xaflb program?

jackz4000 · Jul 8, 2010

My Zonealarm today gives me a prompt to allow or deny internet access to a program named "xaflb"??? Does anyone know what xaflb is???

I'm curious because Avast has been blocking alot of intrusions while I'm on the internet and malwarebytes has found a couple infections. Just removed "rogue installer" last night. Thanks

johnb35 · Jul 8, 2010

Sounds like malware to me but not at home to research it. Might want to post a hijackthis log in case you are still infected.

jackz4000 · Jul 8, 2010

I'm today getting alot of redirected webpages especially if I type in Microsoft or Malwarebytes...gets crazy.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:40:48 PM, on 7/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1264438132609
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1264438108755
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9338 bytes

johnb35 · Jul 9, 2010

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Download this file here :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Then double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.

In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running

jackz4000 · Jul 9, 2010

I can't download the program. I keep getting an error message that I can't use the combofix name and to use a different alphanumeric combination. Not clear what to do?

My big worry is I can't update Malwarebytes or Windows XP. Acts strange when I google Malwarebytes or Microsoft and I get redirected to other strange pages I never go to. Like the yellowpages. I've looked for a backdoor at Microsoft to update but haven't found one. I get the IE "this page is not available".

I know there is something funky in there but I just can't find it. I just started getting help from Malwarebytes.

Heres a new HiJack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:36 PM, on 7/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\IObit\Advanced SystemCare 3\Awc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1264438132609
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1264438108755
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9262 bytes

johnb35 · Jul 9, 2010

Redownload combofix but this time save it as combo-fix not combofix and then run it safe mode if it won't run in regular mode.

jackz4000 · Jul 9, 2010

Ok John this took a little time, had some problems. Also have a GMER log too.

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
.

2010-07-08 20:58 . 2010-07-08 20:58 -------- d-----w- c:\documents and settings\User1\Application Data\IObit
2010-07-08 20:20 . 2010-07-08 20:20 -------- d-----w- c:\program files\Trend Micro
2010-07-08 19:21 . 2010-07-08 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-07-08 19:21 . 2010-07-08 20:58 -------- d-----w- c:\program files\IObit
2010-07-08 15:19 . 2010-07-08 15:19 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-07-08 15:18 . 2010-07-08 15:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-07 22:57 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-07 22:57 . 2010-07-07 22:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-07 22:57 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-06 22:02 . 2010-07-06 22:02 -------- d-----w- c:\documents and settings\User1\Application Data\CheckPoint
2010-07-06 22:01 . 2010-07-06 22:16 -------- d-----w- c:\documents and settings\User1\Local Settings\Application Data\Conduit
2010-07-06 22:01 . 2010-07-06 22:16 -------- d-----w- c:\documents and settings\User1\Local Settings\Application Data\ZoneAlarm
2010-07-06 22:01 . 2010-07-06 22:01 -------- d-----w- c:\program files\Conduit
2010-07-06 22:01 . 2010-07-06 22:01 -------- d-----w- c:\program files\ZoneAlarm
2010-07-06 22:01 . 2010-07-06 22:01 -------- d-----w- c:\program files\CheckPoint
2010-06-30 19:38 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-23 15:37 . 2010-06-23 15:37 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb10.tmp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 01:32 . 2010-07-09 01:33 3637248 ----a-w- c:\windows\Internet Logs\xDB1D.tmp
2010-07-09 00:47 . 2007-01-04 13:31 35215255 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-07-09 00:46 . 2010-07-09 00:47 3592704 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2010-07-09 00:46 . 2010-07-09 00:47 81920 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
2010-07-08 01:00 . 2010-07-08 14:42 452096 ----a-w- c:\windows\Internet Logs\xDB19.tmp
2010-07-08 01:00 . 2010-07-08 14:42 3510784 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
2010-07-06 22:01 . 2006-10-02 21:14 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-06-28 20:57 . 2006-10-02 21:41 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2006-10-02 21:41 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-04-08 18:54 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2006-10-02 21:41 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2006-10-02 21:41 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2006-10-02 21:41 94544 -c--a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2008-04-08 18:54 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2006-10-02 21:41 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-25 15:42 . 2010-06-25 15:45 179200 ----a-w- c:\windows\Internet Logs\xDB18.tmp
2010-06-23 17:51 . 2009-02-24 16:14 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-06-23 17:51 . 2006-10-03 14:00 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-06-23 17:51 . 2006-10-03 14:00 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-06-22 21:31 . 2010-06-22 21:34 3176960 ----a-w- c:\windows\Internet Logs\xDB17.tmp
2010-06-22 21:31 . 2010-06-22 21:34 31232 ----a-w- c:\windows\Internet Logs\xDB16.tmp
2010-06-22 21:24 . 2010-06-22 21:28 3176960 ----a-w- c:\windows\Internet Logs\xDB15.tmp
2010-06-22 21:24 . 2010-06-22 21:28 23552 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2010-06-22 21:12 . 2010-06-22 21:23 3176448 ----a-w- c:\windows\Internet Logs\xDB13.tmp
2010-06-22 21:12 . 2010-06-22 21:23 1591808 ----a-w- c:\windows\Internet Logs\xDB12.tmp
2010-05-11 14:18 . 2010-05-11 14:19 505856 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2010-05-04 23:13 . 2010-05-05 13:54 3100160 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2010-05-02 23:28 . 2010-05-03 14:46 3099136 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-04-30 23:54 . 2010-05-01 14:39 3098112 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-04-29 23:38 . 2010-04-30 18:00 3097600 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-04-28 14:22 . 2010-04-28 14:31 462336 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-04-12 21:14 . 2010-04-12 21:16 2255872 ----a-w- c:\windows\Internet Logs\xDBB.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2010-05-09 15:50 2517088 ----a-w- c:\program files\ZoneAlarm\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-06 339968]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2004-06-17 409664]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2004-05-24 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 49263]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-05-30 77824]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-09 524632]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-11-25 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-06-17 17:14 180290 ----a-w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/8/2008 2:54 PM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/8/2008 2:54 PM 17744]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [7/8/2010 3:21 PM 312152]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [5/26/2010 9:35 AM 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [5/26/2010 9:35 AM 493032]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [4/21/2005 11:58 PM 92550]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2010 8:46 AM 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-06-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:41]

2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 12:43]

2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 12:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

AddRemove-KB913433 - c:\windows\system32\MacroMed\Flash\genuinst.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\User1\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-08 22:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-790525478-813497703-1060284298-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\LgNotify.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(940)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'explorer.exe'(596)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-07-08 22:06:11
ComboFix-quarantined-files.txt 2010-07-09 02:05

Pre-Run: 29,430,382,592 bytes free
Post-Run: 29,401,120,768 bytes free

- - End Of File - - C68BA69E9C9ABC173224C26E3A2321E3

johnb35 · Jul 9, 2010

Lets get rid of some software issues first. Please give me an uninstall list using hijackthis.

Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save and save the file, then copy and paste the log back here.

Please only post in this thread from now on. Do not post in your other thread as things will start to get confusing.

http://www.computerforum.com/178863-cant-update-windows-xp-malwarebytes.html

softe · Jul 9, 2010

couldn't find much on xaflb, so seems like a virus or spyware of some sort

jackz4000 · Jul 9, 2010

Ok John. Since Combofix I was able to Update Windows XP, only a month since my last update, but for the last 3 days I could not get near Microsoft update...but I still can't update Malwarebytes. There was/is something in my laptop. I think this was all a shock to my system and something changed some internet settings and more on me. Could not use IE for over an hour tonight and my connection great. I also found Combofix to be delicate...but it did something positive I know. I'll do the Hijack uninstall tomorrow. Otherwise, my laptop is now running better--but more to do. Thank you for the guidance--I needed it bad. Jack

johnb35 · Jul 9, 2010

Uninstall malwarebytes and reinstall it to see if you can update it. i actually had to do that one time and it worked. Keep me updated. And yes there is more cleaning to do.

jackz4000 · Jul 9, 2010

softe said:
couldn't find much on xaflb, so seems like a virus or spyware of some sort

Thaks, I couldn't find anything about it either and it looked suspicious prompting me for internet access on my Zonealarm Firewall. Last 4 days my laptop has been strange. So, deny. I think I have recently received some creepy crawly bugs. I think I'm getting it from webpages like CNN, CBS, NYT, etc.

jackz4000 · Jul 9, 2010

johnb35 said:
Uninstall malwarebytes and reinstall it to see if you can update it. i actually had to do that one time and it worked. Keep me updated. And yes there is more cleaning to do.

I'll try that tomorrow John. I uninstalled my previous copy when I got the MBAB_UPDARE_ERROR 12007 Winhttp and I though my copy was corrupted and installed a new one with the same problem. Anyway I'm in touch with support at Malwarebytes. Y'know there are phoney sites for them?

johnb35 · Jul 9, 2010

The only 2 sites I recommend are theirs and cnet's download site. I'll be waiting for the other logs tomorrow.

jackz4000 · Jul 9, 2010

johnb35 said:
Lets get rid of some software issues first. Please give me an uninstall list using hijackthis.

Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save and save the file, then copy and paste the log back here.

Please only post in this thread from now on. Do not post in your other thread as things will start to get confusing.

http://www.computerforum.com/178863-cant-update-windows-xp-malwarebytes.html

Ok, here we go:

Ad-Aware
Ad-Aware
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player
Advanced SystemCare 3
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
avast! Free Antivirus
Broadcom Gigabit Integrated Controller
CardRd81
CCScore
C-Major Audio
Conexant D480 MDC V.92 Modem
CR2
Dell Wireless WLAN Card
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PROSet
InterVideo WinDVD
IObit Security 360
J2SE Runtime Environment 5.0 Update 9
kgcbase
Kodak EasyShare software
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Word 2000
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
OfotoXMI
QuickTime
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
SFR
SHASTA
skin0001
SKINXSDK
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
staticcr
tooltips
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VC 9.0 Runtime
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
Windows XP Service Pack 3
WIRELESS
ZoneAlarm
ZoneAlarm Spy Blocker
ZoneAlarm Toolbar

jackz4000 · Jul 9, 2010

I tried uninstalling/reinstalling a couple times with no success at updating Malwarebytes.

johnb35 · Jul 9, 2010

Please uninstall the following items via add/remove programs in control panel.

Ad-Aware Use malwarebytes instead
Adobe Reader 7.0.8
J2SE Runtime Environment 5.0 Update 9
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)

You have 2 antivirus programs installed.

avast! Free Antivirus
IObit Security 360

Figure out which one you want to use and uninstall the other one as you can't have 2 active antivirus programs installed at the same time.

Download the latest version of adobe reader and Java from here.

http://www.java.com/en/download/index.jsp

http://get.adobe.com/reader/?promoid=BUIGO

Just make sure you uncheck mcafee security scan before downloading.

Download and run rkill.scr but do not reboot the computer and then try updating malwarebytes.

jackz4000 · Jul 9, 2010

Thanks John I uninstalled most of those programs, more tomorrow. Avast keeps blocking junk thrown at me while I'm on the internet. Probably 5 blocks per day which is a very new thing. Scan just showed another copy of WIN32 Alueron-cy. This all began within the last week previously I seldom ever had any infections.

Malwarebytes support thinks I have a problem with my DNS network interface to their website. I dunno.

johnb35 · Jul 9, 2010

Download and run Superantispyware

http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html

Make sue its fully updated befoe running. Please post the log after its done. You can find the log by click on preferences button on the main page and then click on the statistics/logs tab and then open the log, copy and paste back here.

jackz4000 · Jul 10, 2010

johnb35 said:
Download and run Superantispyware

http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html

Make sue its fully updated befoe running. Please post the log after its done. You can find the log by click on preferences button on the main page and then click on the statistics/logs tab and then open the log, copy and paste back here.

This is the quick scan:SUPERAntiSpyware Scan Log, all quarantined: Remove?

http://www.superantispyware.com

Generated 07/10/2010 at 12:16 PM

Application Version : 4.40.1002

Core Rules Database Version : 5180
Trace Rules Database Version: 2992

Scan type : Quick Scan
Total Scan Time : 00:16:31

Memory items scanned : 575
Memory threats detected : 1
Registry items scanned : 2041
Registry threats detected : 1
File items scanned : 5316
File threats detected : 261

Heuristic.Backdoor
C:\DOCUMENTS AND SETTINGS\USER1\APPLICATION DATA\SYSTEMPROC\LSASS.EXE
C:\DOCUMENTS AND SETTINGS\USER1\APPLICATION DATA\SYSTEMPROC\LSASS.EXE

Trojan.Agent/Gen-Koobface
[RTHDBPL] C:\DOCUMENTS AND SETTINGS\USER1\APPLICATION DATA\SYSTEMPROC\LSASS.EXE

Adware.Tracking Cookie
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][3].txt
C:\Documents and Settings\User1\Cookies\user1@clickorlando[1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][8].txt
C:\Documents and Settings\User1\Cookies\user1@collective-media[2].txt
C:\Documents and Settings\User1\Cookies\user1@vermontcountryproperties[2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\user1@tns-counter[1].txt
C:\Documents and Settings\User1\Cookies\user1@dmtracker[1].txt
C:\Documents and Settings\User1\Cookies\[email protected][3].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][6].txt
C:\Documents and Settings\User1\Cookies\[email protected][4].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\user1@bizzclick[2].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\user1@specificmedia[1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\user1@adlegend[2].txt
C:\Documents and Settings\User1\Cookies\user1@accountonline[2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\user1@chitika[1].txt
C:\Documents and Settings\User1\Cookies\user1@legolas-media[2].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\user1@tacoda[2].txt
C:\Documents and Settings\User1\Cookies\user1@intermundomedia[2].txt
C:\Documents and Settings\User1\Cookies\user1@eyewonder[2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\user1@yieldmanager[2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\user1@invitemedia[2].txt
C:\Documents and Settings\User1\Cookies\user1@mediaonenetwork[1].txt
C:\Documents and Settings\User1\Cookies\[email protected][3].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][8].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\user1@backcountryoutlet[1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][7].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\user1@adcentriconline[2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][3].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][5].txt
C:\Documents and Settings\User1\Cookies\[email protected][4].txt
C:\Documents and Settings\User1\Cookies\user1@thefind[1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][3].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\user1@firsttracksonline[1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\user1@lucidmedia[2].txt
C:\Documents and Settings\User1\Cookies\user1@govtrack[2].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\user1@stormingmedia[2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\user1@theclickworldwide[1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][7].txt
C:\Documents and Settings\User1\Cookies\user1@toplist[1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\user1@media-coloradoski[2].txt
C:\Documents and Settings\User1\Cookies\user1@lfstmedia[2].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\user1@toplist[3].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\user1@steelhousemedia[2].txt
C:\Documents and Settings\User1\Cookies\user1@mediadakine[1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\user1@liveperson[7].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\user1@sexy-models[2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][9].txt
C:\Documents and Settings\User1\Cookies\user1@adxpose[1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][10].txt
C:\Documents and Settings\User1\Cookies\user1@youngfemalemodelscare[2].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\user1@adminfinder[2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\user1@myroitracking[2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\user1@vermontcountryrealestate[2].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\user1@acronymfinder[1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\user1@clicksor[1].txt
C:\Documents and Settings\User1\Cookies\user1@lockedonmedia[1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\user1@snocountry[1].txt
C:\Documents and Settings\User1\Cookies\user1@windblownmedia[1].txt
C:\Documents and Settings\User1\Cookies\user1@edgeadx[1].txt
C:\Documents and Settings\User1\Cookies\user1@liveperson[3].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\user1@bookfinds[2].txt
C:\Documents and Settings\User1\Cookies\user1@liveperson[4].txt
C:\Documents and Settings\User1\Cookies\user1@1000adultpersonals[1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\user1@eldoradocountyweather[2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\user1@rev-tracker[1].txt
C:\Documents and Settings\User1\Cookies\user1@avcounter10[1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\user1@apartmentfinder[1].txt
C:\Documents and Settings\User1\Cookies\user1@theclickcheck[2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\user1@adecn[2].txt
C:\Documents and Settings\User1\Cookies\user1@naked[1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\user1@homefinder[1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][3].txt
C:\Documents and Settings\User1\Cookies\user1@nakedcapitalism[2].txt
C:\Documents and Settings\User1\Cookies\user1@adknowledge[1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\user1@liveperson[1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\user1@investorsinsight[2].txt
C:\Documents and Settings\User1\Cookies\user1@liveperson[5].txt
C:\Documents and Settings\User1\Cookies\user1@amex-insights[1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\user1@stopzilla[1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\user1@worldmapfinder[2].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\[email protected][1].txt
C:\Documents and Settings\User1\Cookies\user1@skicountryrealestate[1].txt
C:\Documents and Settings\User1\Cookies\user1@admarketplace[1].txt
C:\Documents and Settings\User1\Cookies\[email protected][2].txt
C:\Documents and Settings\User1\Cookies\user1@liveperson[6].txt
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\XSM32HWJ ]
a.ads2.msads.net [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
a.media.abcfamily.go.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
ads1.msn.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
ads2.msads.net [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
ads2.msn.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
atdmt.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
b.ads2.msads.net [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
broadcast.piximedia.fr [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
cache.specificmedia.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
cdn.insights.gravity.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
cdn2.specificmedia.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
cdn4.specificclick.net [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
convoad.technoratimedia.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
core.insightexpressai.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
ds.serving-sys.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
ec.atdmt.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
googleads.g.doubleclick.net [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
hs.interpolls.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
ia.media-imdb.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
insight.randomhouse.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
interclick.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
m1.2mdn.net [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
macromedia.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
media-natgeo.pictela.net [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
media-ti.pictela.net [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
media-ut.pictela.net [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
media.jambocast.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
media.kgw.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
media.mtvnservices.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
media.resulthost.org [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
media.scanscout.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
media.tattomedia.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
media.thewb.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
media.timetric.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
media.winknews.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
media1.break.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
media10.washingtonpost.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
msnbcmedia.msn.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
objects.tremormedia.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
oddcast.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
richmedia247.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
rmd.atdmt.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
s0.2mdn.net [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
serving-sys.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
spe.atdmt.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
speed.pointroll.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
static.2mdn.net [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
udn.specificclick.net [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]
windblownmedia.com [ C:\Documents and Settings\User1\Application Data\Macromedia\Flash Player\#SharedObjects\BG9AVUX3 ]

Adware.Flash Tracking Cookie
C:\Documents and Settings\User1\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BG9AVUX3\A.ADS2.MSADS.NET
C:\Documents and Settings\User1\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BG9AVUX3\ADS2.MSADS.NET
C:\Documents and Settings\User1\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BG9AVUX3\B.ADS2.MSADS.NET

xaflb program?

New Member

Administrator

New Member

Administrator

New Member

Administrator

New Member

Administrator

New Member

New Member

Administrator

New Member

New Member

Administrator

New Member

New Member

Administrator

New Member

Administrator

New Member