26 replies to this topic

[mya91728]

Logfile of HijackThis v1.99.1
Scan saved at 12:29:00 PM, on 7/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Napster\napster.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BigFix\bigfix.exe
C:\WINDOWS\system32\javaw.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/N.../3560/homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.partypoke...nstallstart.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {100B21CD-3B97-44FB-B1C0-EA6249E482E8} - C:\WINDOWS\ddesupport.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [SprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [NI.UWA7P_0001_N91M0809] "c:\documents and settings\owner\application data\winantiviruspro2007freeinstall[1].exe" -nag
O4 - HKLM\..\Run: [NI.UWAS7_0001_N91M2703] "c:\documents and settings\owner\application data\winantispyware2007freeinstall[1].exe" -nag
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_5
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119w.bay119.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: msole - {7EFD3873-0C69-44DE-9C5D-B4094E064F79} - C:\WINDOWS\msole.dll
O21 - SSODL: msdde - {1295C077-3AED-4F8A-B95C-7B93615A5982} - C:\WINDOWS\msdde.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

BitDefender Online Scanner - Real Time Virus Report



Generated at: Wed, Jul 04, 2007 - 09:44:32


--------------------------------------------------------------------------------





Scan Info



Scanned Files
200341

Infected Files
15








Virus Detected



DeepScan:Generic.Downloader.NXM.956ACC09
1

Generic.Adware.BHO.NXM.C47DBF25
1

Trojan.Fakealert.FB
2

Trojan.Downloader.JISW
3

Application.JS.ForcePopup.I
2

DeepScan:Generic.Downloader.NXM.9DC94C98
1

DeepScan:Generic.Zlob.7.D4B41E4D
2

Trojan.WinFixer.AI
2

Trojan.MovieLand.A
1

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/04/2007 at 11:10 AM

Application Version : 3.9.1008

Core Rules Database Version : 3265
Trace Rules Database Version: 1276

Scan type : Complete Scan
Total Scan Time : 00:31:02

Memory items scanned : 413
Memory threats detected : 0
Registry items scanned : 5317
Registry threats detected : 99
File items scanned : 32030
File threats detected : 692

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}#AppID
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\InprocServer32
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\InprocServer32#ThreadingModel
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\ProgID
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\Programmable
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\TypeLib
HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\VersionIndependentProgID
C:\WINDOWS\SYSTEM32\ENTRY.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Owner\cookies\owner@cs.sexcounter[2].txt
C:\Documents and Settings\Owner\cookies\owner@www.upspiral[1].txt
C:\Documents and Settings\Owner\cookies\owner@cgi-bin[7].txt
C:\Documents and Settings\Owner\cookies\owner@yourmedia[1].txt
C:\Documents and Settings\Owner\cookies\owner@a.websponsors[1].txt
C:\Documents and Settings\Owner\cookies\owner@updates.liquiddigitalmedia[2].txt
C:\Documents and Settings\Owner\cookies\owner@free-porn-lord[2].txt
C:\Documents and Settings\Owner\cookies\owner@edge.ru4[2].txt
C:\Documents and Settings\Owner\cookies\owner@amaena[1].txt
C:\Documents and Settings\Owner\cookies\owner@web-stat[2].txt
C:\Documents and Settings\Owner\cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner\cookies\owner@roiservice[1].txt
C:\Documents and Settings\Owner\cookies\owner@cz7.clickzs[2].txt
C:\Documents and Settings\Owner\cookies\owner@cgi-bin[4].txt
C:\Documents and Settings\Owner\cookies\owner@hc2.humanclick[2].txt
C:\Documents and Settings\Owner\cookies\owner@www.xxxmatureclips[2].txt
C:\Documents and Settings\Owner\cookies\owner@free.wegcash[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@image.masterstats[1].txt
C:\Documents and Settings\Owner\cookies\owner@bs.serving-sys[2].txt
C:\Documents and Settings\Owner\cookies\owner@client.roiadtracker[1].txt
C:\Documents and Settings\Owner\cookies\owner@valueclick[2].txt
C:\Documents and Settings\Owner\cookies\owner@server.iad.liveperson[5].txt
C:\Documents and Settings\Owner\cookies\owner@22992168[2].txt
C:\Documents and Settings\Owner\cookies\owner@partygaming.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@movieland[2].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-fitness.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@msnservices.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@questionmarket[1].txt
C:\Documents and Settings\Owner\cookies\owner@findwhat[1].txt
C:\Documents and Settings\Owner\cookies\owner@tremor.adbureau[2].txt
C:\Documents and Settings\Owner\cookies\owner@keywordmax[1].txt
C:\Documents and Settings\Owner\cookies\owner@cgi-bin[2].txt
C:\Documents and Settings\Owner\cookies\owner@ads.us.e-planning[1].txt
C:\Documents and Settings\Owner\cookies\owner@cgi-bin[3].txt
C:\Documents and Settings\Owner\cookies\owner@estat[1].txt
C:\Documents and Settings\Owner\cookies\owner@sexlist[2].txt
C:\Documents and Settings\Owner\cookies\owner@bannerspace[1].txt
C:\Documents and Settings\Owner\cookies\owner@counter7.sextracker[2].txt
C:\Documents and Settings\Owner\cookies\owner@www.matureporntv[1].txt
C:\Documents and Settings\Owner\cookies\owner@mem03.splash.sexsearch[1].txt
C:\Documents and Settings\Owner\cookies\owner@pimpmyblackteen[2].txt
C:\Documents and Settings\Owner\cookies\owner@icc.intellisrv[2].txt
C:\Documents and Settings\Owner\cookies\owner@realmedia[1].txt
C:\Documents and Settings\Owner\cookies\owner@sales.liveperson[2].txt
C:\Documents and Settings\Owner\cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\cookies\owner@c.goclick[2].txt
C:\Documents and Settings\Owner\cookies\owner@ads.revsci[1].txt
C:\Documents and Settings\Owner\cookies\owner@qksrv[1].txt
C:\Documents and Settings\Owner\cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\cookies\owner@bluestreak[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.blackreignxxx[2].txt
C:\Documents and Settings\Owner\cookies\owner@counter5.sextracker[2].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-bestbuy.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@data2.perf.overture[1].txt
C:\Documents and Settings\Owner\cookies\owner@statcounter[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.directnetadvertising[2].txt
C:\Documents and Settings\Owner\cookies\owner@2o7[2].txt
C:\Documents and Settings\Owner\cookies\owner@www.rusteensex[1].txt
C:\Documents and Settings\Owner\cookies\owner@clickbank[2].txt
C:\Documents and Settings\Owner\cookies\owner@partypoker[1].txt
C:\Documents and Settings\Owner\cookies\owner@counter1.sextracker[2].txt
C:\Documents and Settings\Owner\cookies\owner@www.addfreestats[1].txt
C:\Documents and Settings\Owner\cookies\owner@zedo[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-rodale.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@yadro[2].txt
C:\Documents and Settings\Owner\cookies\owner@cgi-bin[8].txt
C:\Documents and Settings\Owner\cookies\owner@apmebf[1].txt
C:\Documents and Settings\Owner\cookies\owner@z1.adserver[2].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-hitent.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@qnsr[1].txt
C:\Documents and Settings\Owner\cookies\owner@fastclick[1].txt
C:\Documents and Settings\Owner\cookies\owner@webpower[1].txt
C:\Documents and Settings\Owner\cookies\owner@click.cashengines[2].txt
C:\Documents and Settings\Owner\cookies\owner@coolsavings[1].txt
C:\Documents and Settings\Owner\cookies\owner@m1.webstats.motigo[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.cibleclick[2].txt
C:\Documents and Settings\Owner\cookies\owner@adtech[2].txt
C:\Documents and Settings\Owner\cookies\owner@www.xxx69[1].txt
C:\Documents and Settings\Owner\cookies\owner@S120000[1].txt
C:\Documents and Settings\Owner\cookies\owner@as-us.falkag[2].txt
C:\Documents and Settings\Owner\cookies\owner@xiti[1].txt
C:\Documents and Settings\Owner\cookies\owner@wholeporno[1].txt
C:\Documents and Settings\Owner\cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\cookies\owner@linksynergy[2].txt
C:\Documents and Settings\Owner\cookies\owner@stats.manticoretechnology[1].txt
C:\Documents and Settings\Owner\cookies\owner@toplist[1].txt
C:\Documents and Settings\Owner\cookies\owner@smileycentral[2].txt
C:\Documents and Settings\Owner\cookies\owner@mediamax[1].txt
C:\Documents and Settings\Owner\cookies\owner@counter4.sextracker[2].txt
C:\Documents and Settings\Owner\cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@nextag[2].txt
C:\Documents and Settings\Owner\cookies\owner@counter10.sextracker[1].txt
C:\Documents and Settings\Owner\cookies\owner@statse.webtrendslive[1].txt
C:\Documents and Settings\Owner\cookies\owner@clicks.emarketmakers[2].txt
C:\Documents and Settings\Owner\cookies\owner@weborama[2].txt
C:\Documents and Settings\Owner\cookies\owner@upspiral[2].txt
C:\Documents and Settings\Owner\cookies\owner@hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@adopt.specificclick[2].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-traderelectronicmedia.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@adopt.euroclick[1].txt
C:\Documents and Settings\Owner\cookies\owner@click.netpondcash[1].txt
C:\Documents and Settings\Owner\cookies\owner@burstnet[1].txt
C:\Documents and Settings\Owner\cookies\owner@trafficmp[1].txt
C:\Documents and Settings\Owner\cookies\owner@hotlog[2].txt
C:\Documents and Settings\Owner\cookies\owner@ads.pointroll[1].txt
C:\Documents and Settings\Owner\cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\cookies\owner@casalemedia[3].txt
C:\Documents and Settings\Owner\cookies\owner@adknowledge[1].txt
C:\Documents and Settings\Owner\cookies\owner@s.as-us.falkag[1].txt
C:\Documents and Settings\Owner\cookies\owner@S149445[1].txt
C:\Documents and Settings\Owner\cookies\owner@counter.hitslink[2].txt
C:\Documents and Settings\Owner\cookies\owner@atwola[2].txt
C:\Documents and Settings\Owner\cookies\owner@gostats[2].txt
C:\Documents and Settings\Owner\cookies\owner@overture[1].txt
C:\Documents and Settings\Owner\cookies\owner@tradedoubler[1].txt
C:\Documents and Settings\Owner\cookies\owner@bizrate[2].txt
C:\Documents and Settings\Owner\cookies\owner@xxxcounter[2].txt
C:\Documents and Settings\Owner\cookies\owner@ostg.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@stat.onestat[1].txt
C:\Documents and Settings\Owner\cookies\owner@citi.bridgetrack[2].txt
C:\Documents and Settings\Owner\cookies\owner@doubleclick[2].txt
C:\Documents and Settings\Owner\cookies\owner@ads.expedia[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-littletykes.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@perf.overture[1].txt
C:\Documents and Settings\Owner\cookies\owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Owner\cookies\owner@adv.surinter[1].txt
C:\Documents and Settings\Owner\cookies\owner@serving-sys[2].txt
C:\Documents and Settings\Owner\cookies\owner@counter9.sextracker[2].txt
C:\Documents and Settings\Owner\cookies\owner@LPearthlink2[2].txt
C:\Documents and Settings\Owner\cookies\owner@www.adtrak[1].txt
C:\Documents and Settings\Owner\cookies\owner@focalex[1].txt
C:\Documents and Settings\Owner\cookies\owner@winantivirus[1].txt
C:\Documents and Settings\Owner\cookies\owner@www5.addfreestats[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-legonewyorkinc.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@dcsspbpgmwo4xnirszld9dik5_3o4o[1].txt
C:\Documents and Settings\Owner\cookies\owner@247realmedia[1].txt
C:\Documents and Settings\Owner\cookies\owner@adecn[2].txt
C:\Documents and Settings\Owner\cookies\owner@vhost.oddcast[2].txt
C:\Documents and Settings\Owner\cookies\owner@interracial-harmony.and-sex[1].txt
C:\Documents and Settings\Owner\cookies\owner@allrealityxxxpass[2].txt
C:\Documents and Settings\Owner\cookies\owner@dist.belnk[2].txt
C:\Documents and Settings\Owner\cookies\owner@offeroptimizer[2].txt
C:\Documents and Settings\Owner\cookies\owner@harpo.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@web4.realtracker[1].txt
C:\Documents and Settings\Owner\cookies\owner@medhelpinternational.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@spylog[2].txt
C:\Documents and Settings\Owner\cookies\owner@programs.wegcash[1].txt
C:\Documents and Settings\Owner\cookies\owner@thunderbolt.adjuggler[2].txt
C:\Documents and Settings\Owner\cookies\owner@adserver.matchcraft[1].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wjkyonczofo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\cookies\owner@dhdmedia[2].txt
C:\Documents and Settings\Owner\cookies\owner@www.freeporn4u[1].txt
C:\Documents and Settings\Owner\cookies\owner@revenue[2].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-comcast.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@h.starware[2].txt
C:\Documents and Settings\Owner\cookies\owner@milfpornpass[2].txt
C:\Documents and Settings\Owner\cookies\owner@countercentral[1].txt
C:\Documents and Settings\Owner\cookies\owner@sources.sourcetool[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-nestlepurinapetcare.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@fortunecity[1].txt
C:\Documents and Settings\Owner\cookies\owner@ads.monster[1].txt
C:\Documents and Settings\Owner\cookies\owner@cookie.neuroticmedia[2].txt
C:\Documents and Settings\Owner\cookies\owner@giftscom.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-streamload.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@centralmediaserver[2].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-hollywood.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-kodak.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@xml.bravenetmedianetwork[1].txt
C:\Documents and Settings\Owner\cookies\owner@valueclick[1].txt
C:\Documents and Settings\Owner\cookies\owner@commission-junction[2].txt
C:\Documents and Settings\Owner\cookies\owner@sextracker[1].txt
C:\Documents and Settings\Owner\cookies\owner@adv.medscape[2].txt
C:\Documents and Settings\Owner\cookies\owner@adlegend[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-fredericks.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@teensexmovs[2].txt
C:\Documents and Settings\Owner\cookies\owner@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Owner\cookies\owner@teenhitchhikers[1].txt
C:\Documents and Settings\Owner\cookies\owner@sprintnlc.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@babyuniverse.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@interclick[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.burstbeacon[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.dafreexxxmovies[1].txt
C:\Documents and Settings\Owner\cookies\owner@revsci[2].txt
C:\Documents and Settings\Owner\cookies\owner@indextools[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.milestonemediaworks[2].txt
C:\Documents and Settings\Owner\cookies\owner@maxserving[2].txt
C:\Documents and Settings\Owner\cookies\owner@adv.webmd[2].txt
C:\Documents and Settings\Owner\cookies\owner@clicksxyz[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.screensavers[1].txt
C:\Documents and Settings\Owner\cookies\owner@i.screensavers[1].txt
C:\Documents and Settings\Owner\cookies\owner@anat.tacoda[2].txt
C:\Documents and Settings\Owner\cookies\owner@sento.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@ads.realtechnetwork[1].txt
C:\Documents and Settings\Owner\cookies\owner@my.porn-info[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-nestleusainc.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@cbs.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@webstat[2].txt
C:\Documents and Settings\Owner\cookies\owner@www.entrepreneur[2].txt
C:\Documents and Settings\Owner\cookies\owner@counter12.sextracker[2].txt
C:\Documents and Settings\Owner\cookies\owner@counter14.sextracker[1].txt
C:\Documents and Settings\Owner\cookies\owner@microsoftwlmessengermkt.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@belnk[1].txt
C:\Documents and Settings\Owner\cookies\owner@74613876[1].txt
C:\Documents and Settings\Owner\cookies\owner@4.adbrite[2].txt
C:\Documents and Settings\Owner\cookies\owner@data1.perf.overture[1].txt
C:\Documents and Settings\Owner\cookies\owner@media.adrevolver[5].txt
C:\Documents and Settings\Owner\cookies\owner@adrevolver[1].txt
C:\Documents and Settings\Owner\cookies\owner@hg1.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wgkichc5mep.stats.esomniture[2].txt
C:\Documents and Settings\Owner\cookies\owner@partner2profit[1].txt
C:\Documents and Settings\Owner\cookies\owner@targetnet[2].txt
C:\Documents and Settings\Owner\cookies\owner@vdn.valuead[2].txt
C:\Documents and Settings\Owner\cookies\owner@38266[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-clearchannel.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@76887998[1].txt
C:\Documents and Settings\Owner\cookies\owner@feed.peakclick[1].txt
C:\Documents and Settings\Owner\cookies\owner@smartcpc.advertserve[1].txt
C:\Documents and Settings\Owner\cookies\owner@LPrwdtech[1].txt
C:\Documents and Settings\Owner\cookies\owner@try.starware[1].txt
C:\Documents and Settings\Owner\cookies\owner@aff.primaryads[1].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wjk4whdjolq.stats.esomniture[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.zango[1].txt
C:\Documents and Settings\Owner\cookies\owner@feed.validclick[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-ifilm.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-trilegiant.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@media3.sitebrand[2].txt
C:\Documents and Settings\Owner\cookies\owner@primediabusiness.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wakooidpslq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\cookies\owner@34292599[1].txt
C:\Documents and Settings\Owner\cookies\owner@112.2o7[2].txt
C:\Documents and Settings\Owner\cookies\owner@counter15.sextracker[2].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-lowermybills.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@ford.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@proadultlive[2].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-inforspaceinc.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@kanoodle[2].txt
C:\Documents and Settings\Owner\cookies\owner@as-eu.falkag[2].txt
C:\Documents and Settings\Owner\cookies\owner@www.sexcom-xxx[2].txt
C:\Documents and Settings\Owner\cookies\owner@stats1.reliablestats[4].txt
C:\Documents and Settings\Owner\cookies\owner@www.teensexmovs[2].txt
C:\Documents and Settings\Owner\cookies\owner@S154230[1].txt
C:\Documents and Settings\Owner\cookies\owner@mb[3].txt
C:\Documents and Settings\Owner\cookies\owner@track.adrevolver[1].txt
C:\Documents and Settings\Owner\cookies\owner@ads.newgrounds[2].txt
C:\Documents and Settings\Owner\cookies\owner@freecodesource.advertserve[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.movieland[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.pornocook[2].txt
C:\Documents and Settings\Owner\cookies\owner@ad.xplusone[2].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-findlaw.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@7901425[1].txt
C:\Documents and Settings\Owner\cookies\owner@screensavers[1].txt
C:\Documents and Settings\Owner\cookies\owner@onlinerewardcenter[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-oreilly.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@hits.clickandtrack[2].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wjkooldpmcq.stats.esomniture[1].txt
C:\Documents and Settings\Owner\cookies\owner@stat.dealtime[2].txt
C:\Documents and Settings\Owner\cookies\owner@adserver.adreactor[1].txt
C:\Documents and Settings\Owner\cookies\owner@c.enhance[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.lesbianteenhunter[1].txt
C:\Documents and Settings\Owner\cookies\owner@bannerads.zwire[1].txt
C:\Documents and Settings\Owner\cookies\owner@html[1].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wjkocmcpmdo.stats.esomniture[1].txt
C:\Documents and Settings\Owner\cookies\owner@hc2.humanclick[3].txt
C:\Documents and Settings\Owner\cookies\owner@counter3.sextracker[2].txt
C:\Documents and Settings\Owner\cookies\owner@www.sexwwwinfo[2].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-aafp.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@ads.bridgetrack[2].txt
C:\Documents and Settings\Owner\cookies\owner@rotator.dex.adjuggler[1].txt
C:\Documents and Settings\Owner\cookies\owner@banners.nbcupromotes[1].txt
C:\Documents and Settings\Owner\cookies\owner@counter2.hitslink[2].txt
C:\Documents and Settings\Owner\cookies\owner@adbrite[3].txt
C:\Documents and Settings\Owner\cookies\owner@hardcore[1].txt
C:\Documents and Settings\Owner\cookies\owner@adinterax[2].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-newscientist.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@network.realmedia[2].txt
C:\Documents and Settings\Owner\cookies\owner@www.brightermindsmedia[1].txt
C:\Documents and Settings\Owner\cookies\owner@precisionclick[1].txt
C:\Documents and Settings\Owner\cookies\owner@cz6.clickzs[2].txt
C:\Documents and Settings\Owner\cookies\owner@www.drivecleaner[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.burstnet[1].txt
C:\Documents and Settings\Owner\cookies\owner@sexbroadcaster[2].txt
C:\Documents and Settings\Owner\cookies\owner@counter.surfcounters[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-adteractive.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-vonage.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wgkighd5eep.stats.esomniture[2].txt
C:\Documents and Settings\Owner\cookies\owner@realsexcash[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.porn365[2].txt
C:\Documents and Settings\Owner\cookies\owner@rb4.worldsex[1].txt
C:\Documents and Settings\Owner\cookies\owner@38278[1].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wjlyajdjwcp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wfloclcpeho.stats.esomniture[2].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-zazzle.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@proadultlivevip[1].txt
C:\Documents and Settings\Owner\cookies\owner@dev2.clickfacts[1].txt
C:\Documents and Settings\Owner\cookies\owner@ads.glispa[2].txt
C:\Documents and Settings\Owner\cookies\owner@meetupcom.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-vmixmediainc.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@st[23].txt
C:\Documents and Settings\Owner\cookies\owner@yieldmanager[2].txt
C:\Documents and Settings\Owner\cookies\owner@www.newpornclips[2].txt
C:\Documents and Settings\Owner\cookies\owner@myadultreviews[2].txt
C:\Documents and Settings\Owner\cookies\owner@55170107[2].txt
C:\Documents and Settings\Owner\cookies\owner@ads.vitalix[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-youtube.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wfkykodpaao.stats.esomniture[2].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wfmywgd5gkp.stats.esomniture[1].txt
C:\Documents and Settings\Owner\cookies\owner@creditpaymentservices.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@entrepreneur[2].txt
C:\Documents and Settings\Owner\cookies\owner@toseeka[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.macromedia[1].txt
C:\Documents and Settings\Owner\cookies\owner@108teen2807[1].txt
C:\Documents and Settings\Owner\cookies\owner@clickagents[2].txt
C:\Documents and Settings\Owner\cookies\owner@paycounter[1].txt
C:\Documents and Settings\Owner\cookies\owner@login.tracking101[2].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6waliejd5cgo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\cookies\owner@media.adrevolver[2].txt
C:\Documents and Settings\Owner\cookies\owner@server2.bkvtrack[1].txt
C:\Documents and Settings\Owner\cookies\owner@m1.webstats4u[2].txt
C:\Documents and Settings\Owner\cookies\owner@S123580[2].txt
C:\Documents and Settings\Owner\cookies\owner@truitiontystoybox.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@counter2.sextracker[2].txt
C:\Documents and Settings\Owner\cookies\owner@adultrevenueservice[1].txt
C:\Documents and Settings\Owner\cookies\owner@ads2.drivelinemedia[2].txt
C:\Documents and Settings\Owner\cookies\owner@clubmom.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-netquote.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@42435556[1].txt
C:\Documents and Settings\Owner\cookies\owner@paypal.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wjnyskd5ekp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\cookies\owner@38298[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-traderpublishing.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@1516224[1].txt
C:\Documents and Settings\Owner\cookies\owner@myhomemadeporn[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.lazedogtshirts[1].txt
C:\Documents and Settings\Owner\cookies\owner@ads.addynamix[1].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wjkygjcpgbp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\cookies\owner@youtube.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@screensavers.us.intellitxt[1].txt
C:\Documents and Settings\Owner\cookies\owner@tgp.xxxkey[1].txt
C:\Documents and Settings\Owner\cookies\owner@buycom.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@counter16.sextracker[1].txt
C:\Documents and Settings\Owner\cookies\owner@cgi-bin[11].txt
C:\Documents and Settings\Owner\cookies\owner@mediaservers.vtc[1].txt
C:\Documents and Settings\Owner\cookies\owner@pch.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@scholastic.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@server.iad.liveperson[8].txt
C:\Documents and Settings\Owner\cookies\owner@mycarstats[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-equifax.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@38270[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-simstar.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@38279[1].txt
C:\Documents and Settings\Owner\cookies\owner@track.searchignite[1].txt
C:\Documents and Settings\Owner\cookies\owner@homestore.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6whkigpdjmco.stats.esomniture[2].txt
C:\Documents and Settings\Owner\cookies\owner@76226072[1].txt
C:\Documents and Settings\Owner\cookies\owner@diabetesexplained[1].txt
C:\Documents and Settings\Owner\cookies\owner@counter13.sextracker[2].txt
C:\Documents and Settings\Owner\cookies\owner@anad.tacoda[2].txt
C:\Documents and Settings\Owner\cookies\owner@reduxads.valuead[1].txt
C:\Documents and Settings\Owner\cookies\owner@data4.perf.overture[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-publiciswest.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@multi[2].txt
C:\Documents and Settings\Owner\cookies\owner@redorbit[2].txt
C:\Documents and Settings\Owner\cookies\owner@server.iad.liveperson[6].txt
C:\Documents and Settings\Owner\cookies\owner@neuroticmedia[2].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-suite101.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wjnywlczkgp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\cookies\owner@sitestat.mayoclinic[2].txt
C:\Documents and Settings\Owner\cookies\owner@ads.cnn[2].txt
C:\Documents and Settings\Owner\cookies\owner@server.cpmstar[1].txt
C:\Documents and Settings\Owner\cookies\owner@38265[1].txt
C:\Documents and Settings\Owner\cookies\owner@sec1.liveperson[3].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wfkycnc5ecq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\cookies\owner@9064924[2].txt
C:\Documents and Settings\Owner\cookies\owner@ad.firstadsolution[2].txt
C:\Documents and Settings\Owner\cookies\owner@ad.acceleratorusa[2].txt
C:\Documents and Settings\Owner\cookies\owner@phg.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wfloqkc5wko.stats.esomniture[2].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-davidsbridal.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@ads.travelgolfmedia[2].txt
C:\Documents and Settings\Owner\cookies\owner@sec1.liveperson[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.clickxchange[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-homegrownnaturals.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@ads.vegas[1].txt
C:\Documents and Settings\Owner\cookies\owner@kmpads[2].txt
C:\Documents and Settings\Owner\cookies\owner@zango[1].txt
C:\Documents and Settings\Owner\cookies\owner@adultadworld[2].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-etoys.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wjl4godzmlq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wjlogjd5abq.stats.esomniture[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-babyuniverse.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-aviatechllc.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wjk4kldpehq.stats.esomniture[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-buyseasons.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wjliwjajofp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-hasbro.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@ticketsnow[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@38262[1].txt
C:\Documents and Settings\Owner\cookies\owner@heppie2000.tripod[1].txt
C:\Documents and Settings\Owner\cookies\owner@38274[1].txt
C:\Documents and Settings\Owner\cookies\owner@drivecleaner[1].txt
C:\Documents and Settings\Owner\cookies\owner@15978193[2].txt
C:\Documents and Settings\Owner\cookies\owner@adbrite[2].txt
C:\Documents and Settings\Owner\cookies\owner@38295[1].txt
C:\Documents and Settings\Owner\cookies\owner@server.iad.liveperson[1].txt
C:\Documents and Settings\Owner\cookies\owner@a[1].txt
C:\Documents and Settings\Owner\cookies\owner@crackwhoreconfessions[2].txt
C:\Documents and Settings\Owner\cookies\owner@73403369[1].txt
C:\Documents and Settings\Owner\cookies\owner@lynxtrack[1].txt
C:\Documents and Settings\Owner\cookies\owner@metacafe.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@38290[1].txt
C:\Documents and Settings\Owner\cookies\owner@go.winantispyware[2].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wjlicpcpcco.stats.esomniture[2].txt
C:\Documents and Settings\Owner\cookies\owner@38267[1].txt
C:\Documents and Settings\Owner\cookies\owner@livenation.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.stileporn[1].txt
C:\Documents and Settings\Owner\cookies\owner@webstat.pge[1].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wjkycgcpsdp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-cisco.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-questsoftware.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wfk4upc5gdq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\cookies\owner@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@gomyron[3].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wjnycocpohp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wjliendzmho.stats.esomniture[1].txt
C:\Documents and Settings\Owner\cookies\owner@shopping.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@pro-market[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.stats26[1].txt
C:\Documents and Settings\Owner\cookies\owner@tracking.foxnews[2].txt
C:\Documents and Settings\Owner\cookies\owner@go.winantivirus[1].txt
C:\Documents and Settings\Owner\cookies\owner@go.winantivirus[3].txt
C:\Documents and Settings\Owner\cookies\owner@dealtime[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.googleadservices[2].txt
C:\Documents and Settings\Owner\cookies\owner@azjmp[2].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wjkykid5weq.stats.esomniture[1].txt
C:\Documents and Settings\Owner\cookies\owner@entrepreneur.us.intellitxt[1].txt
C:\Documents and Settings\Owner\cookies\owner@adv.dmv[1].txt
C:\Documents and Settings\Owner\cookies\owner@24297[1].txt
C:\Documents and Settings\Owner\cookies\owner@stats.drivecleaner[1].txt
C:\Documents and Settings\Owner\cookies\owner@worldsexmate[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.ticketsnow[1].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6whl4qldpckp.stats.esomniture[2].txt
C:\Documents and Settings\Owner\cookies\owner@media.adrevolver[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-theviptour.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@stats.privacyprotector[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-westwoodcollege.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@cc.bridgetrack[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.mycarstats[2].txt
C:\Documents and Settings\Owner\cookies\owner@gomyron[2].txt
C:\Documents and Settings\Owner\cookies\owner@www.clickmanage[2].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-groupernetworks.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@www.sexstoriespost[2].txt
C:\Documents and Settings\Owner\cookies\owner@sherylsenhancementboutique[1].txt
C:\Documents and Settings\Owner\cookies\owner@coxhsi.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@go.drivecleaner[1].txt
C:\Documents and Settings\Owner\cookies\owner@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@wpni.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@kaboose.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.sexstoriespost[1].txt
C:\Documents and Settings\Owner\cookies\owner@waterfrontmedia.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@www.statssheet[2].txt
C:\Documents and Settings\Owner\cookies\owner@go.drivecleaner[3].txt
C:\Documents and Settings\Owner\cookies\owner@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@leads.specificmedia[2].txt
C:\Documents and Settings\Owner\cookies\owner@winantispyware[3].txt
C:\Documents and Settings\Owner\cookies\owner@media.adrevolver[3].txt
C:\Documents and Settings\Owner\cookies\owner@server.iad.liveperson[4].txt
C:\Documents and Settings\Owner\cookies\owner@www.googleadservices[3].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-attworldnet.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-futuredontics.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@itxt.vibrantmedia[1].txt
C:\Documents and Settings\Owner\cookies\owner@ecnext.advertserve[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-aha.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-warnerbrothers.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@e-2dj6wjkokmazeeq.stats.esomniture[2].txt
C:\Documents and Settings\Owner\cookies\owner@counter6.sextracker[1].txt
C:\Documents and Settings\Owner\cookies\owner@sales.liveperson[1].txt
C:\Documents and Settings\Owner\cookies\owner@sexstoriespost[2].txt
C:\Documents and Settings\Owner\cookies\owner@ads.adbrite[2].txt
C:\Documents and Settings\Owner\cookies\owner@stats.espinthebottle[2].txt
C:\Documents and Settings\Owner\cookies\owner@www.winantispyware[1].txt
C:\Documents and Settings\Owner\cookies\owner@105-bmp.googleadservices[2].txt
C:\Documents and Settings\Owner\cookies\owner@www.web-stat[2].txt
C:\Documents and Settings\Owner\cookies\owner@server.iad.liveperson[3].txt
C:\Documents and Settings\Owner\cookies\owner@hertz.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@ads.ookla[2].txt
C:\Documents and Settings\Owner\cookies\owner@maxim.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-maxim.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@www2.addfreestats[1].txt
C:\Documents and Settings\Owner\cookies\owner@go.winantispyware[3].txt
C:\Documents and Settings\Owner\cookies\owner@www.elitecarseats[2].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-jobster.hitbox[1].txt
C:\Documents and Settings\Owner\cookies\owner@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\Owner\cookies\owner@sexy-fatsos.nichepass[1].txt
C:\Documents and Settings\Owner\cookies\owner@ads.topix[1].txt
C:\Documents and Settings\Owner\cookies\owner@rotator.adjuggler[2].txt
C:\Documents and Settings\Owner\cookies\owner@www.trackspace[1].txt
C:\Documents and Settings\Owner\cookies\owner@ad.backyardgardener[1].txt
C:\Documents and Settings\Owner\cookies\owner@forum.blackhairmedia[1].txt
C:\Documents and Settings\Owner\cookies\owner@ar.atwola[2].txt
C:\Documents and Settings\Owner\cookies\owner@3.adbrite[2].txt
C:\Documents and Settings\Owner\cookies\owner@cnn.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@boostmobile.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@statse.webtrendslive[2].txt
C:\Documents and Settings\Owner\cookies\owner@dabombxxx[1].txt
C:\Documents and Settings\Owner\cookies\owner@microsoftwlsearchcrm.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@ads5.offermatica[1].txt
C:\Documents and Settings\Owner\cookies\owner@ad.yieldx[2].txt
C:\Documents and Settings\Owner\cookies\owner@hearstmagazines.112.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@konzababy.tripod[1].txt
C:\Documents and Settings\Owner\cookies\owner@meijer.122.2o7[1].txt
C:\Documents and Settings\Owner\cookies\owner@license.nmp.neuroticmedia[1].txt
C:\Documents and Settings\Owner\cookies\owner@medianewsgroup[2].txt
C:\Documents and Settings\Owner\cookies\owner@ads.myyearbook[1].txt
C:\Documents and Settings\Owner\cookies\owner@adserving.cpxinteractive[2].txt
C:\Documents and Settings\Owner\cookies\owner@azoogleads[1].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[3].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tracking[1].txt
C:\Documents and Settings\Owner\Cookies\owner@winantispyware[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@105-bmp.googleadservices[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@247realmedia[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@4.adbrite[3].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@a.websponsors[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.uk.tangozebra[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad2.adnetinteractive[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adbrite[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adbrite[3].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adknowledge[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adlegend[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adopt.euroclick[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adopt.specificclick[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adrevolver[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ads.adbrite[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ads.addynamix[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ads.pointroll[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adultfriendfinder[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adv.webmd[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@anad.tacoda[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@anat.tacoda[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@as-eu.falkag[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atdmt[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atwola[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@azjmp[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@bizrate[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@bluestreak[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@boostmobile.112.2o7[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@bs.serving-sys[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@buzznet.112.2o7[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@c5.zedo[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@casalemedia[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cc.bridgetrack[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cf-db01.clickfacts[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@citi.bridgetrack[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@data2.perf.overture[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@edge.ru4[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ehg-chartercommunications.hitbox[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ehg-starbucks.hitbox[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ehg-traderelectronicmedia.hitbox[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ehg-youtube.hitbox[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ehg.hitbox[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@elitecarseats[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@fastclick[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@h.starware[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@hc2.humanclick[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@hc2.humanclick[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@hitbox[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@imrworldwide[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@indextools[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@interclick[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@kaboose.112.2o7[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@kanoodle[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@keywordmax[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@linksynergy[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@m1.webstats4u[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@maxim.122.2o7[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@medhelpinternational.112.2o7[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@media.adrevolver[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@metacafe.122.2o7[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@msnaccountservices.112.2o7[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@offers.intermediainteractive[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@online-texas-holdem.tripod[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@overture[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@pacificpoker[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@partner2profit[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@paypal.112.2o7[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@perf.overture[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@phg.hitbox[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@precisionclick[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@questionmarket[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@realmedia[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@reduxads.valuead[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@sec1.liveperson[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@sec1.liveperson[3].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@server.iad.liveperson[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@server.iad.liveperson[3].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@server.iad.liveperson[4].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@server2.bkvtrack[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@serving-sys[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@statcounter[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@statse.webtrendslive[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@track.searchignite[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tradedoubler[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@trafficmp[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tripod.lycos[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tripod[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@truitiontystoybox.122.2o7[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@try.starware[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@usenext[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@valueclick[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@www.addfreestats[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@www.burstbeacon[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@www.burstnet[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@www.clickmanage[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@www.googleadservices[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@www.pacificpoker[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@www1.addfreestats[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@zedo[2].txt
C:\WINDOWS\Temp\Cookies\owner@atdmt[2].txt
C:\WINDOWS\Temp\Cookies\owner@doubleclick[2].txt
C:\WINDOWS\Temp\Cookies\owner@ehg-dig.hitbox[2].txt
C:\WINDOWS\Temp\Cookies\owner@fastclick[1].txt
C:\WINDOWS\Temp\Cookies\owner@hitbox[2].txt
C:\WINDOWS\Temp\Cookies\owner@maxserving[2].txt
C:\WINDOWS\Temp\Cookies\owner@tribalfusion[1].txt

Adware.MovieLand/MediaPipe
HKCR\MPAgent.Agent
HKCR\MPAgent.Agent\CLSID
HKCR\MPAgent.Agent\CurVer
HKCR\MPAgent.Agent.1
HKCR\MPAgent.Agent.1\CLSID
HKCR\AppId\MPAgent.DLL
HKCR\AppId\MPAgent.DLL#AppID
HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}
HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0
HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0
HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0\win32
HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0\FLAGS
HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0\HELPDIR

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
HKLM\Software\WinAntiVirus Pro 2007
HKLM\Software\WinAntiVirus Pro 2007#EulUWA7P_0001_N91M0809
HKLM\Software\WinAntiVirus Pro 2007#ProductCode
HKLM\Software\WinAntiVirus Pro 2007#InstallDate
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\Program Files\Common Files\WinAntiVirus Pro 2007\WAPChk.dll [
]
C:\WINDOWS\system32\av.cpl
C:\WINDOWS\system32\stera.exe
C:\Program Files\Common Files\WinAntiVirus Pro 2007\WAPChk.dll
C:\Program Files\Common Files\WinAntiVirus Pro 2007
C:\Program Files\WinAntiVirus Pro 2007\AVupd.exe
C:\Program Files\WinAntiVirus Pro 2007\BkSites.dat
C:\Program Files\WinAntiVirus Pro 2007\bnlink.dat
C:\Program Files\WinAntiVirus Pro 2007\fat.exe
C:\Program Files\WinAntiVirus Pro 2007\fopn.exe
C:\Program Files\WinAntiVirus Pro 2007\forum.dat
C:\Program Files\WinAntiVirus Pro 2007\integrity.dat
C:\Program Files\WinAntiVirus Pro 2007\lapv.dat
C:\Program Files\WinAntiVirus Pro 2007\License.rtf
C:\Program Files\WinAntiVirus Pro 2007\PGE.dat
C:\Program Files\WinAntiVirus Pro 2007\pv.dat
C:\Program Files\WinAntiVirus Pro 2007\rbho.dat
C:\Program Files\WinAntiVirus Pro 2007\reform.exe
C:\Program Files\WinAntiVirus Pro 2007\res\cross.gif
C:\Program Files\WinAntiVirus Pro 2007\res\wa7p.gif
C:\Program Files\WinAntiVirus Pro 2007\res
C:\Program Files\WinAntiVirus Pro 2007\scnkrnl.dll
C:\Program Files\WinAntiVirus Pro 2007\sqlite3.dll
C:\Program Files\WinAntiVirus Pro 2007\st.dat
C:\Program Files\WinAntiVirus Pro 2007\unins000.dat
C:\Program Files\WinAntiVirus Pro 2007\unins000.exe
C:\Program Files\WinAntiVirus Pro 2007\up.dat
C:\Program Files\WinAntiVirus Pro 2007\WinAV.exe
C:\Program Files\WinAntiVirus Pro 2007\WinAV.xml
C:\Program Files\WinAntiVirus Pro 2007\worldmap.swf
C:\Program Files\WinAntiVirus Pro 2007
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\NI.UWA7P_0001_N91M0809\SETUP.EXE

Trojan.Malware
HKCR\AVZipEnchancer.Chl
HKCR\AVZipEnchancer.Chl\CLSID

Browser Hijacker.Internet Explorer Settings Hijack
HKU\S-1-5-21-351953409-1454491506-409785693-1003\Software\Microsoft\Internet Explorer\Main#Start Page [ http://gomyron.com/N.../3560/homepage/ ]

Trojan.Media-Codec
HKCR\VSEnchancer.Chl
HKCR\VSEnchancer.Chl\CLSID
HKU\S-1-5-21-351953409-1454491506-409785693-1003\Software\Internet Security
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IntCodec
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IntCodec#ProductionEnvironment
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IntCodec#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IntCodec#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IntCodec#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IntCodec#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IntCodec#URLInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IntCodec#Publisher
C:\Program Files\IntCodec\uninst.exe
C:\Program Files\IntCodec
C:\Program Files\VIDEO ACTIVEX OBJECT
C:\PROGRAM FILES\X PASSWORD MANAGER\X PASSWORD MANAGER.URL
C:\DOCUMENTS AND SETTINGS\OWNER\START MENU\PROGRAMS\X PASSWORD MANAGER\X PASSWORD MANAGER LOGIN.LNK
C:\PROGRAM FILES\X PASSWORD MANAGER\UNINST.EXE
C:\PROGRAM FILES\X PASSWORD MANAGER\XPASSMANAGER.EXE.MANIFEST

Trojan.VideoCach/Gen
HKCR\NewMediaCodec.VideoSupport
HKCR\NewMediaCodec.VideoSupport\CLSID
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\Control
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\Implemented Categories
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\InprocServer32
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\InprocServer32#ThreadingModel
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\MiscStatus
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\MiscStatus\1
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\ProgID
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\ToolboxBitmap32
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\TypeLib
HKCR\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}\Version
HKCR\CLSID\{BABA5BDB-4EFF-48DB-B443-679651D37128}
HKCR\CLSID\{BABA5BDB-4EFF-48DB-B443-679651D37128}\InprocServer32
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\win32
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\FLAGS
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\HELPDIR
HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}
HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}\1.0
HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}\1.0
HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}\1.0\win32
HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}\1.0\FLAGS
HKCR\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}\1.0\HELPDIR
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid32
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib#Version
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib#Version
HKCR\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}
HKCR\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}\ProxyStubClsid
HKCR\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}\ProxyStubClsid32
HKCR\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}\TypeLib
HKCR\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}\TypeLib#Version
HKCR\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}
HKCR\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}\ProxyStubClsid
HKCR\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}\ProxyStubClsid32
HKCR\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}\TypeLib
HKCR\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}\TypeLib#Version
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewMediaCodec
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewMediaCodec#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewMediaCodec#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewMediaCodec#uninstallString
C:\Program Files\NewMediaCodec\install.ico
C:\Program Files\NewMediaCodec\NewMediaCodec.ocx
C:\Program Files\NewMediaCodec

Trojan.Media-Codec/V2
C:\Program Files\Video AX Object
HKU\S-1-5-21-351953409-1454491506-409785693-1003\Software\Protection Tools

Trojan.Net-MSV/VPS
HKCR\MSVPS.MSVPSApp
HKCR\MSVPS.MSVPSApp\CLSID
HKCR\MSVPS.MSVPSApp\CurVer

Desktop Hijacker.AboutYourPrivacy
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\images
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\privacy_danger

Trojan.MediaPipe-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP403\A0040189.DLL

Trojan.Downloader-Gen/AVP
C:\WINDOWS\AVP.EXE


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:17:14 PM 7/4/2007

+ Scan result:



C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP403\A0040193.dll -> Adware.Companion : Ignored.
C:\Program Files\PrivacyProtector Free\vbpv.dat -> Adware.DriveCleaner : Ignored.
C:\Program Files\X Password Manager -> Adware.Generic : Ignored.
C:\Program Files\X Password Manager\xpassmanager.exe.manifest -> Adware.Generic : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\X Password Manager -> Adware.Generic : Ignored.
C:\Program Files\WinAntiSpyware 2007\up.dat -> Adware.WinAntiVirus : Ignored.
C:\Program Files\PrivacyProtector Free\UPRP.exe -> Downloader.Small : Cleaned with backup (quarantined).
[1032] C:\Program Files\PrivacyProtector Free\UPRP.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@7search[1].txt -> TrackingCookie.7search : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@planetfungames.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adviva[2].txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@bluemountain[1].txt -> TrackingCookie.Bluemountain : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@inktomi-mysimon.com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@test.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@bilbo.counted[2].txt -> TrackingCookie.Counted : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@search.live[2].txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@navrcholu[1].txt -> TrackingCookie.Navrcholu : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@real[1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@roispy[1].txt -> TrackingCookie.Roispy : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.


::Report end

[AndyManchesta]

Hi mya91728, Welcome to the forum

You should print out these instructions, or copy them to a Notepad file and save it to your desktop, because you will not be able to connect to the Internet to read from this site.

Download SmitfraudFix and save it to your system,

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  
• Instead of Windows loading as normal, a menu with options should appear;
  
• Select the first option, to run Windows in Safe Mode, then press "Enter".
  
• Choose your usual account.

Once in Safe Mode, double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt


Finally generate a report of the Add/Remove screen entries:
Open Hijackthis, and click the Misc Tools button.
Then click the Open Uninstall Manager... button.
The Add/Remove Programs Manager panel should appear.
In this panel click the Save list button.
Save the uninstall_list.txt file to your desktop and copy and paste the contents back in your next reply.

Please then postback the Smitfraudfix log (C:\Rapport.txt), the Uninstall list and a new HijackThis log, let us know if you have any problems

Cheers

Andy

[mya91728]

nothing happened. it just wouldn't do anything.
any suggestions?
then it said something about it not being able to open.

[mya91728]

i tried to open it in normal mode and it opened for half a second then closed.
in safe mode id click on the icon, and even try to right click and do "open" and the "run file" message pops up...and i try to run it. and it wont do anything. no error messages....just wont do anything.

[AndyManchesta]

Hi mya91728

Ive merged your 3 topics into this one,

Goto Start > Run > and copy and paste this command

%systemroot%\system32\cmd.exe /c %systemroot%\system32\reg.exe query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment" /s>%systemdrive%\Result.txt & set>>%systemdrive%\Result.txt & notepad %systemdrive%\Result.txt

Press OK and it will export some information from your registry and write it to a text file named Result.txt which will open in Notepad and also save to C:\Result.txt , please copy and paste the contents of that file into your next reply, let us know if you get a error when running the above command.

[mya91728]

AndyManchesta, on Jul 4 2007, 11:41 PM, said:

Hi mya91728

Ive merged your 3 topics into this one,

Goto Start > Run > and copy and paste this command

%systemroot%\system32\cmd.exe /c %systemroot%\system32\reg.exe query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment" /s>%systemdrive%\Result.txt & set>>%systemdrive%\Result.txt & notepad %systemdrive%\Result.txt

Press OK and it will export some information from your registry and write it to a text file named Result.txt which will open in Notepad and also save to C:\Result.txt , please copy and paste the contents of that file into your next reply, let us know if you get a error when running the above command.

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Maestro Learning\Common
windir REG_EXPAND_SZ %SystemRoot%
FP_NO_HOST_CHECK REG_SZ NO
OS REG_SZ Windows_NT
PROCESSOR_ARCHITECTURE REG_SZ x86
PROCESSOR_LEVEL REG_SZ 15
PROCESSOR_IDENTIFIER REG_SZ x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_REVISION REG_SZ 2c02
NUMBER_OF_PROCESSORS REG_SZ 1
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MOMDADMYA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\MOMDADMYA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Maestro Learning\Common
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=MOMDADMYA
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS

[AndyManchesta]

Cheers

Path REG_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Maestro Learning\Common

Some program has damaged your PATH value in the registry, it was probably 'Maestro Learning' when it added itself to the reg value as it has changed the data type for the Path value to REG_SZ and it needs to be REG_EXPAND_SZ

Should be simple enough to fix, download FIXPATH from Here

Save it to your system and then right click the fixpath2.zip folder and choose Extract All which will extract the files to a new folder named fixpath2, open the newly created folder and double click FIXPATH.EXE and click Y then it will close, reboot the PC then try opening SmitfraudFix again after the system reboots, if it then opens reboot to Safe Mode and continue with the instructions from earlier, if you still have problems let us know

[mya91728]

SmitFraudFix v2.200

Scan done at 17:53:55.90, Wed 07/04/2007
Run from C:\Program Files\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\ddesupport.dll Deleted
C:\WINDOWS\main_uninstaller.exe Deleted
C:\WINDOWS\msole.dll Deleted
C:\WINDOWS\msdde.dll Deleted
C:\WINDOWS\privacy_danger\ Deleted
C:\DOCUME~1\Owner\STARTM~1\Programs\X Password Manager Deleted
C:\DOCUME~1\Owner\Desktop\Error Cleaner.url Deleted
C:\DOCUME~1\Owner\Desktop\Privacy Protector.url Deleted
C:\DOCUME~1\Owner\Desktop\Spyware?Malware Protection.url Deleted
C:\Program Files\X Password Manager\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{72EE1257-73BD-4918-9F98-EF1D4AE6DA49}: DhcpNameServer=208.180.42.68 208.180.42.100
HKLM\SYSTEM\CS1\Services\Tcpip\..\{72EE1257-73BD-4918-9F98-EF1D4AE6DA49}: DhcpNameServer=208.180.42.68 208.180.42.100
HKLM\SYSTEM\CS3\Services\Tcpip\..\{72EE1257-73BD-4918-9F98-EF1D4AE6DA49}: DhcpNameServer=208.180.42.68 208.180.42.100
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=208.180.42.68 208.180.42.100
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=208.180.42.68 208.180.42.100
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=208.180.42.68 208.180.42.100


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Adobe Reader 7.0.5
AOL Connectivity Services
AOL You've Got Pictures Screensaver
ArcSoft Camera Suite 1.3
AVG Anti-Spyware 7.5
BigFix
CardRd81
CCScore
CR2
Digital Media Reader
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
Garfield K Numbers
Google Toolbar for Internet Explorer
HijackThis 1.99.1
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
InterActual Player
J2SE Runtime Environment 5.0 Update 2
JumpStart PreSchool v1.4
JumpStart Spanish
Kodak EasyShare software
KSU
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Digital Image Starter Edition 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Protection Service
Microsoft Windows Live OneCare Resources v1.6.2111.12
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v1.6.2111.12
Microsoft Windows OneCare Live v1.6.2111.12 Idcrl Install
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
Napster
Napster Burn Engine
Nero BurnRights
Nero OEM
Notifier
NVIDIA Drivers
OTtBP
OTtBPSDK
PowerDVD
Prison Tycoon
PX Engine
QuickTime
QuickTime for Windows (32-bit)
RealPlayer Basic
Realtek AC'97 Audio
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
SFR
SHASTA
SKIN0001
SKINXSDK
SoftV92 Data Fax Modem with SmartCP
SUPERAntiSpyware Free Edition
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VPRINTOL
Wal-Mart Music Downloads Store
Windows Backup Utility
Windows Internet Explorer 7
Windows Live OneCare
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
WIRELESS
Yahoo! Toolbar

Logfile of HijackThis v1.99.1
Scan saved at 6:05:15 PM, on 7/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\javaw.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.partypoke...nstallstart.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [SprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NI.UWA7P_0001_N91M0809] "c:\documents and settings\owner\application data\winantiviruspro2007freeinstall[1].exe" -nag
O4 - HKLM\..\Run: [NI.UWAS7_0001_N91M2703] "c:\documents and settings\owner\application data\winantispyware2007freeinstall[1].exe" -nag
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_5
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119w.bay119.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe




everything good now??

thanks guys!

[mya91728]

do i need livecare and superanti spyware?
what type of firewall should i have? it said before that i dont have one.
do i leave all the programs i used to get rid of the virus and spyware things?

can you tell im retarded when it comes to this stuff? ) sorry about that

[AndyManchesta]

Hi Mya

Ive merged your 2 new topics into this one , when you reply please post in this topic by pressing the button at the bottom of this page, if you use that then I will get an email showing you have replied but I dont get it if you keep opening new topics and it will then take longer for me to notice you have responded,

Im glad you got the path problem solved and was able to run Smitfraudfix, you can now delete Smitfraudfix and Fixpath2.zip as they are not needed, there's still abit of work to do though on your machine and I'd like you to run another scan abit later to make sure there is no remaining problems


Run Hijack This and choose Do A System Scan then place a check next to these entries

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ht*p://www.partypoker.com/installstart.htm
O4 - HKLM\..\Run: [NI.UWA7P_0001_N91M0809] "c:\documents and settings\owner\application data\winantiviruspro2007freeinstall[1].exe" -nag
O4 - HKLM\..\Run: [NI.UWAS7_0001_N91M2703] "c:\documents and settings\owner\application data\winantispyware2007freeinstall[1].exe" -nag
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

Close all open browser and other windows except for HijackThis and press the Fix Checked button

Optional Fix

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
This restriction can be set by malware to prevent you from changing your homepage. It can also be set by you (using programs like Spybot Search & Destroy) to prevent malware changing your settings, or by System Administrators to prevent their users changing settings. If you or a system administrator didn't set that restriction then it can be fixed using HijackThis.


Next goto Start > Run > then copy and paste

%programfiles%

Press OK to open the Program Files folder then remove any of these folder below that you find by right clicking them and choosing delete

IntCodec
NewMediaCodec
PartyGaming
PrivacyProtector Free
WinAntiSpyware 2007


Your version of Java is quite old and some older versions can be vulnerable to infections, please remove it and update to the latest version by going to the Add/Remove screen (Start Menu > Control Panel > Add or Remove Programs) and remove

J2SE Runtime Environment 5.0 Update 2

Once its removed upgrade to the latest version using Sun's website Here


Next Id like you to check one of your add remove screen entries using HijackThis,

Open Hijackthis, and click the Misc Tools button.
Then click the Open Uninstall Manager... button.
The Add/Remove Programs Manager panel should appear.

For each name you click in the list to the left HijackThis will show you the name and Uninstall Command on the right, can you left click Notifier then copy and paste the Uninstall Command for it back on here as I just want to see where it pointing for the uninstaller, let me know if you have any probelms with that.

mya91728, on Jul 5 2007, 02:13 AM, said:

do i need livecare and superanti spyware?
what type of firewall should i have? it said before that i dont have one.
do i leave all the programs i used to get rid of the virus and spyware things?

can you tell im retarded when it comes to this stuff? ) sorry about that

You do need to have an Antivirus and Firewall installed as its essential these days but Microsoft One Care should provide both, have you payed for One Care and is it still working or has the licence expired ? , if it has then we can easily get some free protection installed but its not recommended to have more than one Antivirus or Firewall program so its best to check about One Care first, regarding SuperAntispy thats really up to you if you want to keep it installed, if not then it can be removed using the Add/Remove Screen.


Let us know what the Notifier Uninstall Command is and if Microsoft One Care is the full payed version or a free 90 day trial version and we can take it from there

Andy

[mya91728]

hey sorry about posting in the wrong spot. now i know...

the uninstall command for notifier:


MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}

the live one care is the 90 day trial.

as far as all the txt. files when i was fixing everything else, do i need to keep those on my desktop or is it okay to delete them?

[AndyManchesta]

Hi Mya,

The Notifier entry is fine and you can delete all the text files you created earlier as they are not needed now,

For One Care, is the 90 days up and are you intending to buy it once it does expire ? if not then I can post links to a free Antivirus and firewall program and One Care can then be removed

Andy

[mya91728]

im not planning on buying it
thats why we get the probs with our computer that we do. i dont update things as often as i should, im too busy with my kids, i dont get a lot of time (i have a newborn and a 3 year old)

i wasnt aware i COULD get anything free

should i keep the super anti spyware then?

and i need to get a firewall thing?
heh...i sound like an idiot, but im still not sure what all that is for

[AndyManchesta]

There's plenty of free protection around, For Antivirus Avast, AVG, Antivir and AOL Active Shield are all great free programs, Id recommend using AOL's Active Shield though as its powered by Kaspersky which easily makes it one of the best free programs around, I use it on my pc's and Im really impressed with it plus it will not expire and updates itself automatically

For a Firewall program again there is plenty of choice, Sygate, Kerio, ZoneAlarm, Comodo, PC Tools Firewall etc.. and they all provide good free programs,

The first thing to do is remove One Care if its only the trial version and you didnt want to buy it by going to the Add/Remove screen (Start Menu > Control Panel > Add or Remove Programs) and removing Windows Live OneCare , if you have any probelms removing it you can get a Cleanup tool from Microsoft Here

Once its removed reboot the PC and then install AOL's Active Shield

Please download Active Virus Shield (Powered by Kaspersky) and save it to your desktop.

• Please remember to register for your Activation Code using a legitimate email address.
  
• Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process:
  
  
  
  
• Then please update the program and run a scan on "My Computer". Allow it to neutralize all that it finds.

Here are some good free firewalls (Don't install more than one firewall program though as they will conflict with each other), I use PC Tools Firewall on mine at the moment (I unchecked the option to Install SpywareDoctor though as part of the setup as it wasnt something I needed) and Ive also used ZoneAlarm in the past and I think you will find either of them very easy to use but Im sure the others will work just as well, if you wanted to get more views on which is best you could always post on the Software area of this forum and Im sure other members will offer their opinions.

• ZoneAlarm,
  
• PC Tools Firewall Plus
  
• Sunbelt Kerio
  
• Comodo Personal Firewall
  
• Outpost

A tutorial on understanding and using firewalls can be found here

Regarding SuperAntispy, its a free program so its fine to keep it installed if you like it, Im sure it will do a good job of removing anything it detects and if you wanted to remove it anytime then it can be easily uninstalled using the Add/Remove screen, its ok to have more than one Antispyware scanner as they do not conflict in the same way as Antivirus programs would

Let us know if you have any problems

Andy

[mya91728]

I already have the AVG anti spyware, on my computer...thru all those instructions i used earlier. would you recommend that i erase that and instead use the AOL active shield?

[AndyManchesta]

AVG Antispyware is a spyware remover and not an AntiVirus program so its fine to keep AVG Antispy installed and install AOL Active Shield as they both do different things, If you have removed One Care then you should install the Antivirus soon to keep the machine protected,

SuperAntiSpy and AVG Antispy are more similar as they go for the same 'spyware' so you could remove one of those if you wanted to but its also fine to keep them both as they are not Antivirus programs.

Ive never actually used SuperAntispyware so I cannot comment on it but I like AVG Antispy and use that alot, even though its only a 30 day trial it only stops the real time protection and auto updates after that has expired but you still update manually and use the scanner anytime you want so I find that very useful as I dont really want an antispy scanner running all the time. Having my Antivirus and Firewall running all the time is enough for me (AOL's Active Shield can also be set to detect Adware, Spyware & Dialers using the settings > protection menu), I just use AVG Antispy once every couple of weeks or so just to scan the system to see if there's ever any problems but there never is apart from cookies which are just harmless text files so I dont feel the need to have an Antispy program running all the time but Im sure other people will have different views so its really whatever works best for you.

[mya91728]

on active virus it popped up while i was scanning my computer "manual scan warning"
detected :
adware:
not-a-virus:adware.win32.agent.bn
file:
c:\...\rp403\a0042280.dlll
action
file contains adware and cannot be disinfected



should i delete or "skip" ?


it also says "please restart computer to complete installation of new or updated components. do i need to? i just did the scan and it took like 45 mins. do i need to do it again?
and it also says apply to all...should i check box?

[AndyManchesta]

No you dont need to run a scan again, it will keep prompting you to run a full scan though after its installed but once thats finished you shouldnt get any other alerts from it, just reboot when its finished the scan, for the file it detected its just in the system restore area so it cannot cause you any harm, allow it to delete anything that it finds or neutralize and apply to all if it gives that option

When done, launch Active Virus Shield's main window.




Click the "Scan" button on the left, and then click "Detected".



In the window that shows, click the "Save As" button to save a copy of the log so you can copy and paste it back on here

[mya91728]

Protection
----------
Total scanned: 6124
Detected: 7
Untreated: 0
Start time: 7/5/2007 7:33:10 PM
Duration: 00:14:41


Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan-Downloader.Win32.Agent.alr File: C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP403\A0040197.exe/file01
deleted: Trojan program Trojan-Dropper.Win32.Agent.aue File: C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP403\A0040202.exe
deleted: adware not-a-virus:AdWare.Win32.Look2Me.ag File: C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP403\A0040206.ocx
deleted: Trojan program Trojan-Downloader.Win32.Agent.bwq File: C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP403\A0040207.exe/PE_Patch.PECompact/PecBundle/PECompact
deleted: adware not-a-virus:AdWare.Win32.Agent.bn File: C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP403\A0042280.dll
deleted: adware not-a-virus:AdWare.Win32.Agent.bn File: C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP403\A0042282.dll
deleted: adware not-a-virus:AdWare.Win32.Agent.bn File: C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP403\A0042283.dll


Events
------
Time Event
---- -----
7/5/2007 5:20:23 PM A full computer scan has never been performed. Please complete a full scan as soon as possible. The initial scan may be time consuming, but you may pause and resume the scan at any time.
7/5/2007 5:22:54 PM A full computer scan has never been performed. Please complete a full scan as soon as possible. The initial scan may be time consuming, but you may pause and resume the scan at any time.
7/5/2007 5:30:25 PM Please restart your computer to complete the installation of new or updated protection components.
7/5/2007 5:30:32 PM Update completed successfully.
7/5/2007 5:51:23 PM File C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP403\A0040197.exe/file01: detected Trojan program Trojan-Downloader.Win32.Agent.alr
7/5/2007 5:51:23 PM Security threats have been detected. You are advised to neutralize them immediately.
7/5/2007 5:51:23 PM File C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP403\A0040197.exe/file01: is not disinfected, postponed
7/5/2007 5:51:26 PM File C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP403\A0040202.exe: detected Trojan program Trojan-Dropper.Win32.Agent.aue
7/5/2007 5:51:26 PM File C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP403\A0040202.exe: is not disinfected, postponed
7/5/2007 5:51:27 PM File C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP403\A0040206.ocx: detected adware not-a-virus:AdWare.Win32.Look2Me.ag
7/5/2007 5:51:27 PM File C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP403\A0040206.ocx: is not disinfected, postponed
7/5/2007 5:51:27 PM File C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP403\A0040207.exe/PE_Patch.PECompact/PecBundle/PECompact: detected Trojan program Trojan-Downloader.Win32.Agent.bwq
7/5/2007 5:51:27 PM File C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP403\A0040207.exe/PE_Patch.PECompact/PecBundle/PECompact: is not disinfected, postponed
7/5/2007 5:51:31 PM File C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP403\A0042280.dll: detected adware not-a-virus:AdWare.Win32.Agent.bn
7/5/2007 5:51:31 PM File C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP403\A0042280.dll: is not disinfected, postponed
7/5/2007 5:51:31 PM File C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP403\A0042282.dll: detected adware not-a-virus:AdWare.Win32.Agent.bn
7/5/2007 5:51:31 PM File C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP403\A0042282.dll: is not disinfected, postponed
7/5/2007 5:51:31 PM File C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP403\A0042283.dll: detected adware not-a-virus:AdWare.Win32.Agent.bn
7/5/2007 5:51:31 PM File C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP403\A0042283.dll: is not disinfected, postponed
7/5/2007 7:32:44 PM Process (PID 728) tried to access Active Virus Shield process (PID 776), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
7/5/2007 7:47:02 PM Update completed successfully.


Reports
-------
Task Status Start Finish Size
---- ------ ----- ------ ----
Update completed 7/5/2007 7:33:13 PM 7/5/2007 7:47:02 PM 11 KB
File Anti-Virus running 7/5/2007 7:33:10 PM 104.5 KB
Mail Anti-Virus running 7/5/2007 7:33:10 PM 0 bytes
Scan Startup Objects completed 7/5/2007 7:35:13 PM 7/5/2007 7:36:28 PM 740.4 KB


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----
Infected: adware not-a-virus:AdWare.Win32.Agent.bn c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\rp403\a0042283.dll 70.5 KB
Infected: adware not-a-virus:AdWare.Win32.Look2Me.ag c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\rp403\a0040206.ocx 140.5 KB
Infected: adware not-a-virus:AdWare.Win32.Agent.bn c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\rp403\a0042280.dll 212 KB
Infected: Trojan program Trojan-Dropper.Win32.Agent.aue c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\rp403\a0040202.exe 24.7 KB
Infected: Trojan program Trojan-Downloader.Win32.Agent.bwq c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\rp403\a0040207.exe 21 KB
Infected: Trojan program Trojan-Downloader.Win32.Agent.alr c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\rp403\a0040197.exe 3.6 MB
Infected: adware not-a-virus:AdWare.Win32.Agent.bn c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\rp403\a0042282.dll 51 KB

[AndyManchesta]

Cheers Mya,

Looks good, it just found afew infected restore points so its nice to see it didnt find any active infections, we can reset the restore points anyway now the systems clean,

Click Start Menu > All Programs > Accessories > System Tools > SystemRestore

Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created. Then press OK to clear the temp files found in the initial scan and close Disk Cleanup

Apart from that it looks fine, hows it running now ?