Resolved My office PC is sending out spam and IT is threatening to wipe entire system clean

Status
Not open for further replies.
F

Farknocker

Posts: 14   +0
Dear Board,

When I got to work this morning, I noticed that my work PC was under remote control by our IT person. When he was done, he emailed me that people in my office were receiving spam emails by the hundreds and that he was investigating the matter and believes my pc was responsible for it. He noted that my Symantec was not running and pulled AVG off in an attempt to get Symantec running again with no luck.

He said it appears my PC is infected and the the infection sends smtp mail. It doesn’t touch outlook or exchange server which our office uses but does use addresses from my address book. He noted that it was my PC because the firewall noted many dozens of sessesions coming from my PC. I told him my Symantec had not been functioning for months if not years, hence the use of AVG. He noted that the fact that Symantec had been disabled means that my machine has been compromised and that attempts to clean it would be a waste of time.

He then listed all the spam sessions coming from my machine with IP address XXXXXX. Apparently, it runs all day and night in his words. Rather than clean the machine, he recommended he “reset” me to a clean machine and that I would need to let go of all of my customizations…all my apps and stuff, and go back to a plain vanilla PC.

I told him I would give this board a try before he moved forward with his plans since I had success the last time I consulted the forum members.

In any event, I followed the 5-step Viruses/Spyware/Malware Prelim. Removal Instructions and here are the logs:

Malwarebytes=========================================

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.29.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
rai :: RAIPC2 [administrator]

12/29/2011 11:32:31 AM
mbam-log-2011-12-29 (11-32-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 309254
Time elapsed: 5 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
GMER================================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-29 11:59:57
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 INTEL_SSDSA2CW080G3 rev.4PC10362
Running: pr3nix20.exe; Driver: C:\DOCUME~1\rai\LOCALS~1\Temp\pftdrpoc.sys


---- System - GMER 1.0.15 ----

Code F7B1FC9C ZwRequestPort
Code F7B1FBFC ZwTraceEvent
Code F7B1FC9B NtRequestPort
Code F7B1FBFB NtTraceEvent

---- EOF - GMER 1.0.15 ----


DDS.txt==============================

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Run by rai at 12:00:58 on 2011-12-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.568 [GMT -10:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\cacaoweb\cacaoweb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.foxnews.com/
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [cacaoweb] "c:\program files\cacaoweb\cacaoweb.exe" -noplayer
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [PocketCloud Location] c:\program files\wyse\pocketcloud windows companion\WyseBrowser.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNTAzNzM3Mzk0LVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMi1GTDEwKzEtTElDKzctRERUKzE0MjIzLUREMTBGKzEtU1QxMEZBUFArMQ"&"prod=90"&"ver=10.0.1410
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\stimon.lnk - c:\program files\usb2.0 uvc webcam\usb2.0 uvc webcam\STIMON.exe
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-disallowrun: 1 = install.exe
uPolicies-disallowrun: 2 = setup.exe
mPolicies-system: disablecad = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Free YouTube to iPod Converter - c:\documents and settings\rai\application data\dvdvideosoftiehelpers\freeyoutubetoipodconverter.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {00000045-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/sg726acm.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://173.198.70.219:99/webrec.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255726387170
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://24.94.93.6:8100/codebase/DVM_IPCam2.ocx
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: DhcpNameServer = 192.1.1.92
TCP: Interfaces\{43D82714-C36B-4E9F-9BC8-5EF59C178E37} : DhcpNameServer = 192.1.1.92
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rai\application data\mozilla\firefox\profiles\ak5m7bkb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\ourbabymaker_27ei\installr\2.bin\NP27EISb.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-29 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-9-15 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 67656]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-12-29 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-12-29 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-29 74640]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2009-10-20 17984]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2009-8-13 598856]
R2 WysePocketCloud;Wyse PocketCloud;c:\program files\wyse\pocketcloud windows companion\PocketCloudService.exe [2011-10-3 109056]
R3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [2011-5-23 82816]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-6-17 128272]
S2 gupdate1c9c3c71227a291;Google Update Service (gupdate1c9c3c71227a291);c:\program files\google\update\GoogleUpdate.exe [2009-4-22 133104]
S2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\drivers\webcamdv.sys --> c:\windows\system32\drivers\WebCamDV.sys [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\rai\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\rai\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-22 133104]
S3 lgmdbus;LG Mobile driver (WDM);c:\windows\system32\drivers\lgmdbus.sys [2009-11-17 89600]
S3 lgmdmdfl;LG Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmdmdfl.sys [2009-11-17 14976]
S3 lgmdmdm;LG Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmdmdm.sys [2009-11-17 121344]
S3 lgmdmgmt;LG Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmdmgmt.sys [2009-11-17 114944]
S3 lgmdobex;LG Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmdobex.sys [2009-11-17 111232]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 12872]
S3 usbsmi;USB2.0 UVC WebCam;c:\windows\system32\drivers\SMIksdrv.sys [2010-2-10 180608]
S3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys --> c:\windows\system32\drivers\wcdvaud.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2009-10-16 14336]
.
=============== Created Last 30 ================
.
2011-12-29 21:36:14 -------- d-----w- c:\documents and settings\rai\application data\Avira
2011-12-29 21:15:20 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-29 21:15:20 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-29 21:15:17 -------- d-----w- c:\program files\Avira
2011-12-29 21:15:17 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-12-29 09:03:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-28 02:07:48 -------- d-----w- c:\documents and settings\rai\application data\.oit
2011-12-28 02:07:16 -------- d-----w- c:\program files\West Publisher
2011-12-20 22:01:23 -------- d-----w- c:\program files\RealVNC
2011-12-20 02:48:55 -------- d-----w- c:\documents and settings\rai\local settings\application data\Help
2011-12-13 19:22:52 -------- d-sh--w- C:\found.000
2011-12-13 18:15:06 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
.
==================== Find3M ====================
.
2011-12-11 01:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
2011-10-25 00:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-25 00:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 12:01:28.53 ===============

Attach.txt====================================================

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/8/2009 2:41:19 PM
System Uptime: 12/29/2011 11:27:08 AM (1 hours ago)
.
Motherboard: Lite-On Tech. | | 08FCh
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | mPGA478 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 22.355 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 71 GiB total, 53.033 GiB free.
F: is CDROM ()
H: is NetworkDisk (NTFS) - 33 GiB total, 27.276 GiB free.
N: is NetworkDisk (NTFS) - 49 GiB total, 0.371 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
3GP Player 2009
ACDSee Pro 3
ACDSee RAW Image Decoder Plug-In Update 4.1
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.1
Adobe Shockwave Player 11.5
AeroFly Professional Deluxe (incl. StarFlight AddOn)
Agere Systems PCI Soft Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira Free Antivirus
AxCrypt (Remove Only)
Bonjour
Bulk Rename Utility 2.7.1.1
Citrix XenApp Plugin for Hosted Apps
Claudio 6.3
Compatibility Pack for the 2007 Office system
Creative WebCam NX Driver (2.00.04.0000)
Digsby
DivX Setup
DVD Shrink 3.2
DVDFab Passkey 8.0.2.7 (19/04/2011)
E-Transcript Bundle Viewer
F&S v.1
FLV Converter 2.5
Free PS Convert driver 8.15
Google Apps Sync™ for Microsoft Outlook® 2.5.3122.12
Google Calendar Sync
Google Earth
Google Update Helper
Google Updater
GooReader
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP USB Disk Storage Format Tool
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
InterVideo DeviceService
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Junk Mail filter update
LG MC USB U330 driver
LG USB Modem driver
LiveUpdate 3.3 (Symantec Corporation)
Magic ISO Maker v5.4 (build 0239)
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office PowerPoint Viewer 2003
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works 6-9 Converter
Microsoft WSE 3.0
Mobile Video Server
MobileMe Control Panel
Mozilla Firefox 8.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Nero 7 Ultra Edition
PCS Director
Photo Story 3 for Windows
PL-2303 USB-to-Serial
player
PocketCloud Windows Companion
PowerISO
QuickTime
RAD Video Tools
RealUpgrade 1.1
ReNamer
RootsMagic 3.2.6.0
Sandboxie 3.56 (32-bit)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2483614)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
SIM MAX
Skype Click to Call
Skype™ 5.5
Snagit 9.1.2
Software Setup
SolveigMM AVI Trimmer
Sony Media Manager 2.3
Sony Vegas Pro 8.0
SoundMAX
STOIK Video Converter 2
TextBridge Pro 8.0
TMPGEnc DVD Author 1.5
Ulead VideoStudio 11
Ulead VideoStudio 7 ESD
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
USB2.0 UVC WebCam
VC80CRTRedist - 8.0.50727.4053
VideoStudio
Visual Studio 2005 Tools for Office Second Edition Runtime
VNC Free Edition 4.1.2
WAV to MP3 Encoder
WebFldrs XP
Window Washer
Windows Essentials Media Codec Pack 3.0
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
WinZip 14.0
XML Paper Specification Shared Components Pack 1.0
XP Codec Pack
XPlayer 1.0a
Xvid 1.2.1 final uninstall
Yahoo! Messenger
Yawcam 0.3.6
.
==== End Of File ===========================













--------------------------------------------------------------------------------

I would really appreciate any help anyone can give to solve my problem. I don't want to start from scratch again with this PC that I have had for over five years.

Thanks in advance.

Farknocker
 
I will have you run 2 programs: Combofix and the Eset Online scan. But even if we find malware, it does not mean it is the cause of the spam.

If you use a web-based mail, then it can be hacked from the internet. If we fail to turn up anything that may be accountable for the mail problem, you will need to return to the office IT.
=======================================
If AVG is still on the system, it will have to be temporarily uninstalled as Combofix won't run with it:
I'd like you to run Combofix- but it won't run with AVG. You will need to temporarily uninstall AVG as follows:

Download AppRemover and save to the desktop
  1. Double click the setup on the desktop> click Next
  2. Select “Remove Security Application”
  3. Let scan finish to determine security apps
  4. A screen like below will appear:
    image_preview
  5. Click on Next after choice has been made
  6. Check the AVG program you want to uninstall
  7. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    ***Please note: if you have downloaded Combofix to a flash drive, then run it on the infected machine> the Recovery Console will not install- just bypass and go on.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
======================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=======================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
Please note:
New Holiday Notice! I will not be working on the threads Sat. Dec. 31 or Sunday Jan. 1 I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that.

Please do not send a PM during those days.
 
Office IT advised me yesterday that he uninstalled AVG Free but I downloaded and ran the AppRemover anyway. Avira and Malwarebytes appeared in the detection box but AVG did not appear so no removal of AVG was necessary.

Avira-AntiVir-Personal-Free-Antivirus was already installed per the 5-step removal process that I carried out before posting my problem to the forum so I didn't install Avira per your instructions.

Next, I downloaded Combofix and ran it per your instructions. Avira stops the process and identifies Combofix as malware and doesn't allow me to proceed so I disabled the realtime protection feature and ran Combofix again. This time, a box opened up showing that the combofix files were being extracted. The box then disappears and an Info box opens up saying that "Combofix is uninstalled". An "ok" button appears at the bottom of the box. When I examined the folder where I saved Combofix, I noticed that the Combofix.exe file was gone. I tried saving and running Combofix.exee from the desktop and a folder on my C drive several times to see if the program would run but I got the same results.

Any suggestions on what's terminating Combofix?
 
AV is okay.

Please run this
Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg

Then go back and download, start again: Note: Directions state to disable all security before running the scan.

NOTE: If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.
2. Delete Combofix file, download fresh one, but rename combofix.exe to
friday.exe BEFORE saving it to your desktop.
Do NOT run it yet.
-------------------------------------
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 3 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
  • Rkill.com
  • Rkill.scr
  • Rkill.exe
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following>>>>.

Please download exeHelper by Raktor and save it to your desktop.
  • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
  • A black window should pop up, press any key to close once the fix is completed.
  • A log file called exehelperlog.txt will be created and should open at the end of the scan)
  • A copy of that log will also be saved in the directory where you ran exeHelper.com
  • Copy and paste the contents of exehelperlog.txt in your next reply.

Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).

Rkill instructions
Once you've gotten one of them to run
  • immediately double click on friday.exe to run
  • If normal mode still doesn't work, run BOTH tools from safe mode.

In you have done #2, please post BOTH logs, rKill and Combofix.
=====================================
New Holiday Notice! I will not be working on the threads Sat. Dec. 31 or Sunday Jan. 1 I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that.

Please do not send a PM during those days.
 
I misinterpreted your post and ran combofix (which worked on the first go-round) and Rkill. I then realized that i was supposed to run rskill only if combofix refused to work. I hope I didn't screw anything up. In any event, here are the logs:

Combofix Log =======================================

ComboFix 11-12-30.02 - rai 12/30/2011 12:26:21.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.433 [GMT -10:00]
Running from: c:\documents and settings\rai\Desktop\ComboFix.exe
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
c:\documents and settings\rai\Application Data\cacaoweb
c:\documents and settings\rai\Application Data\cacaoweb\errorlog.txt
c:\documents and settings\rai\Application Data\cacaoweb\npdfile.dat
c:\documents and settings\rai\Application Data\cacaoweb\replicating2D1EB6C62170939CC669D0CB5FFE3A8C.cacao
c:\documents and settings\rai\Application Data\cacaoweb\replicating55179A36DB34836222AA0D0E666D95C4.cacao
c:\documents and settings\rai\Application Data\cacaoweb\replicating58D32E2D5838C7A4480361C417BA8E11.cacao
c:\documents and settings\rai\Application Data\cacaoweb\replicating7666A9C217E6301776E7D4DFD00ECAD7.cacao
c:\documents and settings\rai\Application Data\cacaoweb\replicating76EF7104C5457838D6259F230C00A7A4.cacao
c:\documents and settings\rai\Application Data\cacaoweb\replicatingE1960C978D9A3204E6DEFE5AD1DE9524.cacao
c:\documents and settings\rai\Application Data\cacaoweb\replicatingE3A0437896302662DB8830AF3BD73A94.cacao
c:\documents and settings\rai\Application Data\cacaoweb\storage.db
c:\documents and settings\rai\Application Data\Local
c:\documents and settings\rai\Application Data\Local\Temp\DDM\Settings\0.ddi
c:\documents and settings\rai\Application Data\Local\Temp\DDM\Settings\1.ddi
c:\documents and settings\rai\Application Data\Local\Temp\DDM\Settings\Cum.Filled.Asian.*****.XXX.a.avi.ddr
c:\documents and settings\rai\Application Data\Local\Temp\DDM\Settings\reporter-serene-branson-malfunction-on-air_1.mp4.ddr
c:\documents and settings\rai\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\rai\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Cum.Filled.Asian.*****.XXX.a.avi
c:\documents and settings\rai\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\reporter-serene-branson-malfunction-on-air_1.mp4
c:\documents and settings\rai\Desktop\Internet Explorer.lnk
c:\documents and settings\rai\Local Settings\Application Data\assembly\tmp
c:\documents and settings\rai\Local Settings\Application Data\assembly\tmp\IMI1EZVA\__AssemblyInfo__.ini
c:\documents and settings\rai\Local Settings\Application Data\assembly\tmp\IMI1EZVA\AddinExpress.OL.2005.DLL
c:\documents and settings\rai\Local Settings\Application Data\assembly\tmp\WEYB3FPQ\__AssemblyInfo__.ini
c:\documents and settings\rai\Local Settings\Application Data\assembly\tmp\WEYB3FPQ\AddinExpress.MSO.2005.DLL
c:\program files\cacaoweb
c:\program files\cacaoweb\cacaoweb.exe
c:\windows\system32\SETF1.tmp
c:\windows\system32\SETF2.tmp
c:\windows\system32\SETF3.tmp
c:\windows\system32\SETF8.tmp
Y:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-29 21:15 . 2011-12-29 21:15 -------- d-----w- c:\program files\Avira
2011-12-29 18:28 . 2011-12-29 18:28 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-12-29 17:04 . 2011-12-29 17:04 -------- d-----w- c:\documents and settings\garcia.OLLON0\Application Data\Webroot
2011-12-29 16:41 . 2011-12-29 16:41 -------- d-----w- c:\documents and settings\garcia.OLLON0\Application Data\SUPERAntiSpyware.com
2011-12-29 16:16 . 2011-12-29 16:16 -------- d-----w- c:\documents and settings\garcia.OLLON0\Local Settings\Application Data\PCHealth
2011-12-29 09:03 . 2011-12-29 18:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-28 02:07 . 2011-12-28 02:24 -------- d-----w- c:\documents and settings\rai\Application Data\.oit
2011-12-28 02:07 . 2011-12-28 02:07 -------- d-----w- c:\program files\West Publisher
2011-12-20 22:01 . 2011-12-20 22:01 -------- d-----w- c:\program files\RealVNC
2011-12-20 02:48 . 2011-12-20 02:48 -------- d-----w- c:\documents and settings\rai\Local Settings\Application Data\Help
2011-12-13 19:22 . 2011-12-13 19:22 -------- d-----w- C:\found.000
2011-12-13 19:13 . 2011-12-13 19:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-12-13 18:15 . 2011-11-04 19:20 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-11 01:24 . 2009-06-16 01:42 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25 . 2009-10-16 18:35 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2009-10-16 18:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2009-10-16 18:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2009-10-16 18:35 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 11:23 . 2009-10-16 18:37 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2009-10-16 18:35 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2009-10-16 18:35 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2009-10-16 18:35 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2009-10-16 18:35 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
2011-10-25 00:29 . 2011-10-25 00:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-25 00:29 . 2011-10-25 00:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13 . 2009-10-16 18:37 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-10-16 18:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
2009-08-14 22:33 . 2009-08-14 22:33 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-08-14 22:33 . 2009-08-14 22:33 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-08-14 22:33 . 2009-08-14 22:33 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-08-14 22:33 . 2009-08-14 22:33 20824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-08-14 22:34 . 2009-08-14 22:34 206160 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-08-14 22:33 . 2009-08-14 22:33 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-08-14 22:33 . 2009-08-14 22:33 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-17 03:33 . 2007-03-17 03:33 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-17 03:33 . 2007-03-17 03:33 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-17 03:33 . 2007-03-17 03:33 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2009-08-14 21:50 . 2009-08-14 21:50 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-08-14 22:33 . 2009-08-14 22:33 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2011-11-09 20:02 . 2011-05-06 20:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
Code: 
<pre>
c:\program files\Common Files\Ahead\Lib\nerocheck .exe
c:\program files\Compaq\SetRefresh\setrefresh .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\PowerISO\pwrisovm .exe
c:\program files\Ricoh\PCS Director\Client\pa6clint .exe
c:\program files\Symantec AntiVirus\vptray .exe
</pre>
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
c:\windows\System32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cacaoweb"="c:\program files\cacaoweb\cacaoweb.exe" [N/A]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [N/A]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-24 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-12 246504]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"PocketCloud Location"="c:\program files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" [2011-10-04 815616]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-25 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNTAzNzM3Mzk0LVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMi1GTDEwKzEtTElDKzctRERUKzE0MjIzLUREMTBGKzEtU1QxMEZBUFArMQ&prod=90&ver=10.0.1410" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\jfo.OLLON0\Start Menu\Programs\Startup\
AOM.lnk - c:\program files\Common Files\Adobe\Web\AOM.exe [2005-7-28 696320]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2005-7-28 82026]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
STIMON.lnk - c:\program files\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe [2010-2-10 933888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bionix Wallpaper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BioniXWallpaper
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/15/2009 11:42 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 67656]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [10/20/2009 9:52 AM 17984]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [8/13/2009 11:37 PM 598856]
R2 WysePocketCloud;Wyse PocketCloud;c:\program files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [10/3/2011 6:37 PM 109056]
R3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [5/23/2011 9:58 AM 82816]
R4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys --> c:\windows\system32\DRIVERS\avkmgr.sys [?]
S2 gupdate1c9c3c71227a291;Google Update Service (gupdate1c9c3c71227a291);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 5:53 PM 133104]
S2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\DRIVERS\WebCamDV.sys --> c:\windows\system32\DRIVERS\WebCamDV.sys [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\rai\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\rai\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 5:53 PM 133104]
S3 lgmdbus;LG Mobile driver (WDM);c:\windows\system32\drivers\lgmdbus.sys [11/17/2009 9:30 AM 89600]
S3 lgmdmdfl;LG Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmdmdfl.sys [11/17/2009 9:30 AM 14976]
S3 lgmdmdm;LG Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmdmdm.sys [11/17/2009 9:30 AM 121344]
S3 lgmdmgmt;LG Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmdmgmt.sys [11/17/2009 9:30 AM 114944]
S3 lgmdobex;LG Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmdobex.sys [11/17/2009 9:30 AM 111232]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 6:29 PM 29293408]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/21/2009 9:54 AM 47360]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 12872]
S3 usbsmi;USB2.0 UVC WebCam;c:\windows\system32\drivers\SMIksdrv.sys [2/10/2010 2:29 PM 180608]
S3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys --> c:\windows\system32\drivers\wcdvaud.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [10/16/2009 8:35 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - avipbb
*Deregistered* - ssmdrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2009-10-16 c:\windows\Tasks\$~$Sys0$.job
- c:\windows\System32\SchedSvc.dll [2009-10-16 00:12]
.
2011-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 03:57]
.
2011-10-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-23 22:58]
.
2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc8f14b600ed83.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-23 03:53]
.
2009-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-23 03:53]
.
2011-03-11 c:\windows\Tasks\Install_NSS.job
- c:\program files\DivX\Symantec\scstubinstaller.exe [2010-03-08 18:00]
.
2009-10-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 08:18]
.
2010-07-30 c:\windows\Tasks\Windows Codec Update Service.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2010-05-30 13:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to iPod Converter - c:\documents and settings\rai\Application Data\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.1.1.92
DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://173.198.70.219:99/webrec.cab
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://24.94.93.6:8100/codebase/DVM_IPCam2.ocx
FF - ProfilePath - c:\documents and settings\rai\Application Data\Mozilla\Firefox\Profiles\ak5m7bkb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-30 12:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-12-30 12:34:59
ComboFix-quarantined-files.txt 2011-12-30 22:34
ComboFix2.txt 2009-10-28 08:24
.
Pre-Run: 25,341,267,968 bytes free
Post-Run: 25,626,980,352 bytes free
.
- - End Of File - - 45FF915ECBB02DF9103EE795DDC17AAE

RKill Log ===============================================

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 12/30/2011 at 14:04:05.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 12/30/2011 at 14:04:09.


Exehelper Log ============================================



exeHelper by Raktor
Build 20100414
Run at 14:05:09 on 12/30/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
 
Advise uninstall Cacaoweb in Add/remove Programs. Then use Windows Explorer to access Computer> Local Drive> Programs> do a right click> Delete on the Cacaoweb program folder.
=======================
Removal of Y:\Autorun.inf suggest you may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.

Please disinfect all removable drives
  1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
  3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  4. Wait until it has finished scanning and then exit the program.
  5. Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
=================
Your system has been badly infected. You also have a Vundo Malware infection:

Please run this Custom CFScript
  • . Close any open browsers.
  • . Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • . Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
File::
Folder::
C:\found.000
RenV::
c:\program files\Common Files\Ahead\Lib\nerocheck .exe
c:\program files\Compaq\SetRefresh\setrefresh .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\PowerISO\pwrisovm .exe
c:\program files\Ricoh\PCS Director\Client\pa6clint .exe
c:\program files\Symantec AntiVirus\vptray .exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cacaoweb"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :filefind
eventlog.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
============================
Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
=====================================
Update and run SuperAntispyware which is already on the system. Include log with those from Combofix, System Look, CKScanner
Will review new logs on Monday.
 
My Y: drive is a 250 GB external HD. Does this require me to run another application than the one recommended to clean flashdrives?
 
I could not find Cacaoweb in the add/remove programs. I also could not find it running in the background using the Task Manager. I then searched online and found that it is an add-on in firefox so I attempted to uninstall it using Firefox/tools/add-ons and was successful. I also searched the drive and found the Cacaoweb files in C:\Qoobox directory which I understand is created by Combofix so I figured Combofix must have quarantined the file when I ran it last, per previous instructions.

Next, I connected all portable USB devices, including my 250 GB External HD and a 4 GB flash drive and ran Flash_Disinfector.exe. While it was running three Avira pop-up messages appeared noting that C:\autorun.inf had been blocked. It did this for the other 2 external USB devices.

Next, I downloaded CFScript. Since CFScript requires the disabling of AVIRA, I uninstalled it AVIRA (had a hard time disabling it) and ran the Flash_Disinfector.exe once more just in case AVIRA interfered with its functions the first go-round. I then ran CFScript by making a txt file and by dragging the file into Combofix. Combofix informed me that a updated version existed and asked if I wanted to update combofix which i did. Combofix continued automatically thereafter and produced a log (see below).

The Logs are as follows:

Combofix Log ==========================================

ComboFix 12-01-01.02 - rai 01/01/2012 10:44:18.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.570 [GMT -10:00]
Running from: c:\documents and settings\rai\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\rai\Desktop\CFScript.txt
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\found.000
c:\found.000\dir0000.chk\a320raid\A320MGT.CAT
c:\found.000\dir0000.chk\a320raid\A320MGT.INF
c:\found.000\dir0000.chk\a320raid\A320RAID.CAT
c:\found.000\dir0000.chk\a320raid\A320RAID.INF
c:\found.000\dir0000.chk\a320raid\A320RAID.SYS
c:\found.000\dir0000.chk\aac\aac.cat
c:\found.000\dir0000.chk\aac\aac.inf
c:\found.000\dir0000.chk\aac\aac.sys
c:\found.000\dir0000.chk\aac\aaccin.dll
c:\found.000\dir0000.chk\aac\aacevt.exe
c:\found.000\dir0000.chk\aac\aacmgt.inf
c:\found.000\dir0000.chk\aarich\aarich.cat
c:\found.000\dir0000.chk\aarich\aarich.inf
c:\found.000\dir0000.chk\aarich\aarich.sys
c:\found.000\dir0000.chk\aarich\aichmgt.cat
c:\found.000\dir0000.chk\aarich\aichmgt.inf
c:\found.000\dir0000.chk\cercsr6\afamgt.sys
c:\found.000\dir0000.chk\cercsr6\cerccin.dll
c:\found.000\dir0000.chk\cercsr6\cercmgt.inf
c:\found.000\dir0000.chk\cercsr6\cercsr6.cat
c:\found.000\dir0000.chk\cercsr6\cercsr6.inf
c:\found.000\dir0000.chk\cercsr6\cercsr6.sys
c:\found.000\dir0000.chk\iastor\iaahci.cat
c:\found.000\dir0000.chk\iastor\iaahci.inf
c:\found.000\dir0000.chk\iastor\iastor.cat
c:\found.000\dir0000.chk\iastor\iastor.inf
c:\found.000\dir0000.chk\iastor\iastor.sys
c:\found.000\dir0000.chk\megasas\megasas.cat
c:\found.000\dir0000.chk\megasas\megasas.pdb
c:\found.000\dir0000.chk\megasas\megasas.sys
c:\found.000\dir0000.chk\megasas\nodev.inf
c:\found.000\dir0000.chk\megasas\oemsetup.inf
c:\found.000\dir0000.chk\nvraid\idecoi.dll
c:\found.000\dir0000.chk\nvraid\NvAtaBus.sys
c:\found.000\dir0000.chk\nvraid\nvraid.cat
c:\found.000\dir0000.chk\nvraid\nvraid.inf
c:\found.000\dir0000.chk\nvraid\nvraid.sys
c:\found.000\dir0000.chk\nvraid\nvraidco.dll
c:\found.000\dir0000.chk\symmpi\delpseud.inf
c:\found.000\dir0000.chk\symmpi\mpixp32.cat
c:\found.000\dir0000.chk\symmpi\symmpi.inf
c:\found.000\dir0000.chk\symmpi\symmpi.pdb
c:\found.000\dir0000.chk\symmpi\symmpi.sys
c:\found.000\dir0000.chk\symmpi\symmpi.tag
c:\found.000\dir0001.chk\ACT3R.SAM
c:\found.000\dir0001.chk\DELIMR.FAE
c:\found.000\dir0001.chk\LOCALDV.DLL
c:\found.000\dir0001.chk\ODBCR.SAM
c:\found.000\dir0001.chk\OLADDR.FAE
c:\found.000\dir0001.chk\OLAPPTR.FAE
c:\found.000\dir0001.chk\OLJRNLR.FAE
c:\found.000\dir0001.chk\OLMAILR.FAE
c:\found.000\dir0001.chk\OLNOTER.FAE
c:\found.000\dir0001.chk\OLR.SAM
c:\found.000\dir0001.chk\OLTASKR.FAE
c:\found.000\dir0001.chk\ORG97R.SAM
c:\found.000\dir0001.chk\PABR.SAM
c:\found.000\dir0001.chk\SC2R.SAM
c:\found.000\dir0001.chk\SCHPLUSR.SAM
c:\found.000\dir0001.chk\TRANSMRR.DLL
c:\found.000\file0000.chk
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WUAUSERV
-------\Service_wuauserv
.
.
((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))
.
.
2011-12-29 18:28 . 2011-12-29 18:28 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-12-29 17:04 . 2011-12-29 17:04 -------- d-----w- c:\documents and settings\garcia.OLLON0\Application Data\Webroot
2011-12-29 16:41 . 2011-12-29 16:41 -------- d-----w- c:\documents and settings\garcia.OLLON0\Application Data\SUPERAntiSpyware.com
2011-12-29 16:16 . 2011-12-29 16:16 -------- d-----w- c:\documents and settings\garcia.OLLON0\Local Settings\Application Data\PCHealth
2011-12-29 09:03 . 2011-12-29 18:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-28 02:07 . 2011-12-28 02:24 -------- d-----w- c:\documents and settings\rai\Application Data\.oit
2011-12-28 02:07 . 2011-12-28 02:07 -------- d-----w- c:\program files\West Publisher
2011-12-20 22:01 . 2011-12-20 22:01 -------- d-----w- c:\program files\RealVNC
2011-12-20 02:48 . 2011-12-20 02:48 -------- d-----w- c:\documents and settings\rai\Local Settings\Application Data\Help
2011-12-13 19:13 . 2011-12-13 19:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-12-13 18:15 . 2011-11-04 19:20 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-11 01:24 . 2009-06-16 01:42 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25 . 2009-10-16 18:35 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2009-10-16 18:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2009-10-16 18:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2009-10-16 18:35 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 11:23 . 2009-10-16 18:37 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2009-10-16 18:35 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2009-10-16 18:35 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2009-10-16 18:35 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2009-10-16 18:35 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
2011-10-25 00:29 . 2011-10-25 00:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-25 00:29 . 2011-10-25 00:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13 . 2009-10-16 18:37 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-10-16 18:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
2009-08-14 22:33 . 2009-08-14 22:33 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-08-14 22:33 . 2009-08-14 22:33 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-08-14 22:33 . 2009-08-14 22:33 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-08-14 22:33 . 2009-08-14 22:33 20824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-08-14 22:34 . 2009-08-14 22:34 206160 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-08-14 22:33 . 2009-08-14 22:33 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-08-14 22:33 . 2009-08-14 22:33 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-17 03:33 . 2007-03-17 03:33 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-17 03:33 . 2007-03-17 03:33 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-17 03:33 . 2007-03-17 03:33 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2009-08-14 21:50 . 2009-08-14 21:50 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-08-14 22:33 . 2009-08-14 22:33 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2011-11-09 20:02 . 2011-05-06 20:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-30_22.32.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-01 20:51 . 2012-01-01 20:51 16384 c:\windows\temp\Perflib_Perfdata_1dc.dat
+ 2011-11-23 00:31 . 2012-01-01 20:52 4472832 c:\windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-23 00:31 . 2011-12-30 22:26 4472832 c:\windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-24 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-12 246504]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"PocketCloud Location"="c:\program files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" [2011-10-04 815616]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-25 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNTAzNzM3Mzk0LVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMi1GTDEwKzEtTElDKzctRERUKzE0MjIzLUREMTBGKzEtU1QxMEZBUFArMQ&prod=90&ver=10.0.1410" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\jfo.OLLON0\Start Menu\Programs\Startup\
AOM.lnk - c:\program files\Common Files\Adobe\Web\AOM.exe [2005-7-28 696320]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2005-7-28 82026]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
STIMON.lnk - c:\program files\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe [2010-2-10 933888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/15/2009 11:42 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 67656]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [10/20/2009 9:52 AM 17984]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [8/13/2009 11:37 PM 598856]
R2 WysePocketCloud;Wyse PocketCloud;c:\program files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [10/3/2011 6:37 PM 109056]
R3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [5/23/2011 9:58 AM 82816]
S2 gupdate1c9c3c71227a291;Google Update Service (gupdate1c9c3c71227a291);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 5:53 PM 133104]
S2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\DRIVERS\WebCamDV.sys --> c:\windows\system32\DRIVERS\WebCamDV.sys [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\rai\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\rai\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 5:53 PM 133104]
S3 lgmdbus;LG Mobile driver (WDM);c:\windows\system32\drivers\lgmdbus.sys [11/17/2009 9:30 AM 89600]
S3 lgmdmdfl;LG Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmdmdfl.sys [11/17/2009 9:30 AM 14976]
S3 lgmdmdm;LG Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmdmdm.sys [11/17/2009 9:30 AM 121344]
S3 lgmdmgmt;LG Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmdmgmt.sys [11/17/2009 9:30 AM 114944]
S3 lgmdobex;LG Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmdobex.sys [11/17/2009 9:30 AM 111232]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 6:29 PM 29293408]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/21/2009 9:54 AM 47360]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 12872]
S3 usbsmi;USB2.0 UVC WebCam;c:\windows\system32\drivers\SMIksdrv.sys [2/10/2010 2:29 PM 180608]
S3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys --> c:\windows\system32\drivers\wcdvaud.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [10/16/2009 8:35 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2009-10-16 c:\windows\Tasks\$~$Sys0$.job
- c:\windows\System32\SchedSvc.dll [2009-10-16 00:12]
.
2011-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 03:57]
.
2011-10-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-23 22:58]
.
2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc8f14b600ed83.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-23 03:53]
.
2009-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-23 03:53]
.
2009-10-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 08:18]
.
2010-07-30 c:\windows\Tasks\Windows Codec Update Service.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2010-05-30 13:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to iPod Converter - c:\documents and settings\rai\Application Data\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.1.1.92
DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://173.198.70.219:99/webrec.cab
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://24.94.93.6:8100/codebase/DVM_IPCam2.ocx
FF - ProfilePath - c:\documents and settings\rai\Application Data\Mozilla\Firefox\Profiles\ak5m7bkb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-01 10:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(984)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-01-01 10:54:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-01 20:54
ComboFix2.txt 2011-12-30 22:34
ComboFix3.txt 2009-10-28 08:24
.
Pre-Run: 25,536,933,888 bytes free
Post-Run: 25,403,351,040 bytes free
.
- - End Of File - - 77384C90415790BBCD9784F662BEBB0F


SystemLook Log ====================================

SystemLook 30.07.11 by jpshortstuff
Log created at 10:56 on 01/01/2012 by rai
Administrator - Elevation successful

========== filefind ==========

Searching for "eventlog.dll"
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c- 55808 bytes [21:03 16/10/2009] [10:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------- 56320 bytes [18:28 16/10/2009] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll --a---- 56320 bytes [03:15 25/10/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656

-= EOF =-


CKFiles Log =========================================

CKScanner - Additional Security Risks - These are not necessarily bad
c:\utilities\audio utilities\claudio\claudio.6.3.keygen.tlg.[x-ray].exe
c:\utilities\audio utilities\claudio\xemicomputers_claudio_6_3_keygen_by_[tlg][x-ray].zip
c:\utilities\video utilities\avs video tools 5.1full + crack 100%\avsvideotools 5.1.exe
c:\utilities\video utilities\avs video tools 5.1full + crack 100%\read me.txt
c:\utilities\video utilities\avs video tools 5.1full + crack 100%\torrent downloaded from demonoid.com.txt
c:\utilities\video utilities\avs video tools 5.1full + crack 100%\what this program does.txt
c:\utilities\video utilities\avs video tools 5.1full + crack 100%\crack\avssmartconverter.exe
c:\utilities\video utilities\avs video tools 5.1full + crack 100%\crack\avsvideoconverter4.exe
c:\utilities\video utilities\avs video tools 5.1full + crack 100%\crack\avsvideocutter.exe
c:\utilities\video utilities\avs video tools 5.1full + crack 100%\crack\avsvtmanager.exe
c:\utilities\video utilities\avs video tools 5.1full + crack 100%\crack\read me.txt
scanner sequence 3.CH.11.USAPCP
----- EOF -----


==============================================

Looking forward to your next reply.
 
I re-read your replies and noted that I didn't run the SuperAntiSpyware so I updated it and ran it and have included the log here in two parts due to its length:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/04/2012 at 10:40 AM

Application Version : 5.0.1142

Core Rules Database Version : 8098
Trace Rules Database Version: 5910

Scan type : Complete Scan
Total Scan Time : 00:36:30

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 655
Memory threats detected : 0
Registry items scanned : 40786
Registry threats detected : 0
File items scanned : 51041
File threats detected : 464

Adware.Tracking Cookie
C:\Documents and Settings\rai\Cookies\YY0HSQMG.txt [ /ads.pointroll.com ]
C:\Documents and Settings\rai\Cookies\LR5CWOHZ.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\rai\Cookies\A0Y3Y0CQ.txt [ /stats.paypal.com ]
C:\Documents and Settings\rai\Cookies\VIA638YJ.txt [ /adinterax.com ]
C:\Documents and Settings\rai\Cookies\ZQV0EZQ2.txt [ /247realmedia.com ]
C:\Documents and Settings\rai\Cookies\D5BY6726.txt [ /yieldmanager.net ]
C:\Documents and Settings\rai\Cookies\CAOJ6XD9.txt [ /paypal.112.2o7.net ]
C:\Documents and Settings\rai\Cookies\407NEZNJ.txt [ /tacoda.net ]
C:\Documents and Settings\rai\Cookies\N0M1GMD0.txt [ /atwola.com ]
C:\Documents and Settings\rai\Cookies\0ST96LO6.txt [ /liveperson.net ]
C:\Documents and Settings\rai\Cookies\FLZHA0Y1.txt [ /realmedia.com ]
C:\Documents and Settings\rai\Cookies\GIE0AKJ7.txt [ /sales.liveperson.net ]
C:\Documents and Settings\rai\Cookies\6KQHYLM3.txt [ /trafficmp.com ]
C:\Documents and Settings\rai\Cookies\I5GMW3AI.txt [ /imrworldwide.com ]
C:\Documents and Settings\rai\Cookies\BFUX82UK.txt [ /interclick.com ]
C:\Documents and Settings\rai\Cookies\X57FRE2P.txt [ /revsci.net ]
C:\Documents and Settings\rai\Cookies\KMHNTVJM.txt [ /tribalfusion.com ]
C:\Documents and Settings\rai\Cookies\P277KPBA.txt [ /liveperson.net ]
C:\Documents and Settings\rai\Cookies\PXFFDWRT.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\rai\Cookies\IKU21KJ7.txt [ /invitemedia.com ]
C:\Documents and Settings\rai\Cookies\IIPXH9Z0.txt [ /specificclick.net ]
C:\Documents and Settings\rai\Cookies\QVM7RIVV.txt [ /lucidmedia.com ]
C:\Documents and Settings\rai\Cookies\NZHN9E22.txt [ /at.atwola.com ]
C:\Documents and Settings\rai\Cookies\T6L6YKS6.txt [ /overture.com ]
C:\Documents and Settings\rai\Cookies\YE0QRGIR.txt [ /callingcardscom.122.2o7.net ]
C:\Documents and Settings\rai\Cookies\E506RXE0.txt [ /media6degrees.com ]
C:\Documents and Settings\rai\Cookies\3UDMRL3V.txt [ /ar.atwola.com ]
C:\Documents and Settings\rai\Cookies\RJQY0YAG.txt [ /sales.liveperson.net ]
C:\Documents and Settings\rai\Cookies\0SUDKFF1.txt [ /pointroll.com ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\J9XCBTWN.txt [ Cookie:administrator@tracking.dsmmadvantage.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\QWKJKC19.txt [ Cookie:administrator@www.googleadservices.com/pagead/conversion/1022131298/ ]
C:\DOCUMENTS AND SETTINGS\GARCIA.OLLON0\Cookies\garcia@43836137[2].txt [ Cookie:garcia@sales.liveperson.net/hc/43836137 ]
C:\DOCUMENTS AND SETTINGS\JFO\Cookies\jfo@dcsew60m1oifwznbkznc6j9ix_5x7j[1].txt [ Cookie:jfo@statse.webtrendslive.com/dcsew60m1oifwznbkznc6j9ix_5x7j ]
C:\DOCUMENTS AND SETTINGS\JFO\Cookies\jfo@rover[1].txt [ Cookie:jfo@mercury.bravenet.com/rover/ ]
C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@zango[1].txt [ Cookie:jfo@zango.com/ ]
C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@catalog[1].txt [ Cookie:jfo@zango.com/destination/catalog/ ]
C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@viewpoint[2].txt [ Cookie:jfo@www.pgatour.com/ads/viewpoint/ ]
C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@mb[1].txt [ Cookie:jfo@4.adbrite.com/mb/ ]
C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@list[1].txt [ Cookie:jfo@list.ru/ ]
C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@ad[2].txt [ Cookie:jfo@precisionclick.com/ad ]
C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@LandingPage[1].txt [ Cookie:jfo@zango.com/Destination/LandingPage/ ]
C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@rambler[1].txt [ Cookie:jfo@rambler.ru/ ]
C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@4819779[1].txt [ Cookie:jfo@server.iad.liveperson.net/hc/4819779 ]
C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@29419095[2].txt [ Cookie:jfo@server.iad.liveperson.net/hc/29419095 ]
C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@24790321[1].txt [ Cookie:jfo@server.iad.liveperson.net/hc/24790321 ]
C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@1049615645[1].txt [ Cookie:jfo@www.googleadservices.com/pagead/conversion/1049615645/ ]
C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@1069095226[2].txt [ Cookie:jfo@www.googleadservices.com/pagead/conversion/1069095226/ ]
C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@p[1].txt [ Cookie:jfo@a.websponsors.com/p/ ]
C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@78736909[2].txt [ Cookie:jfo@server.iad.liveperson.net/hc/78736909 ]
C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@web-stat[1].txt [ Cookie:jfo@web-stat.com/ ]
C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@85084061[1].txt [ Cookie:jfo@sales.liveperson.net/hc/85084061 ]
C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@cgi-bin[4].txt [ Cookie:jfo@www1.addfreestats.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@1[2].txt [ Cookie:jfo@arbitrack.com/track/1/ ]
C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@customer[1].txt [ Cookie:jfo@www.findlegalforms.com/xcart/customer/ ]
C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@17103550[2].txt [ Cookie:jfo@sales.liveperson.net/hc/17103550 ]
C:\DOCUMENTS AND SETTINGS\RAI\Cookies\LK9QOCR1.txt [ Cookie:rai@adsonar.com/adserving ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
.adultadworld.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\JFO\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\H5QYJSXT ]
ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6FC697QN ]
ds.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6FC697QN ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6FC697QN ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6FC697QN ]
.msnportal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.avgtechnologies.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.hawaiianairlines.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.paypal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.samsclub.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.s.clickability.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.rambler.ru [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.thefind.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.findlaw.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.walmart.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.microsoftsto.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.staradvertiser.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
counter.hitslink.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
www.teengrowth.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
www.teengrowth.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.findlaw.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.findlaw.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.hotlog.ru [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
us.sitestat.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.tns-counter.ru [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wmmyskczeho.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.ehg-findlaw.hitbox.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.mediafetcher.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wdkywhajalq.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wcl4wncjcdp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wak4akcjeho.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wfloqoazgcp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wmkowgd5akq.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wml4kkcjohp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
 
continuation of previous log

stats.viewnaija.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
us.sitestat.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.hardwarezone.com.sg [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.hardwarezone.com.sg [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.clickaider.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.harborfreight.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjkoslcpkbp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjkoaoajmfo.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wfmykhdpcap.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wdmyupdjwlp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
www.teengrowth.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjliwndpwbp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wnk4chazalp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6aelywlcjkaq.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjlyonazekp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
www.staradvertiser.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.s.clickability.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.staradvertiser.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.staradvertiser.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.dealtime.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.dealtime.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjl4ukazocq.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wclicmd5wdq.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.microsoftwlsearchcrm.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.findthebest.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.findthebest.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.stats.complex.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.stats.complex.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.mediaforge.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
stats.townnews.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
stats.townnews.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
stats.townnews.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
stats.townnews.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.c.gigcount.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.bonniercorp.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
stats.internet-yadro.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.spylog.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.medialand.ru [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.medialand.ru [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjkoajdjkcp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.microsoftwindows.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.msnbc.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.honoluluadvertiser.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.honoluluadvertiser.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.findlaw.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.findlaw.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
www1.addfreestats.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.rajce.idnes.cz [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
www.peoplefinders.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.peoplefinders.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
link.mercent.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.ehg-ccbn.hitbox.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.hitbox.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.cz3.clickzs.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.cz3.clickzs.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
www.emailquestions.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
www.emailquestions.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
s05.flagcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
www.qsstats.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
stat.onestat.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
stat.onestat.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.azjmp.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.superstats.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjnycmd5ghq.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.web-stat.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.web-stat.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjkychcpsco.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.yellowpages.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.viewablemedia.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.dealtime.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
stat.dealtime.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjlisicjefo.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.cygnus.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.reunioncom.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.findlaw.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.twctsg.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
sales.liveperson.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
sales.liveperson.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.stats.paypal.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
auth.breakmedia.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
media1.break.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\23G3KYDT ]
secure-us.imrworldwide.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\23G3KYDT ]
media1.break.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CZJL6CAV ]
mediaserver.vrxstudios.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CZJL6CAV ]
secure-us.imrworldwide.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CZJL6CAV ]
.imrworldwide.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
s03.flagcounter.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
s04.flagcounter.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
2.s04.flagcounter.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.hawaiianairlines.112.2o7.net [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
reztrack.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
reztrack.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
reztrack.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
reztrack.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
reztrack.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
reztrack.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
www.elitetraveler.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
stat.dealtime.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.mediaforge.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
www.mediafire.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
www1.addfreestats.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.findlaw.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
auth.breakmedia.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\COOKIES\RAI@AD.WSOD[4].TXT [ /AD.WSOD ]
C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\COOKIES\RAI@ATDMT[3].TXT [ /ATDMT ]
C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\COOKIES\RAI@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\COOKIES\RAI@DOUBLECLICK[4].TXT [ /DOUBLECLICK ]
C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\COOKIES\RAI@IMRWORLDWIDE[4].TXT [ /IMRWORLDWIDE ]
C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\COOKIES\RAI@IMRWORLDWIDE[5].TXT [ /IMRWORLDWIDE ]
C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\COOKIES\RAI@REVSCI[3].TXT [ /REVSCI ]
C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\COOKIES\RAI@REVSCI[4].TXT [ /REVSCI ]

Heur.Agent/Gen-FakeIE
C:\WINDOWS\IE7UPDATES\KB969897-IE7\IEXPLORE.EXE
C:\WINDOWS\IE7UPDATES\KB972260-IE7\IEXPLORE.EXE
 
Piracy Warning

The AVD Video Tools is a $60 program. You have pirated the program.
AVS Video Cutter is offered as a free download with limitations

The Claudio 6.3 is a $30 program. You have pirated the program.

You have malware Heur.Agent/Gen-FakeIE

The IT was correct- your system is badly infected. Taking all the malware that has been found, along with the malware that still shows up, the system has most likely been compromised.
-------------------------------
I don't support piracy. Please return to the IT for assistance.
 
Status
Not open for further replies.

Similar threads

L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back