trojan/virus cannot make it disappear

[riverrat]

DDS (Ver_10-03-17.01) - NTFSx86
Run by UB at 8:31:55.78 on Fri 06/04/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1978 [GMT -5:00]

AV: avast! antivirus 4.8.1368 [VPS 100604-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\UB\Local Settings\Temporary Internet Files\Content.IE5\ZIKWMLYV\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = https://login.yahoo.com/config/login...s&.partner=sbc
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\program files\imeshmediabartb\iMeshMediaBarDx.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
TB: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - c:\program files\imeshmediabartb\iMeshMediaBarDx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [UpdateFlow.ATT-SST] c:\program files\att-sst\mccibrowser.exe -appkey=att-sst -url=file://c:\program files\att-sst\offlineupdate\redirector.htm
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [lxcjmon.exe] "c:\program files\lexmark 8300 series\lxcjmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 8300 series\ezprint.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [ISW.exe] "c:\program files\at&t\internet security wizard\ISW.exe" /AUTORUN
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [LXCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCJtime.dll,_RunDLLEntry@16
StartupFolder: c:\docume~1\ub\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: motive.com\patttbc.att
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} - hxxp://nom.mlxchange.com/5.0.03.26/Control/FileCruiser.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {16FD824B-8E7B-11D2-9855-00802962956C} - hxxp://nom.mlxchange.com/5.0.03.26/Control/Specfile.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {413D6754-BFD4-47FE-9346-319559290BFA} - hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://nom.mlxchange.com/5.0.03.26/Control/MLSClientUtils.cab
DPF: {73779860-6F88-4D8C-9DAB-30583B9BAAC3} - hxxps://www.sttammanyclerk.org/liveapp/ImageServer/iView2/FileProInet2.CAB
DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} - hxxp://nom.mlxchange.com/5.0.03.26/Control/LiteGrid.cab
DPF: {7A7537FC-5988-11D3-8B33-00104B9E5A4A} - hxxp://nom.mlxchange.com/5.0.03.26/Control/IRCWebPrint.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://nom.mlxchange.com/5.0.05.46/Control/IRCSharc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} - hxxp://www.eomniform.com/OF5/nsplugins/OFMailX.cab
DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} - hxxp://nom.mlxchange.com/5.0.03.26/Control/WebDog.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} - hxxp://nom.mlxchange.com/5.0.03.26/Control/AspCustomCtrls.cab
TCP: NameServer = 93.188.165.163,93.188.161.179
TCP: {6E83B147-8F7C-4C2A-AD06-1685EAE8CC5E} = 93.188.165.163,93.188.161.179
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-13 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-12 114768]
R1 cmosa;cmosa;c:\windows\system32\drivers\cmosa.sys [2009-2-12 29344]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-12 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-2-12 138680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-2-12 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-2-12 352920]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S2 MSWU-69df9f89;MSWU-69df9f89;c:\windows\system32\69df9f89.exe [2010-6-4 75264]
S2 MSWU-f36decbb;MSWU-f36decbb;c:\windows\system32\f36decbb.exe [2010-5-27 75264]

=============== Created Last 30 ================

2010-06-04 13:06:29 75264 ----a-w- c:\windows\system32\69df9f89.exe
2010-06-03 17:46:21 0 d-----w- c:\docume~1\alluse~1\applic~1\12EA
2010-06-03 14:54:04 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-27 20:10:36 75264 ----a-w- c:\windows\system32\f36decbb.exe
2010-05-27 20:08:21 85504 --sha-r- c:\windows\system32\dinputr.dll
2010-05-07 22:00:17 0 d-----w- c:\program files\iPod
2010-05-07 22:00:06 0 d-----w- c:\program files\iTunes
2010-05-07 22:00:06 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-07 21:54:25 0 d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-05-12 16:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-16 13:33:36 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 13:33:36 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-08 18:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 09:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-15 21:52:01 16384 --sha-w- c:\windows\temp\cookies\index.dat
2010-01-15 21:52:01 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-01-15 21:52:01 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 8:32:15.51 ===============

[ken545]

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.



Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• See this Link for programs that need to be disabled and instruction on how to disable them.
• Remember to re-enable them when we're done.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

[riverrat]

Hey Ken 545, thanks for the help! Here is the log.

ComboFix 10-06-08.03 - UB 06/09/2010 4:50.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.2011 [GMT -5:00]
Running from: c:\documents and settings\UB\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100609-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((( Files Created from 2010-05-09 to 2010-06-09 )))))))))))))))))))))))))))))))
.

2010-06-09 09:54 . 2010-05-27 20:03 75264 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\5a55e.dll
2010-06-09 00:39 . 2010-06-09 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\1C1A5
2010-06-09 00:13 . 2010-05-27 20:03 75264 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\7931793.dll
2010-06-06 00:35 . 2010-02-04 15:52 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-06 00:03 . 2010-06-06 00:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Motive
2010-06-06 00:03 . 2010-06-06 00:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\AT&T
2010-06-05 21:32 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-05 21:31 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-06-05 21:30 . 2010-06-05 21:31 -------- d-----w- c:\program files\Lavasoft
2010-06-05 21:30 . 2010-06-05 21:30 503808 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-31d53b66-n\msvcp71.dll
2010-06-05 21:30 . 2010-06-05 21:30 499712 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-31d53b66-n\jmc.dll
2010-06-05 21:30 . 2010-06-05 21:30 348160 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-31d53b66-n\msvcr71.dll
2010-06-05 21:30 . 2010-06-05 21:30 61440 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66284f79-n\decora-sse.dll
2010-06-05 21:30 . 2010-06-05 21:30 12800 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66284f79-n\decora-d3d.dll
2010-06-05 21:05 . 2010-05-27 20:03 75264 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\e179eI7q.dll
2010-06-05 19:22 . 2010-06-05 21:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-05 16:49 . 2010-06-05 16:49 91200 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-04 13:10 . 2010-06-04 13:10 -------- d-----w- c:\program files\ERUNT
2010-06-04 13:06 . 2010-05-27 20:03 75264 ----a-w- c:\windows\system32\69df9f89.exe
2010-06-03 14:54 . 2010-06-03 14:54 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-27 20:10 . 2010-05-27 20:03 75264 ----a-w- c:\windows\system32\f36decbb.exe
2010-05-27 20:08 . 2010-05-27 20:08 85504 --sha-r- c:\windows\system32\dinputr.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-05 21:30 . 2009-02-13 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-05 16:33 . 2009-04-04 18:35 -------- d-----w- c:\program files\Common Files\Motive
2010-06-04 04:52 . 2009-04-10 02:27 -------- d-----w- c:\program files\ATT-SST
2010-06-04 02:25 . 2009-04-18 02:32 -------- d-----w- c:\documents and settings\UB\Application Data\Apple Computer
2010-06-03 14:54 . 2009-02-22 20:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-22 19:18 . 2009-02-12 21:22 -------- d-----w- c:\program files\Lx_cats
2010-05-12 16:21 . 2010-01-15 03:01 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-12 08:01 . 2009-03-08 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-08 16:39 . 2010-05-08 16:39 503808 ----a-w- c:\documents and settings\Mooskie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e09e586-n\msvcp71.dll
2010-05-08 16:39 . 2010-05-08 16:39 499712 ----a-w- c:\documents and settings\Mooskie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e09e586-n\jmc.dll
2010-05-08 16:39 . 2010-05-08 16:39 348160 ----a-w- c:\documents and settings\Mooskie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e09e586-n\msvcr71.dll
2010-05-08 16:39 . 2010-05-08 16:39 61440 ----a-w- c:\documents and settings\Mooskie\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2a88e1d0-n\decora-sse.dll
2010-05-08 16:39 . 2010-05-08 16:39 12800 ----a-w- c:\documents and settings\Mooskie\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2a88e1d0-n\decora-d3d.dll
2010-05-08 16:34 . 2010-05-08 16:34 -------- d-----w- c:\documents and settings\Mooskie\Application Data\imeshmediabartb
2010-05-08 16:33 . 2010-05-08 16:33 91200 ----a-w- c:\documents and settings\Mooskie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-07 22:01 . 2010-05-07 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-07 22:01 . 2010-05-07 22:00 -------- d-----w- c:\program files\iTunes
2010-05-07 22:00 . 2010-05-07 22:00 -------- d-----w- c:\program files\iPod
2010-05-07 22:00 . 2009-02-13 03:01 -------- d-----w- c:\program files\Common Files\Apple
2010-05-07 21:57 . 2009-11-28 22:51 -------- d-----w- c:\program files\QuickTime
2010-05-07 21:54 . 2010-05-07 21:54 -------- d-----w- c:\program files\Bonjour
2010-05-07 21:48 . 2010-05-07 21:48 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-16 13:33 . 2009-04-13 16:07 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-16 13:33 . 2009-02-13 03:01 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 13:13 . 2010-04-05 13:13 61440 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-42140328-n\decora-sse.dll
2010-04-05 13:13 . 2010-04-05 13:13 12800 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-42140328-n\decora-d3d.dll
2010-04-05 13:13 . 2010-04-05 13:13 503808 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5ebfa59a-n\msvcp71.dll
2010-04-05 13:13 . 2010-04-05 13:13 499712 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5ebfa59a-n\jmc.dll
2010-04-05 13:13 . 2010-04-05 13:13 348160 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5ebfa59a-n\msvcr71.dll
2010-03-13 17:18 . 2010-03-13 17:18 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-03-11 12:38 . 2004-08-12 14:09 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-12 13:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-12 13:56 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-07-31 11:58 91568 ----a-w- c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll" [2009-07-31 91568]

[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-20 39408]
"UpdateFlow.ATT-SST"="c:\program files\ATT-SST\McciBrowser.exe" [2009-10-22 1048576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxcjmon.exe"="c:\program files\Lexmark 8300 Series\lxcjmon.exe" [2005-09-30 200704]
"EzPrint"="c:\program files\Lexmark 8300 Series\ezprint.exe" [2006-04-19 94208]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"LXCJCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2006-02-24 73728]

c:\documents and settings\UB\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxcjcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcjpswx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/5/2010 4:32 PM 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2/12/2009 6:36 PM 114768]
R1 cmosa;cmosa;c:\windows\system32\drivers\cmosa.sys [2/12/2009 4:18 PM 29344]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/12/2009 6:36 PM 20560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 4:13 PM 135664]
S2 MSWU-69df9f89;MSWU-69df9f89;c:\windows\system32\69df9f89.exe [6/4/2010 8:06 AM 75264]
S2 MSWU-f36decbb;MSWU-f36decbb;c:\windows\system32\f36decbb.exe [5/27/2010 3:10 PM 75264]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1228208]
.
Contents of the 'Scheduled Tasks' folder

2010-06-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:52]

2010-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 21:13]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 21:13]

2010-06-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/login...s&.partner=sbc
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: motive.com\patttbc.att
DPF: {413D6754-BFD4-47FE-9346-319559290BFA} - hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://nom.mlxchange.com/5.0.03.26/Control/MLSClientUtils.cab
DPF: {73779860-6F88-4D8C-9DAB-30583B9BAAC3} - hxxps://www.sttammanyclerk.org/liveapp/ImageServer/iView2/FileProInet2.CAB
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://nom.mlxchange.com/5.0.05.46/Control/IRCSharc.cab
DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} - hxxp://www.eomniform.com/OF5/nsplugins/OFMailX.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-09 04:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(208)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\lxcjcoms.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-09 04:59:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-09 09:59

Pre-Run: 43,926,466,560 bytes free
Post-Run: 44,616,454,144 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 175C7DB062AD22020A825BD57B5E1E93

[ken545]

Hi,

Still more to remove

Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Driver::

Code:

Driver::
MSWU-69df9f89
MSWU-f36decbb

File::
c:\windows\system32\69df9f89.exe
c:\windows\system32\f36decbb.exe

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.







Please download Malwarebytes from Here or Here

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please


I need to see the new CF log and the Malwarebytes log please

[riverrat]

Again, thanks for the help. Here is the new log. I will post the Malwarebytes shortly.

ComboFix 10-06-08.03 - UB 06/09/2010 7:51.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.2056 [GMT -5:00]
Running from: c:\documents and settings\UB\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\UB\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100609-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\69df9f89.exe"
"c:\windows\system32\f36decbb.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\69df9f89.exe
c:\windows\system32\f36decbb.exe
G:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSWU-69DF9F89
-------\Legacy_MSWU-F36DECBB
-------\Service_MSWU-69df9f89
-------\Service_MSWU-f36decbb


((((((((((((((((((((((((( Files Created from 2010-05-09 to 2010-06-09 )))))))))))))))))))))))))))))))
.

2010-06-09 10:35 . 2010-04-12 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-09 10:26 . 2010-06-09 10:23 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-09 09:54 . 2010-05-27 20:03 75264 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\5a55e.dll
2010-06-09 00:39 . 2010-06-09 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\1C1A5
2010-06-09 00:13 . 2010-05-27 20:03 75264 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\7931793.dll
2010-06-06 00:35 . 2010-02-04 15:52 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-06 00:03 . 2010-06-06 00:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Motive
2010-06-06 00:03 . 2010-06-06 00:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\AT&T
2010-06-05 21:32 . 2010-06-09 10:23 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-05 21:31 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-06-05 21:30 . 2010-06-05 21:31 -------- d-----w- c:\program files\Lavasoft
2010-06-05 21:30 . 2010-06-05 21:30 503808 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-31d53b66-n\msvcp71.dll
2010-06-05 21:30 . 2010-06-05 21:30 499712 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-31d53b66-n\jmc.dll
2010-06-05 21:30 . 2010-06-05 21:30 348160 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-31d53b66-n\msvcr71.dll
2010-06-05 21:30 . 2010-06-05 21:30 61440 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66284f79-n\decora-sse.dll
2010-06-05 21:30 . 2010-06-05 21:30 12800 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66284f79-n\decora-d3d.dll
2010-06-05 21:05 . 2010-05-27 20:03 75264 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\e179eI7q.dll
2010-06-05 19:22 . 2010-06-05 21:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-05 16:49 . 2010-06-05 16:49 91200 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-04 13:10 . 2010-06-04 13:10 -------- d-----w- c:\program files\ERUNT
2010-06-03 14:54 . 2010-06-03 14:54 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-27 20:08 . 2010-05-27 20:08 85504 --sha-r- c:\windows\system32\dinputr.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-09 10:35 . 2009-03-12 12:26 -------- d-----w- c:\program files\Java
2010-06-05 21:30 . 2009-02-13 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-05 16:33 . 2009-04-04 18:35 -------- d-----w- c:\program files\Common Files\Motive
2010-06-04 04:52 . 2009-04-10 02:27 -------- d-----w- c:\program files\ATT-SST
2010-06-04 02:25 . 2009-04-18 02:32 -------- d-----w- c:\documents and settings\UB\Application Data\Apple Computer
2010-06-03 14:54 . 2009-02-22 20:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-22 19:18 . 2009-02-12 21:22 -------- d-----w- c:\program files\Lx_cats
2010-05-12 16:21 . 2010-01-15 03:01 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-12 08:01 . 2009-03-08 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-08 16:39 . 2010-05-08 16:39 503808 ----a-w- c:\documents and settings\Mooskie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e09e586-n\msvcp71.dll
2010-05-08 16:39 . 2010-05-08 16:39 499712 ----a-w- c:\documents and settings\Mooskie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e09e586-n\jmc.dll
2010-05-08 16:39 . 2010-05-08 16:39 348160 ----a-w- c:\documents and settings\Mooskie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e09e586-n\msvcr71.dll
2010-05-08 16:39 . 2010-05-08 16:39 61440 ----a-w- c:\documents and settings\Mooskie\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2a88e1d0-n\decora-sse.dll
2010-05-08 16:39 . 2010-05-08 16:39 12800 ----a-w- c:\documents and settings\Mooskie\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2a88e1d0-n\decora-d3d.dll
2010-05-08 16:34 . 2010-05-08 16:34 -------- d-----w- c:\documents and settings\Mooskie\Application Data\imeshmediabartb
2010-05-08 16:33 . 2010-05-08 16:33 91200 ----a-w- c:\documents and settings\Mooskie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-07 22:01 . 2010-05-07 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-07 22:01 . 2010-05-07 22:00 -------- d-----w- c:\program files\iTunes
2010-05-07 22:00 . 2010-05-07 22:00 -------- d-----w- c:\program files\iPod
2010-05-07 22:00 . 2009-02-13 03:01 -------- d-----w- c:\program files\Common Files\Apple
2010-05-07 21:57 . 2009-11-28 22:51 -------- d-----w- c:\program files\QuickTime
2010-05-07 21:54 . 2010-05-07 21:54 -------- d-----w- c:\program files\Bonjour
2010-05-07 21:48 . 2010-05-07 21:48 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-16 13:33 . 2009-04-13 16:07 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-16 13:33 . 2009-02-13 03:01 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 13:13 . 2010-04-05 13:13 61440 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-42140328-n\decora-sse.dll
2010-04-05 13:13 . 2010-04-05 13:13 12800 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-42140328-n\decora-d3d.dll
2010-04-05 13:13 . 2010-04-05 13:13 503808 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5ebfa59a-n\msvcp71.dll
2010-04-05 13:13 . 2010-04-05 13:13 499712 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5ebfa59a-n\jmc.dll
2010-04-05 13:13 . 2010-04-05 13:13 348160 ----a-w- c:\documents and settings\UB\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5ebfa59a-n\msvcr71.dll
2010-03-13 17:18 . 2010-03-13 17:18 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-06-09_09.55.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-09 12:57 . 2010-06-09 12:57 16384 c:\windows\Temp\Perflib_Perfdata_610.dat
+ 2010-06-09 12:57 . 2010-06-09 12:57 16384 c:\windows\Temp\Perflib_Perfdata_410.dat
+ 2010-06-09 10:27 . 2010-06-09 10:23 64288 c:\windows\system32\DRVSTORE\lbd_9C578CA880A99903668A8694DEFB21244E9C4C62\Lbd.sys
- 2009-02-12 20:49 . 2010-06-09 09:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-12 20:49 . 2010-06-09 10:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-06-09 10:01 . 2010-06-09 10:26 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-12 20:49 . 2010-06-09 09:37 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-04-05 13:13 . 2010-03-09 09:28 153376 c:\windows\system32\javaws.exe
+ 2010-06-09 10:35 . 2010-04-12 22:29 153376 c:\windows\system32\javaws.exe
+ 2010-06-09 10:35 . 2010-04-12 22:29 145184 c:\windows\system32\javaw.exe
- 2010-04-05 13:13 . 2010-03-09 09:28 145184 c:\windows\system32\javaw.exe
+ 2010-06-09 10:35 . 2010-04-12 22:29 145184 c:\windows\system32\java.exe
- 2010-04-05 13:13 . 2010-03-09 09:28 145184 c:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-07-31 11:58 91568 ----a-w- c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll" [2009-07-31 91568]

[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-20 39408]
"UpdateFlow.ATT-SST"="c:\program files\ATT-SST\McciBrowser.exe" [2009-10-22 1048576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxcjmon.exe"="c:\program files\Lexmark 8300 Series\lxcjmon.exe" [2005-09-30 200704]
"EzPrint"="c:\program files\Lexmark 8300 Series\ezprint.exe" [2006-04-19 94208]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"LXCJCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2006-02-24 73728]

c:\documents and settings\UB\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxcjcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcjpswx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/5/2010 4:32 PM 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2/12/2009 6:36 PM 114768]
R1 cmosa;cmosa;c:\windows\system32\drivers\cmosa.sys [2/12/2009 4:18 PM 29344]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/12/2009 6:36 PM 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1352320]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 4:13 PM 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-06-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 10:23]

2010-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 21:13]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 21:13]

2010-06-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/login...s&.partner=sbc
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: motive.com\patttbc.att
DPF: {413D6754-BFD4-47FE-9346-319559290BFA} - hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://nom.mlxchange.com/5.0.03.26/Control/MLSClientUtils.cab
DPF: {73779860-6F88-4D8C-9DAB-30583B9BAAC3} - hxxps://www.sttammanyclerk.org/liveapp/ImageServer/iView2/FileProInet2.CAB
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://nom.mlxchange.com/5.0.05.46/Control/IRCSharc.cab
DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} - hxxp://www.eomniform.com/OF5/nsplugins/OFMailX.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-09 07:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(940)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\lxcjcoms.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-09 08:02:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-09 13:02
ComboFix2.txt 2010-06-09 09:59

Pre-Run: 44,233,732,096 bytes free
Post-Run: 44,214,382,592 bytes free

- - End Of File - - BF9CB997C344F13D1A46278918EDE98E

[riverrat]

here is the other scan results..............

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4183

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/9/2010 8:53:37 AM
mbam-log-2010-06-09 (08-53-37).txt

Scan type: Quick scan
Objects scanned: 141803
Time elapsed: 44 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[ken545]

Let me ask you , are you a gamer ? Do you know why you have all these open ports ?

"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020





I was hoping MBAM was going to remove the files I wanted it to, but I know that SuperAntiSpyware may.

Please download SuperAntiSpyware Free
Install the program

• Run SuperAntiSpyware and click: Check for updates
• Once the update is finished, on the main screen, click: Scan your computer
• Check: Perform Complete Scan
• Click Next to start the scan.

Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:

• Click: Preferences
• Click the Statistics/Logs tab
• Under Scanner Logs, double-click SuperAntiSpyware Scan Log

It opens in your default text editor (such as Notepad)

Please provide the SuperAntiSpyware log in your reply.

[riverrat]

This computer is used by my kids and I am sure they are gaming on it. I will run the program and post results. Thanks very much again.

[riverrat]

Hi Ken545, here is the log. Any way to close some of those open ports? My son said he used to game a lot on this computer, but doesn't really anymore.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/09/2010 at 10:50 AM

Application Version : 4.38.1004

Core Rules Database Version : 5052
Trace Rules Database Version: 2864

Scan type : Complete Scan
Total Scan Time : 00:34:34

Memory items scanned : 555
Memory threats detected : 0
Registry items scanned : 5297
Registry threats detected : 0
File items scanned : 17260
File threats detected : 459

Adware.Tracking Cookie
C:\Documents and Settings\UB\Cookies\ub@advertise[1].txt
C:\Documents and Settings\UB\Cookies\ub@doubleclick[1].txt
C:\Documents and Settings\UB\Cookies\ub@overture[2].txt
C:\Documents and Settings\UB\Cookies\ub@adbrite[2].txt
C:\Documents and Settings\UB\Cookies\ub@collective-media[1].txt
C:\Documents and Settings\UB\Cookies\ub@content.yieldmanager[1].txt
C:\Documents and Settings\UB\Cookies\ub@questionmarket[2].txt
C:\Documents and Settings\UB\Cookies\ub@media6degrees[1].txt
C:\Documents and Settings\UB\Cookies\ub@zedo[1].txt
C:\Documents and Settings\UB\Cookies\ub@ad.yieldmanager[1].txt
C:\Documents and Settings\UB\Cookies\ub@revsci[1].txt
C:\Documents and Settings\UB\Cookies\ub@content.yieldmanager[3].txt
C:\Documents and Settings\UB\Cookies\ub@msnservices.112.2o7[1].txt
C:\Documents and Settings\UB\Cookies\ub@mediaplex[2].txt
C:\Documents and Settings\UB\Cookies\ub@ad.m5prod[2].txt
C:\Documents and Settings\UB\Cookies\ub@ad.wsod[2].txt
C:\Documents and Settings\UB\Cookies\ub@advertising[1].txt
C:\Documents and Settings\UB\Cookies\ub@msnportal.112.2o7[1].txt
C:\Documents and Settings\UB\Cookies\ub@myroitracking[2].txt
C:\Documents and Settings\UB\Cookies\ub@411discountshop[1].txt
C:\Documents and Settings\UB\Cookies\ub@clicksor[1].txt
C:\Documents and Settings\UB\Cookies\ub@apmebf[1].txt
C:\Documents and Settings\UB\Cookies\ub@2o7[2].txt
C:\Documents and Settings\UB\Cookies\ub@invitemedia[2].txt
C:\Documents and Settings\UB\Cookies\ub@atdmt[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@at.atwola[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kanoodle[2].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@f.blogads[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@a1.interclick[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@at.atwola[2].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@content.yieldmanager[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@trafficdashboard[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@www.burstnet[2].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@ad.wsod[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@ads.izmocars[2].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@interclick[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@ad.m5prod[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@dmtracker[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@specificmedia[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@collective-media[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@traffic.prod.cobaltgroup[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@ads.active[2].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@imrworldwide[2].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@burstnet[2].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@chitika[2].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@invitemedia[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@media6degrees[2].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@nextag[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@pluckit.demandmedia[1].txt
C:\Documents and Settings\Mean Mom\Cookies\mean_mom@revsci[2].txt
C:\Documents and Settings\Mooskie\Cookies\mooskie@specificmedia[1].txt
C:\Documents and Settings\Mooskie\Cookies\mooskie@bluestreak[2].txt
C:\Documents and Settings\Mooskie\Cookies\mooskie@ad.m5prod[2].txt
C:\Documents and Settings\Mooskie\Cookies\mooskie@ad.wsod[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@go.globaladsales[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad2.clickhype[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@gotacha.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@smartadx[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz9.91491.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz8.91491.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz7.91491.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz6.91491.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@accountemps[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.granitecountertopslink[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.findcashadvanceeasy[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickaider[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@naked[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.windowsmedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@sexinfo101[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad1.clickhype[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.apartmentfinder[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@hornymatches[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@exitexchange[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@searchfindr[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@accountingcorporation[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@politicalporntv[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad.wsod[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@adcentriconline[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@eyewonder[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@am.sexinfo101[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.burstnet[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@findagrave[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.blogstandmedia[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.sexonlog[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads-dev.youporn[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@zanox[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@fuckedhard18[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@cn.clickable[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ext-us.bestofmedia[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@yadro[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.collegemedia[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@theclickcheck[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@amex-insights[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@mediaforgews[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.lockedonmedia[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.3dstats[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@bluestreak[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@free.wegcash[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@coedmediagroup[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@andomedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.whaleads[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@mediaplex[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@espanol.entrepreneur[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.associatedcontent[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@mmedia.t134[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@pornvisit[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@click.kiwinets[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz2.91423.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad.candystand[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.christianpost[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.ozonemedia.co[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@threepointclick[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@mediadeva.mevio[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.moldremediationside[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@xml.titusmedia[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.cybertechinternet[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@d.mediadakine[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@findarticles[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad.yieldmanager[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@edgeadx[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.womenentrepreneur[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@after55.entrepreneur[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@statsadv.dada[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.widgetbucks[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@adknowledge[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@optimize.indieclick[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@cdn.jemamedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@counter.surfcounters[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@hornygamer[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.crakmedia[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@bmielite.go2jump[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@mysexgames[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz10.91423.blueseek[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@newsbanner[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.gossipcenter[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.pixeltrack66[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@a.websponsors[3].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@a.websponsors[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@nextag[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@localsearchfinds[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ru4[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.monster[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.burstbeacon[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.adhostingsolutions[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@dc.tremormedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@nextag[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.fulldls[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@milesmediagroup.tt.omtrdc[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@foxmobile.directtrack[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@sexuality.about[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@revsci[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@adx.bidsystem[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.ziporn[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@click.superpaysys[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@link.mercent[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.shefinds[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@liveperson[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@liveperson[6].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.indeed[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@porntribunetube[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads1.exgfnetwork[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@leads.encirclemedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@businessfind[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@videos.mediaite[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@fastclick[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@liveperson[7].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@popularscreensavers[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ziporn[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@click2go[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@xxxmatch[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@exoclick[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@advertising[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@liveperson[4].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@printcountry[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@liveperson[8].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.sexinfo101[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.fuckbookdating[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz9.91485.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz6.91485.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@media.mtvnservices[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clicks.search312[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@findresultsarchive[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@lynxtrack[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@tracking.foxnews[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@liveperson[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@liveperson[5].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@liveperson[9].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@6856.pppporn.primosearch[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.creafi[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads2.vasmg[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@imrworldwide[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@pornhub[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@xml.trafficengine[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.bighealthtree[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@w3track[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.adgoto[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@sex-101.tressugar[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clicksor[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@at.atwola[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.hardsextube[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@precisionclick[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@yieldmanager[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@admarketplace[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.tracklead[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.smartadx[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@mywebsearch[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.ad4game[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@findology[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@e1.cdn.qnsr[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@yieldmanager[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.zeusclicks[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@lfstmedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.areaporn[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@media.adfrontiers[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@aheadfind[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@youporn.videobox[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@doubleclick[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@stats.townnews[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@tracker.interclimax[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@stats.gamestop[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@webtrack.dhlglobalmail[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.justwatchporn[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@stat.dealtime[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.doubleviking[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.topdaofinder[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@lockedonmedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@eas.apm.emediate[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@snap9.advertserve[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.watershed-publishing[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@socialmedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@z.blogads[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@toplist[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@trafficmp[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@bsapr.advertserve[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.bcserving[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@youporn[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@xml.happytofind[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.fearzone[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@media.samuraimediagroup[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@mytrackurl[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@tracking1.aleadpay[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@fuckbookdating[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@static.freewebs.getclicky[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.allcountrytabs[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@d.mediaforceads[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@dr.findlinks[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@urlad--yieldmanager--com.rtrk[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@emediatrack[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad1.adtitan[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@specificmedia[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz3.91449.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@fidelity.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@hornyslut-blog[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@statcounter[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@top5countdown.mevio[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.imarketservices[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@rts.pgmediaserve[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@collective-media[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.financialcontent[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@porn-videos.fatsplanet[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@redorbit[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@breakmedia.checkm8[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickthrough.kanoodle[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.topsexywomen[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@adecn[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@euroclick[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@adultadincome[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@media6degrees[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.predictad[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.dentrack[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@burstnet[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.findstuff[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@exoclick.40531.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.myadplatform[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.us.e-planning[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad.jmg[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad.bodybuilding[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@adcloudmedia[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.cpxcenter[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.bizteenweightloss[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@crackle[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@beacon.dmsinsights[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@naiadsystems[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@track.doudig[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@track.bestbuy[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@adultadworld[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.culturekitchenmedia[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@richmedia.yahoo[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@teen[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@enhance[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@chitika[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@chitika[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@burstbeacon[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@atdmt[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@sexonlog[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@click4college[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.nba[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.findrackmount[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@azjmp[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@adxpose[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@metroleap.rotator.hadj7.adjuggler[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.thehardfucked[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.thehardfucked[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@10click[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@justwatchporn[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ftvteenmodels[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.findbillingsystem[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.socialtrack[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@trafficengine[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@fuckingmotherfucker[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@xiti[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@service.liveperson[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@partners.agamimedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@snip.www.findstuff[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.accountemps[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad2.yieldmanager[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.cnn[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@bridge2.admarketplace[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@wt.xxxmatch[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.tbs[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@invitemedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@apartmentfinder[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@qnsr[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.rcs[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@lucidmedia[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@click.fastpartner[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@pornopillow[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@holisticfind[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@hardsextube[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad.zanox[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@thepornstarsecret[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.youporn[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz2.1.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@myroitracking[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad-place[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@xxxbunker[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@pornotribunetube[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@legolas-media[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@atlas.entrepreneur[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@easy-hit-counters[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@apmebf[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@click.mediadome[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@adinterax[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads2.globo[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@girls.nudeadultcams[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.lzjl[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@xm.xtendmedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.icityfind[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@finderscheapers[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad.m5prod[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.mail[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@thehardfucked[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@dmtracker[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@entrepreneur[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@feed.validclick[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.porntube4free[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@tour1.xxxmatch[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@bizzclick[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@lettherebeporn[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@liveperson[10].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@banners.bannersource[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@bardondirect.directtrack[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@freefind[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad.slutload[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@content.yieldmanager[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickforensics[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@nudeadultcams[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@stattest.dealtime[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@cheapcruisefinders[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.undertone[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.bootcampmedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@superstats[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@content.yieldmanager[3].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@shefinds[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@mediapromoter[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@toseeka[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.pubmatic[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@mediadakine[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.ourstage[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@interclick[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@caselaw.lp.findlaw[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@stats.thaindian[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@login.tracking101[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.bnmedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@click.leisure[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz7.1.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.pornhub[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@sexgodmethod[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@buyfind[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@sexxxpert[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@adultdvd[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.eyecuedigital[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@liveperson[11].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.redorbit[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@adxpansion[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@bannertgt[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.reason[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@in.getclicky[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@openxxx.viragemedia[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.webcamclub[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@intermundomedia[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@sales.liveperson[4].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.10click[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.intergi[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@trackingvalue[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@find.galegroup[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.businessfind[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.dixcom[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@sales.liveperson[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@t.lynxtrack[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@findlaw[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@advertise[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@topsexywomen[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@bet.burstnet[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@kendrawilkinsonsex-tape.blogspot[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ad2.doublepimp[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@maxporn[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.vidsense[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@www.printcountry[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@accounting.oniine-college[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@a1.interclick[3].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@a1.interclick[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@sales.liveperson[3].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@media.photobucket[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@degreefinders[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz2.91491.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz4.91491.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz3.91491.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz1.91491.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@clickpayz5.91491.blueseek[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@findnumerous[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@wsclick.infospace[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.filthdump[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@innovate.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@ads.nudereviews[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@teensgosex[2].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@servedby.adxpower[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@sexy-bitches[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@womenentrepreneur[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@cx.sxtracking[1].txt
C:\Documents and Settings\SPS 93\Cookies\sps_93@server.cpmstar[2].txt

Adware.Flash Tracking Cookie
C:\Documents and Settings\UB\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RL6ZWSKJ\UDN.SPECIFICCLICK.NET

Trojan.Agent/Gen-Purcharva[Full]
C:\DOCUMENTS AND SETTINGS\SPS 93\LOCAL SETTINGS\TEMP\4D6.TMP

Trojan.Agent/Gen-FakeAlert
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP1\A0000017.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP2\A0000063.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP3\A0000083.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP3\A0000091.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP3\A0000094.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP3\A0003153.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP3\A0003154.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP4\A0003277.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP4\A0004323.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP4\A0004333.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP4\A0004336.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP5\A0004387.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP6\A0004616.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CC76319-9D7E-4B86-819E-D3F0BF94A8D8}\RP6\A0004617.EXE

[ken545]

Yes we can close those ports, is that the entire SAS log ?