Popup says i had like 500 trojans & 100 worms

March 13, 2010 at 11:56:01
Specs: Windows XP professional
I was on the net the other day and a webpage popped up saying i had like 500 trojans and 100 worms it looked like a real message from windows control panel but it was a webpage my internet scanner couldn't scan it and it wanted me to download a new anti-virus no matter what u had to download so i just rebooted my scanner did delete alot of viruses off of it but couldn't give me a safety scan.

anyone know of anything to help it happened twice and somehow i have got it to leave me alone. and the weirdest thing of all it was a weird ip address not a web address


See More: Popup says i had like 500 trojans & 100 worms

Report •

#1
March 13, 2010 at 13:37:33
Tha't a common malware behavior. It pops up a window which exactly looks like a Windows operating system message. it wants to convince you to download an antivirus which is not an antivirus but a package full of spyware. Install a good antivirus and that's all you need! Have a look at this Antivirus section here.

Another thing you can do is install a free firewall such as zonealarm. usually this malware is injected via a hole in your system or by tracking your IP.

WebMaster of Web Talk


Report •

#2
March 13, 2010 at 13:55:25
If it happened twice it was probably only partially removed then regenerated itself.

We can take a look it you want us to, we will need you to run a couple , maybe three scans.

Please download and install the latest version of HijackThis v2.0.2:


Download the "HijackThis" Installer from this link:
Hijack This


1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


Report •

#3
March 13, 2010 at 15:02:23
here it is

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:28 PM, on 3/13/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\cvsnt\cvsservice.exe
C:\Program Files\cvsnt\cvslock.exe
C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe
C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE
C:\Program Files\CenturyLink Online Security\Anti-Virus\FSGK32.EXE
C:\Program Files\CenturyLink Online Security\Common\FSHDLL32.EXE
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CenturyLink Online Security\FWES\Program\fsdfwd.exe
C:\Program Files\CenturyLink Online Security\Anti-Virus\fssm32.exe
C:\Program Files\CenturyLink Online Security\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\PatchLink\Update Agent\pddm.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Alton\Local Settings\Temporary Internet Files\Content.IE5\0VUUYHWA\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.alot.com/web?q=&pr=au...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {5aa14397-d310-447d-8548-2dd90218a07d} - C:\Program Files\CoolChaser Layout Auto Insert\Helper.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ALOT Toolbar Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\CenturyLink Online Security\NRS\iescript\baselitmus.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FCTBPos00Pos - {FC78E410-0EFA-4BEC-B283-D1DB1922F420} - C:\Program Files\CoolChaser Layout Auto Insert\Toolbar.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\CenturyLink Online Security\NRS\iescript\baselitmus.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: CoolChaser Layout Auto Insert - {B0208007-27C1-4BCD-93EF-EFF5DB61FC22} - C:\Program Files\CoolChaser Layout Auto Insert\Toolbar.dll
O3 - Toolbar: MP3 Rocket Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PDDM] C:\Program Files\PatchLink\Update Agent\pddm.exe
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\CenturyLink Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.kisd-patch (HKLM)
O15 - ESC Trusted Zone: *.kisd-patch (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/o...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/get...
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CVSNT (CVS) - GNU - C:\Program Files\cvsnt\cvsservice.exe
O23 - Service: CVSNT Locking Service (CVSLock) - Unknown owner - C:\Program Files\cvsnt\cvslock.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\CenturyLink Online Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\CenturyLink Online Security\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9908 bytes


Report •

Related Solutions

#4
March 13, 2010 at 15:07:01
oh yeah i also deleted my browsing history to get rid of any possible tracking cookies and scanned my system but something still seems to be going on my computer is a little weird right now also i am afraid that i have another worm that replicates itself as jushed.exe and connects to a website called whatsmyip.com to activate itself. i am afraid because my firewall keeps blocking a file called jushed.exe from connecting to the internet to "start a process" i have kept on blocking it just in case but i have read a file on f secure that it disables firewalls so i don't know how long i've got until it activates and drops its payload. could u help me look into that posssibility i don't no if i have it but it has been infecting computers in my area. thanks for all of ur help.

Report •

#5
March 13, 2010 at 16:19:24
PLease download Combofix with internet explorer instead of any other browser if possible.

Remember..your CenturyLink Online Security antivirus and Spybot's TeaTimer must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#6
March 13, 2010 at 17:02:35
here it is it deleted alot of files

ComboFix 10-03-13.01 - Alton 03/13/2010 18:42:22.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.222 [GMT -6:00]
Running from: c:\documents and settings\Alton\My Documents\combofix.exe
AV: CenturyLink™ Online Security 9.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: CenturyLink™ Online Security 9.01 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alton\Application Data\alot
c:\documents and settings\Alton\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Alton\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Alton\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\Alton\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\Alton\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\Alton\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\Alton\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\Alton\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\Alton\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\Alton\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\Alton\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\Alton\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\Alton\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\Alton\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\Alton\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\Alton\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\Alton\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\Alton\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\Alton\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\Alton\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\Alton\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\Alton\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\Alton\Application Data\alot\configurator\configurator.xml
c:\documents and settings\Alton\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\Alton\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\Alton\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\Alton\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\documents and settings\Alton\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\documents and settings\Alton\Application Data\alot\hideToolbarLayout\hideToolbarLayout.xml
c:\documents and settings\Alton\Application Data\alot\hideToolbarLayout\hideToolbarLayout.xml.backup
c:\documents and settings\Alton\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\Alton\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\Alton\Application Data\alot\products\products.xml
c:\documents and settings\Alton\Application Data\alot\products\products.xml.backup
c:\documents and settings\Alton\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\Alton\Application Data\alot\Resources\BrowserSearch\images\favicon.ico
c:\documents and settings\Alton\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\Alton\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\Alton\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp
c:\documents and settings\Alton\Application Data\alot\Resources\Button_1\images\alot_image_search.png
c:\documents and settings\Alton\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp
c:\documents and settings\Alton\Application Data\alot\Resources\Button_1\images\alot_news_search.png
c:\documents and settings\Alton\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\Alton\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\Alton\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp
c:\documents and settings\Alton\Application Data\alot\Resources\Button_1\images\alot_shop_search.png
c:\documents and settings\Alton\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp
c:\documents and settings\Alton\Application Data\alot\Resources\Button_1\images\alot_videos_search.png
c:\documents and settings\Alton\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp
c:\documents and settings\Alton\Application Data\alot\Resources\Button_1\images\alot_web_search.png
c:\documents and settings\Alton\Application Data\alot\Resources\Button_2\images\alot_configure.bmp
c:\documents and settings\Alton\Application Data\alot\Resources\Button_2\images\alot_configure.png
c:\documents and settings\Alton\Application Data\alot\Resources\Button_3\images\default_1033_alot_music_search.bmp
c:\documents and settings\Alton\Application Data\alot\Resources\Button_3\images\default_1033_alot_music_search.png
c:\documents and settings\Alton\Application Data\alot\Resources\Button_4\images\default_1365_music_news.bmp
c:\documents and settings\Alton\Application Data\alot\Resources\Button_4\images\default_1365_music_news.png
c:\documents and settings\Alton\Application Data\alot\Resources\Button_5\images\default_2097_music_videos.bmp
c:\documents and settings\Alton\Application Data\alot\Resources\Button_5\images\default_2097_music_videos.png
c:\documents and settings\Alton\Application Data\alot\Resources\Button_6\images\3562_icon.png
c:\documents and settings\Alton\Application Data\alot\Resources\Button_7\images\default_2343_offers.thumbplay.com_button.bmp
c:\documents and settings\Alton\Application Data\alot\Resources\Button_7\images\default_2343_offers.thumbplay.com_button.png
c:\documents and settings\Alton\Application Data\alot\Resources\Button_8\images\2682_icon.png
c:\documents and settings\Alton\Application Data\alot\Resources\Button_9\images\2824_icon.png
c:\documents and settings\Alton\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp
c:\documents and settings\Alton\Application Data\alot\Resources\contextMenu\images\alot_icon.png
c:\documents and settings\Alton\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\Alton\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\Alton\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\Alton\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\Alton\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\Alton\Application Data\alot\Resources\Shared\images\discover.png
c:\documents and settings\Alton\Application Data\alot\Resources\Shared\images\intro_popup.png
c:\documents and settings\Alton\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\Alton\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\Alton\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\Alton\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\Alton\Application Data\alot\Resources\Shared\images\widget_btnconfig0.bmp
c:\documents and settings\Alton\Application Data\alot\Resources\Shared\images\widget_btnconfig1.bmp
c:\documents and settings\Alton\Application Data\alot\Resources\Shared\images\widget_btnrefresh0.bmp
c:\documents and settings\Alton\Application Data\alot\Resources\Shared\images\widget_btnrefresh1.bmp
c:\documents and settings\Alton\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\Alton\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\Alton\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\Alton\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\Alton\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\Alton\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\Alton\Application Data\alot\toolbar.xml
c:\documents and settings\Alton\Application Data\alot\toolbar.xml.backup
c:\documents and settings\Alton\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml
c:\documents and settings\Alton\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup
c:\documents and settings\Alton\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\Alton\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\documents and settings\Alton\Application Data\alot\Updater\Updater.xml
c:\documents and settings\Alton\Application Data\alot\Updater\Updater.xml.backup
c:\program files\alot
c:\program files\alot\alotUninst.exe
c:\program files\alot\bin\alot.dll
c:\recycler\S-1-5-21-1964796085-383976631-87637785-1046
c:\recycler\S-1-5-21-397487197-1983874311-3389466378-1005
c:\windows\expert
c:\windows\expert\Apps\Help.ico
c:\windows\expert\Apps\Home.exe
c:\windows\expert\Apps\Install.ico
c:\windows\expert\Apps\PDF.ICO
c:\windows\expert\Apps\Readme.ico
c:\windows\expert\Apps\Register.exe
c:\windows\expert\Apps\Support.exe
c:\windows\expert\X6820.INI

.
((((((((((((((((((((((((( Files Created from 2010-02-14 to 2010-03-14 )))))))))))))))))))))))))))))))
.

2010-03-13 21:26 . 2010-03-13 21:26 -------- d-----w- c:\program files\iPod
2010-03-13 21:26 . 2010-03-13 21:27 -------- d-----w- c:\program files\iTunes
2010-03-13 21:17 . 2010-03-13 21:17 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-09 01:30 . 2010-03-09 01:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-03-07 23:33 . 2010-03-14 00:14 -------- d-----w- c:\documents and settings\Alton\Local Settings\Application Data\AskToolbar
2010-03-07 22:02 . 2010-03-12 00:27 -------- d-----w- c:\documents and settings\Alton\Shared
2010-03-07 22:02 . 2010-03-12 00:27 -------- d-----w- c:\documents and settings\Alton\Incomplete
2010-03-07 22:00 . 2010-03-12 00:34 -------- d-----w- c:\documents and settings\Alton\Application Data\MP3Rocket
2010-03-07 22:00 . 2010-03-07 22:02 -------- d-----w- c:\program files\MP3 Rocket
2010-03-07 22:00 . 2010-03-07 22:00 -------- d-----w- c:\program files\Ask.com
2010-03-07 22:00 . 2010-03-07 22:00 -------- d-----w- C:\FIND_MOZ_EXT
2010-03-07 21:53 . 2010-03-07 21:53 -------- d-----w- c:\program files\ADF Opus
2010-03-06 06:09 . 2010-03-06 06:10 -------- d-----w- C:\QUAKE_SW
2010-03-06 04:13 . 2010-03-06 04:13 -------- d-----w- c:\program files\GNU
2010-03-06 04:04 . 2010-03-06 04:04 -------- d-----w- c:\program files\cvsnt
2010-03-06 03:41 . 2010-03-06 03:45 -------- d-----w- c:\documents and settings\Alton\.javaws141
2010-03-06 03:41 . 2010-03-06 03:41 503808 ----a-w- c:\documents and settings\Alton\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-42846e30-n\msvcp71.dll
2010-03-06 03:41 . 2010-03-06 03:41 499712 ----a-w- c:\documents and settings\Alton\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-42846e30-n\jmc.dll
2010-03-06 03:41 . 2010-03-06 03:41 348160 ----a-w- c:\documents and settings\Alton\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-42846e30-n\msvcr71.dll
2010-03-06 03:41 . 2010-03-06 03:41 61440 ----a-w- c:\documents and settings\Alton\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-79360996-n\decora-sse.dll
2010-03-06 03:41 . 2010-03-06 03:41 12800 ----a-w- c:\documents and settings\Alton\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-79360996-n\decora-d3d.dll
2010-03-06 03:40 . 2010-03-06 03:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-06 02:33 . 2010-03-06 02:35 -------- d-----w- c:\program files\Mutant Cronicles Doomtroopers
2010-03-05 03:05 . 2010-03-05 03:05 -------- d-----w- c:\documents and settings\Alton\Application Data\F-Secure
2010-03-05 02:54 . 2010-03-05 02:54 -------- d-sh--w- c:\documents and settings\Alton\IECompatCache
2010-03-04 04:03 . 2010-03-04 04:03 -------- d-----w- c:\windows\system32\XPSViewer
2010-03-04 04:03 . 2010-03-04 04:03 -------- d-----w- c:\program files\MSBuild
2010-03-04 04:02 . 2010-03-04 04:02 -------- d-----w- c:\program files\Reference Assemblies
2010-03-04 04:02 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-03-04 04:02 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-03-04 04:02 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-03-04 04:02 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-03-04 04:02 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-03-04 04:02 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-03-04 04:02 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-03-04 04:02 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-03-04 04:02 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-03-04 04:02 . 2010-03-04 04:02 -------- d-----w- C:\2326f7e6538dc43c07ff68b4
2010-03-04 01:13 . 2010-03-14 00:05 -------- d-----w- C:\DUKE3D
2010-03-04 01:12 . 2010-03-04 01:12 -------- d-----w- c:\program files\ReflexiveArcade
2010-03-03 23:40 . 2010-03-03 23:41 -------- d-----w- c:\program files\7-Zip
2010-03-03 00:20 . 2010-03-03 00:20 -------- d-----w- c:\documents and settings\Alton\Application Data\Malwarebytes
2010-03-02 23:44 . 2010-03-09 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-03-02 21:59 . 2010-03-02 21:59 -------- d-----w- c:\documents and settings\Alton\Local Settings\Application Data\Identities
2010-02-28 23:42 . 2010-02-28 23:42 -------- d-----w- c:\windows\system32\KB905474
2010-02-28 23:42 . 2009-03-11 04:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-02-28 23:42 . 2009-03-11 04:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2010-02-28 23:30 . 2010-02-28 23:30 -------- d-----w- c:\windows\ie8updates
2010-02-28 22:52 . 2009-12-21 19:14 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-28 22:52 . 2009-12-21 19:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-02-28 22:52 . 2009-12-21 19:14 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-28 22:52 . 2009-12-21 19:14 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-28 22:52 . 2009-12-21 19:14 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-02-28 22:52 . 2009-12-21 19:14 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-28 22:51 . 2005-07-26 04:39 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2010-02-28 22:51 . 2009-02-09 10:20 399360 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-02-28 22:51 . 2009-02-09 10:20 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-02-28 22:51 . 2009-02-09 10:20 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-02-28 22:51 . 2009-02-06 17:14 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-02-28 22:51 . 2009-02-06 16:39 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-02-28 22:51 . 2009-02-09 10:20 616960 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-02-28 22:51 . 2009-02-09 10:20 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-02-27 05:03 . 2010-02-27 05:03 -------- d-----w- c:\documents and settings\Alton\Local Settings\Application Data\Temp
2010-02-27 01:41 . 2010-02-27 01:41 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-25 01:55 . 2010-02-25 01:55 -------- d-sh--w- c:\documents and settings\Alton\PrivacIE
2010-02-25 01:54 . 2010-02-25 01:54 -------- d-sh--w- c:\documents and settings\Alton\IETldCache
2010-02-25 01:48 . 2010-02-25 01:50 -------- dc-h--w- c:\windows\ie8
2010-02-25 00:11 . 2010-02-25 00:11 -------- d-----w- c:\program files\CoolChaser Layout Auto Insert
2010-02-24 21:04 . 2010-02-24 21:04 -------- d-----w- c:\documents and settings\Alton\Local Settings\Application Data\Help
2010-02-24 20:57 . 2010-02-24 20:57 -------- d-----w- c:\program files\3DGroove
2010-02-24 20:18 . 2010-02-24 20:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-24 04:58 . 2010-02-24 04:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-24 04:46 . 2010-02-24 05:03 -------- d-----w- c:\documents and settings\Alton\Local Settings\Application Data\Google
2010-02-23 03:52 . 2010-02-23 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2010-02-23 03:52 . 2010-02-23 03:52 -------- d-----w- c:\program files\Common Files\Motive
2010-02-23 03:52 . 2010-02-23 03:52 -------- d-----w- c:\program files\CenturyLink
2010-02-23 03:52 . 2010-02-23 03:52 -------- d-----w- c:\program files\EMBARQ
2010-02-23 03:48 . 2010-02-23 03:48 -------- d-----w- c:\documents and settings\Alton\Application Data\AdobeUM
2010-02-21 14:35 . 2010-02-21 14:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\F-Secure
2010-02-21 14:35 . 2010-02-21 14:40 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-02-21 14:34 . 2009-08-05 15:57 80000 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2010-02-21 14:33 . 2010-03-13 19:06 -------- d-----w- c:\program files\CenturyLink Online Security
2010-02-21 14:31 . 2010-02-21 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
2010-02-21 14:30 . 2010-02-21 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
2010-02-19 00:24 . 2010-02-19 00:24 -------- d-sh--w- c:\documents and settings\Alton\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-13 21:48 . 2010-01-13 22:19 -------- d-----w- c:\documents and settings\Alton\Application Data\Apple Computer
2010-03-13 21:26 . 2010-01-13 22:15 -------- d-----w- c:\program files\Common Files\Apple
2010-03-13 21:16 . 2010-01-13 22:23 89360 ----a-w- c:\documents and settings\Alton\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-12 22:30 . 2009-12-17 19:22 -------- d-----w- c:\documents and settings\Alton\Application Data\U3
2010-03-09 21:48 . 2004-08-11 07:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-06 03:40 . 2004-09-30 17:44 -------- d-----w- c:\program files\Common Files\Java
2010-03-06 03:39 . 2004-09-30 17:46 -------- d-----w- c:\program files\Java
2010-02-25 00:12 . 2010-02-25 00:12 -------- d-----w- c:\documents and settings\Alton\Application Data\FCTB000060531
2010-02-25 00:11 . 2010-02-25 00:12 242688 ----a-w- c:\documents and settings\Alton\Application Data\FCTB000060531\Toolbar\Helper.dll
2010-02-25 00:11 . 2010-02-25 00:12 1505280 ----a-w- c:\documents and settings\Alton\Application Data\FCTB000060531\Toolbar\Toolbar.dll
2010-02-25 00:11 . 2010-02-25 00:12 115512 ----a-w- c:\documents and settings\Alton\Application Data\FCTB000060531\Toolbar\Uninst.exe
2010-02-24 04:58 . 2006-03-29 20:38 -------- d-----w- c:\program files\Google
2010-02-21 14:33 . 2004-09-30 18:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-21 14:33 . 2004-09-30 18:04 -------- d-----w- c:\program files\Symantec
2010-02-21 14:33 . 2005-08-04 14:58 -------- d-----w- c:\program files\Symantec AntiVirus
2010-02-21 14:33 . 2004-08-11 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-13 22:19 . 2010-01-13 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-13 22:17 . 2010-01-13 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-13 22:17 . 2010-01-13 22:17 -------- d-----w- c:\program files\Bonjour
2010-01-13 22:17 . 2010-01-13 22:16 -------- d-----w- c:\program files\QuickTime
2010-01-13 22:16 . 2010-01-13 22:16 -------- d-----w- c:\program files\Apple Software Update
2010-01-13 22:15 . 2010-01-13 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-13 01:54 . 2010-01-13 01:54 -------- d-----w- c:\documents and settings\Alton\Application Data\InterVideo
2010-01-13 01:31 . 2010-01-13 01:31 -------- d-----w- c:\documents and settings\Alton\Application Data\Sony Corporation
2010-01-06 22:39 . 2010-02-25 00:12 1477 ----a-w- c:\documents and settings\Alton\Application Data\FCTB000060531\Toolbar\patch.bat
2009-12-31 16:14 . 1980-01-01 07:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 06:59 . 2010-02-25 00:12 399360 ----a-w- c:\documents and settings\Alton\Application Data\FCTB000060531\Toolbar\RadioPlugin.dll
2009-12-29 06:28 . 2010-02-25 00:12 371712 ----a-w- c:\documents and settings\Alton\Application Data\FCTB000060531\Toolbar\RSSReader_plugin.dll
2009-12-29 06:28 . 2010-02-25 00:12 264704 ----a-w- c:\documents and settings\Alton\Application Data\FCTB000060531\Toolbar\statplugin.dll
2009-12-29 06:28 . 2010-02-25 00:12 395264 ----a-w- c:\documents and settings\Alton\Application Data\FCTB000060531\Toolbar\emailchecker_plugin.dll
2009-12-29 06:27 . 2010-02-25 00:12 277504 ----a-w- c:\documents and settings\Alton\Application Data\FCTB000060531\Toolbar\weatherplugin.dll
2009-12-29 06:27 . 2010-02-25 00:12 290816 ----a-w- c:\documents and settings\Alton\Application Data\FCTB000060531\Toolbar\msgboxplugin.dll
2009-12-21 19:14 . 1980-01-01 07:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 12:58 . 2003-02-19 20:24 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 1980-01-01 07:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2004-09-14 03:57 . 2004-09-30 17:37 94208 -c--a-w- c:\program files\mozilla firefox\components\BrandRes.dll
2004-09-14 03:57 . 2004-09-30 17:37 150912 -c--a-w- c:\program files\mozilla firefox\components\fullsoft.dll
2004-09-14 03:57 . 2004-09-30 17:37 53346 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2004-09-14 03:57 . 2004-09-30 17:37 61532 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2004-09-14 03:57 . 2004-09-30 17:37 24682 -c--a-w- c:\program files\mozilla firefox\components\qfaservices.dll
2004-09-14 03:57 . 2004-09-30 17:37 172132 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5aa14397-d310-447d-8548-2dd90218a07d}"= "c:\program files\CoolChaser Layout Auto Insert\Helper.dll" [2010-02-25 242688]

[HKEY_CLASSES_ROOT\clsid\{5aa14397-d310-447d-8548-2dd90218a07d}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{A62CAB86-DE12-4BEC-B7D7-F4F9B8EDB509}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-08 23:40 1362320 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC78E410-0EFA-4BEC-B283-D1DB1922F420}]
2010-02-25 00:11 1505280 ----a-w- c:\program files\CoolChaser Layout Auto Insert\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B0208007-27C1-4BCD-93EF-EFF5DB61FC22}"= "c:\program files\CoolChaser Layout Auto Insert\Toolbar.dll" [2010-02-25 1505280]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]

[HKEY_CLASSES_ROOT\clsid\{b0208007-27c1-4bcd-93ef-eff5db61fc22}]
[HKEY_CLASSES_ROOT\FCTB000060531.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{80E55E64-0B78-4AA3-B48A-6CBF0536832A}]
[HKEY_CLASSES_ROOT\FCTB000060531.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B0208007-27C1-4BCD-93EF-EFF5DB61FC22}"= "c:\program files\CoolChaser Layout Auto Insert\Toolbar.dll" [2010-02-25 1505280]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]

[HKEY_CLASSES_ROOT\clsid\{b0208007-27c1-4bcd-93ef-eff5db61fc22}]
[HKEY_CLASSES_ROOT\FCTB000060531.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{80E55E64-0B78-4AA3-B48A-6CBF0536832A}]
[HKEY_CLASSES_ROOT\FCTB000060531.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-24 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-04 380416]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-07-10 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-07-10 114688]
"Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 57344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"PDDM"="c:\program files\PatchLink\Update Agent\pddm.exe" [2005-08-09 419392]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-09-30 180269]
"F-Secure Manager"="c:\program files\CenturyLink Online Security\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\CenturyLink Online Security\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 setuid

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2004-06-04 03:05 32881 -c--a-w- c:\program files\Java\j2re1.4.2_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AllAlertsDisabled"=dword:00000001
"TermService"=dword:00000001
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\CoolChaser Layout Auto Insert\\TroubleShooter.exe"=
"c:\\Program Files\\CoolChaser Layout Auto Insert\\ToolbarUpdate.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2/21/2010 8:35 AM 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2/21/2010 8:34 AM 80000]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\CenturyLink Online Security\HIPS\drivers\fshs.sys [2/21/2010 8:34 AM 68064]
R2 CVS;CVSNT;c:\program files\cvsnt\cvsservice.exe [8/19/2004 2:39 AM 35328]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\CenturyLink Online Security\Anti-Virus\minifilter\fsgk.sys [2/21/2010 8:34 AM 107104]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\CenturyLink Online Security\ORSP Client\fsorsp.exe [2/21/2010 8:34 AM 55992]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/23/2010 10:58 PM 135664]
S3 net5213;3Com 3CRDAG675B Wireless LAN PCI Adapter Service;c:\windows\system32\drivers\net5213xp.sys [11/19/2009 10:28 AM 463232]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\CenturyLink Online Security\Anti-Virus\win2k\fsfilter.sys [2/21/2010 8:34 AM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\CenturyLink Online Security\Anti-Virus\win2k\fsrec.sys [2/21/2010 8:34 AM 25184]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - IPOD_SERVICE
.
Contents of the 'Scheduled Tasks' folder

2010-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 04:58]

2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 04:58]

2010-03-14 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-08 23:40]

2010-03-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-02-28 04:18]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=E5DCE31001CAB59A00160E7C&src_id=11077&camp_id=%3D145&tb_version=2.5.9000.490
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\CenturyLink Online Security\FSPS\program\FSLSP.DLL
Trusted Zone: kisd-patch
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.block.target_new_window", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external-default", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "0.10");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub", "0.10");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.name", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("network.protocols.useSystemDefaults", false); // set to true if user links should use system default handlers
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("network.protocol-handler.external.news" , true); // for news
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ibmmessages - c:\program files\IBM\Messages By IBM\ibmmessages.exe
Notify-NavLogon - (no file)
AddRemove-alotToolbar - c:\program files\alot\alotUninst.exe
AddRemove-binder - h:\favorites\binder\DeIsL1.isu
AddRemove-HijackThis - c:\documents and settings\Alton\Local Settings\Temporary Internet Files\Content.IE5\0VUUYHWA\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-13 18:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\setuid.dll
c:\program files\CenturyLink Online Security\FSPS\program\FSLSP.DLL
.
Completion time: 2010-03-13 18:56:49
ComboFix-quarantined-files.txt 2010-03-14 00:56

Pre-Run: 14,957,129,728 bytes free
Post-Run: 15,661,506,560 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - FB57044B442185AFD0248A92A9DD4036


Report •

#7
March 13, 2010 at 17:11:19
Go to start> control panel> java icon> settings> delete files> ok> ok.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

Please run the BitDefender online scan this link:
Bitdefender Online Scanner

Click I Agree to agree to the EULA.
Allow the ActiveX control to install when prompted.
Click Click here to scan to begin the scan.
Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
When the scan is finished, click on Click here to export the scan results.
Save the report to your desktop so you can post it in your next reply.


Report •

#8
March 13, 2010 at 17:24:05
do i need to turn off my defenses first like combofix?

Report •

#9
March 13, 2010 at 17:25:55
No, do not turn of your protection.

Report •

#10
March 13, 2010 at 18:22:58
won't update the virus definitions can't scan.

Report •

#11
March 13, 2010 at 18:25:08
Try this scanner.

Please run Esets online scanner from this link:

ESET

1. Note: You will need to use Internet explorer for this scan
2. Tick the box next to YES, I accept the Terms of Use.
3. Click Start
4. When asked, allow the activex control to install
5. Click Start
6. Make sure that the option Remove found threats is unticked ( I want to see what is found first), and the option Scan unwanted applications is checked
7. Click Scan
8. Wait for the scan to finish
9. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
10. Copy and paste that log in your next reply.


Report •

#12
March 13, 2010 at 18:34:13
can not receive update is proxy configured? thats what it said

Report •

#13
March 13, 2010 at 18:41:01
never mind i got it to work had to use a compatibility program

Report •

#14
March 13, 2010 at 18:56:41
get to 100% then says unexpected error 2002

Report •

#15
March 13, 2010 at 19:01:54
it happened twice can't install virus definitions fro this one either :(

Report •

#16
March 13, 2010 at 19:11:09
did the proxy thing again too and i dont have the custom proxy box checked something is wrong

Report •

#17
March 13, 2010 at 19:23:32
Run a scan with your own F-Secure antivirus and see what it finds.

Report •

#18
March 13, 2010 at 22:01:27
f-secure found nothing report as follows

Scanned:
Files: 49658
Not scanned: 8
Result:
Viruses: 0
Spyware: 0
Suspicious items: 0
Riskware: 0
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
Quarantined: 0
Failed: 0
Boot Sectors:
Scanned: 2
Infected: 0
Suspicious items: 0
Disinfected: 0
Files not scanned:
Cannot open file (click here for more info) C:\PAGEFILE.SYS
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ALTON\MY DOCUMENTS\INF_IMAGES.ZIP
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ALTON\MY DOCUMENTS\INF_MUSIC.ZIP
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ALTON\MY DOCUMENTS\INF_SOUNDS.ZIP
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ALTON\MY DOCUMENTS\M2_MAP_RESC.ZIP
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ALTON\MY DOCUMENTS\M2_MUSIC.ZIP
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ALTON\MY DOCUMENTS\M2_SOUNDS.ZIP
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ALTON\MY DOCUMENTS\MARATHON INFINITY\INF_MUSIC.ZIP


Report •

#19
March 13, 2010 at 22:11:58
but idk it still is alittle weird becuase my mouse is acting weird and the virus definition update didnt download
and i got bitdefender to work but it took forever and when it got through scanninng the timer went to 12:00 and it restarted the scan any thoughts

Report •

#20
March 14, 2010 at 10:31:25
well i don't no about the virus update going bad or bitdefender not working right but i did fix my own mouse problem. thanks for all of your help. if u have any ideas about what could've messed up bitdefender u can post them otherwise i'm good with your help i found and fixed alot of problems.

Report •

#21
March 14, 2010 at 10:37:40
The computer looks clean. There is a good chance that your antivirus did not let the active x componet load from the online scanner web sites or you may have missed the option to install it, usually a yellow bar at the bottom of your tools bar that you must click to allow the actice x componet to load. How is the computer operating?

The following scanner is also a good double check.

Please download SuperAntiSpyware free versioin or trial from the following link to your desktop:

SuperAntiSpyware


1. Open SuperAntiSpware from its icon and install and Update it
2. Under Scanner Options make sure the following are checked (leave all others unchecked):
3. Close browsers before scanning.
4. Scan for tracking cookies.
5. Terminate memory threats before quarantining.
6. Click the "Close" button to leave the control center screen and exit the program.
DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.

Now Scan with SuperAntiSpyware
1. Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
2. Perform a Complete scan. After scan,Verify they are all checked.
3. Click OK on the summary screen to quarantine all found items.
4. If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
1. Click Preferences, then click the Statistics/Logs tab.
2. Under Scanner Logs, double-click SuperAntiSpyware Scan Log.
3. If there are several logs, click the current dated log and press View log.
4. A text file will open in your default text editor.
5. Please copy and paste the Scan Log results in your next reply.
6. Click Close to exit the program.


Report •

#22
March 14, 2010 at 10:42:40
i'll run that scanner just to be sure.

Report •

#23
March 14, 2010 at 14:09:18
ok im going to post this log but i have a question after the run in with the popup i looked on f-secure to c if i had a virus i didnt find one with that description but i found another that fit the description of something thats been constantly trying to get on the internet this virus replicates itself as jushed.exe. it says it wants to start a process. should i be worried? here is the link.http://www.f-secure.com/v-descs/worm_w32_agent_ipz.shtml


Report •

#24
March 14, 2010 at 14:10:17
here is the log it killed 45 trackers

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/14/2010 at 02:16 PM

Application Version : 4.34.1000

Core Rules Database Version : 4672
Trace Rules Database Version: 2484

Scan type : Quick Scan
Total Scan Time : 01:10:14

Memory items scanned : 239
Memory threats detected : 0
Registry items scanned : 506
Registry threats detected : 0
File items scanned : 41722
File threats detected : 45

Adware.Tracking Cookie
C:\Documents and Settings\Alton\Cookies\alton@burstbeacon[1].txt
C:\Documents and Settings\Alton\Cookies\alton@tacoda[1].txt
C:\Documents and Settings\Alton\Cookies\alton@burstnet[2].txt
C:\Documents and Settings\Alton\Cookies\alton@www.burstnet[1].txt
C:\Documents and Settings\Alton\Cookies\alton@ad.wsod[2].txt
C:\Documents and Settings\Alton\Cookies\alton@smartadserver[2].txt
C:\Documents and Settings\Alton\Cookies\alton@adserver.adtechus[1].txt
C:\Documents and Settings\Alton\Cookies\alton@interclick[1].txt
C:\Documents and Settings\Alton\Cookies\alton@www.burstbeacon[1].txt
C:\Documents and Settings\Alton\Cookies\alton@content.yieldmanager[2].txt
C:\Documents and Settings\Alton\Cookies\alton@insightexpressai[1].txt
C:\Documents and Settings\Alton\Cookies\alton@content.yieldmanager[3].txt
C:\Documents and Settings\Alton\Cookies\alton@247realmedia[2].txt
C:\Documents and Settings\Alton\Cookies\alton@apmebf[2].txt
C:\Documents and Settings\Alton\Cookies\alton@trafficmp[2].txt
C:\Documents and Settings\Alton\Cookies\alton@tribalfusion[2].txt
C:\Documents and Settings\Alton\Cookies\alton@invitemedia[2].txt
C:\Documents and Settings\Alton\Cookies\alton@kontera[2].txt
C:\Documents and Settings\Alton\Cookies\alton@collective-media[1].txt
C:\Documents and Settings\Alton\Cookies\alton@a1.interclick[1].txt
.tacoda.net [ C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\ep55mnke.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\ep55mnke.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\ep55mnke.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\ep55mnke.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\ep55mnke.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\ep55mnke.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\ep55mnke.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\ep55mnke.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\ep55mnke.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\ep55mnke.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\ep55mnke.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\ep55mnke.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\ep55mnke.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\ep55mnke.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\ep55mnke.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\ep55mnke.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\ep55mnke.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\ep55mnke.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\ep55mnke.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\ep55mnke.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\ep55mnke.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\ep55mnke.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\ep55mnke.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\ep55mnke.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\ep55mnke.default\cookies.txt ]


Report •

#25
March 14, 2010 at 14:19:15
and i guess the tracking cookies were causing my glitchy mouse cause it seems to have all but disappeared

Report •

#26
March 14, 2010 at 14:35:35
i am also going to run an AVG scan and post the results

Report •

#27
March 14, 2010 at 14:45:18
never mind my century link wants it uninstalled and AVG wants centurylink uninstalled and i should have known it

Report •

Ask Question