[Resolved] Malware all over my computer. HJT logs Pls help.

**broni** · 07-10-2009

OK, So, here is the situation.
Your computer is definitely infected.
I don't see anything in files removed by Combofix, which would cause loss of connection, but it's pretty common situation, when you lose connection in the process of cleaning.
Now, it's up to you.
You can use system restore to get your connection back and your infection back, or we can continue with cleaning process and worry about your connection later.
Please, let me know.

**FreakY** · 07-10-2009

I'd like to continue with the process. Now I have access to the Internet through another computer so it's ok.

Let's proceed

**broni** · 07-10-2009

OK then. Give me some time to go through your Combofix log.

**FreakY** · 07-10-2009

Thanks broni. Looking forward for it.

**broni** · 07-10-2009

You don't have any antivirus program running.
What actually happened to AVG?

**FreakY** · 07-10-2009

When the real problem started, I had Avast but with the license expired. So I uninstalled it and then installed AVG (updated) and I did a full scan. After that full scan, that found about 6 virus/threats if I remember well, I lost my internet connection. Then I restored my system to a state previous to the AVG installation.

That's what happened.

**broni** · 07-10-2009

OK then. Let's wait with new AV program installation until we're done with Combofix.
Just make sure, your firewall is up.

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\windows\system32\mbciae.exe
c:\windows\system32\mdgvrr.exe
c:\windows\system32\dsibm.exe
c:\windows\system32\jwxrmta.exe
C:\up2.exe
c:\windows\system32\drivers\dobelbez.sys
c:\windows\system32\drivers\hwvkknrf.sys
c:\documents and settings\Menendez\qmtwvh.exe
c:\windows\system32\drivers\ndisvvan.sys


Folder::
c:\documents and settings\Menendez\Application Data\AVG7
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\AVG7
c:\documents and settings\All Users.WINDOWS\Application Data\avg7
C:\$AVG8.VAULT$
c:\windows\system32\drivers\Avg(2)
c:\program files\AVG(2)
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)
C:\AVGTemp
c:\documents and settings\Menendez\Application Data\AVG8
c:\documents and settings\Menendez\Application Data\Panda Security
c:\documents and settings\All Users.WINDOWS\Application Data\Panda Security


Driver::
dobelbez
hwvkknrf


Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"restorer32_a"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"restorer32_a"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\dobelbez.sys]
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"poxy4.exe"=-
"skp66.exe"=-
"ud32.exe"=-
"c:\\WINDOWS\\system32\\jwxrmta.exe"=-
"c:\\WINDOWS\\system32\\dsibm.exe"=-
"c:\\WINDOWS\\system32\\mdgvrr.exe"=-


RegLockDel::

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new HijackThis log.

**FreakY** · 07-10-2009

Ok. Here are the logs. Oh, and I haven't got my connection back.

ComboFix 09-10-05.01 - Menendez 10/07/2009 14:28.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.190.91 [GMT -8:00]
Running from: c:\documents and settings\Menendez\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Menendez\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\Menendez\qmtwvh.exe"
"C:\up2.exe"
"c:\windows\system32\drivers\dobelbez.sys"
"c:\windows\system32\drivers\hwvkknrf.sys"
"c:\windows\system32\drivers\ndisvvan.sys"
"c:\windows\system32\dsibm.exe"
"c:\windows\system32\jwxrmta.exe"
"c:\windows\system32\mbciae.exe"
"c:\windows\system32\mdgvrr.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\$AVG8.VAULT$
c:\$avg8.vault$\V_00000001.fil
c:\$avg8.vault$\V_00000002.fil
c:\$avg8.vault$\V_00000003.fil
c:\$avg8.vault$\V_00000004.fil
c:\$avg8.vault$\V_00000005.fil
c:\$avg8.vault$\V_00000006.fil
c:\$avg8.vault$\V_00000007.fil
c:\$avg8.vault$\V_00000008.fil
c:\$avg8.vault$\V_00000009.fil
c:\$avg8.vault$\V_00000010.fil
c:\$avg8.vault$\V_00000011.fil
c:\$avg8.vault$\V_00000012.fil
c:\$avg8.vault$\V_00000013.fil
c:\$avg8.vault$\V_00000014.fil
c:\$avg8.vault$\vvfolder.idx
C:\AVGTemp
c:\avgtemp\avgremover_en\avgremover.log
c:\avgtemp\avgremover_en\readme.txt
c:\documents and settings\All Users.WINDOWS\Application Data\avg7
c:\documents and settings\All Users.WINDOWS\Application Data\avg7\emssrv-1000.cfg
c:\documents and settings\All Users.WINDOWS\Application Data\avg7\emssrv-1001.cfg
c:\documents and settings\All Users.WINDOWS\Application Data\avg7\krnl-0000.cfg
c:\documents and settings\All Users.WINDOWS\Application Data\avg7\mail-0001.cfg
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avgcfg.log
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avgcfg.log.lock
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avgcore.log
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avgcore.log.1
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avgcore.log.lock
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avgfrw.log.lock
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avgldr.log
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avgldr.log.lock
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avglng.log
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avglng.log.1
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avglng.log.lock
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avgrs.log
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avgrs.log.1
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avgrs.log.lock
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avgscan.log
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avgscan.log.lock
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avgsched.log
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avgsched.log.lock
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avgsrm.log
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avgsrm.log.lock
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avgui.log
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avgui.log.lock
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avgupd.log
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avgupd.log.lock
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avgwd.log
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avgwd.log.lock
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avgwdsvc.log
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\avgwdsvc.log.lock
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\commonpriv.log
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\commonpriv.log.lock
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\fixcfg.log
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\fixcfg.log.lock
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Log(2)\history.xml
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\scanlogs(2)\I_00000006.log
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\scanlogs(2)\I_00000007.log
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\scanlogs(2)\I_00000008.log
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\scanlogs(2)\I_00000009.log
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\scanlogs(2)\srm.idx
c:\documents and settings\All Users.WINDOWS\Application Data\avg8(2)\Temp(2)\7f6870fe-9288-4138-a073-069739c38320-6e4-oopp.tmp
c:\documents and settings\All Users.WINDOWS\Application Data\Panda Security
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\AVG7
c:\documents and settings\Menendez\Application Data\AVG7
c:\documents and settings\Menendez\Application Data\AVG7\sched-0001.cfg
c:\documents and settings\Menendez\Application Data\AVG7\sched-0002.cfg
c:\documents and settings\Menendez\Application Data\AVG7\test-0001.cfg
c:\documents and settings\Menendez\Application Data\AVG7\test-0002.cfg
c:\documents and settings\Menendez\Application Data\AVG7\test-0003.cfg
c:\documents and settings\Menendez\Application Data\AVG7\test-0004.cfg
c:\documents and settings\Menendez\Application Data\AVG7\test-0005.cfg
c:\documents and settings\Menendez\Application Data\AVG7\test-0006.cfg
c:\documents and settings\Menendez\Application Data\AVG7\test-0007.cfg
c:\documents and settings\Menendez\Application Data\AVG7\test-0008.cfg
c:\documents and settings\Menendez\Application Data\AVG7\test-0009.cfg
c:\documents and settings\Menendez\Application Data\AVG7\test-0011.cfg
c:\documents and settings\Menendez\Application Data\AVG7\test-0012.cfg
c:\documents and settings\Menendez\Application Data\AVG7\test-0013.cfg
c:\documents and settings\Menendez\Application Data\AVG7\user-0000.cfg
c:\documents and settings\Menendez\Application Data\AVG8
c:\documents and settings\Menendez\Application Data\Panda Security
c:\documents and settings\Menendez\Application Data\Panda Security\Panda Cloud Antivirus\PSUNUser.cfg
c:\documents and settings\Menendez\qmtwvh.exe
c:\program files\AVG(2)
c:\program files\AVG(2)\AVG8(2)\avg.snu
c:\program files\AVG(2)\AVG8(2)\avg8us.lng
c:\program files\AVG(2)\AVG8(2)\avgbat.bav
c:\program files\AVG(2)\AVG8(2)\avgf8us.chm
c:\program files\AVG(2)\AVG8(2)\avgfree_us.mht
c:\program files\AVG(2)\AVG8(2)\avgmwdef_us.mht
c:\program files\AVG(2)\AVG8(2)\avgsbfree_us.mht
c:\program files\AVG(2)\AVG8(2)\contacts_us.html
c:\program files\AVG(2)\AVG8(2)\dfncfg.dat
c:\program files\AVG(2)\AVG8(2)\license_us.txt
c:\program files\AVG(2)\AVG8(2)\setup.dat
c:\program files\AVG(2)\AVG8(2)\setupus.lns
C:\up2.exe
c:\windows\system32\drivers\Avg(2)
c:\windows\system32\drivers\Avg(2)\avi7.avg
c:\windows\system32\drivers\Avg(2)\incavi.avm
c:\windows\system32\drivers\Avg(2)\microavi.avg
c:\windows\system32\drivers\Avg(2)\miniavi.avg
c:\windows\system32\drivers\dobelbez.sys
c:\windows\system32\drivers\hwvkknrf.sys
c:\windows\system32\drivers\ndisvvan.sys
c:\windows\system32\dsibm.exe
c:\windows\system32\jwxrmta.exe
c:\windows\system32\mbciae.exe
c:\windows\system32\mdgvrr.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOBELBEZ
-------\Service_dobelbez
-------\Service_hwvkknrf
-------\Service_Passthru

((((((((((((((((((((((((( Files Created from 2009-09-07 to 2009-10-07 )))))))))))))))))))))))))))))))
.

2009-10-06 04:47 . 2009-10-06 04:47 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-06 04:01 . 2009-10-06 04:46 -------- d-----w- C:\cmdcons(2)
2009-10-02 05:36 . 2009-10-02 05:36 -------- d-----w- c:\program files\AskSBar
2009-09-30 23:46 . 2009-09-30 23:46 67072 ----a-w- c:\windows\system32\dsof.exe
2009-09-27 17:03 . 2009-09-27 17:03 -------- d-----w- c:\documents and settings\Menendez\Local Settings\Application Data\PCHealth
2009-09-26 03:29 . 2009-09-26 03:29 -------- d-----w- C:\834633b4e8885c17f623e4b8
2009-09-26 03:28 . 2009-09-26 03:29 -------- d-----w- C:\d4ed617d8788bf68ce70a613ea
2009-09-21 22:16 . 2009-09-21 22:17 -------- d-----w- C:\68e627b4e9040d007e
2009-09-21 22:15 . 2009-09-21 22:16 -------- d-----w- C:\4cfd8036aa8d22e57950ff43bd
2009-09-19 17:23 . 2009-09-19 17:24 -------- d-----w- C:\c24c7f79fbe67519e653d0
2009-09-19 17:23 . 2009-09-19 17:23 -------- d-----w- C:\0da9e216b2d6b7837f15cc0c9c7c

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-02 05:36 . 2008-03-03 08:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-02 05:36 . 2008-03-03 08:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-09-01 03:42 . 2008-02-03 20:30 85496 ----a-w- c:\documents and settings\Menendez\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-23 09:55 . 2008-08-17 01:10 -------- d-----w- c:\documents and settings\Menendez\Application Data\Skype
2009-08-23 09:44 . 2008-08-17 01:13 -------- d-----w- c:\documents and settings\Menendez\Application Data\skypePM
2009-08-15 04:07 . 2009-08-15 04:07 -------- d-----w- c:\program files\MSBuild
2009-08-15 04:07 . 2009-08-15 04:07 -------- d-----w- c:\program files\Reference Assemblies
2009-08-15 03:57 . 2009-08-15 03:57 -------- d-----w- c:\program files\MSXML 6.0
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 07:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-03-04 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-03-04 06:25 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-04 455168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2005-03-04 32768]
"Microsoft Driver Setup"="c:\windows\iexplorer72.exe" [BU]
"Window Proxy Service"="c:\windows\System32\winpsvc.exe" [BU]
"Windows Network Firewall"="c:\windows\system32\firewall.exe" [BU]
"Microsoft(R) System Manager"="c:\windows\system32\sysmgr.exe" [BU]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-03-01 577536]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-02-25 49152]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-2-1 331776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"=
"poxy4.exe"= poxy4.exe:LSIVS
"skp66.exe"= skp66.exe:BNDMSS
"ud32.exe"= ud32.exe:BNDMSS
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dsof.exe"=

.
Contents of the 'Scheduled Tasks' folder

2009-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 00:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Menendez\Application Data\Mozilla\Firefox\Profiles\94wlakj8.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-dobelbez.sys

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-07 14:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED6077 9-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):79,2d,fb,6b,6a,0e,84,28,12,31,aa,5 8,77,57,e3,fc,64,07,dd,fd,e7,
cb,f7,38,f0,ab,59,b1,90,f4,1b,61,a9,4f,bc,c7,25,2b ,9c,29,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f9259ea 1-4baa-40fe-a6be-5331616f9785}]
@Denied: (Full) (Everyone)
"Model"=dword:00000070
"Therad"=dword:0000002a
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5 ,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe ,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(332)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2720)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\ZuneBusEnum.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WLTRAY.EXE
c:\windows\system32\rundll32.exe
c:\docume~1\Menendez\LOCALS~1\temp\RtkBtMnt.EXE
.
************************************************** ************************
.
Completion time: 2009-10-07 14:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-07 22:47
ComboFix2.txt 2009-10-06 22:04
ComboFix3.txt 2009-10-06 01:53

Pre-Run: 8,561,299,456 bytes free
Post-Run: 8,529,096,704 bytes free

283 --- E O F --- 2009-10-07 00:40

----------------------------------------
======================
----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:55:27 PM, on 10/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\DOCUME~1\Menendez\LOCALS~1\Temp\RtkBtMnt.EXE
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE " /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE " /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\iexplorer72.exe
O4 - HKLM\..\Run: [Window Proxy Service] C:\WINDOWS\System32\winpsvc.exe
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\system32\firewall.exe
O4 - HKLM\..\Run: [Microsoft(R) System Manager] C:\WINDOWS\system32\sysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 5443 bytes

**broni** · 08-10-2009

Uninstall Combofix:
Go Start > Run
Type in:
combofix /u
Note the space between the "combofix" and the "/u"
Restart computer.

================================================== =============

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: SUPERAntiSpyware.com - Database Definition Information.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: Malwarebytes.org to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3.
Post fresh HijackThis log.
NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**FreakY** · 08-10-2009

Alright. Here they are. (Note: can't connect yet)

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 10/07/2009 at 07:50 PM

Application Version : 4.29.1002

Core Rules Database Version : 4152
Trace Rules Database Version: 1978

Scan type : Complete Scan
Total Scan Time : 00:54:14

Memory items scanned : 210
Memory threats detected : 0
Registry items scanned : 4720
Registry threats detected : 14
File items scanned : 17734
File threats detected : 234

Adware.Tracking Cookie
C:\Documents and Settings\Menendez\Cookies\menendez@tribalfusion[2].txt
.2o7.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.2o7.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.2o7.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.2o7.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.2o7.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.2o7.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.2o7.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.2o7.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.2o7.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.2o7.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.2o7.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.2o7.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.2o7.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.2o7.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.2o7.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.2o7.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.2o7.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.adbrite.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.adbrite.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.adlegend.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.adservingml.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.adtech.de [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.advertising.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.advertising.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.advertising.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.advertising.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.advertising.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.apnonline.112.2o7.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.atdmt.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.atwola.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.bizrate.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.bizrate.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.bookfinder.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.bookfinder.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.bookfinder.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.bravenet.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.bravenet.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.bravenet.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.brightcove.112.2o7.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.cbs.112.2o7.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.collective-media.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.collective-media.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.collective-media.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.collective-media.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.crackerjackpromotions.co.nz [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.crackerjackpromotions.co.nz [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.cz3.clickzs.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.cz3.clickzs.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.dealtime.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.dealtime.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.dealtime.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.divx.112.2o7.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.dsml.clickexperts.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.dsml.clickexperts.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.elitefitness.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.elitefitness.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.eventfinder.co.nz [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.eventfinder.co.nz [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.eyewonder.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.imrworldwide.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.imrworldwide.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.kontera.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.kontera.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.media.coloriuris.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.media.coloriuris.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.mediabit.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.mediabit.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.mediaonenetwork.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.msnaccountservices.112.2o7.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.msnportal.112.2o7.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.nintendo.112.2o7.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.optimost.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.overture.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.partner2profit.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.partner2profit.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.partner2profit.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.partner2profit.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.partner2profit.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.pornotube.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.pornotube.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.pornotube.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.prisacom.112.2o7.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.questionmarket.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.questionmarket.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.revsci.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.revsci.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.revsci.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.revsci.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.revsci.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.revsci.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.revsci.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.revsci.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.revsci.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.revsci.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.revsci.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.revsci.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.serving-sys.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.serving-sys.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.serving-sys.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.serving-sys.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.serving-sys.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.serving-sys.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.specificclick.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.specificclick.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.specificclick.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.specificclick.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.specificclick.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.tacoda.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.tacoda.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.tacoda.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.tacoda.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.track.cbs.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.tracking.newzealand.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.trafficmp.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.trafficmp.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.trafficmp.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.trafficmp.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.trafficmp.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.trafficmp.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.trafficmp.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.trafficmp.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.trafficmp.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.trafficmp.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.trafficmp.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.tribalfusion.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.xiti.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.xpornothumbz.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.xpornothumbz.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.yadro.ru [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
.yadro.ru [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
ads.pornodesigners.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
ads.revsci.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
count.rbc.ru [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
eas.apm.emediate.eu [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
eas.apm.emediate.eu [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
oas.adservingml.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
oas.directaclick.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
server.koadserver.net [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
sitestat.mayoclinic.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
sitestat.mayoclinic.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
stat.onestat.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
stat.onestat.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
stats.channel4.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
tracking-fundacioneroski.es [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
tracking-fundacioneroski.es [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
Bodybuilding: Anabolic Steroids, EliteFitness.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
Bodybuilding: Anabolic Steroids, EliteFitness.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
lyricsfindr.com [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
Tickets at TicketsNow - Premium Sports Tickets, Concert Tickets, and Theater Tickets. [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
Windfinder - wind, wave & weather reports, forecasts & statistics / webcams, satellite images, isobar maps, tides [ C:\Documents and Settings\crystal\Application Data\Mozilla\Firefox\Profiles\sihrpjep.default\coo kies.txt ]
C:\Documents and Settings\crystal\Cookies\menendez@advertising[1].txt
C:\Documents and Settings\crystal\Cookies\menendez@ad.yieldmanager[1].txt
C:\Documents and Settings\crystal\Cookies\menendez@tribalfusion[1].txt
C:\Documents and Settings\crystal\Cookies\menendez@atdmt[1].txt
C:\Documents and Settings\crystal\Cookies\menendez@serving-sys[2].txt
C:\Documents and Settings\crystal\Cookies\menendez@bs.serving-sys[2].txt
C:\Documents and Settings\crystal\Cookies\menendez@edge.ru4[1].txt
C:\Documents and Settings\crystal\Cookies\menendez@ads.addynamix[1].txt
C:\Documents and Settings\crystal\Cookies\menendez@2o7[1].txt
C:\Documents and Settings\crystal\Cookies\menendez@bluestreak[1].txt
C:\Documents and Settings\crystal\Cookies\menendez@msnportal.112.2o 7[1].txt
C:\Documents and Settings\crystal\Cookies\menendez@mediaplex[2].txt
C:\Documents and Settings\crystal\Cookies\menendez@ads.pointroll[2].txt
C:\Documents and Settings\crystal\Cookies\menendez@tacoda[1].txt
C:\Documents and Settings\crystal\Cookies\menendez@doubleclick[1].txt

Trojan.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Run #Microsoft Driver Setup [ C:\WINDOWS\iexplorer72.exe ]

Malware.LocusSoftware Inc/PCPrivacyTool
HKLM\Software\Purchased Products

Rogue.VirusHeat
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\EMScptbdprL
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Huccr
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\hynq
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\LocalServer32
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\NXOu
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\waBudGzTjrjg
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Xhnjfwj
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\zmcio

Trojan.Media-Codec/V5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Secure Browsing
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Secure Browsing#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Secure Browsing#UninstallString

Rogue.WinPCDoctor
C:\Program Files\Common Files\WinPCDoctor
C:\Program Files\WinPCDoctor\swupd.log
C:\Program Files\WinPCDoctor

Trojan.Agent/Gen-Virut[SysKey]
C:\WINDOWS\SYSTEM32\DSOF.EXE

=====================================
=====================================

Malwarebytes' Anti-Malware 1.41
Database version: 2916
Windows 5.1.2600 Service Pack 2

10/7/2009 9:07:53 PM
mbam-log-2009-10-07 (21-07-53).txt

Scan type: Full Scan (C:\|)
Objects scanned: 192992
Time elapsed: 45 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Web Application (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\Windows Network Firewall (Trojan.Proxy) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users.WINDOWS\Application Data\winpcdoctor (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\winpcdoctor\Data (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.

Files Infected:
C:\System Volume Information\_restore{94CF9D55-D6CD-40D5-97B0-1F2680AA18D9}\RP2\A0000005.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Menendez\My Documents\My Pictures\Adobe_Photoshop_CS2\Tw10122.dat (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\winpcdoctor\Data\ac (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\winpcdoctor\Data\em (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\winpcdoctor\Data\oid (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\winpcdoctor\Data\user (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\winpcdoctor\Data\WinPCDoctor.exe.cer (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.

================================
================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:02 PM, on 10/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\DOCUME~1\Menendez\LOCALS~1\Temp\RtkBtMnt.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE " /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE " /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [Window Proxy Service] C:\WINDOWS\System32\winpsvc.exe
O4 - HKLM\..\Run: [Microsoft(R) System Manager] C:\WINDOWS\system32\sysmgr.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 5475 bytes