My office PC is sending out spam and IT is threatening to wipe entire system clean

Resolved
By Farknocker
Dec 29, 2011
Topic Status:
Not open for further replies.
  1. Dear Board,

    When I got to work this morning, I noticed that my work PC was under remote control by our IT person. When he was done, he emailed me that people in my office were receiving spam emails by the hundreds and that he was investigating the matter and believes my pc was responsible for it. He noted that my Symantec was not running and pulled AVG off in an attempt to get Symantec running again with no luck.

    He said it appears my PC is infected and the the infection sends smtp mail. It doesn’t touch outlook or exchange server which our office uses but does use addresses from my address book. He noted that it was my PC because the firewall noted many dozens of sessesions coming from my PC. I told him my Symantec had not been functioning for months if not years, hence the use of AVG. He noted that the fact that Symantec had been disabled means that my machine has been compromised and that attempts to clean it would be a waste of time.

    He then listed all the spam sessions coming from my machine with IP address XXXXXX. Apparently, it runs all day and night in his words. Rather than clean the machine, he recommended he “reset” me to a clean machine and that I would need to let go of all of my customizations…all my apps and stuff, and go back to a plain vanilla PC.

    I told him I would give this board a try before he moved forward with his plans since I had success the last time I consulted the forum members.

    In any event, I followed the 5-step Viruses/Spyware/Malware Prelim. Removal Instructions and here are the logs:

    Malwarebytes=========================================

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2011.12.29.04

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    rai :: RAIPC2 [administrator]

    12/29/2011 11:32:31 AM
    mbam-log-2011-12-29 (11-32-31).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 309254
    Time elapsed: 5 minute(s), 47 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    GMER================================

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-12-29 11:59:57
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 INTEL_SSDSA2CW080G3 rev.4PC10362
    Running: pr3nix20.exe; Driver: C:\DOCUME~1\rai\LOCALS~1\Temp\pftdrpoc.sys


    ---- System - GMER 1.0.15 ----

    Code F7B1FC9C ZwRequestPort
    Code F7B1FBFC ZwTraceEvent
    Code F7B1FC9B NtRequestPort
    Code F7B1FBFB NtTraceEvent

    ---- EOF - GMER 1.0.15 ----


    DDS.txt==============================

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
    Run by rai at 12:00:58 on 2011-12-29
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.568 [GMT -10:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Webroot\Washer\WasherSvc.exe
    C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\cacaoweb\cacaoweb.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
    C:\Program Files\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.foxnews.com/
    mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
    uInternet Settings,ProxyOverride = *.local
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [cacaoweb] "c:\program files\cacaoweb\cacaoweb.exe" -noplayer
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [PocketCloud Location] c:\program files\wyse\pocketcloud windows companion\WyseBrowser.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNTAzNzM3Mzk0LVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMi1GTDEwKzEtTElDKzctRERUKzE0MjIzLUREMTBGKzEtU1QxMEZBUFArMQ"&"prod=90"&"ver=10.0.1410
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\stimon.lnk - c:\program files\usb2.0 uvc webcam\usb2.0 uvc webcam\STIMON.exe
    uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
    uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
    uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
    uPolicies-explorer: DisallowRun = 1 (0x1)
    uPolicies-disallowrun: 1 = install.exe
    uPolicies-disallowrun: 2 = setup.exe
    mPolicies-system: disablecad = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Free YouTube to iPod Converter - c:\documents and settings\rai\application data\dvdvideosoftiehelpers\freeyoutubetoipodconverter.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    Trusted Zone: intuit.com\ttlc
    DPF: {00000045-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/sg726acm.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://173.198.70.219:99/webrec.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255726387170
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://24.94.93.6:8100/codebase/DVM_IPCam2.ocx
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    TCP: DhcpNameServer = 192.1.1.92
    TCP: Interfaces\{43D82714-C36B-4E9F-9BC8-5EF59C178E37} : DhcpNameServer = 192.1.1.92
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\rai\application data\mozilla\firefox\profiles\ak5m7bkb.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
    FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
    FF - plugin: c:\program files\ourbabymaker_27ei\installr\2.bin\NP27EISb.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-29 36000]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-9-15 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 67656]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-12-29 86224]
    R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-12-29 110032]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-29 74640]
    R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2009-10-20 17984]
    R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2009-8-13 598856]
    R2 WysePocketCloud;Wyse PocketCloud;c:\program files\wyse\pocketcloud windows companion\PocketCloudService.exe [2011-10-3 109056]
    R3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [2011-5-23 82816]
    R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-6-17 128272]
    S2 gupdate1c9c3c71227a291;Google Update Service (gupdate1c9c3c71227a291);c:\program files\google\update\GoogleUpdate.exe [2009-4-22 133104]
    S2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\drivers\webcamdv.sys --> c:\windows\system32\drivers\WebCamDV.sys [?]
    S3 cpuz134;cpuz134;\??\c:\docume~1\rai\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\rai\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-22 133104]
    S3 lgmdbus;LG Mobile driver (WDM);c:\windows\system32\drivers\lgmdbus.sys [2009-11-17 89600]
    S3 lgmdmdfl;LG Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmdmdfl.sys [2009-11-17 14976]
    S3 lgmdmdm;LG Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmdmdm.sys [2009-11-17 121344]
    S3 lgmdmgmt;LG Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmdmgmt.sys [2009-11-17 114944]
    S3 lgmdobex;LG Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmdobex.sys [2009-11-17 111232]
    S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 12872]
    S3 usbsmi;USB2.0 UVC WebCam;c:\windows\system32\drivers\SMIksdrv.sys [2010-2-10 180608]
    S3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys --> c:\windows\system32\drivers\wcdvaud.sys [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2009-10-16 14336]
    .
    =============== Created Last 30 ================
    .
    2011-12-29 21:36:14 -------- d-----w- c:\documents and settings\rai\application data\Avira
    2011-12-29 21:15:20 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-12-29 21:15:20 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2011-12-29 21:15:17 -------- d-----w- c:\program files\Avira
    2011-12-29 21:15:17 -------- d-----w- c:\documents and settings\all users\application data\Avira
    2011-12-29 09:03:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-28 02:07:48 -------- d-----w- c:\documents and settings\rai\application data\.oit
    2011-12-28 02:07:16 -------- d-----w- c:\program files\West Publisher
    2011-12-20 22:01:23 -------- d-----w- c:\program files\RealVNC
    2011-12-20 02:48:55 -------- d-----w- c:\documents and settings\rai\local settings\application data\Help
    2011-12-13 19:22:52 -------- d-sh--w- C:\found.000
    2011-12-13 18:15:06 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    .
    ==================== Find3M ====================
    .
    2011-12-11 01:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37:08 2148864 ------w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52:02 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
    2011-10-25 00:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-25 00:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    .
    ============= FINISH: 12:01:28.53 ===============

    Attach.txt====================================================

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/8/2009 2:41:19 PM
    System Uptime: 12/29/2011 11:27:08 AM (1 hours ago)
    .
    Motherboard: Lite-On Tech. | | 08FCh
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | mPGA478 | 3000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 75 GiB total, 22.355 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 71 GiB total, 53.033 GiB free.
    F: is CDROM ()
    H: is NetworkDisk (NTFS) - 33 GiB total, 27.276 GiB free.
    N: is NetworkDisk (NTFS) - 49 GiB total, 0.371 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    3GP Player 2009
    ACDSee Pro 3
    ACDSee RAW Image Decoder Plug-In Update 4.1
    Acrobat.com
    Adobe Acrobat 5.0
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop 7.0
    Adobe Reader 9.1
    Adobe Shockwave Player 11.5
    AeroFly Professional Deluxe (incl. StarFlight AddOn)
    Agere Systems PCI Soft Modem
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Avira Free Antivirus
    AxCrypt (Remove Only)
    Bonjour
    Bulk Rename Utility 2.7.1.1
    Citrix XenApp Plugin for Hosted Apps
    Claudio 6.3
    Compatibility Pack for the 2007 Office system
    Creative WebCam NX Driver (2.00.04.0000)
    Digsby
    DivX Setup
    DVD Shrink 3.2
    DVDFab Passkey 8.0.2.7 (19/04/2011)
    E-Transcript Bundle Viewer
    F&S v.1
    FLV Converter 2.5
    Free PS Convert driver 8.15
    Google Apps Sync™ for Microsoft Outlook® 2.5.3122.12
    Google Calendar Sync
    Google Earth
    Google Update Helper
    Google Updater
    GooReader
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB969084)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    HP USB Disk Storage Format Tool
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Adapters and Drivers
    InterVideo DeviceService
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 18
    Junk Mail filter update
    LG MC USB U330 driver
    LG USB Modem driver
    LiveUpdate 3.3 (Symantec Corporation)
    Magic ISO Maker v5.4 (build 0239)
    Malwarebytes Anti-Malware version 1.60.0.1800
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Basic Edition 2003
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook Connector
    Microsoft Office PowerPoint Viewer 2003
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Works 6-9 Converter
    Microsoft WSE 3.0
    Mobile Video Server
    MobileMe Control Panel
    Mozilla Firefox 8.0 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB954459)
    Nero 7 Ultra Edition
    PCS Director
    Photo Story 3 for Windows
    PL-2303 USB-to-Serial
    player
    PocketCloud Windows Companion
    PowerISO
    QuickTime
    RAD Video Tools
    RealUpgrade 1.1
    ReNamer
    RootsMagic 3.2.6.0
    Sandboxie 3.56 (32-bit)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2483614)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    Segoe UI
    SIM MAX
    Skype Click to Call
    Skype™ 5.5
    Snagit 9.1.2
    Software Setup
    SolveigMM AVI Trimmer
    Sony Media Manager 2.3
    Sony Vegas Pro 8.0
    SoundMAX
    STOIK Video Converter 2
    TextBridge Pro 8.0
    TMPGEnc DVD Author 1.5
    Ulead VideoStudio 11
    Ulead VideoStudio 7 ESD
    Uninstall 1.0.0.1
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    USB2.0 UVC WebCam
    VC80CRTRedist - 8.0.50727.4053
    VideoStudio
    Visual Studio 2005 Tools for Office Second Edition Runtime
    VNC Free Edition 4.1.2
    WAV to MP3 Encoder
    WebFldrs XP
    Window Washer
    Windows Essentials Media Codec Pack 3.0
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Management Framework Core
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    Windows XP Service Pack 3
    WinRAR archiver
    WinZip 14.0
    XML Paper Specification Shared Components Pack 1.0
    XP Codec Pack
    XPlayer 1.0a
    Xvid 1.2.1 final uninstall
    Yahoo! Messenger
    Yawcam 0.3.6
    .
    ==== End Of File ===========================













    --------------------------------------------------------------------------------

    I would really appreciate any help anyone can give to solve my problem. I don't want to start from scratch again with this PC that I have had for over five years.

    Thanks in advance.

    Farknocker
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    I will have you run 2 programs: Combofix and the Eset Online scan. But even if we find malware, it does not mean it is the cause of the spam.

    If you use a web-based mail, then it can be hacked from the internet. If we fail to turn up anything that may be accountable for the mail problem, you will need to return to the office IT.
    =======================================
    If AVG is still on the system, it will have to be temporarily uninstalled as Combofix won't run with it:
    I'd like you to run Combofix- but it won't run with AVG. You will need to temporarily uninstall AVG as follows:

    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
      ***Please note: if you have downloaded Combofix to a flash drive, then run it on the infected machine> the Recovery Console will not install- just bypass and go on.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ======================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =======================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    Please note:
    New Holiday Notice! I will not be working on the threads Sat. Dec. 31 or Sunday Jan. 1 I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that.

    Please do not send a PM during those days.
  3. Farknocker

    Farknocker Newcomer, in training Topic Starter

    Office IT advised me yesterday that he uninstalled AVG Free but I downloaded and ran the AppRemover anyway. Avira and Malwarebytes appeared in the detection box but AVG did not appear so no removal of AVG was necessary.

    Avira-AntiVir-Personal-Free-Antivirus was already installed per the 5-step removal process that I carried out before posting my problem to the forum so I didn't install Avira per your instructions.

    Next, I downloaded Combofix and ran it per your instructions. Avira stops the process and identifies Combofix as malware and doesn't allow me to proceed so I disabled the realtime protection feature and ran Combofix again. This time, a box opened up showing that the combofix files were being extracted. The box then disappears and an Info box opens up saying that "Combofix is uninstalled". An "ok" button appears at the bottom of the box. When I examined the folder where I saved Combofix, I noticed that the Combofix.exe file was gone. I tried saving and running Combofix.exee from the desktop and a folder on my C drive several times to see if the program would run but I got the same results.

    Any suggestions on what's terminating Combofix?
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    AV is okay.

    Please run this
    Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]

    Then go back and download, start again: Note: Directions state to disable all security before running the scan.

    NOTE: If, for some reason, Combofix refuses to run, try one of the following:
    1. Run Combofix from Safe Mode.
    2. Delete Combofix file, download fresh one, but rename combofix.exe to
    friday.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    -------------------------------------
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 3 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    • Rkill.com
    • Rkill.scr
    • Rkill.exe
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run then try to immediately run the following>>>>.

    Please download exeHelper by Raktor and save it to your desktop.
    • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file called exehelperlog.txt will be created and should open at the end of the scan)
    • A copy of that log will also be saved in the directory where you ran exeHelper.com
    • Copy and paste the contents of exehelperlog.txt in your next reply.

    Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).

    Rkill instructions
    Once you've gotten one of them to run
    • immediately double click on friday.exe to run
    • If normal mode still doesn't work, run BOTH tools from safe mode.

    In you have done #2, please post BOTH logs, rKill and Combofix.
    =====================================
    New Holiday Notice! I will not be working on the threads Sat. Dec. 31 or Sunday Jan. 1 I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that.

    Please do not send a PM during those days.
  5. Farknocker

    Farknocker Newcomer, in training Topic Starter

    I misinterpreted your post and ran combofix (which worked on the first go-round) and Rkill. I then realized that i was supposed to run rskill only if combofix refused to work. I hope I didn't screw anything up. In any event, here are the logs:

    Combofix Log =======================================

    ComboFix 11-12-30.02 - rai 12/30/2011 12:26:21.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.433 [GMT -10:00]
    Running from: c:\documents and settings\rai\Desktop\ComboFix.exe
    .
    ADS - WINDOWS: deleted 48 bytes in 1 streams.
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe
    c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
    c:\documents and settings\All Users\Application Data\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
    c:\documents and settings\rai\Application Data\cacaoweb
    c:\documents and settings\rai\Application Data\cacaoweb\errorlog.txt
    c:\documents and settings\rai\Application Data\cacaoweb\npdfile.dat
    c:\documents and settings\rai\Application Data\cacaoweb\replicating2D1EB6C62170939CC669D0CB5FFE3A8C.cacao
    c:\documents and settings\rai\Application Data\cacaoweb\replicating55179A36DB34836222AA0D0E666D95C4.cacao
    c:\documents and settings\rai\Application Data\cacaoweb\replicating58D32E2D5838C7A4480361C417BA8E11.cacao
    c:\documents and settings\rai\Application Data\cacaoweb\replicating7666A9C217E6301776E7D4DFD00ECAD7.cacao
    c:\documents and settings\rai\Application Data\cacaoweb\replicating76EF7104C5457838D6259F230C00A7A4.cacao
    c:\documents and settings\rai\Application Data\cacaoweb\replicatingE1960C978D9A3204E6DEFE5AD1DE9524.cacao
    c:\documents and settings\rai\Application Data\cacaoweb\replicatingE3A0437896302662DB8830AF3BD73A94.cacao
    c:\documents and settings\rai\Application Data\cacaoweb\storage.db
    c:\documents and settings\rai\Application Data\Local
    c:\documents and settings\rai\Application Data\Local\Temp\DDM\Settings\0.ddi
    c:\documents and settings\rai\Application Data\Local\Temp\DDM\Settings\1.ddi
    c:\documents and settings\rai\Application Data\Local\Temp\DDM\Settings\Cum.Filled.Asian.*****.XXX.a.avi.ddr
    c:\documents and settings\rai\Application Data\Local\Temp\DDM\Settings\reporter-serene-branson-malfunction-on-air_1.mp4.ddr
    c:\documents and settings\rai\Application Data\Local\Temp\DDM\Settings\settings.ddi
    c:\documents and settings\rai\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Cum.Filled.Asian.*****.XXX.a.avi
    c:\documents and settings\rai\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\reporter-serene-branson-malfunction-on-air_1.mp4
    c:\documents and settings\rai\Desktop\Internet Explorer.lnk
    c:\documents and settings\rai\Local Settings\Application Data\assembly\tmp
    c:\documents and settings\rai\Local Settings\Application Data\assembly\tmp\IMI1EZVA\__AssemblyInfo__.ini
    c:\documents and settings\rai\Local Settings\Application Data\assembly\tmp\IMI1EZVA\AddinExpress.OL.2005.DLL
    c:\documents and settings\rai\Local Settings\Application Data\assembly\tmp\WEYB3FPQ\__AssemblyInfo__.ini
    c:\documents and settings\rai\Local Settings\Application Data\assembly\tmp\WEYB3FPQ\AddinExpress.MSO.2005.DLL
    c:\program files\cacaoweb
    c:\program files\cacaoweb\cacaoweb.exe
    c:\windows\system32\SETF1.tmp
    c:\windows\system32\SETF2.tmp
    c:\windows\system32\SETF3.tmp
    c:\windows\system32\SETF8.tmp
    Y:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-29 21:15 . 2011-12-29 21:15 -------- d-----w- c:\program files\Avira
    2011-12-29 18:28 . 2011-12-29 18:28 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2011-12-29 17:04 . 2011-12-29 17:04 -------- d-----w- c:\documents and settings\garcia.OLLON0\Application Data\Webroot
    2011-12-29 16:41 . 2011-12-29 16:41 -------- d-----w- c:\documents and settings\garcia.OLLON0\Application Data\SUPERAntiSpyware.com
    2011-12-29 16:16 . 2011-12-29 16:16 -------- d-----w- c:\documents and settings\garcia.OLLON0\Local Settings\Application Data\PCHealth
    2011-12-29 09:03 . 2011-12-29 18:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-28 02:07 . 2011-12-28 02:24 -------- d-----w- c:\documents and settings\rai\Application Data\.oit
    2011-12-28 02:07 . 2011-12-28 02:07 -------- d-----w- c:\program files\West Publisher
    2011-12-20 22:01 . 2011-12-20 22:01 -------- d-----w- c:\program files\RealVNC
    2011-12-20 02:48 . 2011-12-20 02:48 -------- d-----w- c:\documents and settings\rai\Local Settings\Application Data\Help
    2011-12-13 19:22 . 2011-12-13 19:22 -------- d-----w- C:\found.000
    2011-12-13 19:13 . 2011-12-13 19:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2011-12-13 18:15 . 2011-11-04 19:20 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-11 01:24 . 2009-06-16 01:42 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-23 13:25 . 2009-10-16 18:35 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20 . 2009-10-16 18:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 19:20 . 2009-10-16 18:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2009-10-16 18:35 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 11:23 . 2009-10-16 18:37 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07 . 2009-10-16 18:35 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2009-10-16 18:35 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37 . 2009-10-16 18:35 2148864 ------w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2009-10-16 18:35 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
    2011-10-25 00:29 . 2011-10-25 00:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-25 00:29 . 2011-10-25 00:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-18 11:13 . 2009-10-16 18:37 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22 . 2009-10-16 18:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2009-08-14 22:33 . 2009-08-14 22:33 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2009-08-14 22:33 . 2009-08-14 22:33 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2009-08-14 22:33 . 2009-08-14 22:33 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2009-08-14 22:33 . 2009-08-14 22:33 20824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2009-08-14 22:34 . 2009-08-14 22:34 206160 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2009-08-14 22:33 . 2009-08-14 22:33 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2009-08-14 22:33 . 2009-08-14 22:33 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2007-03-17 03:33 . 2007-03-17 03:33 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
    2007-03-17 03:33 . 2007-03-17 03:33 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
    2007-03-17 03:33 . 2007-03-17 03:33 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
    2009-08-14 21:50 . 2009-08-14 21:50 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2009-08-14 22:33 . 2009-08-14 22:33 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2011-11-09 20:02 . 2011-05-06 20:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    Code:
    <pre>
    c:\program files\Common Files\Ahead\Lib\nerocheck .exe
    c:\program files\Compaq\SetRefresh\setrefresh .exe
    c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
    c:\program files\PowerISO\pwrisovm .exe
    c:\program files\Ricoh\PCS Director\Client\pa6clint .exe
    c:\program files\Symantec AntiVirus\vptray .exe
    </pre>
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
    [7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
    [7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
    .
    c:\windows\System32\eventlog.dll ... is missing !!
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cacaoweb"="c:\program files\cacaoweb\cacaoweb.exe" [N/A]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [N/A]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-24 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-24 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-24 114688]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-12 246504]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "PocketCloud Location"="c:\program files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" [2011-10-04 815616]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-25 421888]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNTAzNzM3Mzk0LVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMi1GTDEwKzEtTElDKzctRERUKzE0MjIzLUREMTBGKzEtU1QxMEZBUFArMQ&prod=90&ver=10.0.1410" [?]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    c:\documents and settings\jfo.OLLON0\Start Menu\Programs\Startup\
    AOM.lnk - c:\program files\Common Files\Adobe\Web\AOM.exe [2005-7-28 696320]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2005-7-28 82026]
    Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
    STIMON.lnk - c:\program files\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe [2010-2-10 933888]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "disablecad"= 1 (0x1)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 1 (0x1)
    "NoSimpleStartMenu"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bionix Wallpaper
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BioniXWallpaper
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/15/2009 11:42 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 67656]
    R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [10/20/2009 9:52 AM 17984]
    R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [8/13/2009 11:37 PM 598856]
    R2 WysePocketCloud;Wyse PocketCloud;c:\program files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [10/3/2011 6:37 PM 109056]
    R3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [5/23/2011 9:58 AM 82816]
    R4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys --> c:\windows\system32\DRIVERS\avkmgr.sys [?]
    S2 gupdate1c9c3c71227a291;Google Update Service (gupdate1c9c3c71227a291);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 5:53 PM 133104]
    S2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\DRIVERS\WebCamDV.sys --> c:\windows\system32\DRIVERS\WebCamDV.sys [?]
    S3 cpuz134;cpuz134;\??\c:\docume~1\rai\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\rai\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 5:53 PM 133104]
    S3 lgmdbus;LG Mobile driver (WDM);c:\windows\system32\drivers\lgmdbus.sys [11/17/2009 9:30 AM 89600]
    S3 lgmdmdfl;LG Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmdmdfl.sys [11/17/2009 9:30 AM 14976]
    S3 lgmdmdm;LG Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmdmdm.sys [11/17/2009 9:30 AM 121344]
    S3 lgmdmgmt;LG Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmdmgmt.sys [11/17/2009 9:30 AM 114944]
    S3 lgmdobex;LG Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmdobex.sys [11/17/2009 9:30 AM 111232]
    S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 6:29 PM 29293408]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/21/2009 9:54 AM 47360]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 12872]
    S3 usbsmi;USB2.0 UVC WebCam;c:\windows\system32\drivers\SMIksdrv.sys [2/10/2010 2:29 PM 180608]
    S3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys --> c:\windows\system32\drivers\wcdvaud.sys [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [10/16/2009 8:35 AM 14336]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - avipbb
    *Deregistered* - ssmdrv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2009-10-16 c:\windows\Tasks\$~$Sys0$.job
    - c:\windows\System32\SchedSvc.dll [2009-10-16 00:12]
    .
    2011-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 03:57]
    .
    2011-10-13 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-23 22:58]
    .
    2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc8f14b600ed83.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-23 03:53]
    .
    2009-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-23 03:53]
    .
    2011-03-11 c:\windows\Tasks\Install_NSS.job
    - c:\program files\DivX\Symantec\scstubinstaller.exe [2010-03-08 18:00]
    .
    2009-10-10 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 08:18]
    .
    2010-07-30 c:\windows\Tasks\Windows Codec Update Service.job
    - c:\program files\Essentials Codec Pack\WECPUpdate.exe [2010-05-30 13:17]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.foxnews.com/
    mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Free YouTube to iPod Converter - c:\documents and settings\rai\Application Data\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.1.1.92
    DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://173.198.70.219:99/webrec.cab
    DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://24.94.93.6:8100/codebase/DVM_IPCam2.ocx
    FF - ProfilePath - c:\documents and settings\rai\Application Data\Mozilla\Firefox\Profiles\ak5m7bkb.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-30 12:32
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2011-12-30 12:34:59
    ComboFix-quarantined-files.txt 2011-12-30 22:34
    ComboFix2.txt 2009-10-28 08:24
    .
    Pre-Run: 25,341,267,968 bytes free
    Post-Run: 25,626,980,352 bytes free
    .
    - - End Of File - - 45FF915ECBB02DF9103EE795DDC17AAE

    RKill Log ===============================================

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 12/30/2011 at 14:04:05.
    Operating System: Microsoft Windows XP


    Processes terminated by Rkill or while it was running:



    Rkill completed on 12/30/2011 at 14:04:09.


    Exehelper Log ============================================



    exeHelper by Raktor
    Build 20100414
    Run at 14:05:09 on 12/30/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Advise uninstall Cacaoweb in Add/remove Programs. Then use Windows Explorer to access Computer> Local Drive> Programs> do a right click> Delete on the Cacaoweb program folder.
    =======================
    Removal of Y:\Autorun.inf suggest you may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.

    Please disinfect all removable drives
    1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
    2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
      Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
    3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    4. Wait until it has finished scanning and then exit the program.
    5. Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
    =================
    Your system has been badly infected. You also have a Vundo Malware infection:

    Please run this Custom CFScript
    • . Close any open browsers.
    • . Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • . Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    Folder::
    C:\found.000
    RenV::
    c:\program files\Common Files\Ahead\Lib\nerocheck .exe
    c:\program files\Compaq\SetRefresh\setrefresh .exe
    c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
    c:\program files\PowerISO\pwrisovm .exe
    c:\program files\Ricoh\PCS Director\Client\pa6clint .exe
    c:\program files\Symantec AntiVirus\vptray .exe
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cacaoweb"=-
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      
      :filefind
      eventlog.dll
      
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    ============================
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    =====================================
    Update and run SuperAntispyware which is already on the system. Include log with those from Combofix, System Look, CKScanner
    Will review new logs on Monday.
  7. Farknocker

    Farknocker Newcomer, in training Topic Starter

    My Y: drive is a 250 GB external HD. Does this require me to run another application than the one recommended to clean flashdrives?
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Connect the external driver when you run the disinfector.
  9. Farknocker

    Farknocker Newcomer, in training Topic Starter

    I could not find Cacaoweb in the add/remove programs. I also could not find it running in the background using the Task Manager. I then searched online and found that it is an add-on in firefox so I attempted to uninstall it using Firefox/tools/add-ons and was successful. I also searched the drive and found the Cacaoweb files in C:\Qoobox directory which I understand is created by Combofix so I figured Combofix must have quarantined the file when I ran it last, per previous instructions.

    Next, I connected all portable USB devices, including my 250 GB External HD and a 4 GB flash drive and ran Flash_Disinfector.exe. While it was running three Avira pop-up messages appeared noting that C:\autorun.inf had been blocked. It did this for the other 2 external USB devices.

    Next, I downloaded CFScript. Since CFScript requires the disabling of AVIRA, I uninstalled it AVIRA (had a hard time disabling it) and ran the Flash_Disinfector.exe once more just in case AVIRA interfered with its functions the first go-round. I then ran CFScript by making a txt file and by dragging the file into Combofix. Combofix informed me that a updated version existed and asked if I wanted to update combofix which i did. Combofix continued automatically thereafter and produced a log (see below).

    The Logs are as follows:

    Combofix Log ==========================================

    ComboFix 12-01-01.02 - rai 01/01/2012 10:44:18.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.570 [GMT -10:00]
    Running from: c:\documents and settings\rai\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\rai\Desktop\CFScript.txt
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\found.000
    c:\found.000\dir0000.chk\a320raid\A320MGT.CAT
    c:\found.000\dir0000.chk\a320raid\A320MGT.INF
    c:\found.000\dir0000.chk\a320raid\A320RAID.CAT
    c:\found.000\dir0000.chk\a320raid\A320RAID.INF
    c:\found.000\dir0000.chk\a320raid\A320RAID.SYS
    c:\found.000\dir0000.chk\aac\aac.cat
    c:\found.000\dir0000.chk\aac\aac.inf
    c:\found.000\dir0000.chk\aac\aac.sys
    c:\found.000\dir0000.chk\aac\aaccin.dll
    c:\found.000\dir0000.chk\aac\aacevt.exe
    c:\found.000\dir0000.chk\aac\aacmgt.inf
    c:\found.000\dir0000.chk\aarich\aarich.cat
    c:\found.000\dir0000.chk\aarich\aarich.inf
    c:\found.000\dir0000.chk\aarich\aarich.sys
    c:\found.000\dir0000.chk\aarich\aichmgt.cat
    c:\found.000\dir0000.chk\aarich\aichmgt.inf
    c:\found.000\dir0000.chk\cercsr6\afamgt.sys
    c:\found.000\dir0000.chk\cercsr6\cerccin.dll
    c:\found.000\dir0000.chk\cercsr6\cercmgt.inf
    c:\found.000\dir0000.chk\cercsr6\cercsr6.cat
    c:\found.000\dir0000.chk\cercsr6\cercsr6.inf
    c:\found.000\dir0000.chk\cercsr6\cercsr6.sys
    c:\found.000\dir0000.chk\iastor\iaahci.cat
    c:\found.000\dir0000.chk\iastor\iaahci.inf
    c:\found.000\dir0000.chk\iastor\iastor.cat
    c:\found.000\dir0000.chk\iastor\iastor.inf
    c:\found.000\dir0000.chk\iastor\iastor.sys
    c:\found.000\dir0000.chk\megasas\megasas.cat
    c:\found.000\dir0000.chk\megasas\megasas.pdb
    c:\found.000\dir0000.chk\megasas\megasas.sys
    c:\found.000\dir0000.chk\megasas\nodev.inf
    c:\found.000\dir0000.chk\megasas\oemsetup.inf
    c:\found.000\dir0000.chk\nvraid\idecoi.dll
    c:\found.000\dir0000.chk\nvraid\NvAtaBus.sys
    c:\found.000\dir0000.chk\nvraid\nvraid.cat
    c:\found.000\dir0000.chk\nvraid\nvraid.inf
    c:\found.000\dir0000.chk\nvraid\nvraid.sys
    c:\found.000\dir0000.chk\nvraid\nvraidco.dll
    c:\found.000\dir0000.chk\symmpi\delpseud.inf
    c:\found.000\dir0000.chk\symmpi\mpixp32.cat
    c:\found.000\dir0000.chk\symmpi\symmpi.inf
    c:\found.000\dir0000.chk\symmpi\symmpi.pdb
    c:\found.000\dir0000.chk\symmpi\symmpi.sys
    c:\found.000\dir0000.chk\symmpi\symmpi.tag
    c:\found.000\dir0001.chk\ACT3R.SAM
    c:\found.000\dir0001.chk\DELIMR.FAE
    c:\found.000\dir0001.chk\LOCALDV.DLL
    c:\found.000\dir0001.chk\ODBCR.SAM
    c:\found.000\dir0001.chk\OLADDR.FAE
    c:\found.000\dir0001.chk\OLAPPTR.FAE
    c:\found.000\dir0001.chk\OLJRNLR.FAE
    c:\found.000\dir0001.chk\OLMAILR.FAE
    c:\found.000\dir0001.chk\OLNOTER.FAE
    c:\found.000\dir0001.chk\OLR.SAM
    c:\found.000\dir0001.chk\OLTASKR.FAE
    c:\found.000\dir0001.chk\ORG97R.SAM
    c:\found.000\dir0001.chk\PABR.SAM
    c:\found.000\dir0001.chk\SC2R.SAM
    c:\found.000\dir0001.chk\SCHPLUSR.SAM
    c:\found.000\dir0001.chk\TRANSMRR.DLL
    c:\found.000\file0000.chk
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_WUAUSERV
    -------\Service_wuauserv
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-29 18:28 . 2011-12-29 18:28 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2011-12-29 17:04 . 2011-12-29 17:04 -------- d-----w- c:\documents and settings\garcia.OLLON0\Application Data\Webroot
    2011-12-29 16:41 . 2011-12-29 16:41 -------- d-----w- c:\documents and settings\garcia.OLLON0\Application Data\SUPERAntiSpyware.com
    2011-12-29 16:16 . 2011-12-29 16:16 -------- d-----w- c:\documents and settings\garcia.OLLON0\Local Settings\Application Data\PCHealth
    2011-12-29 09:03 . 2011-12-29 18:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-28 02:07 . 2011-12-28 02:24 -------- d-----w- c:\documents and settings\rai\Application Data\.oit
    2011-12-28 02:07 . 2011-12-28 02:07 -------- d-----w- c:\program files\West Publisher
    2011-12-20 22:01 . 2011-12-20 22:01 -------- d-----w- c:\program files\RealVNC
    2011-12-20 02:48 . 2011-12-20 02:48 -------- d-----w- c:\documents and settings\rai\Local Settings\Application Data\Help
    2011-12-13 19:13 . 2011-12-13 19:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2011-12-13 18:15 . 2011-11-04 19:20 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-11 01:24 . 2009-06-16 01:42 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-23 13:25 . 2009-10-16 18:35 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20 . 2009-10-16 18:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 19:20 . 2009-10-16 18:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2009-10-16 18:35 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 11:23 . 2009-10-16 18:37 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07 . 2009-10-16 18:35 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2009-10-16 18:35 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37 . 2009-10-16 18:35 2148864 ------w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2009-10-16 18:35 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
    2011-10-25 00:29 . 2011-10-25 00:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-25 00:29 . 2011-10-25 00:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-18 11:13 . 2009-10-16 18:37 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22 . 2009-10-16 18:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2009-08-14 22:33 . 2009-08-14 22:33 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2009-08-14 22:33 . 2009-08-14 22:33 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2009-08-14 22:33 . 2009-08-14 22:33 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2009-08-14 22:33 . 2009-08-14 22:33 20824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2009-08-14 22:34 . 2009-08-14 22:34 206160 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2009-08-14 22:33 . 2009-08-14 22:33 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2009-08-14 22:33 . 2009-08-14 22:33 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2007-03-17 03:33 . 2007-03-17 03:33 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
    2007-03-17 03:33 . 2007-03-17 03:33 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
    2007-03-17 03:33 . 2007-03-17 03:33 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
    2009-08-14 21:50 . 2009-08-14 21:50 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2009-08-14 22:33 . 2009-08-14 22:33 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2011-11-09 20:02 . 2011-05-06 20:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-12-30_22.32.46 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-01-01 20:51 . 2012-01-01 20:51 16384 c:\windows\temp\Perflib_Perfdata_1dc.dat
    + 2011-11-23 00:31 . 2012-01-01 20:52 4472832 c:\windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-11-23 00:31 . 2011-12-30 22:26 4472832 c:\windows\Temporary Internet Files\Content.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-24 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-24 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-24 114688]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-12 246504]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "PocketCloud Location"="c:\program files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" [2011-10-04 815616]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-25 421888]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNTAzNzM3Mzk0LVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMi1GTDEwKzEtTElDKzctRERUKzE0MjIzLUREMTBGKzEtU1QxMEZBUFArMQ&prod=90&ver=10.0.1410" [?]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    c:\documents and settings\jfo.OLLON0\Start Menu\Programs\Startup\
    AOM.lnk - c:\program files\Common Files\Adobe\Web\AOM.exe [2005-7-28 696320]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2005-7-28 82026]
    Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
    STIMON.lnk - c:\program files\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe [2010-2-10 933888]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "disablecad"= 1 (0x1)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 1 (0x1)
    "NoSimpleStartMenu"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/15/2009 11:42 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 67656]
    R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [10/20/2009 9:52 AM 17984]
    R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [8/13/2009 11:37 PM 598856]
    R2 WysePocketCloud;Wyse PocketCloud;c:\program files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [10/3/2011 6:37 PM 109056]
    R3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [5/23/2011 9:58 AM 82816]
    S2 gupdate1c9c3c71227a291;Google Update Service (gupdate1c9c3c71227a291);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 5:53 PM 133104]
    S2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\DRIVERS\WebCamDV.sys --> c:\windows\system32\DRIVERS\WebCamDV.sys [?]
    S3 cpuz134;cpuz134;\??\c:\docume~1\rai\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\rai\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/22/2009 5:53 PM 133104]
    S3 lgmdbus;LG Mobile driver (WDM);c:\windows\system32\drivers\lgmdbus.sys [11/17/2009 9:30 AM 89600]
    S3 lgmdmdfl;LG Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmdmdfl.sys [11/17/2009 9:30 AM 14976]
    S3 lgmdmdm;LG Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmdmdm.sys [11/17/2009 9:30 AM 121344]
    S3 lgmdmgmt;LG Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmdmgmt.sys [11/17/2009 9:30 AM 114944]
    S3 lgmdobex;LG Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmdobex.sys [11/17/2009 9:30 AM 111232]
    S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 6:29 PM 29293408]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/21/2009 9:54 AM 47360]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 12872]
    S3 usbsmi;USB2.0 UVC WebCam;c:\windows\system32\drivers\SMIksdrv.sys [2/10/2010 2:29 PM 180608]
    S3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys --> c:\windows\system32\drivers\wcdvaud.sys [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [10/16/2009 8:35 AM 14336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2009-10-16 c:\windows\Tasks\$~$Sys0$.job
    - c:\windows\System32\SchedSvc.dll [2009-10-16 00:12]
    .
    2011-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 03:57]
    .
    2011-10-13 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-23 22:58]
    .
    2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc8f14b600ed83.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-23 03:53]
    .
    2009-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-23 03:53]
    .
    2009-10-10 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 08:18]
    .
    2010-07-30 c:\windows\Tasks\Windows Codec Update Service.job
    - c:\program files\Essentials Codec Pack\WECPUpdate.exe [2010-05-30 13:17]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.foxnews.com/
    mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Free YouTube to iPod Converter - c:\documents and settings\rai\Application Data\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.1.1.92
    DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://173.198.70.219:99/webrec.cab
    DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://24.94.93.6:8100/codebase/DVM_IPCam2.ocx
    FF - ProfilePath - c:\documents and settings\rai\Application Data\Mozilla\Firefox\Profiles\ak5m7bkb.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-01 10:52
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(984)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Sandboxie\SbieSvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\RealVNC\VNC4\WinVNC4.exe
    c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-01 10:54:56 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-01 20:54
    ComboFix2.txt 2011-12-30 22:34
    ComboFix3.txt 2009-10-28 08:24
    .
    Pre-Run: 25,536,933,888 bytes free
    Post-Run: 25,403,351,040 bytes free
    .
    - - End Of File - - 77384C90415790BBCD9784F662BEBB0F


    SystemLook Log ====================================

    SystemLook 30.07.11 by jpshortstuff
    Log created at 10:56 on 01/01/2012 by rai
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "eventlog.dll"
    C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c- 55808 bytes [21:03 16/10/2009] [10:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
    C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------- 56320 bytes [18:28 16/10/2009] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
    C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll --a---- 56320 bytes [03:15 25/10/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656

    -= EOF =-


    CKFiles Log =========================================

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\utilities\audio utilities\claudio\claudio.6.3.keygen.tlg.[x-ray].exe
    c:\utilities\audio utilities\claudio\xemicomputers_claudio_6_3_keygen_by_[tlg][x-ray].zip
    c:\utilities\video utilities\avs video tools 5.1full + crack 100%\avsvideotools 5.1.exe
    c:\utilities\video utilities\avs video tools 5.1full + crack 100%\read me.txt
    c:\utilities\video utilities\avs video tools 5.1full + crack 100%\torrent downloaded from demonoid.com.txt
    c:\utilities\video utilities\avs video tools 5.1full + crack 100%\what this program does.txt
    c:\utilities\video utilities\avs video tools 5.1full + crack 100%\crack\avssmartconverter.exe
    c:\utilities\video utilities\avs video tools 5.1full + crack 100%\crack\avsvideoconverter4.exe
    c:\utilities\video utilities\avs video tools 5.1full + crack 100%\crack\avsvideocutter.exe
    c:\utilities\video utilities\avs video tools 5.1full + crack 100%\crack\avsvtmanager.exe
    c:\utilities\video utilities\avs video tools 5.1full + crack 100%\crack\read me.txt
    scanner sequence 3.CH.11.USAPCP
    ----- EOF -----


    ==============================================

    Looking forward to your next reply.
  10. Farknocker

    Farknocker Newcomer, in training Topic Starter

    I re-read your replies and noted that I didn't run the SuperAntiSpyware so I updated it and ran it and have included the log here in two parts due to its length:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 01/04/2012 at 10:40 AM

    Application Version : 5.0.1142

    Core Rules Database Version : 8098
    Trace Rules Database Version: 5910

    Scan type : Complete Scan
    Total Scan Time : 00:36:30

    Operating System Information
    Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 655
    Memory threats detected : 0
    Registry items scanned : 40786
    Registry threats detected : 0
    File items scanned : 51041
    File threats detected : 464

    Adware.Tracking Cookie
    C:\Documents and Settings\rai\Cookies\YY0HSQMG.txt [ /ads.pointroll.com ]
    C:\Documents and Settings\rai\Cookies\LR5CWOHZ.txt [ /tacoda.at.atwola.com ]
    C:\Documents and Settings\rai\Cookies\A0Y3Y0CQ.txt [ /stats.paypal.com ]
    C:\Documents and Settings\rai\Cookies\VIA638YJ.txt [ /adinterax.com ]
    C:\Documents and Settings\rai\Cookies\ZQV0EZQ2.txt [ /247realmedia.com ]
    C:\Documents and Settings\rai\Cookies\D5BY6726.txt [ /yieldmanager.net ]
    C:\Documents and Settings\rai\Cookies\CAOJ6XD9.txt [ /paypal.112.2o7.net ]
    C:\Documents and Settings\rai\Cookies\407NEZNJ.txt [ /tacoda.net ]
    C:\Documents and Settings\rai\Cookies\N0M1GMD0.txt [ /atwola.com ]
    C:\Documents and Settings\rai\Cookies\0ST96LO6.txt [ /liveperson.net ]
    C:\Documents and Settings\rai\Cookies\FLZHA0Y1.txt [ /realmedia.com ]
    C:\Documents and Settings\rai\Cookies\GIE0AKJ7.txt [ /sales.liveperson.net ]
    C:\Documents and Settings\rai\Cookies\6KQHYLM3.txt [ /trafficmp.com ]
    C:\Documents and Settings\rai\Cookies\I5GMW3AI.txt [ /imrworldwide.com ]
    C:\Documents and Settings\rai\Cookies\BFUX82UK.txt [ /interclick.com ]
    C:\Documents and Settings\rai\Cookies\X57FRE2P.txt [ /revsci.net ]
    C:\Documents and Settings\rai\Cookies\KMHNTVJM.txt [ /tribalfusion.com ]
    C:\Documents and Settings\rai\Cookies\P277KPBA.txt [ /liveperson.net ]
    C:\Documents and Settings\rai\Cookies\PXFFDWRT.txt [ /ad.yieldmanager.com ]
    C:\Documents and Settings\rai\Cookies\IKU21KJ7.txt [ /invitemedia.com ]
    C:\Documents and Settings\rai\Cookies\IIPXH9Z0.txt [ /specificclick.net ]
    C:\Documents and Settings\rai\Cookies\QVM7RIVV.txt [ /lucidmedia.com ]
    C:\Documents and Settings\rai\Cookies\NZHN9E22.txt [ /at.atwola.com ]
    C:\Documents and Settings\rai\Cookies\T6L6YKS6.txt [ /overture.com ]
    C:\Documents and Settings\rai\Cookies\YE0QRGIR.txt [ /callingcardscom.122.2o7.net ]
    C:\Documents and Settings\rai\Cookies\E506RXE0.txt [ /media6degrees.com ]
    C:\Documents and Settings\rai\Cookies\3UDMRL3V.txt [ /ar.atwola.com ]
    C:\Documents and Settings\rai\Cookies\RJQY0YAG.txt [ /sales.liveperson.net ]
    C:\Documents and Settings\rai\Cookies\0SUDKFF1.txt [ /pointroll.com ]
    C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\J9XCBTWN.txt [ Cookie:administrator@tracking.dsmmadvantage.com/ ]
    C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\QWKJKC19.txt [ Cookie:administrator@www.googleadservices.com/pagead/conversion/1022131298/ ]
    C:\DOCUMENTS AND SETTINGS\GARCIA.OLLON0\Cookies\garcia@43836137[2].txt [ Cookie:garcia@sales.liveperson.net/hc/43836137 ]
    C:\DOCUMENTS AND SETTINGS\JFO\Cookies\jfo@dcsew60m1oifwznbkznc6j9ix_5x7j[1].txt [ Cookie:jfo@statse.webtrendslive.com/dcsew60m1oifwznbkznc6j9ix_5x7j ]
    C:\DOCUMENTS AND SETTINGS\JFO\Cookies\jfo@rover[1].txt [ Cookie:jfo@mercury.bravenet.com/rover/ ]
    C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@zango[1].txt [ Cookie:jfo@zango.com/ ]
    C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@catalog[1].txt [ Cookie:jfo@zango.com/destination/catalog/ ]
    C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@viewpoint[2].txt [ Cookie:jfo@www.pgatour.com/ads/viewpoint/ ]
    C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@mb[1].txt [ Cookie:jfo@4.adbrite.com/mb/ ]
    C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@list[1].txt [ Cookie:jfo@list.ru/ ]
    C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@ad[2].txt [ Cookie:jfo@precisionclick.com/ad ]
    C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@LandingPage[1].txt [ Cookie:jfo@zango.com/Destination/LandingPage/ ]
    C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@rambler[1].txt [ Cookie:jfo@rambler.ru/ ]
    C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@4819779[1].txt [ Cookie:jfo@server.iad.liveperson.net/hc/4819779 ]
    C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@29419095[2].txt [ Cookie:jfo@server.iad.liveperson.net/hc/29419095 ]
    C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@24790321[1].txt [ Cookie:jfo@server.iad.liveperson.net/hc/24790321 ]
    C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@1049615645[1].txt [ Cookie:jfo@www.googleadservices.com/pagead/conversion/1049615645/ ]
    C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@1069095226[2].txt [ Cookie:jfo@www.googleadservices.com/pagead/conversion/1069095226/ ]
    C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@p[1].txt [ Cookie:jfo@a.websponsors.com/p/ ]
    C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@78736909[2].txt [ Cookie:jfo@server.iad.liveperson.net/hc/78736909 ]
    C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@web-stat[1].txt [ Cookie:jfo@web-stat.com/ ]
    C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@85084061[1].txt [ Cookie:jfo@sales.liveperson.net/hc/85084061 ]
    C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@cgi-bin[4].txt [ Cookie:jfo@www1.addfreestats.com/cgi-bin ]
    C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@1[2].txt [ Cookie:jfo@arbitrack.com/track/1/ ]
    C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@customer[1].txt [ Cookie:jfo@www.findlegalforms.com/xcart/customer/ ]
    C:\DOCUMENTS AND SETTINGS\JFO.OLLON0\Cookies\jfo@17103550[2].txt [ Cookie:jfo@sales.liveperson.net/hc/17103550 ]
    C:\DOCUMENTS AND SETTINGS\RAI\Cookies\LK9QOCR1.txt [ Cookie:rai@adsonar.com/adserving ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
    .kontera.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
    .adultadworld.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
    .dmtracker.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OST80PTJ.DEFAULT\COOKIES.SQLITE ]
    msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\JFO\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\H5QYJSXT ]
    ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6FC697QN ]
    ds.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6FC697QN ]
    media1.break.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6FC697QN ]
    secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6FC697QN ]
    .msnportal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .avgtechnologies.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .hawaiianairlines.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .xiti.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .paypal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .samsclub.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .dmtracker.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .s.clickability.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .rambler.ru [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .thefind.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .findlaw.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .mediafire.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .walmart.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .nextag.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .122.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .microsoftsto.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .staradvertiser.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    counter.hitslink.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    www.teengrowth.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    www.teengrowth.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .findlaw.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .findlaw.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .hotlog.ru [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    us.sitestat.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .tns-counter.ru [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .e-2dj6wmmyskczeho.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .ehg-findlaw.hitbox.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .adinterax.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .adinterax.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .mediafetcher.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .e-2dj6wdkywhajalq.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .e-2dj6wcl4wncjcdp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .e-2dj6wak4akcjeho.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .e-2dj6wfloqoazgcp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .e-2dj6wmkowgd5akq.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .e-2dj6wml4kkcjohp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
  11. Farknocker

    Farknocker Newcomer, in training Topic Starter

    continuation of previous log

    stats.viewnaija.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    us.sitestat.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .hardwarezone.com.sg [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .hardwarezone.com.sg [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .clickaider.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .harborfreight.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .e-2dj6wjkoslcpkbp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .e-2dj6wjkoaoajmfo.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .getclicky.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .static.getclicky.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .e-2dj6wfmykhdpcap.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .e-2dj6wdmyupdjwlp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    www.teengrowth.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .e-2dj6wjliwndpwbp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .e-2dj6wnk4chazalp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .e-2dj6aelywlcjkaq.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    uk.sitestat.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    uk.sitestat.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .e-2dj6wjlyonazekp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    www.staradvertiser.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .s.clickability.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .staradvertiser.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .staradvertiser.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .dealtime.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .dealtime.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .e-2dj6wjl4ukazocq.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .solvemedia.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .solvemedia.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .e-2dj6wclicmd5wdq.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .microsoftwlsearchcrm.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .findthebest.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .findthebest.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .stats.complex.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .stats.complex.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .mediaforge.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    stats.townnews.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    stats.townnews.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    stats.townnews.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    stats.townnews.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .c.gigcount.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .bonniercorp.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    stats.internet-yadro.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .spylog.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .medialand.ru [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .medialand.ru [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .nextag.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .nextag.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .e-2dj6wjkoajdjkcp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .microsoftwindows.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .msnbc.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .histats.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .honoluluadvertiser.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .honoluluadvertiser.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .bizrate.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .bizrate.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .findlaw.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .findlaw.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    www1.addfreestats.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .rajce.idnes.cz [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    www.peoplefinders.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .peoplefinders.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    link.mercent.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .ehg-ccbn.hitbox.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .hitbox.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .histats.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .cz3.clickzs.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .cz3.clickzs.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    www.emailquestions.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    www.emailquestions.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .yadro.ru [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    s05.flagcounter.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    www.qsstats.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    stat.onestat.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    stat.onestat.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .azjmp.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .superstats.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .mediafire.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .mediafire.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .mediafire.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .e-2dj6wjnycmd5ghq.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .web-stat.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .web-stat.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .e-2dj6wjkychcpsco.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .yellowpages.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .viewablemedia.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .dealtime.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    stat.dealtime.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .e-2dj6wjlisicjefo.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .cygnus.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .reunioncom.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    dc.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .findlaw.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .twctsg.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    sales.liveperson.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    sales.liveperson.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .stats.paypal.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    auth.breakmedia.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\RAI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    media1.break.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\23G3KYDT ]
    secure-us.imrworldwide.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\23G3KYDT ]
    media1.break.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CZJL6CAV ]
    mediaserver.vrxstudios.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CZJL6CAV ]
    secure-us.imrworldwide.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CZJL6CAV ]
    .imrworldwide.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    s03.flagcounter.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    s04.flagcounter.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    2.s04.flagcounter.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .getclicky.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .static.getclicky.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    in.getclicky.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .hawaiianairlines.112.2o7.net [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .dmtracker.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    reztrack.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    reztrack.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    reztrack.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    reztrack.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    reztrack.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    reztrack.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    www.elitetraveler.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .nextag.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .nextag.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .nextag.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    stat.dealtime.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .mediaforge.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .mediafire.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    www.mediafire.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .mediafire.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .mediafire.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .mediafire.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .mediafire.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    www1.addfreestats.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .findlaw.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    auth.breakmedia.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    .yadro.ru [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    statse.webtrendslive.com [ C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AK5M7BKB.DEFAULT\COOKIES.SQLITE ]
    C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\COOKIES\RAI@AD.WSOD[4].TXT [ /AD.WSOD ]
    C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\COOKIES\RAI@ATDMT[3].TXT [ /ATDMT ]
    C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\COOKIES\RAI@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
    C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\COOKIES\RAI@DOUBLECLICK[4].TXT [ /DOUBLECLICK ]
    C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\COOKIES\RAI@IMRWORLDWIDE[4].TXT [ /IMRWORLDWIDE ]
    C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\COOKIES\RAI@IMRWORLDWIDE[5].TXT [ /IMRWORLDWIDE ]
    C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\COOKIES\RAI@REVSCI[3].TXT [ /REVSCI ]
    C:\SANDBOX\RAI\DEFAULTBOX\USER\CURRENT\COOKIES\RAI@REVSCI[4].TXT [ /REVSCI ]

    Heur.Agent/Gen-FakeIE
    C:\WINDOWS\IE7UPDATES\KB969897-IE7\IEXPLORE.EXE
    C:\WINDOWS\IE7UPDATES\KB972260-IE7\IEXPLORE.EXE
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Piracy Warning

    The AVD Video Tools is a $60 program. You have pirated the program.
    AVS Video Cutter is offered as a free download with limitations

    The Claudio 6.3 is a $30 program. You have pirated the program.

    You have malware Heur.Agent/Gen-FakeIE

    The IT was correct- your system is badly infected. Taking all the malware that has been found, along with the malware that still shows up, the system has most likely been compromised.
    -------------------------------
    I don't support piracy. Please return to the IT for assistance.
  13. Farknocker

    Farknocker Newcomer, in training Topic Starter

    Thanks for your assistance.
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You're welcome.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.