Jump to content

Freddy58 virus


Recommended Posts

Hello,

Unfortunately my wife's laptop has been infected with the Freddy58/Koobface virus. We thought that we had removed the virus, but Internet Explorer and Firefox keep coming up with DNS errors, this happens when attempting to access anti virus sites.

I am also unable to update the MBAM, I keep getting the following error code, 732 (0,0)

Date: 8/3/2009

Database Version 2551

Fringerprints loaded 120579

I have download MBAM and HijackThis, below is what they have produced.

Malwarebytes' Anti-Malware 1.40

Database version: 2551

Windows 6.0.6001 Service Pack 1

18/08/2009 22:01:13

mbam-log-2009-08-18 (22-01-13).txt

Scan type: Quick Scan

Objects scanned: 88258

Time elapsed: 4 minute(s), 30 second(s)

Memory Processes Infected: 2

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 3

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

C:\Windows\freddy58.exe (Worm.KoobFace) -> Unloaded process successfully.

C:\Windows\pp11.exe (Worm.KoobFace) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\pp11.exe (Malware.Trace) -> Quarantined and deleted successfully.

C:\Windows\freddy58.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

c:\Windows\ld14.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

======

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:59:37, on 19/08/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Hp\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\3\3Connect\AutoUpdateSrv.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\System32\mobsync.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?sourceid=nav...GB&ie=UTF-8

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: Pregnancy Desktop.lnk = C:\Program Files\Pregnancy Desktop\Pregnancy Desktop.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Update Agent.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 9731 bytes

Link to post
Share on other sites

  • Staff

Hi Meki_j and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, pease visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Thanks for the reply,

Logs as requested.

=============

Malwarebytes' Anti-Malware 1.40

Database version: 2658

Windows 6.0.6001 Service Pack 1

21/08/2009 21:20:07

mbam-log-2009-08-21 (21-20-07).txt

Scan type: Quick Scan

Objects scanned: 88614

Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

============

ComboFix 09-08-20.07 - loubie 21/08/2009 21:28.1.2 - NTFSx86

Microsoft

Link to post
Share on other sites

Sorry forgot the hijack this log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:49:42, on 21/08/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?sourceid=nav...GB&ie=UTF-8

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: Pregnancy Desktop.lnk = C:\Program Files\Pregnancy Desktop\Pregnancy Desktop.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Update Agent.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 7739 bytes

Link to post
Share on other sites

  • Staff

Hi,

Database version: 2658
The latest database version is past 2670. Please update MBAM, run a Quick Scan, and post its log.

Next, please go to VirusTotal, and upload the following files for analysis:

c:\windows\ectbbyn.dat

c:\windows\ex1234.dat

Post the results in your reply.

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-screen317

Link to post
Share on other sites

Hi,

Have tried to update off-line, as whenever I try on the infected computer, I get the message,

An Error has occured,

Error code 732 (0,0)

The most recent offline update I could get was

database version 2667.

Where can I download the most recent update?

Cheers

Link to post
Share on other sites

  • Staff

Meki_j,

Thanks for letting me know.

1. Uninstall Malwarebytes' Anti-Malware using Add or Remove programs in the Control Panel.

2. Restart your computer (very important).

3. Download and run this utility.

4. It will ask to restart your computer (please allow it to).

5. After the computer restarts, install the latest version from here.

Note: You will need to reactivate the program using the license you were sent via e-mail if you purchased the program.

Try updating it now.

-screen317

Link to post
Share on other sites

Thanks for all your help so far.

Did as you asked for the ex1234.dat file, couldnt find the ectbbyn.dat file, think mbam must have deleted it.

=========

Malwarebytes' Anti-Malware 1.40

Database version: 2672

Windows 6.0.6001 Service Pack 1

21/08/2009 23:10:12

mbam-log-2009-08-21 (23-10-12).txt

Scan type: Quick Scan

Objects scanned: 89913

Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 4

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\program files\ddnsfilter\ddnsfilter.dll (Worm.KoobFace) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ddnsfilter (Worm.KoobFace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ddnsfilter (Worm.KoobFace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ddnsfilter (Worm.KoobFace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsFilter (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ddnsfilter (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\DDnsFilter (Trojan.DNSChanger) -> Delete on reboot.

Files Infected:

c:\program files\ddnsfilter\ddnsfilter.dll (Worm.KoobFace) -> Delete on reboot.

C:\Windows\System32\drivers\DnsFilter.sys (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\Windows\ectbbyn.dat (KoobFace.Trace) -> Quarantined and deleted successfully.

C:\Windows\0535251103110107106.yux (KoobFace.Trace) -> Quarantined and deleted successfully.

==============

Antivirus Version Last Update Result

a-squared 4.5.0.24 2009.08.21 -

AhnLab-V3 5.0.0.2 2009.08.21 -

AntiVir 7.9.1.3 2009.08.21 -

Antiy-AVL 2.0.3.7 2009.08.21 -

Authentium 5.1.2.4 2009.08.21 -

Avast 4.8.1335.0 2009.08.21 -

AVG 8.5.0.406 2009.08.22 -

BitDefender 7.2 2009.08.21 -

CAT-QuickHeal 10.00 2009.08.21 -

ClamAV 0.94.1 2009.08.21 -

Comodo 2050 2009.08.22 -

DrWeb 5.0.0.12182 2009.08.21 -

eSafe 7.0.17.0 2009.08.20 -

eTrust-Vet 31.6.6694 2009.08.21 -

F-Prot 4.4.4.56 2009.08.21 -

F-Secure 8.0.14470.0 2009.08.21 -

Fortinet 3.120.0.0 2009.08.21 -

GData 19 2009.08.21 -

Ikarus T3.1.1.68.0 2009.08.21 -

Jiangmin 11.0.800 2009.08.21 -

K7AntiVirus 7.10.824 2009.08.21 -

Kaspersky 7.0.0.125 2009.08.21 -

McAfee 5716 2009.08.21 -

McAfee+Artemis 5716 2009.08.21 -

McAfee-GW-Edition 6.8.5 2009.08.21 -

Microsoft 1.4903 2009.08.21 -

NOD32 4357 2009.08.21 -

Norman 6.01.09 2009.08.21 -

nProtect 2009.1.8.0 2009.08.21 -

Panda 10.0.0.14 2009.08.21 -

PCTools 4.4.2.0 2009.08.21 -

Prevx 3.0 2009.08.22 -

Rising 21.43.44.00 2009.08.21 -

Sophos 4.44.0 2009.08.21 -

Sunbelt 3.2.1858.2 2009.08.21 -

Symantec 1.4.4.12 2009.08.21 -

TheHacker 6.3.4.3.384 2009.08.21 -

TrendMicro 8.950.0.1094 2009.08.21 -

VBA32 3.12.10.9 2009.08.20 -

ViRobot 2009.8.21.1895 2009.08.21 -

VirusBuster 4.6.5.0 2009.08.21 -

Additional information

File size: 4283 bytes

MD5...: e6a4b81e989fd3c823a2e4037868d5cd

SHA1..: 0c9b140a54a5418ac5e6d86fa055e87a6e031b55

SHA256: 4e8b9cfe3de4e6392db77700d6c5cf91651cad1434a93f443684e289aac748e3

ssdeep: 96:Ugzksh7HkStc270c4cYpII8rIsDGIRhdKfxBBSGPddwM6I:Ugzksh4Suw0HIS

HIRh6bldd/

PEiD..: -

TrID..: File type identification

Unknown!

PEInfo: -

PDFiD.: -

RDS...: NSRL Reference Data Set

-

==============

Scanning Report

Saturday, August 22, 2009 09:23:20 - 11:56:25

Computer name: LOUBIE-PC

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\ D:\

--------------------------------------------------------------------------------

3 malware found

TrackingCookie.2o7 (spyware)

System (Disinfected)

TrackingCookie.Atdmt (spyware)

System (Disinfected)

TrackingCookie.Doubleclick (spyware)

System (Disinfected)

--------------------------------------------------------------------------------

Statistics

Scanned:

Files: 502141

System: 3944

Not scanned: 140

Actions:

Disinfected: 3

Renamed: 0

Deleted: 0

Not cleaned: 0

Submitted: 0

Files not scanned:

C:\PAGEFILE.SYS

C:\WINDOWS\SYSTEM32\CONFIG\SAM

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS

C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS

C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE

C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM

C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM

C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB

C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB

C:\USERS\LOUBIE\LOCAL SETTINGS\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DA

C:\USERS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DA

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DAT

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DAT

C:\USERS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DAT

C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DA

C:\DOCUMENTS AND SETTINGS\LOUBIE\LOCAL SETTINGS\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DA

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR HISTORY\COUNTERS

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\GOOGLE\TOOLBAR

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DAT

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DAT

C:\DOCUMENTS AND SETTINGS\LOUBIE\APPDATA\LOCAL\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DATA\APPLICATION DAT

C:\BOOT\BCD

--------------------------------------------------------------------------------

Options

Scanning engines:

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

Use advanced heuristics

--------------------------------------------------------------------------------

Copyright

Link to post
Share on other sites

  • Staff

Hi,

Before we continue, please go to this website, and complete the form as follows:

Link to topic where this file was requested:http://www.malwarebytes.org/forums/index.php?showtopic=22059

Browse to the file you want to submit:

Click Browse, and navigate to the following file:

c:\windows\ex1234.dat

Leave any comments, further information about this file, or contact information: Koobface leftover dross.

Repeat with c:\windows\ex23567.dat

Delete c:\windows\ex1234.dat and c:\windows\ex23567.dat afterward.

Restart your computer, update MBAM, run a Quick Scan, and post its log.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java™ 6 Update 13

Java™ 6 Update 2

Adobe Reader 8.1.3

Restart your computer.

Get the latest version of Java and Adobe Reader.

Let me know how things are running now.

-screen317

Link to post
Share on other sites

Hi,

Coulding find c:\windows\ex23567.dat but did upload ex1234.dat

Log as requested....

Malwarebytes' Anti-Malware 1.40

Database version: 2681

Windows 6.0.6001 Service Pack 1

23/08/2009 07:26:04

mbam-log-2009-08-23 (07-26-04).txt

Scan type: Quick Scan

Objects scanned: 90955

Time elapsed: 4 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Hi.

Good to hear. :lol:

Delete SecurityCheck.

AFter that, navigate to Start --> Run, and type Combofix /u in the box that appears. Click OK afterwards. Notice the space between the X and the /u

This uninstalls all of ComboFix's components.

Next, it is absolutely essential that you upgrade to Windows Vista Service Pack 2. Service Pack 1, which is what you currently have, has vulnerabilities that leave you wide open for re-infection. To upgrade, please navigate to Start --> type in Windows Update --> click Windows Update, and download all Critical Updates, including Service Pack 2.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

3) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

5) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

6) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.