray.exe"= TCP:C:\program files\amd\on demand\bin\orbtray.exe:Orb
"TCP Query User{87F962D8-10D8-4B53-8233-E8A6A5199978}C:\\program files\\lexmark 2500 series\\lxddamon.exe"= UDP:C:\program files\lexmark 2500 series\lxddamon.exe:Device Monitor Application
"UDP Query User{5C0D7C83-76D4-47CC-B938-99DBBF70F9AC}C:\\program files\\lexmark 2500 series\\lxddamon.exe"= TCP:C:\program files\lexmark 2500 series\lxddamon.exe:Device Monitor Application
"TCP Query User{7745F251-2881-4AE2-A5AF-05F95FD27AEA}C:\\program files\\shareaza\\shareaza.exe"= UDP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"UDP Query User{C385E7F9-88B1-4BA9-8E14-2A02569FF98A}C:\\program files\\shareaza\\shareaza.exe"= TCP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"{6A865C9B-2DBE-49C3-BAD8-74873DECECDA}"= UDP:6346:Shareaza
"TCP Query User{D3520FE0-E9AB-4239-9C80-E2F91D2E445D}C:\\program files\\lexmark 2500 series\\app4r.exe"= UDP:C:\program files\lexmark 2500 series\app4r.exe:Printing Application
"UDP Query User{7D56AE20-8C9A-40D3-928E-446824A87E6F}C:\\program files\\lexmark 2500 series\\app4r.exe"= TCP:C:\program files\lexmark 2500 series\app4r.exe:Printing Application
"TCP Query User{1FA955BF-3552-4E30-8803-F58CFEB14EFF}C:\\windows\\system32\\msiexec.exe"= UDP:C:\windows\system32\msiexec.exe:Windows® installer
"UDP Query User{C5AA9EE2-174B-46B0-A5B3-1BD2AFBD6F24}C:\\windows\\system32\\msiexec.exe"= TCP:C:\windows\system32\msiexec.exe:Windows® installer
"TCP Query User{C2C96CB6-F8C4-48C7-8F3A-4E6473A7FF7E}C:\\program files\\nbc direct\\storefrontplayer.exe"= UDP:C:\program files\nbc direct\storefrontplayer.exe:NBC Direct Beta
"UDP Query User{AA87FEA2-4BE9-4C4C-A854-F33F1FD2C3F5}C:\\program files\\nbc direct\\storefrontplayer.exe"= TCP:C:\program files\nbc direct\storefrontplayer.exe:NBC Direct Beta
"{B1F09053-104A-477F-944E-026841342474}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{EE1E7AE0-95FE-4CDD-95FF-A8C7595E2DB9}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{16E23DAC-D7D8-4AF8-9FB8-DC2B815DCAA6}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxddjswx.exe:
"{4442D35A-E295-4E98-8063-0E84811C2B2F}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxddjswx.exe:
"{C340682B-8A2C-4D62-8365-CAC7AC384E12}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxddtime.exe:
"{A2652947-9DFD-4D0D-922E-7837435B61C9}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxddtime.exe:
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R2 lxdd_device;lxdd_device;C:\Windows\system32\lxddcoms.exe [2007-05-25 10:41]
R2 OpenCASE Media Agent;OpenCASE Media Agent;"C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe" [2008-01-16 15:57]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-29 06:24]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 10:41]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe" [2008-05-05 18:25]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys [2007-11-02 15:36]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 20:03]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\system32\DRIVERS\motport.sys [2007-06-18 15:18]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-01-19 13:53]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-01-19 13:53]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 03:30]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-27 01:15:15 C:\Windows\Tasks\User_Feed_Synchronization-{5B38BF39-55E4-419B-BD86-363DB9906095}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-06-23 14:00:01 C:\Windows\Tasks\wrSpySweeper_L41B473E50E034FD5B44B8400FF5973C7.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe>/ScheduleSweep=wrSpySweeper_L41B473E50E034FD5B44B8400FF5973C7
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- C:\
"2008-06-23 15:00:08 C:\Windows\Tasks\wrSpySweeper_L6B0F6A60B4B04CFD8E8BC1974B457B6C.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe>/ScheduleSweep=wrSpySweeper_L6B0F6A60B4B04CFD8E8BC1974B457B6C
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- C:\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 21:16:41
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-26 21:17:35
ComboFix-quarantined-files.txt 2008-06-27 01:17:31
The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.
265 --- E O F --- 2008-06-25 07:01:08
HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:37 PM, on 6/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AMD\On Demand\bin\OrbTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\ModPS2Key.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
C:\Program Files\ATT Internet Tools\blsloader.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AMD\On Demand\bin\Orb.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\ATT Internet Tools\blspc.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTToolbar\ATTToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\Windows\System32\TwcToolbarBho.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTToolbar\ATTToolbar.dll
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [ReminderApp] "C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\ATT Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\windows sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Run Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8753 bytes
Thanks again for your time,
krobi92
|
|
| Back to top |
|
|
taz71498
Forums Admin
Premium Member
Joined: Jan 30, 2004
Posts: 20218
|
| Posted: Fri Jun 27, 2008 11:48 pm Post subject: |
|
|
Well, I am not seeing too much.
I want you to run HJT again and check these items and then on Fix:
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
Are you still getting re-directed once in awhile? And if so, where are you getting re-directed to?
|
|
| Back to top |
|
|
krobi92
Trooper
Joined: May 22, 2008
Posts: 18
|
| Posted: Mon Jun 30, 2008 2:04 am Post subject: |
|
|
Hi Taz,
I did what you told me to do. I am still getting occasional redirects. The redirect is to a Google search page with this link as an example: "http://ad.yieldmanager.com/st?ad_type=iframe"
Thanks again,
krobi92
|
|
| Back to top |
|
|
taz71498
Forums Admin
Premium Member
Joined: Jan 30, 2004
Posts: 20218
|
| Posted: Mon Jun 30, 2008 10:19 pm Post subject: |
|
|
Please download ATF Cleaner by Atribune.
This program is for Windows 98/ME/2K/XP and Vista
- Double-click ATF-Cleaner.exe to run the program.
- Under Main choose: Select All
- Click the Empty Selected button.
If you use Firefox browser - Click Firefox at the top and choose: Select All
- Click the Empty Selected button.
- NOTE: If you would like to keep your saved passwords, please click
-
- No at the prompt.
If you use Opera browser - Click Opera at the top and choose: Select All
- Click the Empty Selected button.
- NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
I also would like you to run an online virus scan:
Disable your antivirus program and go here and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee. When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit > Select All then copy the log and paste it back here.
|
|
| Back to top |
|
|
krobi92
Trooper
Joined: May 22, 2008
Posts: 18
|
| Posted: Tue Jul 01, 2008 12:16 pm Post subject: |
|
|
Hi again Taz,
Here we go:
BitDefender Scan:
BitDefender Online Scanner
Scan report generated at: Mon, Jun 30, 2008 - 23:18:58
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;
Statistics
Time
01:46:36
Files
933161
Folders
27876
Boot Sectors
3
Archives
16693
Packed Files
33905
Results
Identified Viruses
0
Infected Files
0
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
0
Engines Info
Virus Definitions
1300862
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
16
Archive plugins
42
Unpack plugins
7
E-mail plugins
6
System plugins
5
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
No virus found.
I also ran the ATF Cleaner program. Where is this redirect bugger hiding???!!! It is still happening. Sometimes more times than others, and always to a Google search page.
Thanks again,
krobi92
|
|
| Back to top |
|
|
taz71498
Forums Admin
Premium Member
Joined: Jan 30, 2004
Posts: 20218
|
| Posted: Tue Jul 01, 2008 10:06 pm Post subject: |
|
|
Hmmm, sometimes it leaves cookies behind but we just cleaned that out.
I am trying to figure out what you have run already and what you haven't for antispyware.
I am not seeing anything in the logs so far.
I don't recall if you ran this program yet or not but if not:
Download and scan with SUPERAntiSpyware Free for Home Users - Double-click SUPERAntiSpyware.exe and use the default settings for installation.
- An icon will be created on your desktop. Double-click that icon to launch the program.
- If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
- Under "Configuration and Preferences", click the Preferences button.
- Click the Scanning Control tab.
- Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
- Click the "Close" button to leave the control center screen.
- Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
- On the left, make sure you check C:\Fixed Drive.
- On the right, under "Complete Scan", choose Perform Complete Scan.
- Click "Next" to start the scan. Please be patient while it scans your computer.
- After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
- Make sure everything has a checkmark next to it and click "Next".
- A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
- If asked if you want to reboot, click "Yes".
- To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
- Click Close to exit the program.
|
|
| Back to top |
|
|
krobi92
Trooper
Joined: May 22, 2008
Posts: 18
|
| Posted: Wed Jul 02, 2008 7:38 pm Post subject: |
|
|
SUPERAntispyware Log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/02/2008 at 12:37 PM
Application Version : 4.15.1000
Core Rules Database Version : 3495
Trace Rules Database Version: 1486
Scan type : Complete Scan
Total Scan Time : 14:00:33
Memory items scanned : 689
Memory threats detected : 0
Registry items scanned : 7201
Registry threats detected : 0
File items scanned : 1385539
File threats detected : 378
Adware.Tracking Cookie
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\krista@doubleclick[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\krista@doubleclick[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@account.toontown[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@ad.yieldmanager[2].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@adinterax[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@adopt.euroclick[2].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@adopt.specificclick[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@adrevolver[2].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@ads.bridgetrack[2].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@ads.gamesbannernet[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@ads.mediamayhemcorp[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@ads.revsci[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@ads.vegas[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@advertising[2].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@anad.tacoda[2].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@app.insightgrit[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@atdmt[2].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@bannerads.zwire[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@bannerads.zwire[3].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@blockbuster.112.2o7[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@buildabear.122.2o7[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@burstnet[2].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@cbs.112.2o7[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@chitika[2].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@collective-media[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@doubleclick[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@fastclick[2].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@insightexpressai[2].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@interclick[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@kontera[2].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@livenation.122.2o7[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@media.adrevolver[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@metacafe.122.2o7[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@myaccount.sparebackup[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@nba.112.2o7[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@nintendo.112.2o7[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@realmedia[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@revsci[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@richmedia.yahoo[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@roiservice[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@samsclub.112.2o7[2].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@specificclick[2].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@stats.sparebackup[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@stats.sparebackup[2].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@tacoda[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@ticketsnow.112.2o7[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@ticketsnow[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@track.bestbuy[2].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@tracking.gajmp[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@trafficmp[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@tribalfusion[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@www.burstbeacon[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@www.burstnet[2].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@www.clickmanage[2].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@www.findgift[2].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@www.googleadservices[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@www.googleadservices[2].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@www.googleadservices[3].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@www.ticketsnow2[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@www.ticketsnow[1].txt
C:\Documents and Settings\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@zedo[2].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\krista@doubleclick[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@account.toontown[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@ad.yieldmanager[2].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@adinterax[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@adopt.euroclick[2].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@adopt.specificclick[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@adrevolver[2].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@ads.bridgetrack[2].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@ads.gamesbannernet[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@ads.mediamayhemcorp[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@ads.revsci[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@ads.vegas[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@advertising[2].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@anad.tacoda[2].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@app.insightgrit[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@atdmt[2].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@bannerads.zwire[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@bannerads.zwire[3].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@blockbuster.112.2o7[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@buildabear.122.2o7[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@burstnet[2].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@cbs.112.2o7[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@chitika[2].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@collective-media[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@doubleclick[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@fastclick[2].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@insightexpressai[2].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@interclick[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@kontera[2].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@livenation.122.2o7[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@media.adrevolver[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@metacafe.122.2o7[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@myaccount.sparebackup[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@nba.112.2o7[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@nintendo.112.2o7[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@realmedia[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@revsci[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@richmedia.yahoo[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@roiservice[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@samsclub.112.2o7[2].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@specificclick[2].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@stats.sparebackup[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@stats.sparebackup[2].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@tacoda[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@ticketsnow.112.2o7[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@ticketsnow[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@track.bestbuy[2].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@tracking.gajmp[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@trafficmp[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@tribalfusion[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@www.burstbeacon[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@www.burstnet[2].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@www.clickmanage[2].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@www.findgift[2].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@www.googleadservices[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@www.googleadservices[2].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@www.googleadservices[3].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@www.ticketsnow2[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@www.ticketsnow[1].txt
C:\Documents and Settings\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@zedo[2].txt
C:\Documents and Settings\Krista\Cookies\krista@doubleclick[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@account.toontown[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@ad.yieldmanager[2].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@adinterax[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@adopt.euroclick[2].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@adopt.specificclick[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@adrevolver[2].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@ads.bridgetrack[2].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@ads.gamesbannernet[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@ads.mediamayhemcorp[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@ads.revsci[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@ads.vegas[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@advertising[2].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@anad.tacoda[2].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@app.insightgrit[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@atdmt[2].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@bannerads.zwire[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@bannerads.zwire[3].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@blockbuster.112.2o7[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@buildabear.122.2o7[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@burstnet[2].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@cbs.112.2o7[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@chitika[2].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@collective-media[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@doubleclick[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@fastclick[2].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@insightexpressai[2].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@interclick[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@kontera[2].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@livenation.122.2o7[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@media.adrevolver[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@metacafe.122.2o7[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@myaccount.sparebackup[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@nba.112.2o7[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@nintendo.112.2o7[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@realmedia[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@revsci[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@richmedia.yahoo[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@roiservice[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@samsclub.112.2o7[2].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@specificclick[2].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@stats.sparebackup[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@stats.sparebackup[2].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@tacoda[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@ticketsnow.112.2o7[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@ticketsnow[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@track.bestbuy[2].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@tracking.gajmp[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@trafficmp[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@tribalfusion[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@www.burstbeacon[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@www.burstnet[2].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@www.clickmanage[2].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@www.findgift[2].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@www.googleadservices[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@www.googleadservices[2].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@www.googleadservices[3].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@www.ticketsnow2[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@www.ticketsnow[1].txt
C:\Documents and Settings\Krista\Cookies\Low\krista@zedo[2].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@account.toontown[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@ad.yieldmanager[2].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@adinterax[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@adopt.euroclick[2].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@adopt.specificclick[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@adrevolver[2].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@ads.as4x.tmcs.ticketmaster[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@ads.as4x.tmcs[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@ads.bridgetrack[2].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@ads.gamesbannernet[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@ads.mediamayhemcorp[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@ads.revsci[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@ads.vegas[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@advertising[2].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@anad.tacoda[2].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@app.insightgrit[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@atdmt[2].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@bannerads.zwire[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@bannerads.zwire[3].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@blockbuster.112.2o7[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@buildabear.122.2o7[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@burstnet[2].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@cbs.112.2o7[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@chitika[2].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@collective-media[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@doubleclick[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@dynamic.media.adrevolver[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@fastclick[2].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@insightexpressai[2].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@interclick[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@kontera[2].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@livenation.122.2o7[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@media.adrevolver[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@metacafe.122.2o7[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@myaccount.sparebackup[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@nba.112.2o7[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@nintendo.112.2o7[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@realmedia[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@revsci[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@richmedia.yahoo[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@roiservice[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@samsclub.112.2o7[2].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@specificclick[2].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@stats.sparebackup[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@stats.sparebackup[2].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@tacoda[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@ticketsnow.112.2o7[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@ticketsnow[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@track.bestbuy[2].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@tracking.gajmp[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@trafficmp[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@tribalfusion[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@www.burstbeacon[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@www.burstnet[2].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@www.clickmanage[2].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@www.findgift[2].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@www.googleadservices[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@www.googleadservices[2].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@www.googleadservices[3].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@www.ticketsnow2[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@www.ticketsnow[1].txt
C:\Users\Krista\AppData\Roaming\Microsoft\Windows\Cookies\Low\krista@zedo[2].txt
C:\Users\Krista\Application Data\Microsoft\Windows\Cookies\krista@doubleclick[1].txt
C:\Users\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@account.toontown[1].txt
C:\Users\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@ad.yieldmanager[2].txt
C:\Users\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@adinterax[1].txt
C:\Users\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@adopt.euroclick[2].txt
C:\Users\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@adopt.specificclick[1].txt
C:\Users\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@adrevolver[2].txt
C:\Users\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@ads.as4x.tmcs.ticketmaster[1].txt
C:\Users\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@ads.as4x.tmcs[1].txt
C:\Users\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@ads.bridgetrack[2].txt
C:\Users\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@ads.gamesbannernet[1].txt
C:\Users\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@ads.mediamayhemcorp[1].txt
C:\Users\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@ads.revsci[1].txt
C:\Users\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@ads.vegas[1].txt
C:\Users\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@advertising[2].txt
C:\Users\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@anad.tacoda[2].txt
C:\Users\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@app.insightgrit[1].txt
C:\Users\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@atdmt[2].txt
C:\Users\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@bannerads.zwire[1].txt
C:\Users\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@bannerads.zwire[3].txt
C:\Users\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@blockbuster.112.2o7[1].txt
C:\Users\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@buildabear.122.2o7[1].txt
C:\Users\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@burstnet[2].txt
C:\Users\Krista\Application Data\Microsoft\Windows\Cookies\Low\krista@ | | |
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
