Running out of options, plz help

hawk773 · January 24, 2011

Hello, i have had a problem removing whatever this is on my computer, it has disabled all my antivirus and i cant download or install new ones. I have used two different antivirus programs i put on a cd from another computer so i could run it without starting windows.

They found a few problems that they fixed but i still have the same problems, i am also getting random pop up sites when using IE. Any help would be great, here are the three requested items i read i needed, i followed the instructions in the sticky.

hawk773 · January 24, 2011

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 17:19:47, on 2011-1-24

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\winlogon.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\PC Tools Security\BDT\FGuard.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Windows\system32\taskeng.exe

C:\a-squared Free\a2service.exe

C:\PC Tools Security\BDT\BDTUpdateService.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\system32\IoctlSvc.exe

C:\Windows\system32\PnkBstrA.exe

C:\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\Taskmgr.exe

C:\Windows\system32\wuauclt.exe

C:\Mozilla Firefox\firefox.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

O2 - BHO: Unknown - {0C956E30-58ED-409E-9FBD-E5A34028A053} - C:\Windows\system32\audiodev32.dll

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: PlaySushi - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll

O2 - BHO: PC Tools Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\PC Tools Security\BDT\PCTBrowserDefender.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

O2 - BHO: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\PC Tools Security\BDT\PCTBrowserDefender.dll

O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [PCTools FGuard] C:\PC Tools Security\BDT\FGuard.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe Reader Speed Launcher] "C:\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: PokerStars - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: PokerStars - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: PartyCasino - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\PokerStars\PokerStarsUpdate.exe

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10}Microsoft.wlsc.WrapperAX.2 - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_23 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}Java Plug-in 1.6.0_23 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_23 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\a-squared Free\a2service.exe

O23 - Service: avast! Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner (avast! Mail Scanner) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner (avast! Web Scanner) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Browser Defender Update Service (Browser Defender Update Service) - Threat Expert Ltd. - C:\PC Tools Security\BDT\BDTUpdateService.exe

O23 - Service: Windows Media Center Service Launcher (ehstart) - Unknown - %windir%\system32\svchost.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Nero BackItUp Scheduler 3 (Nero BackItUp Scheduler 3) - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

O23 - Service: NMIndexingService (NMIndexingService) - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - INCA Internet Co., Ltd. - C:\Windows\system32\GameMon.des

O23 - Service: PLFlash DeviceIoControl Service (PLFlash DeviceIoControl Service) - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: PnkBstrA (PnkBstrA) - Unknown - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Quality Windows Audio Video Experience (QWAVE) - Unknown - %windir%\system32\svchost.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\PC Tools Security\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\PC Tools Security\pctsSvc.exe

O23 - Service: Secondary Logon (seclogon) - Unknown - %windir%\system32\svchost.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

O23 - Service: Steam Client Service (Steam Client Service) - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: SuperRam Memory Service (SuperRam) - Unknown - .dll

O23 - Service: Block Level Backup Engine Service (wbengine) - Unknown - %systemroot%\system32\wbengine.exe

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown - %ProgramFiles%\Windows Media Player\wmpnetwk.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

hawk773 · January 24, 2011

DDS (Ver_10-12-12.02) - NTFSx86

Run by Dell D60 at 17:22:51.17 on Mon 01/24/2011

Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_23

Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1022.292 [GMT 11:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\PC Tools Security\BDT\FGuard.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Windows\system32\taskeng.exe

C:\a-squared Free\a2service.exe

C:\PC Tools Security\BDT\BDTUpdateService.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\system32\IoctlSvc.exe

C:\Windows\system32\PnkBstrA.exe

C:\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\Taskmgr.exe

C:\Windows\system32\wuauclt.exe

C:\Mozilla Firefox\firefox.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Dell D60\Desktop\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\pc tools security\bdt\PCTBrowserDefender.dll

uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll

mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll

BHO: {0c956e30-58ed-409e-9fbd-e5a34028a053} - c:\windows\system32\audiodev32.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PlaySushi: {21608b66-026f-4dcb-9244-0daca328dced} - c:\program files\playsushi\PSText.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\pc tools security\bdt\PCTBrowserDefender.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

BHO: {811255D3-54F2-BD3F-33EF-948BA547BFAE} - No File

BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\pc tools security\bdt\PCTBrowserDefender.dll

TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [AlcoholAutomount] "c:\alcohol soft\alcohol 52\AxAutoMntSrv.exe" -automount

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto

mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [PCTools FGuard] c:\pc tools security\bdt\FGuard.exe

mRun: [Adobe Reader Speed Launcher] "c:\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [iObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\pokerstars\PokerStarsUpdate.exe

IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}

IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}

IE: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}

IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - c:\program files\playsushi\PSText.dll

DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\delld6~1\appdata\roaming\mozilla\firefox\profiles\008uyq9u.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - NCH Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/firefox

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - plugin: c:\adobe\reader 9.0\reader\browser\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-10-20 237632]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-10-20 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-10-20 656320]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-1 165584]

R2 a2free;a-squared Free Service;c:\a-squared free\a2service.exe [2010-10-20 1872320]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-1 17744]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-1-1 50768]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-1 40384]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\pc tools security\bdt\BDTUpdateService.exe [2010-10-20 235472]

R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2011-1-24 312152]

R2 StarWindServiceAE;StarWind AE Service;c:\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2009-12-24 370688]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-1 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-1 40384]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]

R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [2010-8-27 52824]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664]

S2 SuperRam;SuperRam Memory Service; [x]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 sdAuxService;PC Tools Auxiliary Service;c:\pc tools security\pctsAuxs.exe [2010-10-20 366840]

S3 sdCoreService;PC Tools Security Service;c:\pc tools security\pctsSvc.exe [2010-10-20 1145816]

=============== Created Last 30 ================

2011-01-24 05:00:12 -------- d-----w- c:\program files\common files\Spigot

2011-01-24 04:03:31 -------- d-----w- c:\users\delld6~1\appdata\local\Kerkia

2011-01-24 04:03:08 -------- d-----w- c:\users\delld6~1\appdata\roaming\minimem

2011-01-24 04:01:58 -------- d-----w- C:\Kerkia

2011-01-22 13:27:27 -------- d-----w- C:\%calc

2011-01-22 10:30:01 286720 ----a-w- c:\windows\iun503.exe

2011-01-22 10:07:35 -------- d-----w- C:\Redalert2

2011-01-22 09:16:56 -------- d-----w- C:\uTorrent

2011-01-22 08:46:38 -------- d-----w- C:\Alcohol Soft

2011-01-22 08:36:02 -------- d-----w- c:\users\delld6~1\appdata\roaming\UDRuler

2011-01-22 08:35:48 -------- d-----w- C:\Universal Desktop Ruler

2011-01-22 07:26:47 -------- d-----w- C:\Reglo ruler

2011-01-22 06:02:58 -------- d-----w- C:\Red Alert 2 - Yuri's Revenge

2011-01-20 23:04:53 -------- d-----w- c:\program files\ConduitEngine

2011-01-20 23:04:48 -------- d-----w- c:\program files\BitTorrentBar

2011-01-07 13:55:55 -------- d-----w- C:\Hunting_Unlimited_4-Razor1911[http://www.moviex.info]

2011-01-01 07:22:39 -------- d-----w- c:\program files\resume

2011-01-01 07:22:04 -------- d-----w- c:\program files\avira

2011-01-01 07:11:57 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-01-01 07:11:35 38848 ----a-w- c:\windows\avastSS.scr

2010-12-31 14:02:21 -------- d-----w- C:\avg key

2010-12-30 08:24:44 -------- d-----w- c:\progra~2\Simply Super Software

2010-12-30 07:34:27 0 ----a-w- c:\users\delld6~1\appdata\local\Wxeqe.bin

2010-12-30 07:34:23 -------- d-----w- c:\users\delld6~1\appdata\local\{35FEF622-4C3A-4C35-8648-FAE2E5B677A3}

2010-12-29 10:09:29 -------- d-sh--w- c:\progra~2\SysWoW32

2010-12-29 10:09:29 -------- d-sh--w- c:\progra~2\E785CCD1C99DD5318A73A479F83CC233

2010-12-29 10:09:13 203776 --sh--w- c:\progra~2\unrar.exe

2010-12-29 10:09:13 -------- d-----w- c:\progra~2\403145685

2010-12-29 10:08:32 -------- d-sh--w- c:\users\delld6~1\appdata\roaming\SysWin

2010-12-29 10:08:24 411136 ----a-w- c:\windows\system32\audiodev32.dll

2010-12-29 09:50:22 -------- d-----w- c:\users\delld6~1\appdata\roaming\LimeWire

2010-12-29 09:49:43 -------- d-----w- c:\users\dell d60\Shared

2010-12-29 09:48:57 -------- d-----w- c:\program files\360Share Pro

2010-12-29 05:27:52 679936 ----a-w- c:\windows\system32\D3DX81ab.dll

2010-12-29 05:27:52 1970176 ----a-w- c:\windows\system32\d3dx9.dll

2010-12-29 05:27:51 -------- d-----w- C:\Cheat Engine

==================== Find3M ====================

2010-11-12 07:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 17:23:44.47 ===============

hawk773 · January 24, 2011

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 8/23/2009 11:42:29 AM

System Uptime: 1/24/2011 4:49:45 PM (1 hours ago)

Motherboard: Dell Inc. | | 0KX350

Processor: Intel® Core2 CPU T7200 @ 2.00GHz | Microprocessor | 2000/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 4.37 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {ff646f80-8def-11d2-9449-00105a075f6b}

Description: pcouffin device ...

Device ID: ROOT\PCOUFFIN\0000

Manufacturer:

Name: pcouffin device ...

PNP Device ID: ROOT\PCOUFFIN\0000

Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

µTorrent

360Share Pro(remove only)

a-squared Free 4.5

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.1

Advanced SystemCare 3

Alive Video Converter (version 5.1.6.8)

Ask Toolbar

Auslogics Disk Defrag

avast! Free Antivirus

Basta Computing Reglo

BingoLiner

BitTorrent

BitTorrentBar Toolbar

Boilsoft AVI to DVD Converter 4.03

Browser Defender 3.0

Camera Support Core Library

Camera Window DS

Camera Window DVC

Camera Window MC

Canon Camera Support Core Library

Canon Camera Window DS for ZoomBrowser EX

Canon Camera Window DVC for ZoomBrowser EX

Canon Camera Window for ZoomBrowser EX

Canon MovieEdit Task for ZoomBrowser EX

Canon PhotoRecord

Canon RAW Image Task for ZoomBrowser EX

Canon RemoteCapture Task for ZoomBrowser EX

Canon Utilities PhotoStitch 3.1

Canon ZoomBrowser EX

Cheat Engine 5.6.1

Combat Arms

Command && Conquer Red Alert 2 - Yuri's Revenge

COMODO System - Cleaner

Conduit Engine

Connectix Virtual Game Station Demo

DAEMON Tools Toolbar

DesktopX

DigimonBattle Beta

Driver Sweeper 2.1.0

DVD Shrink 3.2

DVDFab 8.0.2.2 (01/10/2010)

Eusing Free Registry Cleaner

Express Burn Disc Burning Software

FIFA 09

FIFA 10

FileASSASSIN

FinalAlert 2

Free Window Registry Repair

Game Booster

Game Speed Changer 6.3

Google Earth

Google Update Helper

IObit Security 360

Java Auto Updater

Java DB 10.5.3.0

Java 6 Update 23

Java SE Development Kit 6 Update 18

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Minimem

MovieEdit Task

Mozilla Firefox (3.6.11)

Mozilla Firefox (3.6.13)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 8

neroxml

NVIDIA Drivers

OGA Notifier 2.0.0048.0

Pando Media Booster

PC Tools Registry Tool

Percent

PhotoStitch

Playsushi

PokerStars

POKéMON Simulator 4.5

PowerDVD

PunkBuster Services

Quake II Demo

RamBooster

RAW Image Task 1.2

RecordPad Sound Recorder

Red Alert Windows 95

RemoteCapture Task 1.1

RS2Bot

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for 2007 Microsoft Office System (KB978380)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Office Excel 2007 (KB978382)

Security Update for Microsoft Office Outlook 2007 (KB972363)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office Publisher 2007 (KB980470)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Simsoc Web Soccer - Match Viewer

Smart Defrag

SoundTap Streaming Audio Recorder

Spyware Doctor 8.0

Steam

Subliminal Blaster 2.0

Switch Sound File Converter

TreeSize Free V2.4

Universal Desktop Ruler version 3.5.3364

Update for 2007 Microsoft Office System (KB967642)

Update for 2007 Microsoft Office System (KB981715)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office InfoPath 2007 (KB976416)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 (KB974561)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (kb981726)

VCRedistSetup

WavePad Sound Editor

Westwood Online

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Live Sign-in Assistant

Windows Live Upload Tool

WinRAR archiver

World of Warcraft

Xfire (remove only)

Xteq Systems X-Setup 6.3

Yahoo! Software Update

Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

1/21/2011 8:34:52 AM, Error: EventLog [6008] - The previous system shutdown at 8:32:22 AM on 1/21/2011 was unexpected.

1/21/2011 4:21:25 PM, Error: EventLog [6008] - The previous system shutdown at 4:19:53 PM on 1/21/2011 was unexpected.

1/21/2011 10:20:38 AM, Error: EventLog [6008] - The previous system shutdown at 10:19:18 AM on 1/21/2011 was unexpected.

1/21/2011 10:10:28 AM, Error: EventLog [6008] - The previous system shutdown at 10:08:25 AM on 1/21/2011 was unexpected.

1/17/2011 9:51:13 AM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Application initialization failed. Last error: 0x80004005

1/17/2011 9:35:56 AM, Error: EventLog [6008] - The previous system shutdown at 9:34:01 AM on 1/17/2011 was unexpected.

1/17/2011 9:25:16 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CFRMD

1/17/2011 9:25:16 AM, Error: Service Control Manager [7000] - The SuperRam Memory Service service failed to start due to the following error: The system cannot find the path specified.

1/17/2011 9:25:16 AM, Error: Service Control Manager [7000] - The Registry Helper Service service failed to start due to the following error: The system cannot find the path specified.

1/17/2011 9:23:24 AM, Error: volmgr [46] - Crash dump initialization failed!

1/17/2011 6:54:08 PM, Error: EventLog [6008] - The previous system shutdown at 6:52:03 PM on 1/17/2011 was unexpected.

1/17/2011 2:13:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

1/17/2011 2:09:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

1/17/2011 2:09:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

1/17/2011 2:09:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

1/17/2011 2:09:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

1/17/2011 2:09:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/17/2011 2:08:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

1/17/2011 2:08:47 PM, Error: EventLog [6008] - The previous system shutdown at 2:05:24 PM on 1/17/2011 was unexpected.

==== End Of File ===========================

Superdave · January 25, 2011

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

Sorry for being so late in getting back to you.

I see you are running Poker Stars. Poker Stars has a history of distributing spyware in their products. However, security experts still question this program as good or bad. I recommend to remove it to prevent spyware, but it is up to you to decide if you want to keep it.

If you would like to uninstall it, do so as follows:

Press Start, and navigate to the Control Panel. When in the control panel enter Add or Remove programs. Search for and locate PokerStars, and either click Change/Remove or Remove.

*********************************************************

You only have 11% free space on your harddrive and Windows requires at least 15% on order to function properly. You will have to find some way of freeing up some space. You can transfer your pictures, music, videos and other personal files to another harddrive or to DVD's

I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

•AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):

C:\Program Files\AskBarDis. or anything related to Ask.

****************************************************

P2P - I see you have P2P software installed on your machine (µTorrent) and BitTorrent. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

*********************************************

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

PC Tools Registry Tool

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners

*******************************************************

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

**********************************************

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

*************************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1

Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.

* Open the Security Check folder and double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

hawk773 · January 26, 2011

ok i am doing the things advised in reply, ill post asap.

hawk773 · January 26, 2011

Here are the 1st two reports, the 3rd one called securityCheck did not generate a report.

hawk773 · January 26, 2011

Malwarebytes' Anti-Malware 1.50.1.1100

http://www.malwarebytes.org

Database version: 5608

Windows 6.0.6000

Internet Explorer 7.0.6000.17037

1/26/2011 10:49:22 PM

mbam-log-2011-01-26 (22-49-22).txt

Scan type: Full scan (C:\|)

Objects scanned: 260068

Time elapsed: 1 hour(s), 16 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 7

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 6

Files Infected: 15

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{0C956E30-58ED-409E-9FBD-E5A34028A053} (Trojan.Tracur.S) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C956E30-58ED-409E-9FBD-E5A34028A053} (Trojan.Tracur.S) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0C956E30-58ED-409E-9FBD-E5A34028A053} (Trojan.Tracur.S) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\KOO9RV9K4Z (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\X3EKEPXJP2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\� (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\programdata\403145685 (Rogue.Multiple) -> Quarantined and deleted successfully.

c:\Users\Dell D60\AppData\Roaming\SysWin (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\AppData\Roaming\SysWin (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\Dell D60\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com (PUP.PlaySushi) -> Delete on reboot.

c:\Users\Dell D60\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome (PUP.PlaySushi) -> Quarantined and deleted successfully.

c:\Users\Dell D60\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components (PUP.PlaySushi) -> Quarantined and deleted successfully.

Files Infected:

c:\Windows\System32\audiodev32.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\AppData\Roaming\0200000045bf1a6f1101c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\AppData\Roaming\0200000045bf1a6f1101o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\AppData\Roaming\0200000045bf1a6f1101p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\AppData\Roaming\0200000045bf1a6f1101s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Windows\System32\0200000045bf1a6f1101c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Windows\System32\0200000045bf1a6f1101o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Windows\System32\0200000045bf1a6f1101p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Windows\System32\0200000045bf1a6f1101s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Windows\System32\gnuhashes.ini (Trojan.Tracur) -> Quarantined and deleted successfully.

c:\Users\Dell D60\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome.manifest (PUP.PlaySushi) -> Quarantined and deleted successfully.

c:\Users\Dell D60\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\install.rdf (PUP.PlaySushi) -> Quarantined and deleted successfully.

c:\Users\Dell D60\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome\pstextlinks.jar (PUP.PlaySushi) -> Quarantined and deleted successfully.

c:\Users\Dell D60\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\playsushiff.dll (PUP.PlaySushi) -> Quarantined and deleted successfully.

c:\Users\Dell D60\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\playsushiff.xpt (PUP.PlaySushi) -> Quarantined and deleted successfully.

enoskype · January 26, 2011

Hi hawk773,

Please divide the reports and post in multiple posts.

There is a restriction for # of characters per post.

Cheers.

hawk773 · January 26, 2011

everytime i try to copy/paste SUPERAntiSpyware Scan Log its coming out blank in the thread.

enoskype · January 26, 2011

See my previous post please.

Cheers.

hawk773 · January 26, 2011

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 01/26/2011 at 08:25 PM

Application Version : 4.48.1000

Core Rules Database Version : 6277

Trace Rules Database Version: 4089

Scan type : Complete Scan

Total Scan Time : 01:53:07

Memory items scanned : 522

Memory threats detected : 0

Registry items scanned : 9410

Registry threats detected : 3

File items scanned : 126973

File threats detected : 365

Adware.Tracking Cookie

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@galleries.adult-empire[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@dealtime[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@ad.leadbolt[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@ads.financialcontent[2].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@ads.intergi[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@adserving.versaneeds[2].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@ad.jmg[2].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@media.sensis.com[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@advertising.gossipcenter[2].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@www.tracklead[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@ad.mozzi[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@fidelity.rotator.hadj7.adjuggler[2].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@clicks.topsearchtech[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@trackalyzer[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@www.favporn[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@ads.bighealthtree[2].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@ads.cpxcenter[2].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@adxpose[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@adserv.ontek.com[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@ads.nexon[2].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@vidasco.rotator.hadj7.adjuggler[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@invitemedia[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@clicks.quicklookups[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@clickpayz9.91485.information-seeking[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@harrenmedianetwork[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@www.mediatraffic[2].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@advert.runescape[2].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@click.searchnation[2].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@click.fastpartner[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@eas.apm.emediate[2].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@advertise[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@t2.trackalyzer[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@clicks.fastgetonline[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@ads.gamersmedia[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@opti.inextmedia[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@77tracking[2].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@ads.creafi[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@favporn[2].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@6678.a66.clickshield[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@clicks.searchjiffy[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@pautinasexa[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@tubeporngigs[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@mediatraffic[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@user.lucidmedia[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@clicksor[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@ads.bootcampmedia[2].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@ads.pubmatic[2].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@tracking1.aleadpay[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@www.sellmeyourtraffic[2].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@vcstats[2].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@ads.rtbidder[2].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@xm.xtendmedia[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\dell_d60@myroitracking[1].txt

media5.wgt.com [ C:\Users\Dell D60\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A9JSYJL6 ]

objects.tremormedia.com [ C:\Users\Dell D60\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A9JSYJL6 ]

www1.yporn.com [ C:\Users\Dell D60\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A9JSYJL6 ]

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\Low\dell_d60@ad.yieldmanager[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\Low\dell_d60@ads.intergi[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\Low\dell_d60@content.yieldmanager[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\Low\dell_d60@www.cpcadnet[1].txt

C:\Users\Dell D60\AppData\Roaming\Microsoft\Windows\Cookies\Low\dell_d60@www.cpcadnet[2].txt

.cba.122.2o7.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.atdmt.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.bs.serving-sys.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.serving-sys.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.tribalfusion.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.doubleclick.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.media6degrees.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

rts.pgmediaserve.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.partypoker.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.pro-market.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.at.atwola.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.tacoda.at.atwola.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.at.atwola.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.advertising.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.adtech.de [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.zedo.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.server.cpmstar.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

media.sensis.com.au [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.http://www.burstnet.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.burstnet.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

media303.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.zedo.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.afftracker.info [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.clickboothlnk.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

publishers.clickbooth.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

http://www.burstbeacon.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.burstbeacon.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.server.cpmstar.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

media.sensis.com.au [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.imrworldwide.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.fastclick.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

ads.horyzon-media.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

www3.smartadserver.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.ad6media.fr [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.bubblestat.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

ww251.smartadserver.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

ww381.smartadserver.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.apmebf.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.fastclick.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.ru4.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.kontera.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.specificclick.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.view.atdmt.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.http://www.omgtracking.info [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.googleads.g.doubleclick.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.adxpose.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.atdmt.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

media.sensis.com.au [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.questionmarket.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.zedo.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.mediaplex.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.paypal.112.2o7.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.stats.paypal.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

media.sensis.com.au [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

new.countertracker.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.msnportal.112.2o7.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.overture.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.adultfriendfinder.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.privateteenvideo.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

prettyteenies.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

stat.top.yamodamo.me [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

adult.usenetlord.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.media.brandreachsys.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

ads.crakmedia.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.adlegend.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.srv.resultsmedia.biz [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

hawk773 · January 26, 2011

.srv.resultsmedia.biz [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

tracking.globalrevgen.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.collective-media.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.content.yieldmanager.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

bricormedia.go2jump.org [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.adviva.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.revsci.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.adserver.adtechus.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.cnetaustralia.122.2o7.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.ehg-techtarget.hitbox.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.hitbox.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.adinterax.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

uk.sitestat.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.revsci.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.serving-sys.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.yadro.ru [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

http://www.teensnow.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.teensnow.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

http://www.googleadservices.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.dmtracker.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.qnsr.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

http://www.qsstats.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.casalemedia.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

http://www.googleadservices.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.revsci.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.trafficmp.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.advertiseyourgame.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.partypoker.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.statcounter.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

http://www.dirtyxxxtube.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

go.trafficshop.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

http://www.iyoungporn.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.ero-advertising.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

wstat.wibiya.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

click.mediadome.ru [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.kontera.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.legolas-media.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.kontera.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.revsci.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.adbrite.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

servedby.adxpower.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.clicksor.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.myroitracking.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.adbrite.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.clicksor.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.fastclick.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.game-advertising-online.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.tribalfusion.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.collective-media.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

statse.webtrendslive.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.chitika.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.smartadserver.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.xiti.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.revsci.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.microsoftsto.112.2o7.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.account.live.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

cperspective.rotator.hadj7.adjuggler.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.keygens.nl [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.top4serials.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.http://www.young-milky-teenies.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.adxpansion.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

http://www.newteenpics.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

http://www.tequilateens.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

pornthumbs.info [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.trafficholder.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.hornymatches.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

cn.clickable.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.gostats.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

http://www.fpctraffic2.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.trafficholder.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

http://www.teenhqporn.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.trafficholder.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.advertise.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

pornoinrussia.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

teenhardporno.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.teenhardporno.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.trafficholder.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.vidsfucker.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.yporn.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.adxpansion.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.trafficholder.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

http://www.pornthumbs.info [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

amateurteenz.biz [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

dc.tremormedia.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

http://www.googleadservices.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.microsoftofficevisio.112.2o7.net [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.clickaider.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.tradedoubler.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

http://www.googleadservices.com [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]

.checkmystats.com.au [ C:\Users\Dell D60\AppData\Roaming\Mozilla\Firefox\Profiles\008uyq9u.default\cookies.sqlite ]