Start a Conversation

Unsolved

This post is more than 5 years old

1600

August 26th, 2007 11:00

HiJackThis log -win32/vmalum.aom & win32/zquest.e

Hello. Everytime I start my computer my anti-virus pops up telling me I'm infected with
win32/vmalum.aom 83122.exe
win32/zquest. tk58[1].
here is my log:
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:42:39 AM, on 8/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\mefese22011.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mefese] C:\Program Files\Messenger\mefese22011.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://lycosmail.lycos.com/hanmail-ax/AttachMail.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: dlcc_device -   - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 9351 bytes

20.5K Posts

August 26th, 2007 13:00

Welcome to DCF! Smile 3

Reboot into Safemode:
Turn on the computer.
Immediately begin tapping the F8 key.
Use the arrow keys to highlight Safe Mode and press the Enter key. Have your resident anti-virus scan and see if it will quarantine the infection. There have been other reports of this one showing up today from others using Yahoo's anti-virus. Therefore, just to be sure it is not a false positive, leave it in quarantine for a week or so until you delete it for good.

Following that, please upload/scan this file in question here: http://virusscan.jotti.org/
C:\Program Files\Messenger\ mefese22011.exe
You may have to click on Projects (only if the homepage comes up) and then online Malware Scan to access the virus scan page.
If you are at a black page with the title "Online malware scan", you are in the right place.
Click "Browse..." and navigate to the (bad file> show path)
Click "Open" and then "Submit"
It will take a couple seconds and then the results should be lower on the page. Please copy the information from "File:" down to "Norman Virus Control" and post it in your next reply.

Also include a fresh Hijackthis log. Let me know if your anti-virus was able to move the bad files to quarantine.

Message Edited by Bugbatter on 08-26-2007 10:01 AM

30 Posts

August 27th, 2007 04:00

Thanks alot I appreciate the response! Here's the info from the scan you requested.
 
File: mefese22011.exe Status:
 
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: b517f6aeedb6f383fb38d99738ee66aa
Packers detected:
-
Bit9 reports: File not found
 
Scan taken on 27 Aug 2007 05:13:09 (GMT)
 
 A-Squared
Found Adware.Win32.TTC.c
 
AntiVir
Found TR/Dldr.AW.awk
 
ArcaVir
Found Trojan.Agent.Virut.Ttx
 
Avast
Found nothing
 
AVG Antivirus
Found Generic2.JSI
 
BitDefender
Found Adware.TTC.B
 
ClamAV
Found Adware.TTC-1
 
CPsecure
Found nothing
 
Dr.Web
Found Adware.Ttc
 
F-Prot Antivirus
Found W32/Downldr2.AQJZ
 
F-Secure Anti-Virus
Found not-a-virus:AdWare.Win32.TTC.c (4, 1, 400)
 
Fortinet
Found nothing
 
Kaspersky Anti-Virus
Found not-a-virus:AdWare.Win32.TTC.c
 
NOD32
Found nothing
 
Norman Virus Control
Found nothing
 
Panda Antivirus
Found nothing
 
Rising Antivirus
Found Trojan.DL.Win32.Agent.lq
 
Sophos Antivirus
Found nothing
 
VirusBuster
Found nothing
 
VBA32
Found AdWare.Win32.TTC.c
 
Last file scanned at least one scanner reported something about: lkjh (MD5: 578ee30ef299e0d81222528172c68eb0, size: 4608 bytes), detected by:

Scanner Malware name A-Squared Trojan-Downloader.Win32.Tiny.id AntiVir TR/Click.Agent.NP ArcaVir Trojan.Downloader.Tiny.Id Avast Win32:Tiny-IF AVG Antivirus Downloader.Generic4.ZQI BitDefender Trojan.Clicker.Agent.NP ClamAV Trojan.Downloader-10686 CPsecure Troj.Downloader.W32.Tiny.id Dr.Web Trojan.Click.2799 F-Prot Antivirus W32/Downldr2.AJXG F-Secure Anti-Virus Trojan-Downloader.Win32.Tiny.id Fortinet W32/Tiny.ID!tr.dldr Kaspersky Anti-Virus Trojan-Downloader.Win32.Tiny.id NOD32 probably a variant of Win32/TrojanDownloader.Small Norman Virus Control W32/Tiny.AHW Panda Antivirus Trj/Downloader.PCQ Rising Antivirus Trojan.DL.Win32.Tiny.id Sophos Antivirus Troj/Dloadr-BCZ VirusBuster Trojan.DL.Tiny.IH VBA32 Trojan.Click.2799
 

30 Posts

August 27th, 2007 04:00

Here's my latest logfile from HijackThis. Oddly enough when I did the virus scan from safe mode, no files came up infected. When I restarted my computer normally the anti-virus software automatically came up and said the same thing it says every time I start my computer. Some files were quarantined, some were deleted and some say infected.
 
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:52 PM, on 8/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\mefese22011.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mefese] C:\Program Files\Messenger\mefese22011.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://lycosmail.lycos.com/hanmail-ax/AttachMail.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: dlcc_device -   - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 8981 bytes

30 Posts

August 27th, 2007 06:00

OK now my computer is acting wierd. Tonight pointing device on my laptop stopped scrolling,  and something started playing on my computer, some type of audio out of nowwhere, like there was a ghost in my computer. Pointing device working now.
I noticed now whenever I watch streaming video like Youtube, there are split second freezes.
 
OK I'm editing this message because that wierd thing with music and audio randomly coming out of my comp is happening. I was looking at this web page and music started. I closed my browser and it still continued to play and kept changing.

 

A few things I think you should know. Before all this happened That 2006 WinAntiVirus tried to install to my computer and I cancelled it. Also that Webbuying prgram was on my computer and I removed it before coming to this forum. From reading other post I felt it was important to mention that.



Message Edited by swingman13 on 08-27-2007 04:17 AM



Message Edited by swingman13 on 08-28-2007 12:24 AM

30 Posts

August 29th, 2007 03:00

 


Message Edited by swingman13 on 08-28-2007 11:33 PM

20.5K Posts

August 30th, 2007 15:00

Just leave what is in quarantine there for now. SAS will probably get some of that, and the rest you can remove when we are completely finished. If they are in quarantine, they can't get out.

20.5K Posts

August 30th, 2007 15:00

While you are still infected, it would be good to use the internent as little as possible until this is cleaned up. We don not want the downloader to install anything else.

We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

* Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
* Click on Tools, General Settings
* Under Real-time protection options, deselect the Turn on real-time protection check box
* Click Save

After all of the fixes are complete it is very important that you enable Real-time Protection again.

Please launch HijackThis and place a checkmark next to the following;
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
O4 - HKLM\..\Run: [mefese] C:\Program Files\Messenger\mefese22011.exe


Close all windows except HijackThis and click "Fix Checked".

Reboot into Safemode:
Turn on the computer.
Immediately begin tapping the F8 key.
Use the arrow keys to highlight Safe Mode and press the Enter key.

Configure to show all files/folders:
Go to Start>Search and at the top select Tools>Folder Options
Select the View tab
Display the contents of system folders
Show hidden files and folders
Uncheck: Hide protected operating system files
Click on Apply.
Next go to the side of the Search box and select All files and folders. Go down to More advanced options.
Be sure the first three boxes are selected:
Search System folders
Search Hidden Files and folders
Search SubFolders

Delete this file:
C:\Program Files\Messenger\ mefese22011.exe -- FILE

Reboot normally.
Rehide files:
Start>Search and at the top select Tools>Folder Options
Select the View tab
Display the contents of system folders
Show hidden files and folders
Check: Hide protected operating system files
Click on Apply.

Download SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop.
    Double-click the icon to launch Super Anti-Spyware.
  • If asked to update the program definitions, click "Yes. (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply along with a fresh HijackThis log and let me know how things are running.
  • Click Close to exit the program.

30 Posts

August 30th, 2007 15:00

before I do this should I purge all the quarintined items from my anti-virus? I've been on the net alot since my original post do you think I've caused anymore damage?

30 Posts

August 30th, 2007 16:00

I did every step you said after the reboot I uncheck display contents of system folders and show hidden folders but check hide protected os system files, correct?

20.5K Posts

August 30th, 2007 17:00

To rehide files, you must check " Hide protected operating system files".

30 Posts

August 30th, 2007 19:00

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 08/30/2007 at 12:41 PM
Application Version : 3.9.1008
Core Rules Database Version : 3296
Trace Rules Database Version: 1305
Scan type       : Complete Scan
Total Scan Time : 02:07:00
Memory items scanned      : 494
Memory threats detected   : 0
Registry items scanned    : 6572
Registry threats detected : 0
File items scanned        : 100743
File threats detected     : 583
Adware.Tracking Cookie
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adrevolver[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-hollywoodmedia.hitbox[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@reduxads.valuead[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@pornotube[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@edge.ru4[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@nextag[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.ez-tracks[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@bluestreak[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@anad.tacoda[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@apmebf[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@trafficmp[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@S134168[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.pointroll[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@statse.webtrendslive[4].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.addynamix[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@tacoda[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@view.atdmt[5].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@anat.tacoda[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@fastclick[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@sec1.liveperson[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@microsoftwga.112.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@dist.belnk[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@tradedoubler[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.burstbeacon[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-ifilm.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@stalkertrack[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@247realmedia[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.k8l[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@fortunecity[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adlegend[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-digg.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@image.masterstats[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adultdvdmovies[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adinterax[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.clickmanage[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.adultdvdmovies[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@entrepreneur.us.intellitxt[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-maniatv.hitbox[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@clickbank[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@2o7[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@revsci[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@cgi-bin[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ad1.clickhype[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@kanoodle[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@stats1.clicktracks[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@onlinerewardcenter[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.as4x.tmcs[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@tracker.myspacemaps[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.videosdesexe[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@counter6.sextracker[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@stat.onestat[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.adult-pornstar-mall[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@dynamicsexlife[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@CAJ1232C.txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@perfectpornstars[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@artikochef.112.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@xiti[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ad2.bannerbank[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@zedo[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@targetnet[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@S148329[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@as1.falkag[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@b s.serving-sys[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@tribalfusion[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@maxserving[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@precisionclick[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@doubleclick[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adknowledge[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@citi.bridgetrack[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@roiservice[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@20423[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@questionmarket[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@tripod[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@admarketplace[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.stephensmedia[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@snapfish.112.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ad.yieldmanager[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-bestbuy.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.entrepreneur[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@exitexchange[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@z1.adserver[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@hitbox[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@microsofteup.112.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@data2.perf.overture[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@imrworldwide[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@mediaplex[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@perf.overture[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@data4.perf.overture[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@network.realmedia[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@entrepreneur[2].txt

30 Posts

August 30th, 2007 19:00

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:47 PM, on 8/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://lycosmail.lycos.com/hanmail-ax/AttachMail.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: dlcc_device -   - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 8992 bytes

30 Posts

August 30th, 2007 19:00

Ok I did everything you said haven't used the internet enough to know how well it's running. I did check hide protected files, but I unchecked the items that I checked when I went into safe mode.
 
I'm going to have to post the spyware scan log in a few parts because it's so long.


Message Edited by swingman13 on 08-30-2007 03:03 PM

30 Posts

August 30th, 2007 19:00

C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@buzznet.112.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@screensavers[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@indexstats[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@thatsmyad.112.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@hypertracker[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@try.screensavers[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@sexlist[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@pro-market[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.nielsenmedia[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@sitestat.mayoclinic[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@offers.cmitracking[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adserver.conjelco[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@networksolutions.112.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-lifetimeentertainment.hitbox[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ad2.adnetinteractive[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@yourxxxsites[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@web-stat[3].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@list[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@komtrack[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ad.interepads[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@c5.zedo[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@stats1.reliablestats[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.googleadservices[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@server.iad.liveperson[9].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ad.interclick[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@beersex[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@mediamall.wireless.att[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ad.adocean[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adultfriendfinder[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@tracking.exclusivenet[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@counter.search[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@media.top-banners[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@toseeka[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adserver.easyad[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@indextools[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@view.atdmt[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.googleadservices[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@sitestat.mayoclinic[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.espn.adsonar[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.glispa[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@e-2dj6wjkycgcjgdp.stats.esomniture[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@sec1.liveperson[3].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.webstat[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@sexreactor[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@stats.adbrite[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@mediatraffic[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.entrepreneurenespanol[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@sales.liveperson[5].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-pharmacia.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.googleadservices[3].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@gcc-06.googleadservices[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@publishers.clickbooth[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@shortmedia.us.intellitxt[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@sexualkey[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@winantispyware[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@interclick[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@server.iad.liveperson[5].txt
 C:\Documents and Settings\Guest\Cookies\guest@112.2o7[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@ad.xplusone[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@adopt.euroclick[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@ads.as4x.tmcs[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@ads.espn.adsonar[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@ads.pointroll[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@adserving.cpxinteractive[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@apmebf[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@casalemedia[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@counter4.sextracker[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@counter5.sextracker[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@cs.sexcounter[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@doubleclick[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@edge.ru4[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@ehg-dig.hitbox[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@hitbox[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@image.masterstats[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@imrworldwide[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@mediaplex[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@perf.overture[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@precisionclick[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@questionmarket[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@realmedia[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@richmedia.yahoo[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@sextracker[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@statse.webtrendslive[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@trafficmp[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@www.afterhourteens[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@www.bravoteens[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@zedo[1].txt
 C:\Documents and Settings\Jimmymonti\Local Settings\Temp\Cookies\jimmymonti@a.websponsors[2].txt
 C:\Documents and Settings\Jimmymonti\Local Settings\Temp\Cookies\jimmymonti@advertising[1].txt
 C:\Documents and Settings\Jimmymonti\Local Settings\Temp\Cookies\jimmymonti@atdmt[2].txt
 C:\Documents and Settings\Jimmymonti\Local Settings\Temp\Cookies\jimmymonti@doubleclick[1].txt
 C:\Documents and Settings\Jimmymonti\Local Settings\Temp\Cookies\jimmymonti@questionmarket[1].txt
 C:\Documents and Settings\Jimmymonti\Local Settings\Temp\Cookies\jimmymonti@servedby.advertising[2].txt
 C:\Documents and Settings\Jimmymonti\Local Settings\Temp\Cookies\jimmymonti@zedo[1].txt
Malware.Installer-Pkg/Gen
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE
Trojan.Unknown Origin
 C:\RECYCLER\S-1-5-21-2442203461-4014105696-2272063204-1005\DC3.EXE
Adware.WebBuying Assistant-Installer
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP303\A0029883.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0029958.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0029959.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP304\A0029978.EXE

30 Posts

August 30th, 2007 19:00

C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@cdn.eyewonder[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@tracker.wholinked[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@brightcove.112.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-sportingbet.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@media.adrevolver[9].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-globalgamingleague.hitbox[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@click.porngurus[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@blockbuster.112.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.smartadserver[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@server.iad.liveperson[3].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.adultrental[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@toplist[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.pno[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@track.bestbuy[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@proelite.112.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@nytix.freestats[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@clicksor[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ecnext.advertserve[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-eline.hitbox[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@azoogleads[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ad.doubleclick[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@mytrackerspace[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@105-bmp.googleadservices[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.49media[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adultswim[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@members.tripod[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@max.queerclick[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@usatoday1.112.2o7[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@media.adrevolver[11].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@media-general[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@media.egotastic[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@tracking.pinnaclesports[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.statspage[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-darden.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@realworldseduction.directtrack[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.adultswim[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.belointeractive[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@tracking.foxnews[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@persianpride14.tripod[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@harpo.122.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@i.screensavers[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-zoom.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-youtube.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@masteryoursexlife[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@53320982[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.mediamayhemcorp[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@qnsr[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@click.mgg01[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.yourdailymedia[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@web-stat[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.gayot[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@server.iad.liveperson[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@valueclick[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@112.2o7[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ad.doubleclick[10].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@media.adrevolver[4].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@media.injectnet[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@server.iad.liveperson[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ad.doubleclick[7].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@audit.median[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@euros4click[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@67.15.239[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@newmediadriver[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-tigerdirect2.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@media.adrevolver[3].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ad.uk.tangozebra[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ad.doubleclick[4].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.us.e-planning[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@redorbit.us.intellitxt[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@e-2dj6wfliknczglp.stats.esomniture[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@vhost.oddcast[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@3.adbrite[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@click-to-download[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@amaena[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adultadworld[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@cartoonnetwork.122.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@view.atdmt[3].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@media.adrevolver[10].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@specificclick[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@media1.break[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ad.doubleclick:emotion-29:.txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ad.doubleclick[11].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.creotrack[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.adtrak[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.screensavers[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@media.fimnetwork[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-playboy.hitbox[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ad.doubleclick[5].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@hotlog[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-parademag.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-bmwna.hitbox[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.shoutfile[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-veohnetworksinc.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ezzs.valueclick[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@counter9.sextracker[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.eagleinteractive[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.directnetadvertising[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@viavh1video.112.2o7[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@cf-db01.clickfacts[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@aff.primaryads[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www3.addfreestats[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@consumergain[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ad.zanox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ad.iconadserver[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@banner.brinkhurst[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@statse.webtrendslive[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.movieweb[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@e-2dj6wjnycpczkgo.stats.esomniture[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ad.doubleclick:emotion-14:.txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@track.searchignite[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ad.doubleclick[3].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-wildoats.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-twi.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-rr.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@planetout.122.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@elitenick[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-legacy.hitbox[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.internetisforporn[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@counter8.sextracker[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@warezlab[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-bskyb.hitbox[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@clickshapers[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@sales.liveperson[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.virginmedia[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@server.iad.liveperson:emotion-29:.txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-findlaw.hitbox[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@media.mtvnservices[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@server.iad.liveperson:emotion-14:.txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@cpvfeed[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@realnetworks.112.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@viacomedycentralrl.112.2o7[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@rmbannerserver.agestado.com[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@richmedia.yahoo[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.onlineemedia[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.adbrite[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@prnewswire.122.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@partners.webmasterplan[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@view.atdmt[4].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@sexyshare[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@hearstmagazines.112.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@he.valueclick[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@counter2.sextracker[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.googleadservices[4].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ads.ookla[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@a.websponsors[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@leeenterprises.112.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@cgm.adbureau[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@lynxtrack[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-y2m.hitbox[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adserver.dnevnik[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@redirect.clickshield[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@counter.inkfrog[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-hitent.hitbox[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-salemwebnetworks.hitbox[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@www.allrealitypass[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@2.adbrite[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@directtrack[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@CAJPGR5S.txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-foxsports.hitbox[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@v7.stats.load[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ehg-crain.hitbox[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@newmotioninc.112.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@youporn[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@medianewsgroup[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@click.revenuepilot[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adserverb.conjelco[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@maxim.122.2o7[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@media.refreshads[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@e-2dj6wjk4cjcpobo.stats.esomniture[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@easy-hit-counters[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@ad.doubleclick[9].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@counter.surfcounters[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@soundtrackcollector[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@adsby.zwoops[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@clicktorrent[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@clicksfeed[2].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@counter7.sextracker[1].txt
 C:\Documents and Settings\Jimmymonti\Cookies\jimmymonti@n479ad.doubleclick[1].txt
No Events found!

Top