Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop Virus Problems [CLOSED]

Started by JTBRLZ , May 19 2008 11:20 PM

  • This topic is locked This topic is locked

#1
JTBRLZ
Posted 19 May 2008 - 11:20 PM

JTBRLZ

    Member

  • Member
  • PipPip
  • 14 posts
I just posted my list of logs for my PC, I've been having similar problems with my laptop so I did the same thing with it. The SUPERAntiSpyware Scan was going for twenty hours and it still hadn't finished, so I ended it. Here are the logs:

Malwarebytes' Log

[quote]Malwarebytes' Anti-Malware 1.12
Database version: 763

Scan type: Quick Scan
Objects scanned: 34830
Time elapsed: 17 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 27
Registry Values Infected: 12
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Users\Jimmy\AppData\Local\Temp\awtqrpqo.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Windows\System32\awtsTMed.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{18f4fbd5-cde8-492c-9365-1912378eecfe} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18f4fbd5-cde8-492c-9365-1912378eecfe} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gktxaspm.bexa (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{10b9e92f-421e-44b2-a093-9de0f3fab2bc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gktxaspm.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{191bdfc1-2d14-4cc6-8c83-a4a3af9f99d2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{191bdfc1-2d14-4cc6-8c83-a4a3af9f99d2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{768fb233-15e7-4f97-939a-c998e8d4adf9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a998690b-a72f-4e3b-8aa0-be953dccef4b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2c1f0e45-4584-4553-bc12-21a5b990958b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4b0089ad-66fc-4333-9206-d293399fba5a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{dcd8d419-f10f-43e3-9b62-40fdd7837350} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{74475532-2e19-454f-9e68-f7b6bc88833d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7a67c084-a290-4f3d-9c40-50edb5721e2c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{279a1421-296b-4652-b7e2-be3c6b624384} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f394784-85a4-4704-ae9e-be4e3ad8e9ad} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cfc31a7c-3bd8-412c-84f8-705543cce3f9} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bbe38f1f-ee80-4319-83cc-d27bc063637f} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{27525231-c619-45a4-a953-8817c7745d26} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ce6f7222-cfbd-4b8b-a38a-7e3029d4933d} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{831c798d-f9ad-4659-8625-63f2a439f439} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{831c798d-f9ad-4659-8625-63f2a439f439} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{19e2062c-1bb6-4003-8998-7f7a5624a0b2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{34693cdd-9ef7-42b4-8367-4203b4d175a0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{18f4fbd5-cde8-492c-9365-1912378eecfe} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{10b9e92f-421e-44b2-a093-9de0f3fab2bc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\pxgdslro (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\MonAlrt (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\RamBoot (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WinSetup (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1ce7fc2d (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advap32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gnowmebk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Jimmy\AppData\Local\Temp\awtqrpqo.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\awtsTMed.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\gktxaspm.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\nldfmtapgpv.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\cbXqopQg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\pmnkhIay.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\pxgdslro.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Windows\Resources\MonAlrt.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Windows\Resources\RamBoot.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Windows\Resources\WinSetup.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Users\Jimmy\AppData\Local\Temp\xXPFyyxx.dll (Trojan.Agent) -> Delete on reboot.
C:\Users\Jimmy\AppData\Local\Temp\qsngjafw.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\esta.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\nldfmtappek.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\mdtgkswr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\gnowmebk.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.[/quote]

SUPERAntiSpyware Logs

[quote]SUPERAntiSpyware Scan Log
Generated 05/19/2008 at 02:23 AM

Application Version : 3.6.1000

Core Rules Database Version : 3463
Trace Rules Database Version: 1454

Scan type : Complete Scan
Total Scan Time : 06:04:52

Memory items scanned : 740
Memory threats detected : 0
Registry items scanned : 7877
Registry threats detected : 2
File items scanned : 146078
File threats detected : 357

Adware.Vundo Variant/Rel
HKU\S-1-5-21-165562352-2377708643-16634805-1000\Software\Microsoft\Windows\CurrentVersion\Run#MSServer [ rundll32.exe C:\Users\Jimmy\AppData\Local\Temp\awtqrpqo.dll,#1 ]
HKU\S-1-5-21-165562352-2377708643-16634805-1000\Software\Microsoft\Windows\CurrentVersion\Run#cmds [ rundll32.exe C:\Users\Jimmy\AppData\Local\Temp\xXPFyyxx.dll,c ]

Adware.Tracking Cookie
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@2o7[2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@adbrite[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@adinterax[2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@adlegend[2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@adrevolver[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@adtech[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@adultadworld[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@advertising[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@advertising[2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@apmebf[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@arbitrack[2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@atdmt[2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@atwola[2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@azjmp[2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@bfast[2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@bluestreak[2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@burstnet[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@casalemedia[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@clicksor[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@doubleclick[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@easy-xxx[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@easycracks[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@entrepreneur[2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@eyewonder[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@fastclick[2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@freepornsite[2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@hitbox[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@hornymatches[2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@imrworldwide[2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@insightexpressai[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@interclick[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@media6degrees[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@mediaplex[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@mothers[bleep]sons[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@mrxxxsex[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@overture[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@partner2profit[2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@partypoker[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@porntube[2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@questionmarket[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@realmedia[2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@revsci[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@serving-sys[2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@sextracker[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@slingmedia[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@specificclick[2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@statcounter[2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@superstats[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@tacoda[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@trafficmp[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@tribalfusion[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@valueclick[1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][10].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][11].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][5].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][6].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][7].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][8].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][9].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@zedo[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@2o7[2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@adbrite[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@adinterax[2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@adlegend[2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@adrevolver[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@adtech[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@adultadworld[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@advertising[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@advertising[2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@apmebf[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@arbitrack[2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@atdmt[2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@atwola[2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@azjmp[2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@bfast[2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@bluestreak[2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@burstnet[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@casalemedia[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@clicksor[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@doubleclick[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@easy-xxx[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@easycracks[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@entrepreneur[2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@eyewonder[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@fastclick[2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@freepornsite[2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@hitbox[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@hornymatches[2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@imrworldwide[2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@insightexpressai[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@interclick[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@media6degrees[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@mediaplex[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@mothers[bleep]sons[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@mrxxxsex[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@overture[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@partner2profit[2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@partypoker[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@porntube[2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@questionmarket[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@realmedia[2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@revsci[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@serving-sys[2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@sextracker[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@slingmedia[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@specificclick[2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@statcounter[2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@superstats[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@tacoda[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@trafficmp[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@tribalfusion[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@valueclick[1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][10].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][11].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][4].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][5].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][6].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][7].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][8].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][9].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Application Data\Microsoft\Windows\Cookies\Low\jimmy@zedo[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@2o7[2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@adbrite[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@adinterax[2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@adlegend[2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@adrevolver[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@adtech[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@adultadworld[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@advertising[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@advertising[2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@apmebf[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@arbitrack[2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@atdmt[2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@atwola[2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@azjmp[2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@bfast[2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@bluestreak[2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@burstnet[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@casalemedia[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@clicksor[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@doubleclick[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@easy-xxx[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@easycracks[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@entrepreneur[2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@eyewonder[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@fastclick[2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@freepornsite[2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@hitbox[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@hornymatches[2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@imrworldwide[2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@insightexpressai[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@interclick[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][3].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@media6degrees[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@mediaplex[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@mothers[bleep]sons[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@mrxxxsex[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@overture[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@partner2profit[2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@partypoker[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@porntube[2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@questionmarket[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@realmedia[2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@revsci[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@serving-sys[2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@sextracker[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@slingmedia[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@specificclick[2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@statcounter[2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@superstats[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@tacoda[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@trafficmp[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@tribalfusion[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@valueclick[1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][10].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][11].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][1].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][3].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][4].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][5].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][6].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][7].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][8].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][9].txt
C:\Documents and Settings\Jimmy\Cookies\Low\[email protected][2].txt
C:\Documents and Settings\Jimmy\Cookies\Low\jimmy@zedo[1].txt[/quote]

[quote]SUPERAntiSpyware Scan Log
Generated 05/19/2008 at 10:32 PM

Application Version : 3.6.1000

Core Rules Database Version : 3463
Trace Rules Database Version: 1454

Scan type : Complete Scan
Total Scan Time : 20:00:34

Memory items scanned : 705
Memory threats detected : 0
Registry items scanned : 7880
Registry threats detected : 2
File items scanned : 1282100
File threats detected : 7

Adware.Tracking Cookie
C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\jimmy@doubleclick[1].txt
C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\jimmy@revsci[1].txt
C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\jimmy@atwola[1].txt
C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\jimmy@atdmt[1].txt
C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\jimmy@advertising[2].txt

Adware.Vundo Variant/Rel
HKU\S-1-5-21-165562352-2377708643-16634805-1000\Software\Microsoft\Windows\CurrentVersion\Run#MSServer [ rundll32.exe C:\Users\Jimmy\AppData\Local\Temp\awtqrpqo.dll,#1 ]
HKU\S-1-5-21-165562352-2377708643-16634805-1000\Software\Microsoft\Windows\CurrentVersion\Run#cmds [ rundll32.exe C:\Users\Jimmy\AppData\Local\Temp\xXPFyyxx.dll,c ][/quote]

Panda Activescan Log

[quote];*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-05-20 00:49:17
PROTECTIONS: 1
MALWARE: 36
SUSPECTS: 32
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Symantec AntiVirus 10.2.0.276 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\o59obu6m.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\o59obu6m.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\jimmy@trafficmp[1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\o59obu6m.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\o59obu6m.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\o59obu6m.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\o59obu6m.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\o59obu6m.default\cookies.
  • 0

Advertisements

#2
greyknight17
Posted 23 May 2008 - 05:32 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Download ATF Cleaner at http://www.atribune..../click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe Save it to your Desktop before you run it.
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#3
JTBRLZ
Posted 24 May 2008 - 07:25 AM

JTBRLZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
It kept having pop ups telling me to run the "Chkdsk" utility.

ComboFix 08-05-21.3 - Jimmy 2008-05-24 9:20:31.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1259 [GMT -4:00]
Running from: C:\Users\Jimmy\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Google\googletoolbar1.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.

2008-05-20 01:13 . 2008-05-20 01:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-19 22:38 . 2008-05-19 22:39 <DIR> d-------- C:\Program Files\Panda Security
2008-05-18 20:15 . 2008-05-18 20:15 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-18 20:15 . 2008-05-18 20:15 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-05-18 20:14 . 2008-05-18 20:14 <DIR> d-------- C:\Users\Jimmy\AppData\Roaming\SUPERAntiSpyware.com
2008-05-18 20:14 . 2008-05-20 01:06 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-18 20:14 . 2008-05-18 20:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-18 19:51 . 2008-05-18 19:51 <DIR> d-------- C:\Users\Jimmy\AppData\Roaming\Malwarebytes
2008-05-18 19:51 . 2008-05-18 19:51 <DIR> d-------- C:\Users\Jimmy\AppData\Roaming\Download Manager
2008-05-18 19:51 . 2008-05-18 19:51 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-05-18 19:51 . 2008-05-18 19:51 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-05-18 19:51 . 2008-05-18 19:51 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-18 19:51 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-18 19:51 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-18 13:46 . 2008-05-18 19:44 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-18 03:19 . 2008-05-18 03:19 <DIR> d-------- C:\Users\Jimmy\AppData\Roaming\Uniblue
2008-05-18 02:51 . 2008-05-18 19:42 <DIR> d-a------ C:\Users\All Users\TEMP
2008-05-18 02:51 . 2008-05-18 19:42 <DIR> d-a------ C:\ProgramData\TEMP
2008-05-17 15:20 . 2008-05-17 15:22 <DIR> d-------- C:\Program Files\Magic Video Converter
2008-05-17 15:20 . 2004-05-26 21:37 719,872 --a------ C:\Windows\System32\devil.dll
2008-05-17 15:20 . 2003-03-19 11:03 544,768 --a------ C:\Windows\System32\msvcr71d.dll
2008-05-17 15:20 . 2006-09-16 19:44 314,368 --a------ C:\Windows\System32\avisynth.dll
2008-05-07 00:53 . 2008-05-07 00:53 99 --a------ C:\Windows\WININIT.INI
2008-05-07 00:50 . 2008-05-07 00:50 <DIR> d-------- C:\Program Files\Universal
2008-05-02 12:39 . 2008-05-02 18:01 <DIR> d-------- C:\Users\All Users\WinZip
2008-05-02 12:39 . 2008-05-02 18:01 <DIR> d-------- C:\ProgramData\WinZip
2008-05-01 15:10 . 2008-05-01 15:10 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-04-27 19:45 . 2008-05-24 09:19 <DIR> d-------- C:\Users\Jimmy\AppData\Roaming\uTorrent
2008-04-27 19:45 . 2008-04-27 19:45 <DIR> d-------- C:\Program Files\uTorrent
2008-04-26 10:39 . 2008-04-26 10:39 <DIR> d-------- C:\Users\Jimmy\Program Files
2008-04-24 19:46 . 2008-05-24 09:19 <DIR> d-------- C:\Users\Jimmy\AppData\Roaming\DNA
2008-04-24 19:46 . 2008-04-24 19:46 <DIR> d-------- C:\Program Files\DNA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 13:20 --------- d-----w C:\Program Files\Google
2008-05-24 13:01 27,335 ----a-w C:\Users\Jimmy\AppData\Roaming\nvModes.dat
2008-05-21 23:57 41,584 ----a-w C:\Windows\System32\rpcnet.dll
2008-05-21 23:57 17,408 ----a-w C:\Windows\System32\rpcnetp.exe
2008-05-15 00:04 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-15 00:04 --------- d-----w C:\Program Files\Windows Mail
2008-05-11 21:38 --------- d-----w C:\Program Files\Dl_cats
2008-05-02 22:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-02 22:03 --------- d-----w C:\Program Files\Full Tilt Poker
2008-04-17 02:09 --------- d-----w C:\Program Files\Apple Software Update
2008-04-12 18:27 --------- d-----w C:\ProgramData\TVU networks
2008-04-12 18:27 --------- d-----w C:\Program Files\TVUPlayer
2008-04-03 02:14 --------- d-----w C:\Program Files\iTunes
2008-04-03 02:14 --------- d-----w C:\Program Files\iPod
2008-04-03 02:12 --------- d-----w C:\Program Files\QuickTime
2008-03-29 21:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-29 16:41 --------- d-----w C:\Users\Jimmy\AppData\Roaming\SopCast
2008-03-27 21:24 --------- d-----w C:\Users\Jimmy\AppData\Roaming\Apple Computer
2008-03-25 03:23 --------- d-----w C:\Program Files\Fast Break Basketball
2008-03-25 01:27 --------- d-----w C:\ProgramData\Symantec
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-13 05:22 262,144 ----a-w C:\ProgramData\ntuser.dat
2007-09-15 08:14 174 --sha-w C:\Program Files\desktop.ini
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 13:09 460784]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 16:08 67160]
"BitTorrent DNA"="C:\Users\Jimmy\Program Files\DNA\btdna.exe" [2008-05-07 23:01 289088]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 20:35 857648]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-25 01:17 405504]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-25 05:13 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-25 05:13 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-25 05:13 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-06-25 05:13 67584]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 17:10 184320]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 11:24 16384]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 06:20 17920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-04 23:29 1862144]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [ ]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [2006-11-03 18:09 312200]
"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 12:57 292336]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 18:04 304008]
"DLCXCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 01:31 106496]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 18:12 107112]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-11-28 07:34 134808]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-07 23:50 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-04-26 13:35:24 2048074]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-09-04 23:06:53 50688]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 19:13:26 1180952]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-10-03 15:56:10 54512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6BB207B6-1778-4066-9CF3-6B9EEA3035C8}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{00BAD538-1A65-4FD5-9026-50CE229B5753}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C1EF83E4-0663-412C-8C2D-F432803EF32E}"= C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{C623A849-84B2-4EB7-B45C-285AFF9D4A7B}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{18A19642-6096-4773-BFBF-165C8779FBA8}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{8C10059C-02F2-458D-AA25-AB22B7E7B224}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{EFCA5ECE-54CC-4C20-B098-075E161EBCE6}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{4C8DC7B6-1140-48A2-94B3-76B124BEE8C6}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{8D1F8B4D-4441-46C0-9821-90601EA85BA3}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{44F421FB-0906-4EF0-BADB-743DC78B9602}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{D5A6481C-29AD-42BB-8FD1-5D21344AAA86}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E1FBD8F6-43DD-4A4C-9CE4-A5A676ABF980}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{0B7011B8-3054-4C42-B8F7-14D54920347E}"= UDP:C:\Windows\System32\dlcxcoms.exe:Lexmark Communications System
"{AAE24903-2B5E-48B3-A68B-5D76713B9A8C}"= TCP:C:\Windows\System32\dlcxcoms.exe:Lexmark Communications System
"{6B46026E-06F6-48C7-BCDF-B0ACE6DB99BC}"= UDP:C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor
"{3C2B93A3-EDE7-46F5-9156-FF0C55B10627}"= TCP:C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor
"{FD3D770B-7F8B-47CF-B84A-304C9E0F6599}"= UDP:C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"{2D40CD31-B21C-4440-B5FC-23571FB3B754}"= TCP:C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"{CBA86F94-A413-4DA7-8BE0-E52FF08C415E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C4FD1141-045D-4448-BFEE-292FBED272EC}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{39DA117C-0F14-4040-811A-5D456AB7BF31}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E07D17A7-63AE-48DE-A226-7F027A326498}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{80F32B34-C0C9-4BBB-A332-AEE0BE92F255}"= UDP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{9217680D-5B95-4409-92AD-FAA3ADBA75DD}"= TCP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{EF3E277D-4F3B-46DF-A7B9-72C1917B04A7}"= UDP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{E795E279-C401-4506-B87D-187AE340A31F}"= TCP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 dlcx_device;dlcx_device;C:\Windows\system32\dlcxcoms.exe [2006-10-11 17:48]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 20:39]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 03:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99d2879f-7bae-11dc-84d4-001c23922816}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 09:24:07
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\fl_cam_rating_r_01[1].swf 8876 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\getaccess[1].htm 21886 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\headerfinal2black_01[1].jpg 75195 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\headerfinal2black_02[1].jpg 65344 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\headerfinal2black_03[1].jpg 65388 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\headerfinal2black_05[1].gif 9280 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\headerfinal2black_06[1].gif 10614 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\http_404[1] 6489 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_22260_pc3_123_446lo[1].jpg 3766 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_22264_pc4_123_467lo[1].jpg 3133 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_27831_Kim_Kardashian_20060602b_122_521lo[1].jpg 5027 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_28196_Raquel_Welch___Farrah_Fawcett_122_1058lo[1].jpg 2717 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_29822_rq1_123_216lo[1].jpg 2452 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_34777_MYRA_123_774lo[1].jpg 6748 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_39601_3_122_336lo[1].jpg 5443 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_41189_6_122_1069lo[1].jpg 4572 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\icon2[1].gif 1058 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\icon_path_separator[1].gif 106 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\icon_ratestar_left_on[1].gif 199 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\icon_small_comments[1].gif 88 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\icon_small_tag[1].gif 85 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\imagebam[1].js 2446 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\image[1].gif 426 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\imgcount[1].jpg 1036 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\imgsize[1].jpg 3016 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\img[1].jpg 11751 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\img[2].jpg 13969 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_46907_orig_Kim_Kardashian_bikini_photo_shoot3_122_821lo[1].jpg 6018 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7Dcatchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
W0NDR\th_48980_LL_-_122520519_122_40lo[1].jpg 5724 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_49667_vlcsnap_1997943_123_14lo[1].jpg 3877 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_49672_vlcsnap_1998055_123_244lo[1].jpg 3538 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_50668_kim-kardashian-playboy-video-preview-04_123_1144lo[1].jpg 3975 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_56461_z3_123_400lo[1].jpg 4368 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_56467_z5_123_886lo[1].jpg 4231 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_59365_z5_123_80lo[1].jpg 3768 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\jaime_pressley[1].jpg 3183 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\Jana_Taylor[1].htm 10125 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\10[1].gif 470 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\150x113CA0I8YHF.jpg 16998 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\150x113CAEM03CN.jpg 8458 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\150x113[11].jpg 26054 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\vfs-banner_300x50_NEW[1].jpg 11489 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\video9[1].jpg 12611 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\Videos[1].js 5293 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\videos_flame_body_tile[1].jpg 4882 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_14480_kim-kardashian-01-4_122_1171lo[1].jpg 3858 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_20007_Raquel-RaquelWelch_1_123_535lo[1].jpg 5242 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_20077_03_122_575lo[1].jpg 5512 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_21028_mandy1_122_538lo[1].jpg 2150 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_21443_KimKardashianinbikinienjoystheMiamisunandsurfinMiamiBeach11_122_75
8lo[1].jpg 3534 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_21519_KimKardashianinbikinienjoystheMiamisunandsurfinMiamiBeach18_122_11
53lo[1].jpg 3267 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_21565_KimKardashianinbikinienjoystheMiamisunandsurfinMiamiBeach21_122_11
61lo[1].jpg 4315 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_95319_z4_123_565lo[1].jpg 1827 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_96793_52124celebutopiakimkardfl7_122_741lo[1].jpg 4797 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_96800_52178celebutopiakimkardqo8_122_1076lo[1].jpg 4346 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_96817_52209celebutopiakimkardzx6_122_808lo[1].jpg 5301 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\convert_rss-to-javascript_com[1].htm 8639 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\cornersmall[1].swf 7300 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\co[1].png 1068 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\css1[1].css 70235 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\defaultCA2X1EBF.jpg 4516 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\defaultCAIBT76J.jpg 3881 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\defaultCAIU7POT.jpg 3601 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\default[10].jpg 3501 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\default[11].jpg 3239 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\magnolia[1].png 501 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\mainbottom[1].jpg 1224 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\makeout_session[1].jpg 3678 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\man_s_creations[1].jpg 3814 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\massage_video_lower_back_wrap_around[1].jpg 3011 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\MediaView[1].gif 43 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\meg_white[1].jpg 3125 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\menu1[1].gif 1258 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\menu1[2].gif 1258 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\menu2[1].gif 1138 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\menuadultvideos[1].gif 1861 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\menunaughtygames[1].gif 2019 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\MetaProducts_Users_Forums[1].gif 2656 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\pic025[1].gif 43 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\pic026[1].gif 43 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\pic029[1].gif 43 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\pic031[2].gif 43 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\pic033[1].gif 43 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\pic035[1].gif 43 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\pic037[2].gif 43 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_88565_penelope_cruz_8_441lo[1].jpg 2575 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_88570_penelope_cruz_7_346lo[1].jpg 2363 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_88610_penelope_cruz_2_498lo[1].jpg 2510 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_88893_Capture_2_123_214lo[1].jpg 2390 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_90059_moore_1_122_259lo[1].jpg 3010 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_90773_RAQUEL_123_478lo[1].jpg 6481 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_93457_kimkardashianbikiniuhq1cm0_354lo[1].jpg 11193 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_93461_kimkardashianbikiniuhq2wk7_777lo[1].jpg 10048 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_93482_kimkardashianbikiniuhq2cs5_1116lo[1].jpg 10268 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_93496_kimkardashianbikiniuhq2qd6_963lo[1].jpg 9622 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\thread_hot_lock[1].gif 1156 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\thread_lock[1].gif 372 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\thread_lock[2].gif 667 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\thread_new[1].gif 601 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_05536_Kim_Kardashian_Black_Light-3_122_1073lo[1].jpg 3793 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_05541_Kim_Kardashian_Black_Light-4_122_445lo[1].jpg 3944 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_06055_11_122_494lo[1].jpg 4087 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\sv-box-left[1].gif 62 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\sv-box-separator[1].gif 62 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\SW-Mask[1].jpg 3956 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\swfobject[1].js 6351 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\s[1].htm 2 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\favicon[8].ico 318 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_41676_5_122_831lo[1].jpg 4718 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_44201_Kim_Kardashian__122_476lo[1].jpg 4278 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_44384_z1_123_529lo[1].jpg 1826 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_44418_z6_123_595lo[1].jpg 2548 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_45847_big_kim1_122_837lo[1].jpg 4041 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_45852_big_kim3_122_805lo[1].jpg 5986 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_46809_KimKardashianCBC_123_87lo[1].jpg 5335 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\pic041[2].gif 43 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\pic042[1].gif 43 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\pic043[1].gif 43 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\pic044[1].gif 43 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\pic[1].jpg 33675 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\pic[2].jpg 22796 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\feed[1].css 2218 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\feed[1].js 5529 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\ff0abbcc0227c91_1[1].jpg 750 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\firstnew[1].gif 561 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\flash_code[1].htm 2084 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\fl_cam_rating_r_01[1].flv 2126162 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\forumdisplay[1].htm 99831 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\Forums_Message[1].htm 20406 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\300X300_2[1].jpg 35381 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\3225337[1].jpg 3621 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\356609Bai_Ling_nipslip_bikni_topless_06[1].jpg 3577 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\reputation_highpos[1].gif 500 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\reputation_highpos[2].gif 500 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\reputation_pos[1].gif 501 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\ros;sect=ros;sz=300x250,300x600;tile=3;ord=6434711442063261[1] 897 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\ros;sect=ros;sz=728x90,468x60;tile=2;ord=6434711442063261[1] 3840 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\rss-to-jss-small[1].gif 310 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_64481_kkcomplex2_123_114lo[1].jpg 6201 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_65895_03_123_336lo[1].jpg 3617 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_65896_04_123_658lo[1].jpg 3025 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_69049_Patricia_Clarkson_-_The_Dying_Gaul_123_554lo[1].jpg 1779 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_70213_Rachael_Leigh_Cook_123_1142lo[1].jpg 2067 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_70219_Rachael_Leigh_Cook_949_123_908lo[1].jpg 1441 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_72144_3_122_435lo[1].jpg 6398 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_75917_ll2_745_122_386lo[1].jpg 3836 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_76679_walllohan3_122_239lo[1].jpg 4151 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_84507_lindsay-lohan-nude-vanity-f_123_866lo[1].jpg 4986 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_84508_lindsay_lohan_nude_003_123_428lo[1].jpg 6455 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\th_85010_CapByConnery2_123_22lo[1].jpg 4765 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\user_offline[1].gif 1194 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\user_offline[2].gif 597 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\vbulletin_global[1].js 43600 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\vbulletin_global[2].js 46939 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\show_ads[1].js 19863 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\show_flash_banner[1].swf 975 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\simpy[1].png 623 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\single_use_video_camera_hack_use_it_over_and_over[1].jpg 2195 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\skyscraper-smith1b-hi[1].png 181005 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\slaphappy[1].gif 177 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\sma4[1].js 6107 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\smallbutton_12[1].swf 8882 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\small_6[1].gif 748 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\tdy_kotb_gum_080128.thumb[1].jpg 2682 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\tdy_lauer_fighting_080128.thumb[1].jpg 2350 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\tdy_lauer_snyderman_080101.thumb[1].jpg 2087 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\tdy_robach_mattress_080119.thumb[1].jpg 2387 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\tdy_robach_travel_080128.thumb[1].jpg 2207 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\tdy_roker_sexdetox_080128.thumb[1].jpg 2118 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\tdy_wolfe_indoorplants_080126.thumb[1].jpg 2145 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\83048_anna_nicole_dead_spikedhumor_com_sm[1].jpg 1785 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\84973_16830_anna_17_122_203lo_sm[1].jpg 1291 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\84974_16835_anna_18_122_40lo_sm[1].jpg 1346 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\84979_16805_anna_13_122_150lo_sm[1].jpg 1223 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\84980_16642_anna_6_122_161lo_sm[1].jpg 1315 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\84983_16842_anna_20_122_25lo_sm[1].jpg 1311 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\84d9ee44e457dde[1].flv 12342076 bytes
C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Intcatchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-24 9:25:28
ComboFix-quarantined-files.txt 2008-05-24 13:25:23

Pre-Run: 59,528,839,168 bytes free
Post-Run: 59,518,459,904 bytes free

376 --- E O F --- 2008-05-16 00:03:53


  • 0

#4
greyknight17
Posted 24 May 2008 - 06:47 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
I don't recommend using BitTorrent programs or anything similar as they can contribute to malware infections.

The scans didn't pick up much here besides temp files. Did you run chkdsk? What problems are remaining?

Double click on C:\Windows\WININIT.INI to open it up in Notepad. Copy and paste the contents of that file here. Then delete everything inside that file. Copy and paste the below two lines back into it and safe the file:

[rename]
nul=

Download OTMoveIt2 at http://download.blee...r/OTMoveIt2.exe
* Save it to your desktop.
* Double-click OTMoveIt2.exe to run it. (Vista users, right click on OTMoveIt2.exe and select Run as an Administrator).
* Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\*.*

* Return to OTMoveIt2. Right click in the Paste List of Files/Folders to Move window (under the Yellow bar) and choose Paste.
* Click the red Moveit! button.
* A log of files and folders moved will be created in the C:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
* Close OTMoveIt2.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • 0

#5
JTBRLZ
Posted 24 May 2008 - 07:44 PM

JTBRLZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I tried running chkdsk it didn't work. I'm not having any problems, but after I did someone told me I should still do this.

[rename]
NULL=C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UniversalSoft

It wouldn't let me save it after renaming it.

< C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\*.* >
File/Folder C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7DW0NDR\*.* not found.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05242008_214335


A note popped up saying corrupt file as I did this.
  • 0

#6
greyknight17
Posted 25 May 2008 - 04:21 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
If that's all you have in that wininit.ini file, you may leave it alone.

What showed the note? Is everything else running ok now (back to normal)?
  • 0

#7
JTBRLZ
Posted 26 May 2008 - 08:24 AM

JTBRLZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I don't know what program it was, but it popped up in the toolbar in the bottom right corner.

Yea, everything is back to normal. So the machine should be fine now?

Edited by JTBRLZ, 26 May 2008 - 08:25 AM.

  • 0

#8
greyknight17
Posted 26 May 2008 - 06:36 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Try to grab a screenshot of that error you get at the bottom right corner. If it's some error about writing a file to disk, it could mean a bad hard drive. You can take a screenshot by hitting the Print Screen button on your keyboard and then paste it into Microsoft Paint (save it as a JPEG and attach it here).
  • 0

#9
JTBRLZ
Posted 26 May 2008 - 08:18 PM

JTBRLZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Posted Image

Attached Thumbnails

  • Untitled.jpg

  • 0

#10
greyknight17
Posted 27 May 2008 - 06:33 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
I hope you are backing up your important files regularly. If not, do so now... That doesn't look like a good sign. Go to Start->Run and type in chkdsk /r and hit OK. It will tell you that chkdsk will run on reboot. Choose to restart the computer so chkdsk will run. See if it finds any errors and if they are repairable.
  • 0

#11
JTBRLZ
Posted 27 May 2008 - 06:54 PM

JTBRLZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
It opens and then closes really fast. I've seen that warning pop up in the toolbar for other things though.
  • 0

#12
greyknight17
Posted 27 May 2008 - 06:57 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Go to Start->Run and type in cmd and hit OK. Then type in chkdsk /r and hit ENTER key in that command prompt window....
  • 0

#13
JTBRLZ
Posted 27 May 2008 - 08:03 PM

JTBRLZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Access Denied as you do not have sufficient privileges.
You have to invoke this utility running in elevated mode.

This comes up. I tried chkdsk /r and this came up and then I tried just chkdsk and the same thing happened.
  • 0

#14
greyknight17
Posted 29 May 2008 - 10:19 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Does this account have administrator privileges? If it is and still gives you that error, we will need to run chkdsk using the recovery console.

Go to this site and follow the instructions on how to get this working. Once you are in the prompt there, type in chkdsk /r and hit ENTER key.
  • 0

#15
greyknight17
Posted 07 June 2008 - 12:57 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP