windows live messenger virus- posting pics to friends

Topic:windows live messenger virus- posting pics to friends

Remainpoint:0

djukica

PostTime:12/16/2008 11:08:41 PM

Top

Level:

Professional point:

Experience:

Thread:

293

Post:

994

Total online time:

Joined date:

4/29/2007 12:25:00 AM

Last Visit:

12/16/2008 11:23:06 PM

Status:

	Try our remote PC help service to fix your PC instantly(Only cost $19.95)
	Register to make Ads free

please help me. i have read the other threads concerning this virus but am not sure what to do first. I have windows xp and yesterday my windows live messenger 8.1 starting sending rude messages and files to the friends on my contact list. Also MSN continuosly freezes and that is when i think the messages are sent. luckily none of my friends opened the files sent. i do not know how i got this as i have not opened any files myself.
i have run the combofix o7 as you said but don't know what to do now. i saved it in word as i dont know how to save it to desktop.
please help me as i use msn for work as well.
thank you in advance
debbie

attached below is the combofix log
ComboFix 07-09-21.2 - "debbie" 2007-09-25 21:25:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.335 [GMT 1:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\cursorcafe.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\cursorcafeA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\games.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\gamesA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\screensaver.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\screensaverA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\contexts\error.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\contexts\related.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\contexts\travel.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\contexts\Travel.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\ProductMessagingConfig .xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\ProductMessagingConfig .xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\SimpleUpdateConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\SimpleUpdateConfig.xml .backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\TimerManagerConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\TimerManagerConfig.xml .backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\cursorcafe.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\cursorcafeA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\games.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\gamesA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\screensaver.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\screensaverA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\contexts\error.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\contexts\related.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\contexts\travel.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\contexts\Travel.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\SimpleUpdate\ProductMessagingConfig. xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\SimpleUpdate\ProductMessagingConfig. xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\SimpleUpdate\SimpleUpdateConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\SimpleUpdate\SimpleUpdateConfig.xml. backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\SimpleUpdate\TimerManagerConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\SimpleUpdate\TimerManagerConfig.xml. backup
C:\DOCUME~1\CHARLO~1\APPLIC~1\FunWebProducts
C:\DOCUME~1\CHARLO~1\APPLIC~1\FunWebProducts\Data\charlotte\avatar.dat
C:\DOCUME~1\CHARLO~1\APPLIC~1\FunWebProducts\Data\charlotte\register.dat
C:\DOCUME~1\debbie\APPLIC~1\macromedia\Flash Player\#SharedObjects\JNU6XF5R\iforex.com
C:\DOCUME~1\debbie\APPLIC~1\macromedia\Flash Player\#SharedObjects\JNU6XF5R\iforex.com\Emerp\Events\flash_object.swf\use r_data.sol
C:\DOCUME~1\debbie\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\DOCUME~1\debbie\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\00BF6EFD.urr
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MySignatureInsertBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MySignaturePreviewBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\iMeshBar
C:\Program Files\iMeshBar\bar\Cache\0001C685
C:\Program Files\iMeshBar\bar\Cache\0015BBA0.bin
C:\Program Files\iMeshBar\bar\Cache\0015BE67.bmp
C:\Program Files\iMeshBar\bar\Cache\0015BEB7.bmp
C:\Program Files\iMeshBar\bar\Cache\files.ini
C:\Program Files\iMeshBar\bar\History\search
C:\Program Files\iMeshBar\bar\Settings\prevcfg.htm
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\2.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\3.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\3.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\3.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\3.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\3.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\3.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\3.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\3.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\3.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\close.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\htmlctrl.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\login.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\unmax.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\wardrobe.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Program Files\MyWebSearch\bar\Cache\00015166.bin
C:\Program Files\MyWebSearch\bar\Cache\000153BF.bin
C:\Program Files\MyWebSearch\bar\Cache\000155F9.bin
C:\Program Files\MyWebSearch\bar\Cache\000157A8.bin
C:\Program Files\MyWebSearch\bar\Cache\0001592F.bin
C:\Program Files\MyWebSearch\bar\Cache\00029222.bin
C:\Program Files\MyWebSearch\bar\Cache\00040F26
C:\Program Files\MyWebSearch\bar\Cache\0006FBBA
C:\Program Files\MyWebSearch\bar\Cache\0009E6F9
C:\Program Files\MyWebSearch\bar\Cache\00112411
C:\Program Files\MyWebSearch\bar\Cache\0011F3AB
C:\Program Files\MyWebSearch\bar\Cache\00139204
C:\Program Files\MyWebSearch\bar\Cache\002681BA
C:\Program Files\MyWebSearch\bar\Cache\002686EE.bin
C:\Program Files\MyWebSearch\bar\Cache\002687A2.bin
C:\Program Files\MyWebSearch\bar\Cache\002687F3.bin
C:\Program Files\MyWebSearch\bar\Cache\00268825.bin
C:\Program Files\MyWebSearch\bar\Cache\0026BB31.bin
C:\Program Files\MyWebSearch\bar\Cache\0026BCC2.bin
C:\Program Files\MyWebSearch\bar\Cache\0026BD3A.bin
C:\Program Files\MyWebSearch\bar\Cache\0026BDF8.bin
C:\Program Files\MyWebSearch\bar\Cache\0026BE67.bin
C:\Program Files\MyWebSearch\bar\Cache\003E3855
C:\Program Files\MyWebSearch\bar\Cache\004A5289
C:\Program Files\MyWebSearch\bar\Cache\0073A576.bin
C:\Program Files\MyWebSearch\bar\Cache\0073A652.bin
C:\Program Files\MyWebSearch\bar\Cache\0073A68E.bin
C:\Program Files\MyWebSearch\bar\Cache\007720C8
C:\Program Files\MyWebSearch\bar\Cache\007726BA.bin
C:\Program Files\MyWebSearch\bar\Cache\0077275A
C:\Program Files\MyWebSearch\bar\Cache\009B3B68
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Search\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml.backup
C:\Program Files\screensavers.com\Installer\bin\ScreensaversInst.dll
C:\Program Files\screensavers.com\Installer\bin\siuninst.exe
C:\Program Files\screensavers.com\Wallpaper\Shrek 2 - Puss in Boots.jpg
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\f3PSSavr.scr

.
((((((((((((((((((((((((( Files Created from 2007-08-25 to 2007-09-25 )))))))))))))))))))))))))))))))
.

2007-09-25 21:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-25 20:52 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-09-25 20:52 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-25 20:52 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-09-25 20:52 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-09-25 20:52 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-09-25 20:52 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-25 20:52 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-09-25 20:52 <DIR> d-------- C:\DOCUME~1\debbie\APPLIC~1\PC Tools
2007-09-24 08:04 51,712 -r-hs---- C:\WINDOWS\system32\mdn.exe
2007-09-20 19:21 290,816 --a------ C:\WINDOWS\Pumpkin Madness.scr
2007-09-20 19:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Softdisk LLC
2007-09-14 17:23 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-09-12 23:38 <DIR> d-------- C:\DOCUME~1\debbie\APPLIC~1\Roxio
2007-09-02 12:26 <DIR> d-------- C:\DOCUME~1\MIKE~1.DOW\APPLIC~1\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-25 19:40 --------- d-------- C:\Program Files\MSN Messenger
2007-09-25 18:58 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-09-25 18:49 --------- d-------- C:\Program Files\Common Files\AOL
2007-09-25 18:49 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-09-25 09:56 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
2007-09-24 21:49 --------- d-------- C:\Program Files\Napster
2007-09-24 19:08 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\burn spam ping upload
2007-09-22 21:35 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-09-21 22:02 --------- d-------- C:\DOCUME~1\AARON~1.DOW\APPLIC~1\IMVU
2007-09-19 17:53 --------- d-------- C:\DOCUME~1\debbie\APPLIC~1\Real
2007-09-15 09:10 --------- d-------- C:\DOCUME~1\AARON~1.DOW\APPLIC~1\WINDOWLICENSEBITS
2007-09-14 17:23 --------- d-------- C:\Program Files\Common Files\Real
2007-09-13 23:13 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Program dead road burn
2007-09-11 17:10 --------- d-------- C:\DOCUME~1\AARON~1.DOW\APPLIC~1\Real
2007-09-02 12:52 --------- d-------- C:\DOCUME~1\MIKE~1.DOW\APPLIC~1\MSN6
2007-08-20 17:42 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Napster
2007-08-20 17:41 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-20 17:41 --------- d-------- C:\Program Files\Common Files\Napster Shared
2007-08-20 16:30 --------- d-------- C:\DOCUME~1\CHARLO~1\APPLIC~1\Real
2007-08-19 22:58 --------- d-------- C:\WINDOWS\system32\config\SYSTEM~1\APPLIC~1\Real
2007-08-19 22:01 --------- d-------- C:\DOCUME~1\debbie\APPLIC~1\Google
2007-08-19 21:57 --------- d-------- C:\Program Files\Google
2007-08-19 14:14 --------- d-------- C:\Program Files\AOL 9.0a
2007-08-16 07:41 --------- d-------- C:\Program Files\AOL Companion
2007-08-15 20:48 --------- d-------- C:\Program Files\Common Files\aolshare
2007-08-15 20:48 --------- d-------- C:\Program Files\AOL Toolbar
2007-08-15 10:06 --------- d-------- C:\DOCUME~1\CHARLO~1\APPLIC~1\MSN6
2007-08-15 09:40 --------- d-------- C:\Program Files\MSXML 4.0
2007-08-12 09:48 --------- d-------- C:\Program Files\IMVU
2007-08-08 15:45 --------- d-------- C:\DOCUME~1\CHARLO~1\APPLIC~1\WINDOWLICENSEBITS
2007-08-08 15:40 --------- d-------- C:\DOCUME~1\CHARLO~1\APPLIC~1\Screenshot Sender
2007-08-05 21:30 --------- d-------- C:\Program Files\NaturalMotion
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-06-29 15:41 98304 --a--c--- C:\WINDOWS\system32\CmdLineExt.dll
2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2004-07-22 11:51 3432656 --a--c--- C:\Program Files\ManagedDX.CAB
2004-07-19 23:58 1156363 --a--c--- C:\Program Files\BDANT.cab
2004-07-19 23:53 976020 --a--c--- C:\Program Files\BDAXP.cab
2004-07-09 15:17 13265040 --a--c--- C:\Program Files\dxnt.cab
2004-07-09 10:13 703080 --a--c--- C:\Program Files\BDA.cab
2004-07-09 10:13 15493481 --a--c--- C:\Program Files\DirectX.cab
2004-07-09 05:08 472576 --a--c--- C:\Program Files\dxsetup.exe
2004-07-09 05:08 2242560 --a--c--- C:\Program Files\dsetup32.dll
2004-07-09 04:03 62976 --a--c--- C:\Program Files\DSETUP.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5345A7A1-805A-4923-B505-86B2FEBA3FE0}]
C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}]
2006-07-06 20:54 352256 --------- C:\Program Files\GamesBar\oberontb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"HostManager"="C:\Program Files\Common Files\AOL\1181588533\ee\AOLSoftware.exe" [2006-11-17 14:21]
"PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" [2004-03-26 22:58]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2007-01-12 19:36]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-14 17:23]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-09-20 15:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Actiontec 802.11g USB Wireless LAN.lnk - C:\Program Files\Actiontec 802.11g USB Wireless LAN\PRISMCFG.EXE [2007-06-20 18:02:50]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0a\aoltray.exe [2007-08-15 20:47:27]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-19 21:56:19]

C:\DOCUME~1\AARON~1.DOW\STARTM~1\Programs\Startup\
IMVU.lnk - C:\Program Files\IMVU\IMVUClient.exe [2007-08-08 05:13:02]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxs ervice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcore service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Actiontec 802.11g USB Wireless LAN.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Actiontec 802.11g USB Wireless LAN.lnk
backup=C:\WINDOWS\pss\Actiontec 802.11g USB Wireless LAN.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ViaMixer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ViaMixer.lnk
backup=C:\WINDOWS\pss\ViaMixer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^charlotte^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\charlotte\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
?

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Burn drive third file]
C:\Documents and Settings\All Users\Application Data\ExtraLoveBurnDrive\facemore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamWizard]
C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3600 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1181588533\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImInstaller_IncrediMail]

C:\DOCUME~1\MIKE~1.DOW\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_in stall[1].exe -startup -product IncrediMail

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe /c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\System32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ms1src]
c:\program files\common files\system\ms1src.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
"C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntl Netguard]
"C:\Program Files\ntl\ntl Netguard\RPS.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OemReset]
%systemroot%\OPTIONS\OEMRESET.EXE /AUDIT

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSS]
C:\windows\system32\rlvknlg.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]
"C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

S3 gbalink;GBA Link Driver (gbalink.sys);C:\WINDOWS\system32\Drivers\gbalink.sys
S3 ldiskl;ldiskl;\??\C:\DOCUME~1\debbie\LOCALS~1\Temp\ldiskl.sys
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
S3 Vsp;Vsp;\??\C:\WINDOWS\System32\drivers\Vsp.sys
S4 spcstb;spcstb;C:\WINDOWS\system32\DRIVERS\spcstb.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-25 20:00:00 C:\WINDOWS\Tasks\A0FF1687918493D3.job"
"2007-09-25 20:00:00 C:\WINDOWS\Tasks\ABF5D28D91A64B59.job"
"2007-09-25 19:39:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-25 21:51:07
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-25 21:55:59 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-25 21:55
.
--- E O F ---


Zastrus	PostTime:12/16/2008 11:36:45 PM	Point:0 \| # 1
Level: 1 Professional point: 32 Experience: 5 Thread: 287 Post: 980 Total online time: 5M Joined date: 4/29/2007 12:12:00 AM Last Visit: 12/16/2008 11:58:01 PM Status:	sorry this didnt send the firsttime, nor the second- its too long so i will send it in two parts; 1st part; SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/26/2007 at 00:43 AM Application Version : 3.9.1008 Core Rules Database Version : 3259 Trace Rules Database Version: 1270 Scan type : Complete Scan Total Scan Time : 01:08:41 Memory items scanned : 565 Memory threats detected : 0 Registry items scanned : 5549 Registry threats detected : 20 File items scanned : 56028 File threats detected : 371 Adware.MyWebSearch HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D} HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D} HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32 HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\3.BIN\MWSSRCAS.DLL HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32 HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\Programmable HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\TypeLib C:\PROGRAM FILES\MYWEBSEARCH\BAR\3.BIN\MWSBAR.DLL HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07B18EA9-A523-4961-B6BB-170DE4475CCA} HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0 HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0 HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0\win32 HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\FLAGS HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\HELPDIR Adware.Tracking Cookie C:\Documents and Settings\debbie\Cookies\debbie@as1.falkag[1].txt C:\Documents and Settings\debbie\Cookies\debbie@server.iad.liveperson[1].txt C:\Documents and Settings\debbie\Cookies\debbie@msnportal.112.2o7[1].txt C:\Documents and Settings\debbie\Cookies\debbie@server.iad.liveperson[3].txt C:\Documents and Settings\debbie\Cookies\debbie@bs.serving-sys[2].txt C:\Documents and Settings\debbie\Cookies\debbie@ad.uk.tangozebra[1].txt C:\Documents and Settings\debbie\Cookies\debbie@www.googleadservices[2].txt C:\Documents and Settings\debbie\Cookies\debbie@advertising[2].txt C:\Documents and Settings\debbie\Cookies\debbie@indextools[2].txt C:\Documents and Settings\debbie\Cookies\debbie@atdmt[1].txt C:\Documents and Settings\debbie\Cookies\debbie@clickbank[1].txt C:\Documents and Settings\debbie\Cookies\debbie@msnaccountservices.112.2o7[1].txt C:\Documents and Settings\debbie\Cookies\debbie@aoluk.122.2o7[1].txt C:\Documents and Settings\debbie\Cookies\debbie@ads.aol.co[2].txt C:\Documents and Settings\debbie\Cookies\debbie@adopt.euroclick[2].txt C:\Documents and Settings\debbie\Cookies\debbie@aoleusearch.122.2o7[1].txt C:\Documents and Settings\debbie\Cookies\debbie@www.googleadservices[1].txt C:\Documents and Settings\debbie\Cookies\debbie@serving-sys[2].txt C:\Documents and Settings\debbie\Cookies\debbie@microsoftwlmessengermkt.112.2o7[1].txt C:\Documents and Settings\debbie\Cookies\debbie@mywebsearch[2].txt C:\Documents and Settings\debbie\Cookies\debbie@tradedoubler[1].txt C:\Documents and Settings\debbie\Cookies\debbie@mediaplex[1].txt C:\Documents and Settings\debbie\Cookies\debbie@ads.techguy[1].txt C:\Documents and Settings\debbie\Cookies\debbie@doubleclick[1].txt C:\Documents and Settings\debbie\Cookies\debbie@www.googleadservices[3].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@247realmedia[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@2o7[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@3.adbrite[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@3d-sexgames[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@4.adbrite[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ad.yieldmanager[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ad.zanox[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ad1.emediate[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@adbrite[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@adbrite[3].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@adfarm1.adition[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@adopt.euroclick[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@adrevenue[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@adrevolver[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ads.adbrite[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ads.aol.co[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ads.awesomehouseparty[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ads.cartoonnetwork[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ads.cc214142[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ads.digital5media[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ads.foxkidseurope[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ads.freeonlinegames[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ads.guardian.co[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ads.habbogroup[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ads.habbohotel.co[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ads.i-am-bored[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ads.itv[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ads.monster[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ads.newgrounds[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ads.pointroll[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ads.toonamijetstream[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ads.turner[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ads.yardads.co[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@adserve.v-store.co[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@adserver.cheatplanet[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@adserver.mediarun[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@adserver.weakgame[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@adserver3.fluent.ltd[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@adsrevenue[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@adtech[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@adultfriendfinder[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@advert.runescape[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@advertising[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@adverts.digitalspy.co[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@anad.tacoda[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@anat.tacoda[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@angleinteractive.directtrack[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@aoleusearch.122.2o7[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@aoluk.122.2o7[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@apmebf[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@as-eu.falkag[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@atdmt[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@azjmp[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@banner.cdpoker[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@banner.eurogrand[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@banner.rubybingo.co[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@banners.battleon[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@banners.casino[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@bluestreak[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@bs.serving-sys[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@c5.zedo[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@carphonewarehouse.112.2o7[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@casalemedia[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@cassava[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@clicksor[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@cts.metricsdirect[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@data2.perf.overture[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@dealtime.co[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@directtrack[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@doubleclick[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@e-2dj6wfkoaicpgeo.stats.esomniture[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@e-2dj6wflocjczkco.stats.esomniture[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@e-2dj6wfmiamazaao.stats.esomniture[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@e-2dj6wjmiglcpegp.stats.esomniture[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@eas.apm.emediate[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ehg-abscissa.hitbox[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ehg-autotrader.hitbox[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ehg-bskyb.hitbox[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ehg-dig.hitbox[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ehg-foxmovies.hitbox[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ehg-gamedaily.hitbox[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ehg-gamespot.hitbox[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ehg-gamespyinc.hitbox[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ehg-legonewyorkinc.hitbox[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ehg-systemax.hitbox[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ehg-volania.hitbox[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ehg-wmc.hitbox[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@ehg-youtube.hitbox[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@fastclick[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@fl01.ct2.comclick[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@h.starware[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@hardporn[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@hentaicounter[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@hitbox[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@i.screensavers[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@incredimailltd.112.2o7[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@interclick[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@komtrack[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@media.adrevolver[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@media.hotels[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@media.licenseacquisition[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@mediaplex[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@mediavantage[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@metacafe.122.2o7[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@microsoftwlmessengermkt.112.2o7[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@msnportal.112.2o7[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@mywebsearch[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@nbcuniversal.122.2o7[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@nfm.directtrack[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@nickelodeonuk.112.2o7[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@overture[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@partygaming.122.2o7[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@partypoker[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@paypal.112.2o7[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@perf.overture[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@porndvddirect[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@precisionclick[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@questionmarket[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@realmedia[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@revenue[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@roiservice[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@screensavers[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@server.cpmstar[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@server.iad.liveperson[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@server.iad.liveperson[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@server.iad.liveperson[3].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@server.iad.liveperson[4].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@server.iad.liveperson[6].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@server.lon.liveperson[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@server.lon.liveperson[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@server.lon.liveperson[4].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@serving-sys[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@sexygames[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@sexygames[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@smileycentral[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@spamblockerutility[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@statcounter[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@stats.adbrite[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@stats.treehousedirect[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@stats1.reliablestats[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@statse.webtrendslive[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@teen-titans[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@tgn.122.2o7[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@thomascook.122.2o7[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@tooltips.hotbar[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@tooth14.bigmouthmedia[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@track.webgains[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@tracker.netklix[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@tracking.battleon[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@tracking.dc-storm[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@tracking.summitmedia.co[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@tradedoubler[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@tribalfusion[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@try.screensavers[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@try.starware[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@upspiral[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@videoegg.adbureau[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@www.3d-sexgames[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@www.burstnet[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@www.clash-media[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@www.clickmanage[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@www.dgm2[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@www.googleadservices[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@www.googleadservices[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@www.hotbargames[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@www.ppctracking[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@www.screensavers[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@www.starware[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@www.upspiral[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@www4.addfreestats[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@www7.addfreestats[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@xxx.toonshentai[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@yieldmanager[2].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@zanox.parship.co[1].txt C:\Documents and Settings\Aaron.DOWNSTAIRS\Cookies\aaron@zedo[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@2o7[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@3.adbrite[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@4.adbrite[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@a.websponsors[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@ad.adserverplus[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@ad.directanetworks[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@ad.doubleclick[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@ad.firstadsolution[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@ad.ifrance[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@ad.yieldmanager[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@ad.zanox[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@ad1.emediate[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@adbrite[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@adbrite[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@adopt.euroclick[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@ads.adbrite[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@ads.aol.co[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@ads.awesomehouseparty[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@ads.cartoonnetwork[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@ads.habbogroup[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@ads.habbohotel.co[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@ads.ims[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@ads.monster[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@adserve.v-store.co[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@adserver.banneradministration[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@adserver.easyad[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@adserving.cpxinteractive[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@adtech[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@adultfriendfinder[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@advertising[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@as-eu.falkag[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@atdmt[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@azjmp[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@banner.32vegas[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@banner.cdpoker[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@banner.eurogrand[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@banner.prestigecasino[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@banners.battleon[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@cassava[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@clicktorrent[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@counter.surfcounters[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@data2.perf.overture[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@data4.perf.overture[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@doubleclick[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@e-2dj6wfk4epd5afo.stats.esomniture[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@e-2dj6wfkigmajclp.stats.esomniture[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@e-2dj6wfkycodpsko.stats.esomniture[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@e-2dj6wfl4cgc5wdo.stats.esomniture[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@e-2dj6wflocjczkco.stats.esomniture[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@e-2dj6wjl4ggc5kbq.stats.esomniture[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@e-2dj6wjloskc5aap.stats.esomniture[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@eas.apm.emediate[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@edits.mywebsearch[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@ehg-bookpeople.hitbox[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@ehg-gamespot.hitbox[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@ehg-hitent.hitbox[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@ehg-worldwildlifefund.hitbox[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@fastclick[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@funwebproducts[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@gamestracker.uk.intellitxt[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@h.starware[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@imrworldwide[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@incredimailltd.112.2o7[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@ipt.advertserve[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@jamster.co[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@maxserving[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@media.licenseacquisition[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@mediaplex[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@mediaservices.myspace[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@mediauk[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@microsoftwga.112.2o7[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@microsoftwlmessengermkt.112.2o7[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@msnaccountservices.112.2o7[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@msninvite.112.2o7[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@msnlivefavorites.112.2o7[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@msnportal.112.2o7[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@mywebsearch[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@nbads[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@oddcast[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@order.jamster.co[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@overture[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@partypoker[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@paypopup[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@perf.overture[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@popularscreensavers[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@saletrack.co[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@sel.as-us.falkag[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@server.cpmstar[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@server.iad.liveperson[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@smiley.smileycentral[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@smileycentral[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@stats.directtextbook[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@stats1.reliablestats[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@statse.webtrendslive[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@stats[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@tooltips.hotbar[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@tooth14.bigmouthmedia[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@track.websitetrafficreport[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@tracker.netklix[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@tracking.summitmedia.co[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@try.starware[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@vhost.oddcast[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@videoegg.adbureau[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@winfixer[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@wizteenads[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@www.clash-media[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@www.clickxchange[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@www.dgm2[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@www.everyclick[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@www.hxtrack[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@www.oberon-media[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@www.screensavers[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@www.starware[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@www.winfixer[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@www.x2-sexybitch.piczo[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@www.xxxdevilannaxxx.piczo[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@www2.mystats[2].txt C:\Documents and Settings\charlotte\Cookies\charlotte@xxxbabipopxxx.piczo[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@xxxbookies[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@xxxcharlie-xxx.piczo[1].txt C:\Documents and Settings\charlotte\Cookies\charlotte@zanox.parship.co[1].txt C:\Documents and Settings\debbie\Cookies\debbie@www.clash-media[1].txt C:\Documents and Settings\mike.DOWNSTAIRS\Cookies\mike@2.adbrite[1].txt C:\Documents and Settings\mike.DOWNSTAIRS\Cookies\mike@2o7[2].txt C:\Documents and


Sophie	PostTime:12/16/2008 11:39:24 PM	Point:0 \| # 2
Level: 1 Professional point: 0 Experience: 0 Thread: 112 Post: 424 Total online time: 0M Joined date: 4/19/2007 8:53:00 AM Last Visit: 5/21/2007 7:27:05 AM Status:	i downloaded the killbox and saved it to my computer ( i didnt run it) then i rebooted the pc in safe mode and went to look for killbox icon to double click it and it wasnt there. i did a file search and it didnt bring it up either. am i meant to choose save it or run it wheni download it beifr going into safe mode? thanks


PC_eye	PostTime:12/16/2008 11:57:06 PM	Point:0 \| # 3
Level: 1 Professional point: 96 Experience: 6 Thread: 271 Post: 1040 Total online time: 6M Joined date: 4/28/2007 11:55:00 PM Last Visit: 12/16/2008 11:36:22 PM Status:	You may want to print this or save it to notepad as we will go to safe mode. Fix these with HiJackThis mark them, close IE, click fix checked O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing) O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=0 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZZ DownLoad http://www.downloads.subratam.org/KillBox.zip or http://www.thespykiller.co.uk/files/killbox.exe Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode: Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following line(s) one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box. Be sure to note the EXACT spelling of the file C:\PROGRA~1\MYWEBS~1 Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any. START RUN type in %temp% - OK - Edit Select all File Delete Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp Not all temp files will delete and that is normal Empty the recycle bin Boot and post a new hijack log from normal NOT safe mode How are things on the PC???????????


Meng	PostTime:12/16/2008 11:59:03 PM	Point:0 \| # 4
Level: 1 Professional point: 10 Experience: 14 Thread: 278 Post: 973 Total online time: 14M Joined date: 4/28/2007 11:18:00 PM Last Visit: 12/17/2008 12:41:03 AM Status:	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:59:51, on 26/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ntl\ntl Netguard\fws.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\AOL\1181588533\ee\AOLSoftware.exe C:\WINDOWS\system32\PRISMSVR.EXE C:\Program Files\Napster\napster.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Actiontec 802.11g USB Wireless LAN\PRISMCFG.EXE C:\Program Files\AOL 9.0a\aoltray.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\AOL COMPANION\COMPANION.EXE C:\WINDOWS\System32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\AOL 9.0a\waol.exe C:\Program Files\AOL 9.0a\shellmon.exe C:\Program Files\Common Files\AOL\aoltpspd.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing) O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=0 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1181588533\ee\AOLSoftware.exe O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Actiontec 802.11g USB Wireless LAN.lnk = ? O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZZ O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - (no file) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Aaron.DOWNSTAIRS\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2F74067D-EBDF-4B9E-A01B-38B20958C0DF}: NameServer = 205.188.146.145 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe -- End of file - 10391 bytes thanks i had to send the hijack log separately as message to big debbie


kirby001	PostTime:12/17/2008 12:09:52 AM	Point:0 \| # 5
Level: 1 Professional point: 38 Experience: 20 Thread: 263 Post: 936 Total online time: 20M Joined date: 4/28/2007 10:44:00 PM Last Visit: 12/17/2008 12:58:22 AM Status:	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:07:09, on 25/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ntl\ntl Netguard\fws.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\AOL\1181588533\ee\AOLSoftware.exe C:\WINDOWS\system32\PRISMSVR.EXE C:\Program Files\Napster\napster.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Actiontec 802.11g USB Wireless LAN\PRISMCFG.EXE C:\Program Files\AOL 9.0a\aoltray.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\AOL COMPANION\COMPANION.EXE C:\WINDOWS\system32\notepad.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Program Files\AOL 9.0a\waol.exe C:\Program Files\AOL 9.0a\shellmon.exe C:\Program Files\Common Files\AOL\aoltpspd.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing) O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (file missing) O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=0 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1181588533\ee\AOLSoftware.exe O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Actiontec 802.11g USB Wireless LAN.lnk = ? O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZZ O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - (no file) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Aaron.DOWNSTAIRS\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2F74067D-EBDF-4B9E-A01B-38B20958C0DF}: NameServer = 205.188.146.145 O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe -- End of file - 10309 bytes


Admin	PostTime:12/17/2008 12:49:54 AM	Point:0 \| # 6
Level: 2 Professional point: 0 Experience: 72 Thread: 97 Post: 405 Total online time: 72M Joined date: 4/20/2007 12:24:00 AM Last Visit: 4/21/2007 2:34:31 PM Status:	Download Superantispyware (SAS) free home version http://www.superantispyware.com/supe...freevspro.html Install it and double-click the icon on your desktop to run it. It will ask if you want to update the program definitions, click Yes. Under Configuration and Preferences, click the Preferences button. Click the Scanning Control tab. Under Scanner Options make sure the following are checked: o Close browsers before scanning o Scan for tracking cookies o Terminate memory threats before quarantining. o Please leave the others as they were. o Click the Close button to leave the control center screen. On the main screen, under Scan for Harmful Software click Scan your computer. On the left check C:\Fixed Drive. On the right, under Complete Scan, choose Perform Complete Scan. Click Next to start the scan. Please be patient while it scans your computer. After the scan is complete a summary box will appear. Click OK. Make sure everything in the white box has a check next to it, then click Next. It will quarantine what it found and if it asks if you want to reboot, click Yes. To retrieve the removal information for me please do the following: o After reboot, double-click the SUPERAntispyware icon on your desktop. o Click Preferences. Click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o It will open in your default text editor (such as Notepad/Wordpad). o Please highlight everything in the notepad, then right-click and choose copy. Click close and close again to exit the program. Please paste that information here for me regardless of what it finds with a new HijackThis log. This will take some time!!!!!!!!
	dfadf


barrytibbles	PostTime:12/17/2008 12:55:13 AM	Point:0 \| # 7
Level: 1 Professional point: 48 Experience: 8 Thread: 292 Post: 962 Total online time: 8M Joined date: 4/28/2007 11:08:00 PM Last Visit: 12/17/2008 12:44:40 AM Status:	2nd part: C:\Documents and Settings\debbie\Cookies\debbie@www.clash-media[1].txt C:\Documents and Settings\mike.DOWNSTAIRS\Cookies\mike@2.adbrite[1].txt C:\Documents and Settings\mike.DOWNSTAIRS\Cookies\mike@2o7[2].txt C:\Documents and Settings\mike.DOWNSTAIRS\Cookies\mike@ad.uk.tangozebra[1].txt C:\Documents and Settings\mike.DOWNSTAIRS\Cookies\mike@ad.yieldmanager[2].txt C:\Documents and Settings\mike.DOWNSTAIRS\Cookies\mike@adbrite[2].txt C:\Documents and Settings\mike.DOWNSTAIRS\Cookies\mike@adopt.euroclick[1].txt C:\Documents and Settings\mike.DOWNSTAIRS\Cookies\mike@ads.aol.co[2].txt C:\Documents and Settings\mike.DOWNSTAIRS\Cookies\mike@aoluk.122.2o7[1].txt C:\Documents and Settings\mike.DOWNSTAIRS\Cookies\mike@apmebf[1].txt C:\Documents and Settings\mike.DOWNSTAIRS\Cookies\mike@atdmt[2].txt C:\Documents and Settings\mike.DOWNSTAIRS\Cookies\mike@doubleclick[1].txt C:\Documents and Settings\mike.DOWNSTAIRS\Cookies\mike@incredimailltd.112.2o7[1].txt C:\Documents and Settings\mike.DOWNSTAIRS\Cookies\mike@mediaplex[1].txt C:\Documents and Settings\mike.DOWNSTAIRS\Cookies\mike@mywebsearch[2].txt C:\Documents and Settings\mike.DOWNSTAIRS\Cookies\mike@paypal.112.2o7[1].txt C:\Documents and Settings\mike.DOWNSTAIRS\Cookies\mike@tribalfusion[2].txt Adware.Lop-Gen C:\DOCUMENTS AND SETTINGS\CHARLOTTE\APPLICATION DATA\WINDOWLICENSEBITS\TWBULJTI.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP454\A0368535.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP454\A0368536.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP454\A0368537.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP454\A0368538.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP454\A0368553.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP454\A0368554.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP457\A0373005.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP457\A0373006.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP457\A0373007.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP457\A0373008.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP457\A0373009.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP457\A0373010.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP489\A0393176.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP489\A0393177.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP489\A0393178.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP489\A0393179.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP490\A0393703.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP490\A0393704.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP490\A0393705.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP490\A0393706.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP502\A0396070.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP502\A0396071.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP502\A0396072.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP502\A0396075.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP502\A0396076.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP502\A0396077.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP502\A0396078.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP502\A0396079.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP502\A0396100.EXE Unclassified.Removed C:\WINDOWS\SYSTEM32\REMOVED.EXE


OmnipotentWrath	PostTime:12/17/2008 12:59:53 AM	Point:0 \| # 8
Level: 1 Professional point: 52 Experience: 2 Thread: 291 Post: 928 Total online time: 2M Joined date: 4/28/2007 10:52:00 PM Last Visit: 12/17/2008 12:08:28 AM Status:	Click here to download HJTInstall.exe Save HJTInstall.exe to your desktop. Doubleclick on the HJTInstall.exe icon on your desktop. By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed, it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. Come back here to this thread and Paste the log in your next reply. DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Sorry, you are not login, click here to login