Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Csrss.exe Strain


  • Please log in to reply
13 replies to this topic

#1 nohxpolitan1

nohxpolitan1

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 24 July 2007 - 02:44 PM

It seems that my machine's been infected with some strain of csrss.exe, maybe other stuff too...I get popups, my computer locks up alot and it significantly slower. I've tried numerous tutorials for removal but have gotten nowhere. csrss.exe appears twice and smss.exe are both in my task manager. appreciate any help. Here is my hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:24 PM, on 7/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Documents\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\ferns\My Documents\F?nts\csrss.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\WgaTray.exe
D:\stinger.exe
C:\DOCUME~1\ferns\LOCALS~1\Temp\Rar$EX03.016\HijackThis.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Documents\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\riewpjxe.dll",forkonce
O4 - HKCU\..\Run: [Tyejz] "C:\Documents and Settings\ferns\My Documents\F?nts\csrss.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C339B9B6-80CB-4FA3-9690-30B00C9FC344}: NameServer = 68.94.156.1 68.94.157.1
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\yolqldld.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: Network Associates McShield (McShield) - Unknown owner - C:\Program Files\Network Associates\VirusScan\mcshield.exe (file missing)
O23 - Service: Network Associates Task Manager (McTaskManager) - Unknown owner - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4905 bytes

Edited by nohxpolitan1, 24 July 2007 - 02:46 PM.


BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 24 July 2007 - 04:41 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum nohxpolitan1 :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Please download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.


Also post a fresh HijackThis log please.
Posted Image
Posted Image

#3 nohxpolitan1

nohxpolitan1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 24 July 2007 - 05:32 PM

ok, thank for the help so far. here is combofix's report and a new hjt log. there is a lot of text.

"ferns" - 2007-07-24 15:00:42 [GMT -7:00] - ComboFix 07-07-24.5 - Service Pack 2 FAT32


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\adeeg.bak1
C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\awtsp.dll
C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\awvvv.dll
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\ddaba.dll
C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\ddayy.dll
C:\WINDOWS\system32\ddccc.dll
C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\geeby.dll
C:\WINDOWS\system32\geeda.dll
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\jkkjg.dll
C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jkklk.dll
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\mllmn.dll
C:\WINDOWS\system32\pmkhe.dll
C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\ssqpo.dll
C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\vtsts.dll
C:\WINDOWS\system32\vturr.dll
C:\WINDOWS\system32\vturs.dll
C:\WINDOWS\system32\vtutq.dll
C:\WINDOWS\system32\awtsq.dll
C:\WINDOWS\system32\gthxkvfu.dll
C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\fdcobhmx.dll
C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\pjapqsig.dll
C:\WINDOWS\system32\wdhvvqtt.dll
C:\WINDOWS\system32\tsjkfaae.dll
C:\WINDOWS\system32\ugffyebo.dll
C:\WINDOWS\system32\fcnhsndo.dll
C:\WINDOWS\system32\vikgjbhe.dll
C:\WINDOWS\system32\geebc.dll
C:\WINDOWS\system32\emutnlht.dll
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\kagwsbds.dll
C:\WINDOWS\system32\cmmhyrgn.dll
C:\WINDOWS\system32\dhiidasq.dll
C:\WINDOWS\system32\vtstr.dll
C:\WINDOWS\system32\bsejamgt.dll
C:\WINDOWS\system32\awtqp.dll
C:\WINDOWS\system32\wedabgln.dll
C:\WINDOWS\system32\apieiumu.dll
C:\WINDOWS\system32\ivyewuvt.dll
C:\WINDOWS\system32\tsrjuvhe.dll
C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\vsxwdmha.dll
C:\WINDOWS\system32\brpivjdd.dll
C:\WINDOWS\system32\ktqkbxqq.dll
C:\WINDOWS\system32\mljji.dll
C:\WINDOWS\system32\clyfyryy.dll
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\nhpmankm.dll
C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\ulgmmacj.dll
C:\WINDOWS\system32\qpxslfaq.dll
C:\WINDOWS\system32\dsjksnip.dll
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\aawsjcey.dll
C:\WINDOWS\system32\ddayw.dll
C:\WINDOWS\system32\oxlenntu.dll
C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\aqteoxtu.dll
C:\WINDOWS\system32\iqhfmbab.dll
C:\WINDOWS\system32\axrgqvxk.dll
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\prmifcfp.dll
C:\WINDOWS\system32\yhyfjfdr.dll
C:\WINDOWS\system32\rbfhoxtc.dll
C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\system32\gebca.dll
C:\WINDOWS\system32\yktjeffr.dll
C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\pdhonpls.dll
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\xunbnncg.dll
C:\WINDOWS\system32\vtutr.dll
C:\WINDOWS\system32\xukquvkn.dll
C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\hmodfqtf.dll
C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\xgauevai.dll
C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\ukkfbsxm.dll
C:\WINDOWS\system32\wkihbcdy.dll
C:\WINDOWS\system32\woacsfjg.dll
C:\WINDOWS\system32\xsumdsmq.dll
C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\rtltwplb.dll
C:\WINDOWS\system32\kkcyvwha.dll
C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\fxmpwarc.dll
C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\rchouplh.dll
C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\bqvhhjtt.dll
C:\WINDOWS\system32\mllmj.dll
C:\WINDOWS\system32\ygbjcreh.dll
C:\WINDOWS\system32\gynthwle.dll
C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\kptivlus.dll
C:\WINDOWS\system32\vtstt.dll
C:\WINDOWS\system32\bnjitcrb.dll
C:\WINDOWS\system32\agkasniy.dll
C:\WINDOWS\system32\tdguoofw.dll
C:\WINDOWS\system32\mhkfvciw.dll
C:\WINDOWS\system32\bbnjpsyo.dll
C:\WINDOWS\system32\rvnmnqin.dll
C:\WINDOWS\system32\aubmigth.dll
C:\WINDOWS\system32\cragyaly.dll
C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\tmsifetd.dll
C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\cxgbeoxj.dll
C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\etqrbbje.dll
C:\WINDOWS\system32\mqmtxnni.dll
C:\WINDOWS\system32\ddcya.dll
C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\system32\mljjklk.dll
C:\WINDOWS\system32\pmnkjjg.dll
C:\WINDOWS\system32\ssqpqpm.dll
C:\WINDOWS\system32\cbxyxus.dll
C:\WINDOWS\SYSTEM32\pstwa.ini
C:\WINDOWS\SYSTEM32\pstwa.bak1
C:\WINDOWS\SYSTEM32\sstwa.bak1
C:\WINDOWS\SYSTEM32\sstwa.ini
C:\WINDOWS\SYSTEM32\qtvwa.ini
C:\WINDOWS\SYSTEM32\qtvwa.bak1
C:\WINDOWS\SYSTEM32\stvwa.ini
C:\WINDOWS\SYSTEM32\stvwa.bak1
C:\WINDOWS\SYSTEM32\vvvwa.ini
C:\WINDOWS\SYSTEM32\vvvwa.bak1
C:\WINDOWS\SYSTEM32\wvvwa.ini
C:\WINDOWS\SYSTEM32\wvvwa.bak1
C:\WINDOWS\SYSTEM32\abadd.bak1
C:\WINDOWS\SYSTEM32\abadd.ini
C:\WINDOWS\SYSTEM32\xyadd.bak1
C:\WINDOWS\SYSTEM32\xyadd.ini
C:\WINDOWS\SYSTEM32\yyadd.ini
C:\WINDOWS\SYSTEM32\yyadd.bak1
C:\WINDOWS\SYSTEM32\cccdd.bak1
C:\WINDOWS\SYSTEM32\cccdd.ini
C:\WINDOWS\SYSTEM32\wycdd.bak1
C:\WINDOWS\SYSTEM32\wycdd.ini
C:\WINDOWS\SYSTEM32\xycdd.ini
C:\WINDOWS\SYSTEM32\xycdd.tmp
C:\WINDOWS\SYSTEM32\xycdd.bak1
C:\WINDOWS\SYSTEM32\ccbeg.bak1
C:\WINDOWS\SYSTEM32\ccbeg.ini
C:\WINDOWS\SYSTEM32\aybeg.bak1
C:\WINDOWS\SYSTEM32\aybeg.ini
C:\WINDOWS\SYSTEM32\vybeg.bak1
C:\WINDOWS\SYSTEM32\vybeg.ini
C:\WINDOWS\SYSTEM32\ybeeg.bak1
C:\WINDOWS\SYSTEM32\ybeeg.ini
C:\WINDOWS\SYSTEM32\adeeg.bak1
C:\WINDOWS\SYSTEM32\adeeg.ini
C:\WINDOWS\SYSTEM32\bdeeg.bak1
C:\WINDOWS\SYSTEM32\bdeeg.ini
C:\WINDOWS\SYSTEM32\fhhkj.ini
C:\WINDOWS\SYSTEM32\fhhkj.bak1
C:\WINDOWS\SYSTEM32\ihhkj.bak1
C:\WINDOWS\SYSTEM32\ihhkj.ini
C:\WINDOWS\SYSTEM32\gjkkj.bak1
C:\WINDOWS\SYSTEM32\gjkkj.tmp
C:\WINDOWS\SYSTEM32\gjkkj.ini
C:\WINDOWS\SYSTEM32\ijkkj.ini
C:\WINDOWS\SYSTEM32\ijkkj.bak1
C:\WINDOWS\SYSTEM32\klkkj.ini
C:\WINDOWS\SYSTEM32\klkkj.bak1
C:\WINDOWS\SYSTEM32\llkkj.ini
C:\WINDOWS\SYSTEM32\llkkj.bak1
C:\WINDOWS\SYSTEM32\lmllm.ini
C:\WINDOWS\SYSTEM32\lmllm.bak1
C:\WINDOWS\SYSTEM32\nmllm.ini
C:\WINDOWS\SYSTEM32\nmllm.bak1
C:\WINDOWS\SYSTEM32\nmllm.bak2
C:\WINDOWS\SYSTEM32\ehkmp.ini
C:\WINDOWS\SYSTEM32\ehkmp.bak1
C:\WINDOWS\SYSTEM32\ihkmp.ini
C:\WINDOWS\SYSTEM32\ihkmp.bak1
C:\WINDOWS\SYSTEM32\hjkmp.bak1
C:\WINDOWS\SYSTEM32\hjkmp.ini
C:\WINDOWS\SYSTEM32\llnmp.ini
C:\WINDOWS\SYSTEM32\llnmp.bak1
C:\WINDOWS\SYSTEM32\opqss.tmp
C:\WINDOWS\SYSTEM32\opqss.ini
C:\WINDOWS\SYSTEM32\opqss.bak1
C:\WINDOWS\SYSTEM32\rrqss.ini
C:\WINDOWS\SYSTEM32\rrqss.bak1
C:\WINDOWS\SYSTEM32\srqss.ini
C:\WINDOWS\SYSTEM32\srqss.bak1
C:\WINDOWS\SYSTEM32\pqtss.tmp
C:\WINDOWS\SYSTEM32\pqtss.ini
C:\WINDOWS\SYSTEM32\pqtss.bak1
C:\WINDOWS\SYSTEM32\tttss.ini
C:\WINDOWS\SYSTEM32\tttss.bak1
C:\WINDOWS\SYSTEM32\uttss.bak1
C:\WINDOWS\SYSTEM32\uttss.ini
C:\WINDOWS\SYSTEM32\qtstv.ini
C:\WINDOWS\SYSTEM32\qtstv.bak1
C:\WINDOWS\SYSTEM32\ststv.bak1
C:\WINDOWS\SYSTEM32\ststv.ini
C:\WINDOWS\SYSTEM32\rrutv.bak1
C:\WINDOWS\SYSTEM32\srutv.bak1
C:\WINDOWS\SYSTEM32\srutv.ini
C:\WINDOWS\SYSTEM32\qtutv.bak1
C:\WINDOWS\SYSTEM32\qtutv.ini
C:\WINDOWS\SYSTEM32\qstwa.ini
C:\WINDOWS\SYSTEM32\qstwa.bak1
C:\WINDOWS\SYSTEM32\ufvkxhtg.ini
C:\WINDOWS\SYSTEM32\ilkkj.ini
C:\WINDOWS\SYSTEM32\ilkkj.bak1
C:\WINDOWS\SYSTEM32\xmhbocdf.ini
C:\WINDOWS\SYSTEM32\gfhkj.ini
C:\WINDOWS\SYSTEM32\gfhkj.bak1
C:\WINDOWS\SYSTEM32\gisqpajp.ini
C:\WINDOWS\SYSTEM32\ttqvvhdw.ini
C:\WINDOWS\SYSTEM32\eaafkjst.ini
C:\WINDOWS\SYSTEM32\obeyffgu.ini
C:\WINDOWS\SYSTEM32\odnshncf.ini
C:\WINDOWS\SYSTEM32\ehbjgkiv.ini
C:\WINDOWS\SYSTEM32\cbeeg.ini
C:\WINDOWS\SYSTEM32\cbeeg.bak1
C:\WINDOWS\SYSTEM32\thlntume.ini
C:\WINDOWS\SYSTEM32\bcbeg.ini
C:\WINDOWS\SYSTEM32\sdbswgak.ini
C:\WINDOWS\SYSTEM32\ngryhmmc.ini
C:\WINDOWS\SYSTEM32\qsadiihd.ini
C:\WINDOWS\SYSTEM32\rtstv.ini
C:\WINDOWS\SYSTEM32\rtstv.bak1
C:\WINDOWS\SYSTEM32\tgmajesb.ini
C:\WINDOWS\SYSTEM32\pqtwa.ini
C:\WINDOWS\SYSTEM32\pqtwa.bak1
C:\WINDOWS\SYSTEM32\nlgbadew.ini
C:\WINDOWS\SYSTEM32\umuieipa.ini
C:\WINDOWS\SYSTEM32\tvuweyvi.ini
C:\WINDOWS\SYSTEM32\ehvujrst.ini
C:\WINDOWS\SYSTEM32\mlnmp.ini
C:\WINDOWS\SYSTEM32\mlnmp.bak1
C:\WINDOWS\SYSTEM32\ahmdwxsv.ini
C:\WINDOWS\SYSTEM32\ddjviprb.ini
C:\WINDOWS\SYSTEM32\qqxbkqtk.ini
C:\WINDOWS\SYSTEM32\ijjlm.ini
C:\WINDOWS\SYSTEM32\ijjlm.bak1
C:\WINDOWS\SYSTEM32\yyryfylc.ini
C:\WINDOWS\SYSTEM32\dfhkj.bak1
C:\WINDOWS\SYSTEM32\dfhkj.ini
C:\WINDOWS\SYSTEM32\dfhkj.tmp
C:\WINDOWS\SYSTEM32\mknamphn.ini
C:\WINDOWS\SYSTEM32\bccdd.ini
C:\WINDOWS\SYSTEM32\bccdd.bak1
C:\WINDOWS\SYSTEM32\jcammglu.ini
C:\WINDOWS\SYSTEM32\qaflsxpq.ini
C:\WINDOWS\SYSTEM32\pinskjsd.ini
C:\WINDOWS\SYSTEM32\hjllm.ini
C:\WINDOWS\SYSTEM32\hjllm.bak1
C:\WINDOWS\SYSTEM32\yecjswaa.ini
C:\WINDOWS\SYSTEM32\wyadd.bak1
C:\WINDOWS\SYSTEM32\wyadd.ini
C:\WINDOWS\SYSTEM32\utnnelxo.ini
C:\WINDOWS\SYSTEM32\klnmp.tmp
C:\WINDOWS\SYSTEM32\klnmp.ini
C:\WINDOWS\SYSTEM32\klnmp.bak1
C:\WINDOWS\SYSTEM32\utxoetqa.ini
C:\WINDOWS\SYSTEM32\babmfhqi.ini
C:\WINDOWS\SYSTEM32\kxvqgrxa.ini
C:\WINDOWS\SYSTEM32\hgjlm.bak1
C:\WINDOWS\SYSTEM32\hgjlm.ini
C:\WINDOWS\SYSTEM32\pfcfimrp.ini
C:\WINDOWS\SYSTEM32\rdfjfyhy.ini
C:\WINDOWS\SYSTEM32\ctxohfbr.ini
C:\WINDOWS\SYSTEM32\cdeeg.ini
C:\WINDOWS\SYSTEM32\cdeeg.bak1
C:\WINDOWS\SYSTEM32\acbeg.ini
C:\WINDOWS\SYSTEM32\acbeg.bak1
C:\WINDOWS\SYSTEM32\rffejtky.ini
C:\WINDOWS\SYSTEM32\rstwa.ini
C:\WINDOWS\SYSTEM32\rstwa.bak1
C:\WINDOWS\SYSTEM32\slpnohdp.ini
C:\WINDOWS\SYSTEM32\xybeg.bak1
C:\WINDOWS\SYSTEM32\gcnnbnux.ini
C:\WINDOWS\SYSTEM32\rtutv.ini
C:\WINDOWS\SYSTEM32\rtutv.bak1
C:\WINDOWS\SYSTEM32\nkvuqkux.ini
C:\WINDOWS\SYSTEM32\dcbeg.ini
C:\WINDOWS\SYSTEM32\dcbeg.bak1
C:\WINDOWS\SYSTEM32\ftqfdomh.ini
C:\WINDOWS\SYSTEM32\fhkmp.bak1
C:\WINDOWS\SYSTEM32\fhkmp.tmp
C:\WINDOWS\SYSTEM32\iaveuagx.ini
C:\WINDOWS\SYSTEM32\ghkmp.bak1
C:\WINDOWS\SYSTEM32\ghkmp.ini
C:\WINDOWS\SYSTEM32\ghkmp.tmp
C:\WINDOWS\SYSTEM32\mxsbfkku.ini
C:\WINDOWS\SYSTEM32\ydcbhikw.ini
C:\WINDOWS\SYSTEM32\gjfscaow.ini
C:\WINDOWS\SYSTEM32\qmsdmusx.ini
C:\WINDOWS\SYSTEM32\accdd.bak1
C:\WINDOWS\SYSTEM32\blpwtltr.ini
C:\WINDOWS\SYSTEM32\ahwvyckk.ini
C:\WINDOWS\SYSTEM32\hjjlm.bak1
C:\WINDOWS\SYSTEM32\hjjlm.ini
C:\WINDOWS\SYSTEM32\crawpmxf.ini
C:\WINDOWS\SYSTEM32\nnnmp.ini
C:\WINDOWS\SYSTEM32\nnnmp.bak1
C:\WINDOWS\SYSTEM32\hlpuohcr.ini
C:\WINDOWS\SYSTEM32\ijkmp.ini
C:\WINDOWS\SYSTEM32\ijkmp.bak1
C:\WINDOWS\SYSTEM32\ttjhhvqb.ini
C:\WINDOWS\SYSTEM32\jmllm.ini
C:\WINDOWS\SYSTEM32\jmllm.bak1
C:\WINDOWS\SYSTEM32\hercjbgy.ini
C:\WINDOWS\SYSTEM32\elwhtnyg.ini
C:\WINDOWS\SYSTEM32\ppqss.ini
C:\WINDOWS\SYSTEM32\ppqss.bak1
C:\WINDOWS\SYSTEM32\vyadd.bak1
C:\WINDOWS\SYSTEM32\vyadd.ini
C:\WINDOWS\SYSTEM32\sulvitpk.ini
C:\WINDOWS\SYSTEM32\ttstv.ini
C:\WINDOWS\SYSTEM32\ttstv.bak1
C:\WINDOWS\SYSTEM32\brctijnb.ini
C:\WINDOWS\SYSTEM32\yinsakga.ini
C:\WINDOWS\SYSTEM32\wfoougdt.ini
C:\WINDOWS\SYSTEM32\wicvfkhm.ini
C:\WINDOWS\SYSTEM32\oyspjnbb.ini
C:\WINDOWS\SYSTEM32\niqnmnvr.ini
C:\WINDOWS\SYSTEM32\ylaygarc.ini
C:\WINDOWS\SYSTEM32\rtvwa.bak1
C:\WINDOWS\SYSTEM32\rtvwa.ini
C:\WINDOWS\SYSTEM32\dtefismt.ini
C:\WINDOWS\SYSTEM32\qqtwa.bak1
C:\WINDOWS\SYSTEM32\qqtwa.tmp
C:\WINDOWS\SYSTEM32\qqtwa.ini
C:\WINDOWS\SYSTEM32\jxoebgxc.ini
C:\WINDOWS\SYSTEM32\yccdd.ini
C:\WINDOWS\SYSTEM32\yccdd.bak1
C:\WINDOWS\SYSTEM32\ejbbrqte.ini
C:\WINDOWS\SYSTEM32\innxtmqm.ini
C:\WINDOWS\SYSTEM32\aycdd.bak1
C:\WINDOWS\SYSTEM32\aycdd.ini
C:\WINDOWS\SYSTEM32\stutv.ini
C:\WINDOWS\SYSTEM32\stutv.bak1
C:\WINDOWS\SYSTEM32\mlnmp.ini
C:\WINDOWS\SYSTEM32\mlnmp.bak1
C:\WINDOWS\SYSTEM32\rrqss.ini
C:\WINDOWS\SYSTEM32\rrqss.bak1
C:\WINDOWS\SYSTEM32\ehkmp.ini
C:\WINDOWS\SYSTEM32\ehkmp.bak1
C:\WINDOWS\SYSTEM32\srutv.bak1
C:\WINDOWS\SYSTEM32\srutv.ini
C:\WINDOWS\SYSTEM32\ijjlm.ini
C:\WINDOWS\SYSTEM32\ijjlm.bak1
C:\WINDOWS\SYSTEM32\dfhkj.bak1
C:\WINDOWS\SYSTEM32\dfhkj.ini
C:\WINDOWS\SYSTEM32\dfhkj.tmp
C:\WINDOWS\SYSTEM32\bccdd.ini
C:\WINDOWS\SYSTEM32\bccdd.bak1
C:\WINDOWS\SYSTEM32\yyadd.ini
C:\WINDOWS\SYSTEM32\yyadd.bak1
C:\WINDOWS\SYSTEM32\uttss.bak1
C:\WINDOWS\SYSTEM32\uttss.ini
C:\WINDOWS\SYSTEM32\jlkkj.bak1
C:\WINDOWS\SYSTEM32\hjllm.ini
C:\WINDOWS\SYSTEM32\hjllm.bak1
C:\WINDOWS\SYSTEM32\wyadd.bak1
C:\WINDOWS\SYSTEM32\wyadd.ini
C:\WINDOWS\SYSTEM32\ybeeg.bak1
C:\WINDOWS\SYSTEM32\ybeeg.ini
C:\WINDOWS\SYSTEM32\klnmp.tmp
C:\WINDOWS\SYSTEM32\klnmp.ini
C:\WINDOWS\SYSTEM32\klnmp.bak1
C:\WINDOWS\SYSTEM32\lmllm.ini
C:\WINDOWS\SYSTEM32\lmllm.bak1
C:\WINDOWS\SYSTEM32\llkkj.ini
C:\WINDOWS\SYSTEM32\llkkj.bak1
C:\WINDOWS\SYSTEM32\xyadd.bak1
C:\WINDOWS\SYSTEM32\xyadd.ini
C:\WINDOWS\SYSTEM32\hjkmp.bak1
C:\WINDOWS\SYSTEM32\hjkmp.ini
C:\WINDOWS\SYSTEM32\hgjlm.bak1
C:\WINDOWS\SYSTEM32\hgjlm.ini
C:\WINDOWS\SYSTEM32\pstwa.ini
C:\WINDOWS\SYSTEM32\pstwa.bak1
C:\WINDOWS\SYSTEM32\bdeeg.bak1
C:\WINDOWS\SYSTEM32\bdeeg.ini
C:\WINDOWS\SYSTEM32\tttss.ini
C:\WINDOWS\SYSTEM32\tttss.bak1
C:\WINDOWS\SYSTEM32\cdeeg.ini
C:\WINDOWS\SYSTEM32\cdeeg.bak1
C:\WINDOWS\SYSTEM32\acbeg.ini
C:\WINDOWS\SYSTEM32\acbeg.bak1
C:\WINDOWS\SYSTEM32\rstwa.ini
C:\WINDOWS\SYSTEM32\rstwa.bak1
C:\WINDOWS\SYSTEM32\xybeg.bak1
C:\WINDOWS\SYSTEM32\rtutv.ini
C:\WINDOWS\SYSTEM32\rtutv.bak1
C:\WINDOWS\SYSTEM32\srqss.ini
C:\WINDOWS\SYSTEM32\srqss.bak1
C:\WINDOWS\SYSTEM32\dcbeg.ini
C:\WINDOWS\SYSTEM32\dcbeg.bak1
C:\WINDOWS\SYSTEM32\fhkmp.bak1
C:\WINDOWS\SYSTEM32\fhkmp.tmp
C:\WINDOWS\SYSTEM32\ghkmp.bak1
C:\WINDOWS\SYSTEM32\ghkmp.ini
C:\WINDOWS\SYSTEM32\ghkmp.tmp
C:\WINDOWS\SYSTEM32\cccdd.bak1
C:\WINDOWS\SYSTEM32\cccdd.ini
C:\WINDOWS\SYSTEM32\vybeg.bak1
C:\WINDOWS\SYSTEM32\vybeg.ini
C:\WINDOWS\SYSTEM32\rrutv.bak1
C:\WINDOWS\SYSTEM32\accdd.bak1
C:\WINDOWS\SYSTEM32\qtutv.bak1
C:\WINDOWS\SYSTEM32\qtutv.ini
C:\WINDOWS\SYSTEM32\hjjlm.bak1
C:\WINDOWS\SYSTEM32\hjjlm.ini
C:\WINDOWS\SYSTEM32\nnnmp.ini
C:\WINDOWS\SYSTEM32\nnnmp.bak1
C:\WINDOWS\SYSTEM32\ijkmp.ini
C:\WINDOWS\SYSTEM32\ijkmp.bak1
C:\WINDOWS\SYSTEM32\fhhkj.ini
C:\WINDOWS\SYSTEM32\fhhkj.bak1
C:\WINDOWS\SYSTEM32\jmllm.ini
C:\WINDOWS\SYSTEM32\jmllm.bak1
C:\WINDOWS\SYSTEM32\ccbeg.bak1
C:\WINDOWS\SYSTEM32\ccbeg.ini
C:\WINDOWS\SYSTEM32\ppqss.ini
C:\WINDOWS\SYSTEM32\ppqss.bak1
C:\WINDOWS\SYSTEM32\vyadd.bak1
C:\WINDOWS\SYSTEM32\vyadd.ini
C:\WINDOWS\SYSTEM32\ststv.bak1
C:\WINDOWS\SYSTEM32\ststv.ini
C:\WINDOWS\SYSTEM32\ttstv.ini
C:\WINDOWS\SYSTEM32\ttstv.bak1
C:\WINDOWS\SYSTEM32\gjkkj.bak1
C:\WINDOWS\SYSTEM32\gjkkj.tmp
C:\WINDOWS\SYSTEM32\gjkkj.ini
C:\WINDOWS\SYSTEM32\aybeg.bak1
C:\WINDOWS\SYSTEM32\aybeg.ini
C:\WINDOWS\SYSTEM32\sstwa.bak1
C:\WINDOWS\SYSTEM32\sstwa.ini
C:\WINDOWS\SYSTEM32\ihkmp.ini
C:\WINDOWS\SYSTEM32\ihkmp.bak1
C:\WINDOWS\SYSTEM32\wycdd.bak1
C:\WINDOWS\SYSTEM32\wycdd.ini
C:\WINDOWS\SYSTEM32\rtvwa.bak1
C:\WINDOWS\SYSTEM32\rtvwa.ini
C:\WINDOWS\SYSTEM32\qqtwa.bak1
C:\WINDOWS\SYSTEM32\qqtwa.tmp
C:\WINDOWS\SYSTEM32\qqtwa.ini
C:\WINDOWS\SYSTEM32\yccdd.ini
C:\WINDOWS\SYSTEM32\yccdd.bak1
C:\WINDOWS\SYSTEM32\adeeg.bak1
C:\WINDOWS\SYSTEM32\adeeg.ini
C:\WINDOWS\SYSTEM32\ihhkj.bak1
C:\WINDOWS\SYSTEM32\ihhkj.ini
C:\WINDOWS\SYSTEM32\aycdd.bak1
C:\WINDOWS\SYSTEM32\aycdd.ini
C:\WINDOWS\SYSTEM32\stutv.ini
C:\WINDOWS\SYSTEM32\stutv.bak1
C:\WINDOWS\SYSTEM32\abadd.bak1
C:\WINDOWS\SYSTEM32\abadd.ini
C:\WINDOWS\system32\ljjjiii.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ferns\APPLIC~1.\ystem3~1
C:\DOCUME~1\ferns\MYDOCU~1.\fnts~1
C:\DOCUME~1\ferns\MYDOCU~1.\fnts~1\csrss.exe
C:\DOCUME~1\ferns\MYDOCU~1.\ppatch~1
C:\DOCUME~1\ferns\MYDOCU~1.\sstem3~1
C:\Documents and Settings\ferns.\err.log
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\video access activex object
C:\WINDOWS\b122.exe
C:\WINDOWS\b129.exe
C:\WINDOWS\dobe~1
C:\WINDOWS\DOWNLO~1.\temp
C:\WINDOWS\ppatch~1
C:\WINDOWS\ppatch~1\msiexec.exe
C:\WINDOWS\start.exe
C:\WINDOWS\system32\ssembl~1
C:\WINDOWS\system32\ssembl~1\dllhost.exe
C:\WINDOWS\system32\wnsapiicom.exe
C:\WINDOWS\system32\ystem3~1
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 )))))))))))))))))))))))))))))))


2007-07-24 15:26 <DIR> d--hs---- C:\FOUND.000
2007-07-24 14:59 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-24 12:02 125,972 --a------ C:\WINDOWS\SYSTEM32\riewpjxe.dll
2007-07-24 11:35 125,972 --a------ C:\WINDOWS\SYSTEM32\kefjiivn.dll
2007-07-24 10:58 125,972 --a------ C:\WINDOWS\SYSTEM32\ownlpstl.dll
2007-07-24 10:57 <DIR> d-------- C:\!KillBox
2007-07-24 10:26 125,972 --a------ C:\WINDOWS\SYSTEM32\ifncpchq.dll
2007-07-19 19:32 66,580 --a------ C:\WINDOWS\SYSTEM32\xxyunsah.dll
2007-07-19 10:54 66,580 --a------ C:\WINDOWS\SYSTEM32\qacwkfeo.dll
2007-07-18 10:45 66,580 --a------ C:\WINDOWS\SYSTEM32\jmwwdbuw.dll
2007-07-17 19:49 66,580 --a------ C:\WINDOWS\SYSTEM32\didkqxxd.dll
2007-07-17 10:50 66,580 --a------ C:\WINDOWS\SYSTEM32\sxtkvdsl.dll
2007-07-16 10:27 66,580 --a------ C:\WINDOWS\SYSTEM32\spdffecd.dll
2007-07-15 10:08 66,580 --a------ C:\WINDOWS\SYSTEM32\qtcqomiq.dll
2007-07-14 10:38 66,580 --a------ C:\WINDOWS\SYSTEM32\faateysl.dll
2007-07-11 10:55 66,580 --a------ C:\WINDOWS\SYSTEM32\qyryrnlf.dll
2007-07-11 10:46 66,068 --a------ C:\WINDOWS\SYSTEM32\anitgtpk.exe
2007-07-10 18:43 66,068 --a------ C:\WINDOWS\SYSTEM32\jssgitlu.exe
2007-07-10 11:07 66,068 --a------ C:\WINDOWS\SYSTEM32\bruxqldq.exe
2007-07-09 22:34 66,068 --a------ C:\WINDOWS\SYSTEM32\wpclcpmf.exe
2007-07-09 10:21 66,068 --a------ C:\WINDOWS\SYSTEM32\dggvjqcs.exe
2007-07-09 02:12 50,708 --a------ C:\WINDOWS\SYSTEM32\phpdrmsc.exe
2007-07-08 20:23 50,708 --a------ C:\WINDOWS\SYSTEM32\cjebjyns.exe
2007-07-08 07:44 50,708 --a------ C:\WINDOWS\SYSTEM32\ietackae.exe
2007-07-08 00:43 50,708 --a------ C:\WINDOWS\SYSTEM32\dxmxnghr.exe
2007-07-07 10:42 50,708 --a------ C:\WINDOWS\SYSTEM32\uafqhpdu.exe
2007-07-06 23:46 50,708 --a------ C:\WINDOWS\SYSTEM32\fhfeachv.exe
2007-07-06 12:19 50,708 --a------ C:\WINDOWS\SYSTEM32\ggekgopt.exe
2007-07-06 08:01 50,708 --a------ C:\WINDOWS\SYSTEM32\rygdhhcb.exe
2007-07-05 23:42 50,708 --a------ C:\WINDOWS\SYSTEM32\yolqldld.exe
2007-07-02 11:00 25,984 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys
2007-07-02 11:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRVSTORE
2007-07-02 10:57 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-02 10:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-22 17:08:18 4,628 ----a-w C:\WINDOWS\system32\uxngxuam.exe
2007-06-10 19:59:44 20,445 ----a-w C:\WINDOWS\hpoins01.dat
2007-06-07 02:41:56 76,560 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-06-07 02:16:14 -------- d-----w C:\Program Files\Common Files\?ppPatch
2007-06-06 07:17:42 424 ----a-w C:\autoexec.bat
2007-06-05 17:51:38 -------- d-----w C:\DOCUME~1\ferns\APPLIC~1\SpywareBot
2007-06-05 17:42:16 -------- d-----w C:\DOCUME~1\ferns\APPLIC~1\AdwareAlert
2007-06-05 07:15:32 -------- d-----w C:\DOCUME~1\ferns\APPLIC~1\Uniblue
2007-06-05 07:05:36 -------- d-----w C:\DOCUME~1\ferns\APPLIC~1\Hewlett-Packard
2007-06-05 06:33:34 -------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-06-03 17:08:54 -------- d-----w C:\DOCUME~1\ferns\APPLIC~1\Leadertech
2007-06-03 17:07:28 -------- d-----w C:\DOCUME~1\ferns\APPLIC~1\AdobeAUM
2007-05-21 13:59:50 60,928 ----a-w C:\WINDOWS\system32\yujnqe.dll
2007-05-21 13:59:50 60,928 ----a-w C:\WINDOWS\system32\yhe.dll
2006-10-21 22:59:04 560 ----a-w C:\DOCUME~1\ferns\APPLIC~1\ViewerApp.dat
2004-06-19 06:17:10 456 --sh--w C:\Program Files\desktop.ini


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe" [2001-08-23 08:00 C:\WINDOWS\SYSTEM32\systray.exe]
"nwiz"="nwiz.exe" [2005-12-10 03:06 C:\WINDOWS\SYSTEM32\nwiz.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-01 20:54]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="D:\Documents\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-17 00:59]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tyejz"="C:\Documents and Settings\ferns\My Documents\F?nts\csrss.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GDRIVE"=C:\IBMTOOLS\IBMBOOT\GDRIVE.EXE -N
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Mouse Suite 98 Daemon"=PELMICED.EXE
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"HotKeysCmds"=C:\WINDOWS\SYSTEM32\hkcmd.exe
"IgfxTray"=C:\WINDOWS\SYSTEM32\igfxtray.exe
"LoadQM"=loadqm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"ICSDCLT"=C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\ICSDCLT.DLL,ICSClient
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\nvcpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\nvmctray.dll,NvTaskbarInit
"OWCCardbusTray"=ocbtray.exe

R1 cdrbsdrv;cdrbsdrv;C:\WINDOWS\system32\drivers\cdrbsdrv.sys
R2 IOPort;IOPort;\??\C:\WINDOWS\System32\DRIVERS\IOPORT.SYS
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 nvax;Service for NVIDIA® nForce™ Audio Enumerator;C:\WINDOWS\system32\drivers\nvax.sys
R3 nvnforce;Service for NVIDIA® nForce™ Audio;C:\WINDOWS\system32\drivers\nvapu.sys
S1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
S3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\EntDrv51.sys
S3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\netrcacm.sys
S3 NVENET;NVIDIA nForce MCP Networking Adapter Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>IEPerUser
RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\^RNA
rundll rnasetup.dll,installoptionalcomponent rna

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA851-CC51-11CF-AAFA-00AA00B6015C}
rundll32.exeadvpack.dll

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

Contents of the 'Scheduled Tasks' folder
2007-07-08 02:00:04 C:\WINDOWS\tasks\Tune-up Application Start.job
2007-06-05 07:15:28 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
2007-07-24 22:00:02 C:\WINDOWS\tasks\A93C7A16919FF7E6.job
2007-07-21 00:15:02 C:\WINDOWS\tasks\1-Click Maintenance.job
2007-07-19 17:58:10 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-20 10:00:02 C:\WINDOWS\tasks\AdwareAlert Scheduled Scan.job
2007-07-15 07:24:02 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
2007-07-20 10:00:02 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
2007-07-10 20:01:22 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1181505583.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-24 15:27:39
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-24 15:29:24 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-24 15:29

--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:31:38 PM, on 7/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Documents\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\notepad.exe
D:\Documents\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Documents\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Tyejz] "C:\Documents and Settings\ferns\My Documents\F?nts\csrss.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: Network Associates McShield (McShield) - Unknown owner - C:\Program Files\Network Associates\VirusScan\mcshield.exe (file missing)
O23 - Service: Network Associates Task Manager (McTaskManager) - Unknown owner - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4468 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 24 July 2007 - 05:44 PM

Copy and paste ALL the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\WINDOWS\SYSTEM32\riewpjxe.dll
C:\WINDOWS\SYSTEM32\kefjiivn.dll
C:\WINDOWS\SYSTEM32\ownlpstl.dll
C:\WINDOWS\SYSTEM32\ifncpchq.dll
C:\WINDOWS\SYSTEM32\xxyunsah.dll
C:\WINDOWS\SYSTEM32\qacwkfeo.dll
C:\WINDOWS\SYSTEM32\jmwwdbuw.dll
C:\WINDOWS\SYSTEM32\didkqxxd.dll
C:\WINDOWS\SYSTEM32\sxtkvdsl.dll
C:\WINDOWS\SYSTEM32\spdffecd.dll
C:\WINDOWS\SYSTEM32\qtcqomiq.dll
C:\WINDOWS\SYSTEM32\faateysl.dll
C:\WINDOWS\SYSTEM32\qyryrnlf.dll
C:\WINDOWS\SYSTEM32\anitgtpk.exe
C:\WINDOWS\SYSTEM32\jssgitlu.exe
C:\WINDOWS\SYSTEM32\bruxqldq.exe
C:\WINDOWS\SYSTEM32\wpclcpmf.exe
C:\WINDOWS\SYSTEM32\dggvjqcs.exe
C:\WINDOWS\SYSTEM32\phpdrmsc.exe
C:\WINDOWS\SYSTEM32\cjebjyns.exe
C:\WINDOWS\SYSTEM32\ietackae.exe
C:\WINDOWS\SYSTEM32\dxmxnghr.exe
C:\WINDOWS\SYSTEM32\uafqhpdu.exe
C:\WINDOWS\SYSTEM32\fhfeachv.exe
C:\WINDOWS\SYSTEM32\ggekgopt.exe
C:\WINDOWS\SYSTEM32\rygdhhcb.exe
C:\WINDOWS\SYSTEM32\yolqldld.exe
C:\WINDOWS\system32\uxngxuam.exe
C:\WINDOWS\system32\yujnqe.dll
C:\WINDOWS\system32\yhe.dll
C:\WINDOWS\tasks\A93C7A16919FF7E6.job
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job

Folder::
C:\DOCUME~1\ferns\APPLIC~1\SpywareBot
C:\Program Files\Common Files\?ppPatch

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tyejz"=-

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.
Posted Image
Posted Image

#5 nohxpolitan1

nohxpolitan1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 25 July 2007 - 02:17 AM

ok, did exactly as you said. here are the latest logs:

"ferns" - 2007-07-25 0:07:54 [GMT -7:00] - ComboFix 07-07-24.5 - Service Pack 2 FAT32
Command switches used :: C:\Documents and Settings\ferns\Desktop\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ferns\APPLIC~1\SpywareBot
C:\DOCUME~1\ferns\APPLIC~1\SpywareBot\Log\log_2007_06_05_10_51_45.log
C:\DOCUME~1\ferns\APPLIC~1\SpywareBot\Log\log_2007_06_05_10_51_56.log
C:\DOCUME~1\ferns\APPLIC~1\SpywareBot\Log\log_2007_06_05_11_08_47.log
C:\DOCUME~1\ferns\APPLIC~1\SpywareBot\Log\log_2007_06_05_11_08_50.log
C:\DOCUME~1\ferns\APPLIC~1\SpywareBot\Settings\CustomScan.stg
C:\DOCUME~1\ferns\APPLIC~1\SpywareBot\Settings\IgnoreList.stg
C:\DOCUME~1\ferns\APPLIC~1\SpywareBot\Settings\ScanInfo.stg
C:\DOCUME~1\ferns\APPLIC~1\SpywareBot\Settings\SelectedFolders.stg
C:\DOCUME~1\ferns\APPLIC~1\SpywareBot\Settings\Settings.stg


((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 )))))))))))))))))))))))))))))))


2007-07-24 15:26 <DIR> d--hs---- C:\FOUND.000
2007-07-24 14:59 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-24 12:02 125,972 --a------ C:\WINDOWS\SYSTEM32\riewpjxe.dll
2007-07-24 11:35 125,972 --a------ C:\WINDOWS\SYSTEM32\kefjiivn.dll
2007-07-24 10:58 125,972 --a------ C:\WINDOWS\SYSTEM32\ownlpstl.dll
2007-07-24 10:57 <DIR> d-------- C:\!KillBox
2007-07-24 10:26 125,972 --a------ C:\WINDOWS\SYSTEM32\ifncpchq.dll
2007-07-19 19:32 66,580 --a------ C:\WINDOWS\SYSTEM32\xxyunsah.dll
2007-07-19 10:54 66,580 --a------ C:\WINDOWS\SYSTEM32\qacwkfeo.dll
2007-07-18 10:45 66,580 --a------ C:\WINDOWS\SYSTEM32\jmwwdbuw.dll
2007-07-17 19:49 66,580 --a------ C:\WINDOWS\SYSTEM32\didkqxxd.dll
2007-07-17 10:50 66,580 --a------ C:\WINDOWS\SYSTEM32\sxtkvdsl.dll
2007-07-16 10:27 66,580 --a------ C:\WINDOWS\SYSTEM32\spdffecd.dll
2007-07-15 10:08 66,580 --a------ C:\WINDOWS\SYSTEM32\qtcqomiq.dll
2007-07-14 10:38 66,580 --a------ C:\WINDOWS\SYSTEM32\faateysl.dll
2007-07-11 10:55 66,580 --a------ C:\WINDOWS\SYSTEM32\qyryrnlf.dll
2007-07-11 10:46 66,068 --a------ C:\WINDOWS\SYSTEM32\anitgtpk.exe
2007-07-10 18:43 66,068 --a------ C:\WINDOWS\SYSTEM32\jssgitlu.exe
2007-07-10 11:07 66,068 --a------ C:\WINDOWS\SYSTEM32\bruxqldq.exe
2007-07-09 22:34 66,068 --a------ C:\WINDOWS\SYSTEM32\wpclcpmf.exe
2007-07-09 10:21 66,068 --a------ C:\WINDOWS\SYSTEM32\dggvjqcs.exe
2007-07-09 02:12 50,708 --a------ C:\WINDOWS\SYSTEM32\phpdrmsc.exe
2007-07-08 20:23 50,708 --a------ C:\WINDOWS\SYSTEM32\cjebjyns.exe
2007-07-08 07:44 50,708 --a------ C:\WINDOWS\SYSTEM32\ietackae.exe
2007-07-08 00:43 50,708 --a------ C:\WINDOWS\SYSTEM32\dxmxnghr.exe
2007-07-07 10:42 50,708 --a------ C:\WINDOWS\SYSTEM32\uafqhpdu.exe
2007-07-06 23:46 50,708 --a------ C:\WINDOWS\SYSTEM32\fhfeachv.exe
2007-07-06 12:19 50,708 --a------ C:\WINDOWS\SYSTEM32\ggekgopt.exe
2007-07-06 08:01 50,708 --a------ C:\WINDOWS\SYSTEM32\rygdhhcb.exe
2007-07-05 23:42 50,708 --a------ C:\WINDOWS\SYSTEM32\yolqldld.exe
2007-07-02 11:00 25,984 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys
2007-07-02 11:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRVSTORE
2007-07-02 10:57 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-02 10:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-22 17:08:18 4,628 ----a-w C:\WINDOWS\system32\uxngxuam.exe
2007-06-10 19:59:44 20,445 ----a-w C:\WINDOWS\hpoins01.dat
2007-06-07 02:41:56 76,560 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-06-07 02:16:14 -------- d-----w C:\Program Files\Common Files\?ppPatch
2007-06-06 07:17:42 424 ----a-w C:\autoexec.bat
2007-06-05 17:42:16 -------- d-----w C:\DOCUME~1\ferns\APPLIC~1\AdwareAlert
2007-06-05 07:15:32 -------- d-----w C:\DOCUME~1\ferns\APPLIC~1\Uniblue
2007-06-05 07:05:36 -------- d-----w C:\DOCUME~1\ferns\APPLIC~1\Hewlett-Packard
2007-06-05 06:33:34 -------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-06-03 17:08:54 -------- d-----w C:\DOCUME~1\ferns\APPLIC~1\Leadertech
2007-06-03 17:07:28 -------- d-----w C:\DOCUME~1\ferns\APPLIC~1\AdobeAUM
2007-05-21 13:59:50 60,928 ----a-w C:\WINDOWS\system32\yujnqe.dll
2007-05-21 13:59:50 60,928 ----a-w C:\WINDOWS\system32\yhe.dll
2006-10-21 22:59:04 560 ----a-w C:\DOCUME~1\ferns\APPLIC~1\ViewerApp.dat
2004-06-19 06:17:10 456 --sh--w C:\Program Files\desktop.ini


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe" [2001-08-23 08:00 C:\WINDOWS\SYSTEM32\systray.exe]
"nwiz"="nwiz.exe" [2005-12-10 03:06 C:\WINDOWS\SYSTEM32\nwiz.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-01 20:54]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="D:\Documents\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-17 00:59]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GDRIVE"=C:\IBMTOOLS\IBMBOOT\GDRIVE.EXE -N
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Mouse Suite 98 Daemon"=PELMICED.EXE
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"HotKeysCmds"=C:\WINDOWS\SYSTEM32\hkcmd.exe
"IgfxTray"=C:\WINDOWS\SYSTEM32\igfxtray.exe
"LoadQM"=loadqm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"ICSDCLT"=C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\ICSDCLT.DLL,ICSClient
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\nvcpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\nvmctray.dll,NvTaskbarInit
"OWCCardbusTray"=ocbtray.exe

R1 cdrbsdrv;cdrbsdrv;C:\WINDOWS\system32\drivers\cdrbsdrv.sys
R2 IOPort;IOPort;\??\C:\WINDOWS\System32\DRIVERS\IOPORT.SYS
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 nvax;Service for NVIDIA® nForce™ Audio Enumerator;C:\WINDOWS\system32\drivers\nvax.sys
R3 nvnforce;Service for NVIDIA® nForce™ Audio;C:\WINDOWS\system32\drivers\nvapu.sys
S1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
S3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\EntDrv51.sys
S3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\netrcacm.sys
S3 NVENET;NVIDIA nForce MCP Networking Adapter Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>IEPerUser
RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\^RNA
rundll rnasetup.dll,installoptionalcomponent rna

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA851-CC51-11CF-AAFA-00AA00B6015C}
rundll32.exeadvpack.dll

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

Contents of the 'Scheduled Tasks' folder
2007-07-08 02:00:04 C:\WINDOWS\tasks\Tune-up Application Start.job
2007-06-05 07:15:28 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
2007-07-25 07:00:02 C:\WINDOWS\tasks\A93C7A16919FF7E6.job
2007-07-21 00:15:02 C:\WINDOWS\tasks\1-Click Maintenance.job
2007-07-19 17:58:10 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-20 10:00:02 C:\WINDOWS\tasks\AdwareAlert Scheduled Scan.job
2007-07-15 07:24:02 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
2007-07-20 10:00:02 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
2007-07-10 20:01:22 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1181505583.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-25 00:11:36
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-25 0:12:16
C:\ComboFix-quarantined-files.txt ... 2007-07-25 00:12
C:\ComboFix2.txt ... 2007-07-24 15:29

--- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:12 AM, on 7/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Documents\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
D:\Documents\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Documents\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C339B9B6-80CB-4FA3-9690-30B00C9FC344}: NameServer = 68.94.156.1 68.94.157.1
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: Network Associates McShield (McShield) - Unknown owner - C:\Program Files\Network Associates\VirusScan\mcshield.exe (file missing)
O23 - Service: Network Associates Task Manager (McTaskManager) - Unknown owner - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4497 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 25 July 2007 - 06:13 AM

Download Avenger from the link below:
http://swandog46.geekstogo.com/avenger.zip
Unzip/extract it to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following bold blue text inside the quote box below:

Files to delete:
C:\WINDOWS\SYSTEM32\riewpjxe.dll
C:\WINDOWS\SYSTEM32\kefjiivn.dll
C:\WINDOWS\SYSTEM32\ownlpstl.dll
C:\WINDOWS\SYSTEM32\ifncpchq.dll
C:\WINDOWS\SYSTEM32\xxyunsah.dll
C:\WINDOWS\SYSTEM32\qacwkfeo.dll
C:\WINDOWS\SYSTEM32\jmwwdbuw.dll
C:\WINDOWS\SYSTEM32\didkqxxd.dll
C:\WINDOWS\SYSTEM32\sxtkvdsl.dll
C:\WINDOWS\SYSTEM32\spdffecd.dll
C:\WINDOWS\SYSTEM32\qtcqomiq.dll
C:\WINDOWS\SYSTEM32\faateysl.dll
C:\WINDOWS\SYSTEM32\qyryrnlf.dll
C:\WINDOWS\SYSTEM32\anitgtpk.exe
C:\WINDOWS\SYSTEM32\jssgitlu.exe
C:\WINDOWS\SYSTEM32\bruxqldq.exe
C:\WINDOWS\SYSTEM32\wpclcpmf.exe
C:\WINDOWS\SYSTEM32\dggvjqcs.exe
C:\WINDOWS\SYSTEM32\phpdrmsc.exe
C:\WINDOWS\SYSTEM32\cjebjyns.exe
C:\WINDOWS\SYSTEM32\ietackae.exe
C:\WINDOWS\SYSTEM32\dxmxnghr.exe
C:\WINDOWS\SYSTEM32\uafqhpdu.exe
C:\WINDOWS\SYSTEM32\fhfeachv.exe
C:\WINDOWS\SYSTEM32\ggekgopt.exe
C:\WINDOWS\SYSTEM32\rygdhhcb.exe
C:\WINDOWS\SYSTEM32\yolqldld.exe
C:\WINDOWS\system32\uxngxuam.exe
C:\WINDOWS\system32\yujnqe.dll
C:\WINDOWS\system32\yhe.dll
C:\WINDOWS\tasks\A93C7A16919FF7E6.job
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job

Folders to delete:
C:\Program Files\Common Files\?ppPatch

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt when you've done.
Also post a fresh Hijackthis log.

Edited by RichieUK, 25 July 2007 - 06:16 AM.

Posted Image
Posted Image

#7 nohxpolitan1

nohxpolitan1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 25 July 2007 - 10:33 AM

ok, followed those steps and here's what it came up with.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tvteinac

*******************

Script file located at: \??\C:\WINDOWS\lcjwmnty.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open folder C:\Program Files\Common Files\?ppPatch for deletion
Deletion of folder C:\Program Files\Common Files\?ppPatch failed!

Could not process line:
C:\Program Files\Common Files\?ppPatch
Status: 0xc0000033


Completed script processing.

*******************

Finished! Terminate.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:19 AM, on 7/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Documents\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Documents\HijackThis.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Documents\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: Network Associates McShield (McShield) - Unknown owner - C:\Program Files\Network Associates\VirusScan\mcshield.exe (file missing)
O23 - Service: Network Associates Task Manager (McTaskManager) - Unknown owner - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4497 bytes

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 25 July 2007 - 12:23 PM

Double click on combofix.exe again and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Posted Image
Posted Image

#9 nohxpolitan1

nohxpolitan1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 25 July 2007 - 01:53 PM

mkay here's the latest log. greatly appreciate your help thus far by the way. even if it's not completely gone my comp is at least running alot smoother and no more popups.

"ferns" - 2007-07-25 11:46:28 [GMT -7:00] - ComboFix 07-07-24.5 - Service Pack 2 FAT32


((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 )))))))))))))))))))))))))))))))


2007-07-24 15:26 <DIR> d--hs---- C:\FOUND.000
2007-07-24 14:59 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-24 12:02 125,972 --a------ C:\WINDOWS\SYSTEM32\riewpjxe.dll
2007-07-24 11:35 125,972 --a------ C:\WINDOWS\SYSTEM32\kefjiivn.dll
2007-07-24 10:58 125,972 --a------ C:\WINDOWS\SYSTEM32\ownlpstl.dll
2007-07-24 10:57 <DIR> d-------- C:\!KillBox
2007-07-24 10:26 125,972 --a------ C:\WINDOWS\SYSTEM32\ifncpchq.dll
2007-07-19 19:32 66,580 --a------ C:\WINDOWS\SYSTEM32\xxyunsah.dll
2007-07-19 10:54 66,580 --a------ C:\WINDOWS\SYSTEM32\qacwkfeo.dll
2007-07-18 10:45 66,580 --a------ C:\WINDOWS\SYSTEM32\jmwwdbuw.dll
2007-07-17 19:49 66,580 --a------ C:\WINDOWS\SYSTEM32\didkqxxd.dll
2007-07-17 10:50 66,580 --a------ C:\WINDOWS\SYSTEM32\sxtkvdsl.dll
2007-07-16 10:27 66,580 --a------ C:\WINDOWS\SYSTEM32\spdffecd.dll
2007-07-15 10:08 66,580 --a------ C:\WINDOWS\SYSTEM32\qtcqomiq.dll
2007-07-14 10:38 66,580 --a------ C:\WINDOWS\SYSTEM32\faateysl.dll
2007-07-11 10:55 66,580 --a------ C:\WINDOWS\SYSTEM32\qyryrnlf.dll
2007-07-11 10:46 66,068 --a------ C:\WINDOWS\SYSTEM32\anitgtpk.exe
2007-07-10 18:43 66,068 --a------ C:\WINDOWS\SYSTEM32\jssgitlu.exe
2007-07-10 11:07 66,068 --a------ C:\WINDOWS\SYSTEM32\bruxqldq.exe
2007-07-09 22:34 66,068 --a------ C:\WINDOWS\SYSTEM32\wpclcpmf.exe
2007-07-09 10:21 66,068 --a------ C:\WINDOWS\SYSTEM32\dggvjqcs.exe
2007-07-09 02:12 50,708 --a------ C:\WINDOWS\SYSTEM32\phpdrmsc.exe
2007-07-08 20:23 50,708 --a------ C:\WINDOWS\SYSTEM32\cjebjyns.exe
2007-07-08 07:44 50,708 --a------ C:\WINDOWS\SYSTEM32\ietackae.exe
2007-07-08 00:43 50,708 --a------ C:\WINDOWS\SYSTEM32\dxmxnghr.exe
2007-07-07 10:42 50,708 --a------ C:\WINDOWS\SYSTEM32\uafqhpdu.exe
2007-07-06 23:46 50,708 --a------ C:\WINDOWS\SYSTEM32\fhfeachv.exe
2007-07-06 12:19 50,708 --a------ C:\WINDOWS\SYSTEM32\ggekgopt.exe
2007-07-06 08:01 50,708 --a------ C:\WINDOWS\SYSTEM32\rygdhhcb.exe
2007-07-05 23:42 50,708 --a------ C:\WINDOWS\SYSTEM32\yolqldld.exe
2007-07-02 11:00 25,984 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys
2007-07-02 11:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRVSTORE
2007-07-02 10:57 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-02 10:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-22 17:08:18 4,628 ----a-w C:\WINDOWS\system32\uxngxuam.exe
2007-06-10 19:59:44 20,445 ----a-w C:\WINDOWS\hpoins01.dat
2007-06-07 02:41:56 76,560 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-06-07 02:16:14 -------- d-----w C:\Program Files\Common Files\?ppPatch
2007-06-06 07:17:42 424 ----a-w C:\autoexec.bat
2007-06-05 17:42:16 -------- d-----w C:\DOCUME~1\ferns\APPLIC~1\AdwareAlert
2007-06-05 07:15:32 -------- d-----w C:\DOCUME~1\ferns\APPLIC~1\Uniblue
2007-06-05 07:05:36 -------- d-----w C:\DOCUME~1\ferns\APPLIC~1\Hewlett-Packard
2007-06-05 06:33:34 -------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-06-03 17:08:54 -------- d-----w C:\DOCUME~1\ferns\APPLIC~1\Leadertech
2007-06-03 17:07:28 -------- d-----w C:\DOCUME~1\ferns\APPLIC~1\AdobeAUM
2007-05-21 13:59:50 60,928 ----a-w C:\WINDOWS\system32\yujnqe.dll
2007-05-21 13:59:50 60,928 ----a-w C:\WINDOWS\system32\yhe.dll
2006-10-21 22:59:04 560 ----a-w C:\DOCUME~1\ferns\APPLIC~1\ViewerApp.dat
2004-06-19 06:17:10 456 --sh--w C:\Program Files\desktop.ini


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe" [2001-08-23 08:00 C:\WINDOWS\SYSTEM32\systray.exe]
"nwiz"="nwiz.exe" [2005-12-10 03:06 C:\WINDOWS\SYSTEM32\nwiz.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-01 20:54]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="D:\Documents\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-17 00:59]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 03:06]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GDRIVE"=C:\IBMTOOLS\IBMBOOT\GDRIVE.EXE -N
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Mouse Suite 98 Daemon"=PELMICED.EXE
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"HotKeysCmds"=C:\WINDOWS\SYSTEM32\hkcmd.exe
"IgfxTray"=C:\WINDOWS\SYSTEM32\igfxtray.exe
"LoadQM"=loadqm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"ICSDCLT"=C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\ICSDCLT.DLL,ICSClient
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\nvcpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\nvmctray.dll,NvTaskbarInit
"OWCCardbusTray"=ocbtray.exe

R1 cdrbsdrv;cdrbsdrv;C:\WINDOWS\system32\drivers\cdrbsdrv.sys
R2 IOPort;IOPort;\??\C:\WINDOWS\System32\DRIVERS\IOPORT.SYS
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 nvax;Service for NVIDIA® nForce™ Audio Enumerator;C:\WINDOWS\system32\drivers\nvax.sys
R3 nvnforce;Service for NVIDIA® nForce™ Audio;C:\WINDOWS\system32\drivers\nvapu.sys
S1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
S3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\EntDrv51.sys
S3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\netrcacm.sys
S3 NVENET;NVIDIA nForce MCP Networking Adapter Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>IEPerUser
RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\^RNA
rundll rnasetup.dll,installoptionalcomponent rna

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA851-CC51-11CF-AAFA-00AA00B6015C}
rundll32.exeadvpack.dll

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

Contents of the 'Scheduled Tasks' folder
2007-07-08 02:00:04 C:\WINDOWS\tasks\Tune-up Application Start.job
2007-06-05 07:15:28 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
2007-07-25 18:00:00 C:\WINDOWS\tasks\A93C7A16919FF7E6.job
2007-07-21 00:15:02 C:\WINDOWS\tasks\1-Click Maintenance.job
2007-07-19 17:58:10 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-25 10:00:02 C:\WINDOWS\tasks\AdwareAlert Scheduled Scan.job
2007-07-25 07:24:02 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
2007-07-25 10:00:02 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
2007-07-10 20:01:22 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1181505583.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-25 11:48:59
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-25 11:50:05
C:\ComboFix-quarantined-files.txt ... 2007-07-25 11:50
C:\ComboFix3.txt ... 2007-07-24 15:29
C:\ComboFix2.txt ... 2007-07-25 00:12

--- E O F ---

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 25 July 2007 - 02:29 PM

Ok,you're going to have to delete all the following files manually,try not to miss any.

Make sure all hidden files are showing:
* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

---------------------------------------------------

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Find and delete:
C:\WINDOWS\system32\yhe.dll
C:\WINDOWS\system32\yujnqe.dll
C:\WINDOWS\SYSTEM32\riewpjxe.dll
C:\WINDOWS\SYSTEM32\kefjiivn.dll
C:\WINDOWS\SYSTEM32\ownlpstl.dll
C:\WINDOWS\SYSTEM32\ifncpchq.dll
C:\WINDOWS\SYSTEM32\xxyunsah.dll
C:\WINDOWS\SYSTEM32\qacwkfeo.dll
C:\WINDOWS\SYSTEM32\jmwwdbuw.dll
C:\WINDOWS\SYSTEM32\didkqxxd.dll
C:\WINDOWS\SYSTEM32\sxtkvdsl.dll
C:\WINDOWS\SYSTEM32\spdffecd.dll
C:\WINDOWS\SYSTEM32\qtcqomiq.dll
C:\WINDOWS\SYSTEM32\faateysl.dll
C:\WINDOWS\SYSTEM32\qyryrnlf.dll
C:\WINDOWS\SYSTEM32\anitgtpk.exe
C:\WINDOWS\SYSTEM32\jssgitlu.exe
C:\WINDOWS\SYSTEM32\bruxqldq.exe
C:\WINDOWS\SYSTEM32\wpclcpmf.exe
C:\WINDOWS\SYSTEM32\dggvjqcs.exe
C:\WINDOWS\SYSTEM32\phpdrmsc.exe
C:\WINDOWS\SYSTEM32\cjebjyns.exe
C:\WINDOWS\SYSTEM32\ietackae.exe
C:\WINDOWS\SYSTEM32\dxmxnghr.exe
C:\WINDOWS\SYSTEM32\uafqhpdu.exe
C:\WINDOWS\SYSTEM32\fhfeachv.exe
C:\WINDOWS\SYSTEM32\ggekgopt.exe
C:\WINDOWS\SYSTEM32\rygdhhcb.exe
C:\WINDOWS\SYSTEM32\yolqldld.exe
C:\WINDOWS\system32\uxngxuam.exe

Restart your pc normally.

Double click on combofix.exe again and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Posted Image
Posted Image

#11 nohxpolitan1

nohxpolitan1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 25 July 2007 - 03:08 PM

ok did that and here is the latest:

"ferns" - 2007-07-25 13:02:59 [GMT -7:00] - ComboFix 07-07-24.5 - Service Pack 2 FAT32


((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 )))))))))))))))))))))))))))))))


2007-07-24 15:26 <DIR> d--hs---- C:\FOUND.000
2007-07-24 14:59 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-24 10:57 <DIR> d-------- C:\!KillBox
2007-07-02 11:00 25,984 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys
2007-07-02 11:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRVSTORE
2007-07-02 10:57 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-02 10:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-10 19:59:44 20,445 ----a-w C:\WINDOWS\hpoins01.dat
2007-06-07 02:41:56 76,560 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-06-07 02:16:14 -------- d-----w C:\Program Files\Common Files\?ppPatch
2007-06-06 07:17:42 424 ----a-w C:\autoexec.bat
2007-06-05 17:42:16 -------- d-----w C:\DOCUME~1\ferns\APPLIC~1\AdwareAlert
2007-06-05 07:15:32 -------- d-----w C:\DOCUME~1\ferns\APPLIC~1\Uniblue
2007-06-05 07:05:36 -------- d-----w C:\DOCUME~1\ferns\APPLIC~1\Hewlett-Packard
2007-06-05 06:33:34 -------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-06-03 17:08:54 -------- d-----w C:\DOCUME~1\ferns\APPLIC~1\Leadertech
2007-06-03 17:07:28 -------- d-----w C:\DOCUME~1\ferns\APPLIC~1\AdobeAUM
2006-10-21 22:59:04 560 ----a-w C:\DOCUME~1\ferns\APPLIC~1\ViewerApp.dat
2004-06-19 06:17:10 456 --sh--w C:\Program Files\desktop.ini


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe" [2001-08-23 08:00 C:\WINDOWS\SYSTEM32\systray.exe]
"nwiz"="nwiz.exe" [2005-12-10 03:06 C:\WINDOWS\SYSTEM32\nwiz.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-01 20:54]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="D:\Documents\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-17 00:59]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GDRIVE"=C:\IBMTOOLS\IBMBOOT\GDRIVE.EXE -N
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Mouse Suite 98 Daemon"=PELMICED.EXE
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"HotKeysCmds"=C:\WINDOWS\SYSTEM32\hkcmd.exe
"IgfxTray"=C:\WINDOWS\SYSTEM32\igfxtray.exe
"LoadQM"=loadqm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"ICSDCLT"=C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\ICSDCLT.DLL,ICSClient
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\nvcpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\nvmctray.dll,NvTaskbarInit
"OWCCardbusTray"=ocbtray.exe

R1 cdrbsdrv;cdrbsdrv;C:\WINDOWS\system32\drivers\cdrbsdrv.sys
R2 IOPort;IOPort;\??\C:\WINDOWS\System32\DRIVERS\IOPORT.SYS
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 nvax;Service for NVIDIA® nForce™ Audio Enumerator;C:\WINDOWS\system32\drivers\nvax.sys
R3 nvnforce;Service for NVIDIA® nForce™ Audio;C:\WINDOWS\system32\drivers\nvapu.sys
S1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
S3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\EntDrv51.sys
S3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\netrcacm.sys
S3 NVENET;NVIDIA nForce MCP Networking Adapter Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>IEPerUser
RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\^RNA
rundll rnasetup.dll,installoptionalcomponent rna

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA851-CC51-11CF-AAFA-00AA00B6015C}
rundll32.exeadvpack.dll

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

Contents of the 'Scheduled Tasks' folder
2007-07-08 02:00:04 C:\WINDOWS\tasks\Tune-up Application Start.job
2007-06-05 07:15:28 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
2007-07-25 19:00:02 C:\WINDOWS\tasks\A93C7A16919FF7E6.job
2007-07-21 00:15:02 C:\WINDOWS\tasks\1-Click Maintenance.job
2007-07-19 17:58:10 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-25 10:00:02 C:\WINDOWS\tasks\AdwareAlert Scheduled Scan.job
2007-07-25 07:24:02 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
2007-07-25 10:00:02 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
2007-07-10 20:01:22 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1181505583.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-25 13:07:19
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-25 13:07:55
C:\ComboFix-quarantined-files.txt ... 2007-07-25 13:07
C:\ComboFix3.txt ... 2007-07-25 00:12
C:\ComboFix2.txt ... 2007-07-25 11:50

--- E O F ---

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 25 July 2007 - 03:16 PM

Thats better,good job there :thumbsup:

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Find and delete:
C:\WINDOWS\tasks\A93C7A16919FF7E6.job
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#13 nohxpolitan1

nohxpolitan1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 25 July 2007 - 10:33 PM

seems as if all major stuff is gone...thank you so much for your help!! you're extremely knowledgeable. computer seems to be running pretty routinely now from what i can tell, no more pop-ups, freezing or unusual slow responses. here are the latest logs. again a lot of text:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/25/2007 at 08:20 PM

Application Version : 3.9.1008

Core Rules Database Version : 3274
Trace Rules Database Version: 1285

Scan type : Complete Scan
Total Scan Time : 00:43:36

Memory items scanned : 345
Memory threats detected : 0
Registry items scanned : 5484
Registry threats detected : 0
File items scanned : 31717
File threats detected : 1595

Adware.Tracking Cookie
C:\Documents and Settings\ferns\Cookies\ferns@www.ppctracking[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@cpvfeed[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@statcounter[8].txt
C:\Documents and Settings\ferns\Cookies\ferns@fastclick[8].txt
C:\Documents and Settings\ferns\Cookies\ferns@angleinteractive.directtrack[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.pointroll[9].txt
C:\Documents and Settings\ferns\Cookies\ferns@ad[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@c5.zedo[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@anad.tacoda[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@directtrack[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@msnportalbeetoffice2007.112.2o7[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@pornoinside[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@likecrack[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@login.tracking101[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@twelvefifteen[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@atdmt[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@overture[8].txt
C:\Documents and Settings\ferns\Cookies\ferns@tribalfusion[10].txt
C:\Documents and Settings\ferns\Cookies\ferns@adbrite[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads4.blastro[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@exitexchange[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@server.iad.liveperson[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.burstnet[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@doubleclick[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@redorbit[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@adultfriendfinder[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@adserving.cpxinteractive[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@burstnet[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@msnportal.112.2o7[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@trafficmp[10].txt
C:\Documents and Settings\ferns\Cookies\ferns@questionmarket[9].txt
C:\Documents and Settings\ferns\Cookies\ferns@bizrate[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@tacoda[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@adrevolver[10].txt
C:\Documents and Settings\ferns\Cookies\ferns@pch.122.2o7[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.adbrite[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@bluestreak[9].txt
C:\Documents and Settings\ferns\Cookies\ferns@adultadworld[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@zedo[9].txt
C:\Documents and Settings\ferns\Cookies\ferns@advertising[9].txt
C:\Documents and Settings\ferns\Cookies\default@addynamix[1].txt
C:\Documents and Settings\ferns\Cookies\default@ads.adsag[2].txt
C:\Documents and Settings\ferns\Cookies\default@oas-central.realmedia[1].txt
C:\Documents and Settings\ferns\Cookies\default@cz7.clickzs[1].txt
C:\Documents and Settings\ferns\Cookies\default@macromedia[1].txt
C:\Documents and Settings\ferns\Cookies\default@www.macromedia[1].txt
C:\Documents and Settings\ferns\Cookies\default@banners[2].txt
C:\Documents and Settings\ferns\Cookies\default@clickbank[2].txt
C:\Documents and Settings\ferns\Cookies\default@media[1].txt
C:\Documents and Settings\ferns\Cookies\default@xiti[1].txt
C:\Documents and Settings\ferns\Cookies\default@realmedia[1].txt
C:\Documents and Settings\ferns\Cookies\default@ad.showbizz[1].txt
C:\Documents and Settings\ferns\Cookies\default@banner1.inet-traffic[1].txt
C:\Documents and Settings\ferns\Cookies\default@tripod.lycos[1].txt
C:\Documents and Settings\ferns\Cookies\default@www.clickheretofind[2].txt
C:\Documents and Settings\ferns\Cookies\default@cgi.sexswap[1].txt
C:\Documents and Settings\ferns\Cookies\default@www4.paypopup[3].txt
C:\Documents and Settings\ferns\Cookies\default@ad.erektor[2].txt
C:\Documents and Settings\ferns\Cookies\default@webpower[1].txt
C:\Documents and Settings\ferns\Cookies\default@zedo[2].txt
C:\Documents and Settings\ferns\Cookies\default@ads.addesktop[1].txt
C:\Documents and Settings\ferns\Cookies\default@ads.gamespy[1].txt
C:\Documents and Settings\ferns\Cookies\default@nandomedia[1].txt
C:\Documents and Settings\ferns\Cookies\default@ilead.itrack[1].txt
C:\Documents and Settings\ferns\Cookies\default@2o7[3].txt
C:\Documents and Settings\ferns\Cookies\default@ads.adsag[4].txt
C:\Documents and Settings\ferns\Cookies\default@ads.gamespy[3].txt
C:\Documents and Settings\ferns\Cookies\default@thisbanner[1].txt
C:\Documents and Settings\ferns\Cookies\default@2o7[2].txt
C:\Documents and Settings\ferns\Cookies\default@ads.tucows[1].txt
C:\Documents and Settings\ferns\Cookies\default@ads.essaycity[1].txt
C:\Documents and Settings\ferns\Cookies\default@ads.monstermoving[2].txt
C:\Documents and Settings\ferns\Cookies\default@pro-market[1].txt
C:\Documents and Settings\ferns\Cookies\default@adultrevenueservice[1].txt
C:\Documents and Settings\ferns\Cookies\default@www.asiansexsluts[1].txt
C:\Documents and Settings\ferns\Cookies\default@paycounter[1].txt
C:\Documents and Settings\ferns\Cookies\default@php.offshoreclicks[2].txt
C:\Documents and Settings\ferns\Cookies\default@a.as-us.falkag[2].txt
C:\Documents and Settings\ferns\Cookies\default@okcounter[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@revenue[2].txt
C:\Documents and Settings\ferns\Cookies\default@server.iad.liveperson[2].txt
C:\Documents and Settings\ferns\Cookies\default@www.moviesexpost[1].txt
C:\Documents and Settings\ferns\Cookies\default@ads.linksponsor[1].txt
C:\Documents and Settings\ferns\Cookies\default@ads.belointeractive[1].txt
C:\Documents and Settings\ferns\Cookies\default@media.sceneandheard[1].txt
C:\Documents and Settings\ferns\Cookies\default@ads.date[1].txt
C:\Documents and Settings\ferns\Cookies\default@teenforums.studentcenter[1].txt
C:\Documents and Settings\ferns\Cookies\default@yadro[1].txt
C:\Documents and Settings\ferns\Cookies\default@teenchatnetwork.studentcenter[1].txt
C:\Documents and Settings\ferns\Cookies\default@counter.xrea[1].txt
C:\Documents and Settings\ferns\Cookies\default@addynamix[2].txt
C:\Documents and Settings\ferns\Cookies\default@bannerspace[1].txt
C:\Documents and Settings\ferns\Cookies\default@tripod.co[1].txt
C:\Documents and Settings\ferns\Cookies\default@amazingmedia[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@http.edge.vru4[2].txt
C:\Documents and Settings\ferns\Cookies\default@clickagents[1].txt
C:\Documents and Settings\ferns\Cookies\default@www.clickxchange[1].txt
C:\Documents and Settings\ferns\Cookies\default@overture[1].txt
C:\Documents and Settings\ferns\Cookies\default@counter[1].txt
C:\Documents and Settings\ferns\Cookies\default@rccl.bridgetrack[3].txt
C:\Documents and Settings\ferns\Cookies\default@metareward[2].txt
C:\Documents and Settings\ferns\Cookies\default@www.oneclickresults[1].txt
C:\Documents and Settings\ferns\Cookies\default@bizrate[1].txt
C:\Documents and Settings\ferns\Cookies\default@ru4[2].txt
C:\Documents and Settings\ferns\Cookies\default@track-star[2].txt
C:\Documents and Settings\ferns\Cookies\default@pennyweb[1].txt
C:\Documents and Settings\ferns\Cookies\default@ads4.clearchannel[1].txt
C:\Documents and Settings\ferns\Cookies\default@parentingteens.about[1].txt
C:\Documents and Settings\ferns\Cookies\default@ads.as4x.tmcs[1].txt
C:\Documents and Settings\ferns\Cookies\default@c.sexcounter[3].txt
C:\Documents and Settings\ferns\Cookies\default@adrevolver[1].txt
C:\Documents and Settings\ferns\Cookies\default@ads.guardian.co[1].txt
C:\Documents and Settings\ferns\Cookies\default@questionmarket[2].txt
C:\Documents and Settings\ferns\Cookies\default@media[2].txt
C:\Documents and Settings\ferns\Cookies\default@ad.sexbn[2].txt
C:\Documents and Settings\ferns\Cookies\default@ads.channel4[1].txt
C:\Documents and Settings\ferns\Cookies\default@www.paypopup[1].txt
C:\Documents and Settings\ferns\Cookies\default@tripod[2].txt
C:\Documents and Settings\ferns\Cookies\default@ads.adorigin[2].txt
C:\Documents and Settings\ferns\Cookies\default@ad.goo.ne[2].txt
C:\Documents and Settings\ferns\Cookies\default@clickagents[4].txt
C:\Documents and Settings\ferns\Cookies\default@tripod[1].txt
C:\Documents and Settings\ferns\Cookies\default@build.tripod.lycos[2].txt
C:\Documents and Settings\ferns\Cookies\default@mediamgr.ugo[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@valueclick.ne[2].txt
C:\Documents and Settings\ferns\Cookies\default@ad-flow[1].txt
C:\Documents and Settings\ferns\Cookies\default@c4.zedo[1].txt
C:\Documents and Settings\ferns\Cookies\default@freebannertrade[2].txt
C:\Documents and Settings\ferns\Cookies\default@tribalfusion[2].txt
C:\Documents and Settings\ferns\Cookies\default@www.pacificpoker[2].txt
C:\Documents and Settings\ferns\Cookies\default@trafficmp[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@edge.ru4[1].txt
C:\Documents and Settings\ferns\Cookies\default@www.centralparkmedia[1].txt
C:\Documents and Settings\ferns\Cookies\default@ads.stileproject[2].txt
C:\Documents and Settings\ferns\Cookies\default@ads.enliven[1].txt
C:\Documents and Settings\ferns\Cookies\default@www.pornstarguru[1].txt
C:\Documents and Settings\ferns\Cookies\default@ad-logics[1].txt
C:\Documents and Settings\ferns\Cookies\default@bannerimages.0catch[2].txt
C:\Documents and Settings\ferns\Cookies\default@exitexchange[1].txt
C:\Documents and Settings\ferns\Cookies\default@adorigin[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@247realmedia[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@as-us.falkag[2].txt
C:\Documents and Settings\ferns\Cookies\default@media[3].txt
C:\Documents and Settings\ferns\Cookies\default@ads.whi.co[1].txt
C:\Documents and Settings\ferns\Cookies\default@www.sexkey[1].txt
C:\Documents and Settings\ferns\Cookies\default@project2.realtracker[1].txt
C:\Documents and Settings\ferns\Cookies\default@pointroll[2].txt
C:\Documents and Settings\ferns\Cookies\default@metareward[1].txt
C:\Documents and Settings\ferns\Cookies\default@web4.realtracker[1].txt
C:\Documents and Settings\ferns\Cookies\default@pennyweb[3].txt
C:\Documents and Settings\ferns\Cookies\default@tripod[5].txt
C:\Documents and Settings\ferns\Cookies\default@clickagents[2].txt
C:\Documents and Settings\ferns\Cookies\default@ads.x10[1].txt
C:\Documents and Settings\ferns\Cookies\default@www.findthewebsiteyouneed[3].txt
C:\Documents and Settings\ferns\Cookies\default@ads.looksmart[1].txt
C:\Documents and Settings\ferns\Cookies\default@websponsors[2].txt
C:\Documents and Settings\ferns\Cookies\default@1ca.cqcounter[1].txt
C:\Documents and Settings\ferns\Cookies\default@ads.techtv[2].txt
C:\Documents and Settings\ferns\Cookies\default@webpower[3].txt
C:\Documents and Settings\ferns\Cookies\default@stats[1].txt
C:\Documents and Settings\ferns\Cookies\default@ads.monster[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@p.focalex[1].txt
C:\Documents and Settings\ferns\Cookies\default@questionmarket[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@msnportal.112.2o7[1].txt
C:\Documents and Settings\ferns\Cookies\default@windowsmedia[1].txt
C:\Documents and Settings\ferns\Cookies\default@ads.vortextraffic[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@techtracker[1].txt
C:\Documents and Settings\ferns\Cookies\default@trafficmp[5].txt
C:\Documents and Settings\ferns\Cookies\default@epilot[1].txt
C:\Documents and Settings\ferns\Cookies\default@adcentriconline[1].txt
C:\Documents and Settings\ferns\Cookies\default@bizrate[4].txt
C:\Documents and Settings\ferns\Cookies\default@adultrevenueservice[2].txt
C:\Documents and Settings\ferns\Cookies\default@ads.tripod.lycos.co[1].txt
C:\Documents and Settings\ferns\Cookies\default@pointroll[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@as-us.falkag[3].txt
C:\Documents and Settings\ferns\Cookies\default@realmedia[3].txt
C:\Documents and Settings\ferns\Cookies\default@cz6.clickzs[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@casalemedia[9].txt
C:\Documents and Settings\ferns\Cookies\ferns@kanoodle[1].txt
C:\Documents and Settings\ferns\Cookies\default@www.dgm2[1].txt
C:\Documents and Settings\ferns\Cookies\default@ru4[3].txt
C:\Documents and Settings\ferns\Cookies\default@advertwizard[2].txt
C:\Documents and Settings\ferns\Cookies\default@1il.cqcounter[1].txt
C:\Documents and Settings\ferns\Cookies\default@adv.webmd[2].txt
C:\Documents and Settings\ferns\Cookies\default@ads.specificclick[2].txt
C:\Documents and Settings\ferns\Cookies\default@ads.tripod.lycos[2].txt
C:\Documents and Settings\ferns\Cookies\default@bannerspace[2].txt
C:\Documents and Settings\ferns\Cookies\default@adrevolver[5].txt
C:\Documents and Settings\ferns\Cookies\default@bannerads[1].txt
C:\Documents and Settings\ferns\Cookies\default@hestia.sextrail.trakkerd[1].txt
C:\Documents and Settings\ferns\Cookies\default@hestia.sextrail[2].txt
C:\Documents and Settings\ferns\Cookies\default@ads.tripod.spray[2].txt
C:\Documents and Settings\ferns\Cookies\default@pro-market[2].txt
C:\Documents and Settings\ferns\Cookies\default@goclick[2].txt
C:\Documents and Settings\ferns\Cookies\default@ads.multimania.lycos[2].txt
C:\Documents and Settings\ferns\Cookies\default@www4.paypopup[1].txt
C:\Documents and Settings\ferns\Cookies\default@1us.cqcounter[1].txt
C:\Documents and Settings\ferns\Cookies\default@hypertracker[1].txt
C:\Documents and Settings\ferns\Cookies\default@rccl.bridgetrack[2].txt
C:\Documents and Settings\ferns\Cookies\default@superstats[1].txt
C:\Documents and Settings\ferns\Cookies\default@adrevolver[3].txt
C:\Documents and Settings\ferns\Cookies\default@2o7[1].txt
C:\Documents and Settings\ferns\Cookies\default@focalex[2].txt
C:\Documents and Settings\ferns\Cookies\default@ads.gamespy[2].txt
C:\Documents and Settings\ferns\Cookies\default@tripod[4].txt
C:\Documents and Settings\ferns\Cookies\default@adultavista[1].txt
C:\Documents and Settings\ferns\Cookies\default@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\ferns\Cookies\default@cz7.clickzs[2].txt
C:\Documents and Settings\ferns\Cookies\default@www.colinspornoextravaganza[2].txt
C:\Documents and Settings\ferns\Cookies\default@ad-logics[2].txt
C:\Documents and Settings\ferns\Cookies\default@www.vibrantmedia[1].txt
C:\Documents and Settings\ferns\Cookies\default@bannerspace[3].txt
C:\Documents and Settings\ferns\Cookies\default@ads.linksponsor[2].txt
C:\Documents and Settings\ferns\Cookies\default@ads.guardianunlimited.co[1].txt
C:\Documents and Settings\ferns\Cookies\default@ads.telegraph.co[2].txt
C:\Documents and Settings\ferns\Cookies\default@cz8.clickzs[2].txt
C:\Documents and Settings\ferns\Cookies\default@www.sexi[1].txt
C:\Documents and Settings\ferns\Cookies\default@ad-flow[3].txt
C:\Documents and Settings\ferns\Cookies\default@adcycle.oversee[2].txt
C:\Documents and Settings\ferns\Cookies\default@ad-rotator[2].txt
C:\Documents and Settings\ferns\Cookies\default@netfastmedia[1].txt
C:\Documents and Settings\ferns\Cookies\default@hotbar[1].txt
C:\Documents and Settings\ferns\Cookies\default@bizrate[3].txt
C:\Documents and Settings\ferns\Cookies\default@www3.paypopup[1].txt
C:\Documents and Settings\ferns\Cookies\default@bigcocksex[1].txt
C:\Documents and Settings\ferns\Cookies\default@ads.adsag[1].txt
C:\Documents and Settings\ferns\Cookies\default@kingkong.clickformail[1].txt
C:\Documents and Settings\ferns\Cookies\default@fl01.ct2.comclick[2].txt
C:\Documents and Settings\ferns\Cookies\default@cz4.clickzs[1].txt
C:\Documents and Settings\ferns\Cookies\default@overture[3].txt
C:\Documents and Settings\ferns\Cookies\default@edge.ru4[1].txt
C:\Documents and Settings\ferns\Cookies\default@ads.newtimes[1].txt
C:\Documents and Settings\ferns\Cookies\default@media[4].txt
C:\Documents and Settings\ferns\Cookies\default@www.allaboutsex[1].txt
C:\Documents and Settings\ferns\Cookies\default@zedo[3].txt
C:\Documents and Settings\ferns\Cookies\default@ww3.shoshkeles[2].txt
C:\Documents and Settings\ferns\Cookies\default@counter.xrea[3].txt
C:\Documents and Settings\ferns\Cookies\default@www.allteens[2].txt
C:\Documents and Settings\ferns\Cookies\default@www.teenax[1].txt
C:\Documents and Settings\ferns\Cookies\default@www.onlyteenpics[1].txt
C:\Documents and Settings\ferns\Cookies\default@www.magic-teens[2].txt
C:\Documents and Settings\ferns\Cookies\default@c2.gostats[2].txt
C:\Documents and Settings\ferns\Cookies\default@www.b47-teen[1].txt
C:\Documents and Settings\ferns\Cookies\default@cgi.gaysexswap[1].txt
C:\Documents and Settings\ferns\Cookies\default@gostats[2].txt
C:\Documents and Settings\ferns\Cookies\default@dcounter[1].txt
C:\Documents and Settings\ferns\Cookies\default@www.teengirlsex[2].txt
C:\Documents and Settings\ferns\Cookies\default@www.myteenbleep[2].txt
C:\Documents and Settings\ferns\Cookies\default@php.offshoreclicks[1].txt
C:\Documents and Settings\ferns\Cookies\default@c.sexcounter[1].txt
C:\Documents and Settings\ferns\Cookies\default@www.budsinc[2].txt
C:\Documents and Settings\ferns\Cookies\default@teenforums.studentcenter[3].txt
C:\Documents and Settings\ferns\Cookies\default@adult.foxcounter[1].txt
C:\Documents and Settings\ferns\Cookies\default@superstats[3].txt
C:\Documents and Settings\ferns\Cookies\default@ad.nifty[1].txt
C:\Documents and Settings\ferns\Cookies\default@www7.paypopup[2].txt
C:\Documents and Settings\ferns\Cookies\default@livestats.mediaclay[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@as.adwave[2].txt
C:\Documents and Settings\ferns\Cookies\default@track-star[1].txt
C:\Documents and Settings\ferns\Cookies\default@www.nextag[1].txt
C:\Documents and Settings\ferns\Cookies\default@www.trueporno[2].txt
C:\Documents and Settings\ferns\Cookies\default@ads.stileproject[3].txt
C:\Documents and Settings\ferns\Cookies\default@ads.deviantart[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@pointroll[1].txt
C:\Documents and Settings\ferns\Cookies\default@tripod[3].txt
C:\Documents and Settings\ferns\Cookies\default@tribalfusion[1].txt
C:\Documents and Settings\ferns\Cookies\default@www.fastadvert[1].txt
C:\Documents and Settings\ferns\Cookies\default@adorigin[2].txt
C:\Documents and Settings\ferns\Cookies\default@nextag[1].txt
C:\Documents and Settings\ferns\Cookies\default@addynamix[3].txt
C:\Documents and Settings\ferns\Cookies\default@web1.realtracker[1].txt
C:\Documents and Settings\ferns\Cookies\default@tpl1.realtracker[1].txt
C:\Documents and Settings\ferns\Cookies\default@ads.belointeractive[2].txt
C:\Documents and Settings\ferns\Cookies\default@www1.paypopup[2].txt
C:\Documents and Settings\ferns\Cookies\default@www.findthewebsiteyouneed[2].txt
C:\Documents and Settings\ferns\Cookies\default@www.clickxchange[2].txt
C:\Documents and Settings\ferns\Cookies\default@okcounter[1].txt
C:\Documents and Settings\ferns\Cookies\default@websponsors[1].txt
C:\Documents and Settings\ferns\Cookies\default@banner1.inet-traffic[3].txt
C:\Documents and Settings\ferns\Cookies\default@trafficmp[1].txt
C:\Documents and Settings\ferns\Cookies\default@mediamgr.ugo[2].txt
C:\Documents and Settings\ferns\Cookies\default@c2.gostats[3].txt
C:\Documents and Settings\ferns\Cookies\default@citi.bridgetrack[2].txt
C:\Documents and Settings\ferns\Cookies\default@server.iad.liveperson[3].txt
C:\Documents and Settings\ferns\Cookies\default@exitexchange[3].txt
C:\Documents and Settings\ferns\Cookies\default@amazingmedia[3].txt
C:\Documents and Settings\ferns\Cookies\default@offeroptimizer[1].txt
C:\Documents and Settings\ferns\Cookies\default@mediatrack.popupsponsor[2].txt
C:\Documents and Settings\ferns\Cookies\default@paycounter[2].txt
C:\Documents and Settings\ferns\Cookies\default@hit1.vioclicks[2].txt
C:\Documents and Settings\ferns\Cookies\default@sitestats.tiscali.co[1].txt
C:\Documents and Settings\ferns\Cookies\default@adorigin[3].txt
C:\Documents and Settings\ferns\Cookies\default@www.bigcocksex[1].txt
C:\Documents and Settings\ferns\Cookies\default@specificpop[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@atwola[1].txt
C:\Documents and Settings\ferns\Cookies\default@maxserving[2].txt
C:\Documents and Settings\ferns\Cookies\default@ads.multimania.lycos[3].txt
C:\Documents and Settings\ferns\Cookies\default@media_center[3].txt
C:\Documents and Settings\ferns\Cookies\default@media_center[2].txt
C:\Documents and Settings\ferns\Cookies\default@tracking.cashpartner[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@phg.hitbox[2].txt
C:\Documents and Settings\ferns\Cookies\default@c1.gostats[2].txt
C:\Documents and Settings\ferns\Cookies\default@amazingmedia[2].txt
C:\Documents and Settings\ferns\Cookies\default@tracking.alloy[1].txt
C:\Documents and Settings\ferns\Cookies\default@mediatrack.popupsponsor[1].txt
C:\Documents and Settings\ferns\Cookies\default@gostats[3].txt
C:\Documents and Settings\ferns\Cookies\anyuser@media[2].txt
C:\Documents and Settings\ferns\Cookies\default@adrevolver[4].txt
C:\Documents and Settings\ferns\Cookies\default@interracialporno[1].txt
C:\Documents and Settings\ferns\Cookies\default@paycounter[3].txt
C:\Documents and Settings\ferns\Cookies\default@webpower[2].txt
C:\Documents and Settings\ferns\Cookies\default@xxxtoolbar[2].txt
C:\Documents and Settings\ferns\Cookies\default@media[5].txt
C:\Documents and Settings\ferns\Cookies\default@ad-logics[4].txt
C:\Documents and Settings\ferns\Cookies\default@tripod[6].txt
C:\Documents and Settings\ferns\Cookies\default@ads.gamerfeed[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@a.as-us.falkag[1].txt
C:\Documents and Settings\ferns\Cookies\default@findwhat[2].txt
C:\Documents and Settings\ferns\Cookies\default@ads.tripod.lycos[1].txt
C:\Documents and Settings\ferns\Cookies\default@ads.gorillanation[1].txt
C:\Documents and Settings\ferns\Cookies\default@overture[2].txt
C:\Documents and Settings\ferns\Cookies\default@ads.deviantart[1].txt
C:\Documents and Settings\ferns\Cookies\default@counter.sparklit[1].txt
C:\Documents and Settings\ferns\Cookies\default@cliks[2].txt
C:\Documents and Settings\ferns\Cookies\default@www.infoentrepreneurs[1].txt
C:\Documents and Settings\ferns\Cookies\default@ads.trafficvenue[1].txt
C:\Documents and Settings\ferns\Cookies\default@adrevolver[2].txt
C:\Documents and Settings\ferns\Cookies\default@crackazoid[1].txt
C:\Documents and Settings\ferns\Cookies\default@www.crackazoid[1].txt
C:\Documents and Settings\ferns\Cookies\default@112.2o7[2].txt
C:\Documents and Settings\ferns\Cookies\default@www.statcounter[2].txt
C:\Documents and Settings\ferns\Cookies\default@tribalfusion[3].txt
C:\Documents and Settings\ferns\Cookies\default@superstats[2].txt
C:\Documents and Settings\ferns\Cookies\default@indextools[1].txt
C:\Documents and Settings\ferns\Cookies\default@media[6].txt
C:\Documents and Settings\ferns\Cookies\default@ad.slygreetings[1].txt
C:\Documents and Settings\ferns\Cookies\default@ad-flow[2].txt
C:\Documents and Settings\ferns\Cookies\default@ads2.crgaming[2].txt
C:\Documents and Settings\ferns\Cookies\default@ads.vortextraffic[2].txt
C:\Documents and Settings\ferns\Cookies\default@www.adultadd[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ads.x10[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@adorigin[2].txt
C:\Documents and Settings\ferns\Cookies\default@247realmedia[1].txt
C:\Documents and Settings\ferns\Cookies\default@counter.xrea[4].txt
C:\Documents and Settings\ferns\Cookies\default@ww3.shoshkeles[3].txt
C:\Documents and Settings\ferns\Cookies\default@revenue[1].txt
C:\Documents and Settings\ferns\Cookies\default@www.realcastmedia[2].txt
C:\Documents and Settings\ferns\Cookies\default@free-banners[1].txt
C:\Documents and Settings\ferns\Cookies\default@edge.ru4[2].txt
C:\Documents and Settings\ferns\Cookies\default@okcounter[3].txt
C:\Documents and Settings\ferns\Cookies\default@specificclick[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@revenue[2].txt
C:\Documents and Settings\ferns\Cookies\default@mediatrack.revenue[2].txt
C:\Documents and Settings\ferns\Cookies\default@ads.rampidads[2].txt
C:\Documents and Settings\ferns\Cookies\default@www.clickxchange[3].txt
C:\Documents and Settings\ferns\Cookies\default@adidm.supermedia[2].txt
C:\Documents and Settings\ferns\Cookies\default@ads.stileproject[1].txt
C:\Documents and Settings\ferns\Cookies\default@web4.realtracker[2].txt
C:\Documents and Settings\ferns\Cookies\default@stat.dealtime[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@realmedia[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@centralmedia[2].txt
C:\Documents and Settings\ferns\Cookies\default@c.porngraph[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@trafficmp[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@nandomedia[1].txt
C:\Documents and Settings\ferns\Cookies\default@questionmarket[4].txt
C:\Documents and Settings\ferns\Cookies\anyuser@metareward[1].txt
C:\Documents and Settings\ferns\Cookies\default@centralmedia[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@clickagents[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@www.0stats[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@112.2o7[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@cliks[1].txt
C:\Documents and Settings\ferns\Cookies\default@zedo[4].txt
C:\Documents and Settings\ferns\Cookies\anyuser@hentaicounter[1].txt
C:\Documents and Settings\ferns\Cookies\default@http.edge.vru4[1].txt
C:\Documents and Settings\ferns\Cookies\default@netshelter.adtrix[1].txt
C:\Documents and Settings\ferns\Cookies\default@server.iad.liveperson[1].txt
C:\Documents and Settings\ferns\Cookies\default@as-us.falkag[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@clickbank[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@counter[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@tripod[3].txt
C:\Documents and Settings\ferns\Cookies\anyuser@www.gayasianxxx[2].txt
C:\Documents and Settings\ferns\Cookies\default@atwola[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@mediamgr.ugo[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ads.tucows[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@pointroll[2].txt
C:\Documents and Settings\ferns\Cookies\default@ads.specificclick[1].txt
C:\Documents and Settings\ferns\Cookies\default@ads1.rodale[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@rightmedia[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@mediatrack.revenue[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@djbanners.deadjournal[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ad-flow[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@focalex[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ads.stileproject[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@stat.dealtime[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@adv.webmd[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@tripod[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ilead.itrack[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ads.as4x.tmcs[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@cz7.clickzs[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@exitexchange[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@zedo[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@2o7[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@web4.realtracker[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ads.specificclick[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ads.mm.ap[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@okcounter[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@questionmarket[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ads1.rodale[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@banner2.inet-traffic[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ads.monster[1].txt
C:\Documents and Settings\ferns\Cookies\default@realmedia[2].txt
C:\Documents and Settings\ferns\Cookies\default@bs.serving-sys[2].txt
C:\Documents and Settings\ferns\Cookies\default@focalex[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@tribalfusion[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@offeroptimizer[1].txt
C:\Documents and Settings\ferns\Cookies\default@trafficmp[4].txt
C:\Documents and Settings\ferns\Cookies\default@sprinks-clicks.about[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@maxserving[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@www.statcounter[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@zedo[4].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ads.adworldnetwork[1].txt
C:\Documents and Settings\ferns\Cookies\default@exitexchange[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@sexiestgamer[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@bs.serving-sys[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ads.gorillanation[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@windowsmedia[1].txt
C:\Documents and Settings\ferns\Cookies\default@mediamgr.ugo[3].txt
C:\Documents and Settings\ferns\Cookies\anyuser@edge.ru4[3].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ads.tripod.lycos.co[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ads.crosswinds[1].txt
C:\Documents and Settings\ferns\Cookies\default@windowsmedia[2].txt
C:\Documents and Settings\ferns\Cookies\default@tribalfusion[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.x10[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@cz7.clickzs[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@www.burstbeacon[2].txt
C:\Documents and Settings\ferns\Cookies\default@adorigin[4].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ad.nifty[1].txt
C:\Documents and Settings\ferns\Cookies\default@netshelter.adtrix[3].txt
C:\Documents and Settings\ferns\Cookies\default@questionmarket[5].txt
C:\Documents and Settings\ferns\Cookies\default@as-us.falkag[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@z1.adserver[1].txt
C:\Documents and Settings\ferns\Cookies\default@exitexchange[4].txt
C:\Documents and Settings\ferns\Cookies\default@centralmedia[3].txt
C:\Documents and Settings\ferns\Cookies\default@dealtime[2].txt
C:\Documents and Settings\ferns\Cookies\default@stat.dealtime[1].txt
C:\Documents and Settings\ferns\Cookies\default@ads.adsag[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@112.2o7[1].txt
C:\Documents and Settings\ferns\Cookies\default@maxserving[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ads.adsag[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@fcstats.bcentral[1].txt
C:\Documents and Settings\ferns\Cookies\default@specificclick[1].txt
C:\Documents and Settings\ferns\Cookies\default@okcounter[4].txt
C:\Documents and Settings\ferns\Cookies\default@optimost[1].txt
C:\Documents and Settings\ferns\Cookies\default@clicklab[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@zedo[3].txt
C:\Documents and Settings\ferns\Cookies\default@macromedia[2].txt
C:\Documents and Settings\ferns\Cookies\default@edge.ru4[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@doubleclick[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@atwola[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@spylog[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@atdmt[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@trafficmp[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@maxserving[1].txt
C:\Documents and Settings\ferns\Cookies\default@bs.serving-sys[3].txt
C:\Documents and Settings\ferns\Cookies\default@rccl.bridgetrack[4].txt
C:\Documents and Settings\ferns\Cookies\anyuser@trafficmp[3].txt
C:\Documents and Settings\ferns\Cookies\anyuser@c.porngraph[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@112.2o7[3].txt
C:\Documents and Settings\ferns\Cookies\default@realmedia[4].txt
C:\Documents and Settings\ferns\Cookies\default@specificpop[1].txt
C:\Documents and Settings\ferns\Cookies\default@addynamix[4].txt
C:\Documents and Settings\ferns\Cookies\default@clickagents[3].txt
C:\Documents and Settings\ferns\Cookies\default@ads.specificclick[4].txt
C:\Documents and Settings\ferns\Cookies\default@mediamgr.ugo[4].txt
C:\Documents and Settings\ferns\Cookies\default@metareward[4].txt
C:\Documents and Settings\ferns\Cookies\anyuser@www.nextag[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@www5.paypopup[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@statcounter[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@http.edge.vru4[3].txt
C:\Documents and Settings\ferns\Cookies\anyuser@web4.realtracker[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@questionmarket[3].txt
C:\Documents and Settings\ferns\Cookies\anyuser@mediatrack.revenue[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@serving-sys[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@versiontracker[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@versiontracker[1].txt
C:\Documents and Settings\ferns\Cookies\default@2o7[4].txt
C:\Documents and Settings\ferns\Cookies\default@pointroll[1].txt
C:\Documents and Settings\ferns\Cookies\default@revenue[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@atdmt[2].txt
C:\Documents and Settings\ferns\Cookies\default@ads.adworldnetwork[2].txt
C:\Documents and Settings\ferns\Cookies\default@focalex[3].txt
C:\Documents and Settings\ferns\Cookies\default@zedo[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@clicks.emarketmakers[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@adv.webmd[3].txt
C:\Documents and Settings\ferns\Cookies\default@ad-flow[4].txt
C:\Documents and Settings\ferns\Cookies\anyuser@metareward[3].txt
C:\Documents and Settings\ferns\Cookies\anyuser@revenue[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ads.v3[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@bs.serving-sys[3].txt
C:\Documents and Settings\ferns\Cookies\anyuser@clickagents[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ads.x10[3].txt
C:\Documents and Settings\ferns\Cookies\anyuser@sexiestgamer[1].txt
C:\Documents and Settings\ferns\Cookies\default@offeroptimizer[3].txt
C:\Documents and Settings\ferns\Cookies\default@ads.x10[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@xiti[1].txt
C:\Documents and Settings\ferns\Cookies\default@serving-sys[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@focalex[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@paycounter[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@rccl.bridgetrack[1].txt
C:\Documents and Settings\ferns\Cookies\default@a.as-us.falkag[3].txt
C:\Documents and Settings\ferns\Cookies\anyuser@tribalfusion[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@clickagents[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@www2.paypopup[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@c.as-us.falkag[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@windowsmedia[3].txt
C:\Documents and Settings\ferns\Cookies\anyuser@realmedia[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@hitbox[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@adv.webmd[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@fastclick[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.gorillanation[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@targetnet[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@maxserving[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@doubleclick[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@exitexchange[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.adsag[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ad.lastminutetravel[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ads.pointroll[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@tripod[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@centralmedia[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@advertising[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@rccl.bridgetrack[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@okcounter[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@ww3.shoshkeles[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@offeroptimizer[3].txt
C:\Documents and Settings\ferns\Cookies\anyuser@centralmedia[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@free-porn-megasite[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@counter[3].txt
C:\Documents and Settings\ferns\Cookies\anyuser@as-us.falkag[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.pointroll[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@www.clickhype[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@offeroptimizer[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.monster[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@a.as-us.falkag[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@advertising[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.specificclick[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@serving-sys[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@banners.netcraft[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@sextracker[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@qksrv[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@tribalfusion[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@atwola[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@as-us.falkag[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@partner2profit[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@realmedia[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@bs.serving-sys[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@mediaplex[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-bestbuy.hitbox[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-sonyesolutions.hitbox[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@fcstats.bcentral[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@mediamgr.ugo[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@citi.bridgetrack[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.0stats[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@hestia.sextrail.trakkerd[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.burstbeacon[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.specificpop[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@c2.gostats[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@valueclick[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@casalemedia[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@exitexchange[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@2o7[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@a.as-us.falkag[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@mediamgr.ugo[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@counter2.hitslink[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@targetnet[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@metareward[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@edge.ru4[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@xiti[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@bluestreak[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-cafepress.hitbox[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.addynamix[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@mediaplex[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@2o7[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@rightmedia[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@fortunecity[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@questionmarket[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@commission-junction[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@dealtime[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@stat.dealtime[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@counter7.sextracker[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@windowsmedia[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@zedo[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@server.iad.liveperson[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@hc2.humanclick[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@overture[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@stats.klsoft[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@paycounter[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@servedby.advertising[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.stileproject[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@servedby.advertising[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@qksrv[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.adsag[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@eboz[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@hestia.sextrail.trakkerd[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@cz6.clickzs[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@hitbox[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-dig.hitbox[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@counter4.sextracker[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@clickability[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.monster[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@maxserving[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.swirve[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.pointroll[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@banner[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@2o7[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@adrevolver[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@2o7[4].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ads.x10[4].txt
C:\Documents and Settings\ferns\Cookies\anyuser@adinterax[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@www.burstbeacon[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@macromedia[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@counter.hitslink[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@atwola[3].txt
C:\Documents and Settings\ferns\Cookies\anyuser@casalemedia[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@specificpop[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@servedby.advertising[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@1.primaryads[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ezzmedia[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@questionmarket[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg.hitbox[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-enotes.hitbox[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@advertising[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@superstats[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@www3.paypopup[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@c2.gostats[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyqjazsepgudj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.addynamix[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyulazagow6dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@112.2o7[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@-1shz2prbmdj6wvny-1sez2pra2dj6wjk4cgczobpq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyuhdpsapa6dj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@teenkelly[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@sextracker[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkowlc5wgpqydj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnygkajkcoqudj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@paycounter[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@counter5.sextracker[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@free.wegcash[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ads.specificpop[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@hitbox[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ads.stileproject[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@rightmedia[3].txt
C:\Documents and Settings\ferns\Cookies\anyuser@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlispcjobqq6dj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkywpajklpaidj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlosjcziaogidj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnygkdpekoq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnygkdpekoq6dj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyglcjwkoaydj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@z1.adserver[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmygncjmhoqqdj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlispcjobqq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@-1shz2prbmdj6wvny-1sez2pra2dj6wjkygmc5ofpw-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4uoczwfoaudj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ar.atwola[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@specificpop[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@trafficmp[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@bs.serving-sys[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyuhd5choa2dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyupczecpgqdj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@phg.hitbox[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.uproar[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@serving-sys[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@targetnet[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ehg-viacom.hitbox[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.mm.ap[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@cz3.clickzs[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.asia1.com[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@counter[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@emarketmakers[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@tribalfusion[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@intellisrv[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ad-rotator[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@realmedia[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@webpower[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyomdjeeqqsdj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@techtracker[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@versiontracker[3].txt
C:\Documents and Settings\ferns\Cookies\anyuser@advertising[3].txt
C:\Documents and Settings\ferns\Cookies\anyuser@adrevolver[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@revenue[3].txt
C:\Documents and Settings\ferns\Cookies\anyuser@citi.bridgetrack[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@overture[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@nextag[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@stat.dealtime[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ehg-cbs.hitbox[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ads.addynamix[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@creativeby.viewpoint[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ads.euniverseads[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@qksrv[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-tickleinc.hitbox[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@creativeby.viewpoint[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@teenadvice.about[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@bluestreak[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@tribalfusion[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@counter2.hitslink[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@servedby.advertising[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@valueclick[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@icc.intellisrv[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@revenue[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@hypertracker[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@maxserving[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@nextag[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@valueclick[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@server.iad.liveperson[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-comcast.hitbox[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@fastclick[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.0stats[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@ad-logics[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.x10[3].txt
C:\Documents and Settings\ferns\Cookies\anyuser@edge.ru4[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@a-1shz2prbmdj6wvny-1sez2pra2dj6wjk4wjajslqq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiqgcjidpwmdj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoknc5wkow6dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@as-us.falkag[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@tripod[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.euniverseads[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.tripod.lycos[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@fastclick[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@yadro[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@adclick[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@adinterax[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@hotlog[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@indextools[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@fortunecity[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@questionmarket[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@mediamgr.ugo[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@sexlist[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.thepornhost[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@hit1.vioclicks[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-apcc.hitbox[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@targetnet[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ads.uproar[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@z1.adserver[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@as1.falkag[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@stat.onestat[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@spylog[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.entrepreneur[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@statcounter[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@okcounter[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@image.masterstats[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.adult777[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@bluestreak[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliokc5igoaudj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.burstbeacon[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ad-rag[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@overture[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@trafficmp[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@focalex[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@bannerspace[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-viacom.hitbox[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@www1.paypopup[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@metareward[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@banner[2].txt
C:\Documents and Settings\ferns\Cookies\anyuser@windowsmedia[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@commission-junction[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@www5.yesadvertising[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@adprofile[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@campaign.indieclick[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@a.as-us.falkag[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@2o7[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@perf.overture[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@adserver.gamesquad[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@bs.serving-sys[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.metareward[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@adknowledge[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@windowsmedia[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.as4x.tmcs[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@realmedia[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.as4x.tmcs.ticketmaster[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@edge.ru4[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@serving-sys[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@247realmedia[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@dealtime.co[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@mediaplex[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@atwola[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@zedo[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-tigerdirect2.hitbox[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.pcstats[1].txt
C:\Documents and Settings\ferns\Cookies\anyuser@ads.swirve[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@banner2.inet-traffic[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-newegg.hitbox[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkokjdpkboq6dj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-bmwna.hitbox[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@hg1.hitbox[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkocnajoeoaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@atwola[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ezz.ezzmedia[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-bestbuy.hitbox[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@hc2.humanclick[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@casalemedia[3].txt
C:\Documents and Settings\ferns\Cookies\anyuser@partner2profit[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@partner2profit[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkoejazagqq2dj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.uproar[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-peoplepc.hitbox[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@stats.manticoretechnology[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@mediaplex[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@statcounter[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@tribalfusion[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@rightmedia[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@campaign.indieclick[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@targetnet[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@z1.adserver[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4qic5efpg2dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-micron.hitbox[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@hg1.hitbox[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@adlegend[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@edge.ru4[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@sexlist[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@adserver.gamesquad[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@maxserving[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@trafficmp[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@www1.paypopup[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@revenue[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-bestbuy.hitbox[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkocnajoeoaqdj6x9ny-1seq-2-2.stats.esomniture[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4ujazwlqqmdj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@internetfuel[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.monster[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@ezzmedia[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@server.iad.liveperson[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyeldzwfow6dj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkocod5ghpg-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-enotes.hitbox[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@toplist[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@xxxtoolbar[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@c8.zedo[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ezz.ezzmedia[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@hc2.humanclick[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-dig.hitbox[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@advertising[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@eboz[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@serving-sys[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@install.xxxtoolbar[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.xxxtoolbar[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@centralmedia[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@valueclick[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@adknowledge[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.as4x.tmcs[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@nextag[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@casalemedia[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@realmedia[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-sonypictures.hitbox[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@specificclick[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@www5.yesadvertising[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@adrevolver[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@focalex[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.pointroll[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.ppctracking[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@adserver.filefront[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@okcounter[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@sel.as-us.falkag[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@stat.dealtime[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@spylog[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@anycracks[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@hotlog[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@partner2profit[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@overture[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@servedby.advertising[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@media.ps2.ign[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@hitbox[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@bluestreak[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.sheknows[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@icc.intellisrv[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@burstnet[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@questionmarket[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@elitefitness[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@banner[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.euniverseads[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.addynamix[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@fastclick[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ar.atwola[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@bs.serving-sys[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-apcs.hitbox[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@adopt.specificclick[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@trafficmp[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-bizjournals.hitbox[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@azjmp[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@zedo[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@citi.bridgetrack[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@doubleclick[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1mcpwkoqqdj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@adopt.hbmediapro[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.burstbeacon[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@fastclick[10].txt
C:\Documents and Settings\ferns\Cookies\ferns@edge.ru4[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@casalemedia[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@realmedia[8].txt
C:\Documents and Settings\ferns\Cookies\ferns@advertising[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@rightmedia[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@tripod[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@mediaplex[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@www10.paypopup[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@tribalfusion[9].txt
C:\Documents and Settings\ferns\Cookies\ferns@atdmt[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@linksynergy[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ad.yieldmanager[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@intellisrv[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.screensavers[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@maxserving[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@mediaplex[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@z1.adserver[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@smileycentral[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@adorigin[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@a.as-us.falkag[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-dig.hitbox[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@yieldmanager[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@icc.intellisrv[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@adopt.specificclick[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@stats[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@apmebf[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@247realmedia[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@qksrv[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@counter.hitslink[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@valueclick[8].txt
C:\Documents and Settings\ferns\Cookies\ferns@dist.belnk[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@adinterax[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@qnsr[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@realmedia[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@m1.webstats4u[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@interclick[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@focalex[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@specificclick[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@adrevolver[8].txt
C:\Documents and Settings\ferns\Cookies\ferns@h.starware[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@coolsavings[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@cz3.clickzs[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.addynamix[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@fastclick[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@phg.hitbox[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@icc.intellisrv[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@web4.realtracker[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@z1.adserver[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@adknowledge[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@ad-logics[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@bluestreak[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@tribalfusion[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.screensavers[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@zedo[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.pointroll[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@adopt.euroclick[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@burstnet[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.as4x.tmcs[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@dist.belnk[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@serving-sys[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@hitbox[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@maxserving[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@nextag[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@valueclick[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@realmedia[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@tradedoubler[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@trafficmp[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@atwola[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@qksrv[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@statse.webtrendslive[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@statcounter[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@partner2profit[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@a.websponsors[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@starware[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@112.2o7[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@nextag[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@banner[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@as1.falkag[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.addynamix[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@tacoda[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@targetnet[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@casalemedia[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@partner2profit[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@2o7[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@bluestreak[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.pointroll[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@adknowledge[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@247realmedia[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@questionmarket[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@parentingteens.about[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@casalemedia[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@overture[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@adopt.specificclick[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.burstbeacon[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.belointeractive[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@servedby.advertising[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@servedby.advertising[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@xml.bravenetmedianetwork[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@fortunecity[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@statcounter[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@adrevolver[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@revsci[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@bs.serving-sys[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@adrevolver[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.as4x.tmcs[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@questionmarket[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@tribalfusion[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@zedo[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@trafficmp[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@media.fastclick[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ad.yieldmanager[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@advertising[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@fastclick[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.as4x.tmcs[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@apmebf[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@icc.intellisrv[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@valueclick[9].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.addynamix[8].txt
C:\Documents and Settings\ferns\Cookies\ferns@hc2.humanclick[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@edge.ru4[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@anat.tacoda[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@as-us.falkag[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@burstnet[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@revenue[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@fastclick[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.guardian.co[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@adbrite[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@overture[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@z1.adserver[8].txt
C:\Documents and Settings\ferns\Cookies\ferns@adrevolver[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@adknowledge[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@112.2o7[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@ar.atwola[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@stats.channel4[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@counter2.hitslink[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.monster[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@partner2profit[8].txt
C:\Documents and Settings\ferns\Cookies\ferns@toplist[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.clickxchange[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@w132.hitbox[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@kanoodle[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@atwola[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@stat.onestat[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@adinterax[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@as-us.falkag[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@bluestreak[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@citi.bridgetrack[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.burstbeacon[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@server.iad.liveperson[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@targetnet[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-dig.hitbox[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@creativeby.viewpoint[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.eccentrix[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@advertising[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@ad.yieldmanager[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@hitbox[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@tradedoubler[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@c.goclick[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.euniverseads[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@superstats[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@web4.realtracker[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@2o7[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.euniverseads[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@advertising[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@ath.belnk[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@trafficmp[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@focalex[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@questionmarket[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@clickability[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.digitalpoint[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@apmebf[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@banner[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@a.websponsors[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@hc2.humanclick[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@adserver.theonering[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@fortunecity[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@realmedia[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@bluestreak[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@adrevolver[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@servedby.advertising[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@dist.belnk[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-mindshare.hitbox[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@stats1.clicktracks[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@adorigin[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@gostats[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@exitexchange[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@server.iad.liveperson[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@roiservice[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@coolsavings[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@metareward[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@serving-sys[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@as-us.falkag[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@ad-logics[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@media.putfile[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.005.free-counter.co[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.flooble[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@paypopup[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@stat.onestat[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@edge.ru4[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@nextag[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@qksrv[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@fcstats.bcentral[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@z1.adserver[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@adserver[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@adinterax[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.burstnet[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@bs.serving-sys[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.pointroll[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@qnsr[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@adknowledge[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@tribalfusion[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@valueclick[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@superstats[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@counter2.hitslink[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@casalemedia[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.adsag[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@statcounter[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@tradedoubler[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@nbtracking[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@azjmp[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@tacoda[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@project1.realtracker[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@counter.hitslink[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@starware[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.addynamix[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.sheknows[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@i.screensavers[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.screensavers[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@maxserving[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@targetnet[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@adopt.hbmediapro[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@2o7[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@adopt.hotbar[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@web4.realtracker[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@tracking.ezd3[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.dgm2[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.ticketsnow[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.ticketsnow1[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@adrevolver[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-dig.hitbox[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@baby.valueclick[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-salonmedia.hitbox[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@revsci[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@as1.falkag[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-foxsports.hitbox[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@cz6.clickzs[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.singingfool[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@partner2profit[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@belnk[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@rccl.bridgetrack[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@cz3.clickzs[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@statse.webtrendslive[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.belointeractive[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@itnnetmedia[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.burstbeacon[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@hitbox[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-billgrahamarchives.hitbox[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@valueclick[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@phg.hitbox[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@creativeby.viewpoint[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@m1.webstats4u[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.as4x.tmcs[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@adopt.specificclick[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.123india[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@revenue[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@zedo[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@funwebproducts[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@icc.intellisrv[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@burstnet[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@cnn.122.2o7[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@c5.zedo[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@overture[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.monster[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@fastclick[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@atwola[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@247realmedia[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@ad.yieldmanager[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.mouseplanet[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@trafficmp[8].txt
C:\Documents and Settings\ferns\Cookies\ferns@cbs.112.2o7[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@dist.belnk[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@ostg.112.2o7[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@hg1.hitbox[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-lls.hitbox[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@atwola[8].txt
C:\Documents and Settings\ferns\Cookies\ferns@tripod[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@server.iad.liveperson[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@try.starware[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@adopt.hotbar[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-viacom.hitbox[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@adrevolver[9].txt
C:\Documents and Settings\ferns\Cookies\ferns@cz3.clickzs[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@parentingteens.about[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@advertising[8].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.addesktop[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.burstbeacon[8].txt
C:\Documents and Settings\ferns\Cookies\ferns@adopt.hbmediapro[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.entrepreneur[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@qksrv[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@e-2dj6wjlowkazieq.stats.esomniture[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@c2.gostats[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-nfusiongroup.hitbox[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.upspiral[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.groovystats[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@web4.realtracker[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@statse.webtrendslive[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@as1.falkag[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@apmebf[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@yieldmanager[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@casalemedia[8].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.belointeractive[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@network.realmedia[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@tagworld[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@tradedoubler[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@counter2.hitslink[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@media.intelia[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@tribalfusion[8].txt
C:\Documents and Settings\ferns\Cookies\ferns@vip.clickzs[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@adecn[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.0stats[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@adsrevenue[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@qnsr[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@regalinteractive[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ad.yieldmanager[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@www.burstnet[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@valueclick[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@interclick[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@maxserving[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@http.edge.vru4[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@h.starware[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@ar.atwola[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@realmedia[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.hairboutique[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@counter.hitslink[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@xiti[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@serving-sys[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@harpo.122.2o7[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@perf.overture[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@mediaplex[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@itxt.vibrantmedia[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@media3.sitebrand[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@onetruemedia[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@media.adrevolver[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@adserver.livejournal[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-findlaw.hitbox[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@tracking.foxnews[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@adopt.specificclick[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@m1.webstats4u[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@247realmedia[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@phg.hitbox[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.multimania.lycos[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@stat.onestat[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@linksynergy[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@tracking.ezd3[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@server2.bkvtrack[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@aff.primaryads[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@mediaonenetwork[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@acvs.mediaonenetwork[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@xml.bravenetmedianetwork[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@adopt.euroclick[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@bs.serving-sys[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@overture[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@advertisingcom.122.2o7[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@revenue[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@2o7[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@statcounter[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@offers.clickbooth[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@nextag[7].txt
C:\Documents and Settings\ferns\Cookies\ferns@data3.perf.overture[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-boltmedia.hitbox[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-associatednewmedia.hitbox[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@fortunecity[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@msnportal.112.2o7[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@nbcuniversal.122.2o7[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@anad.tacoda[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@tacoda[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@smileycentral[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@revsci[4].txt
C:\Documents and Settings\ferns\Cookies\ferns@pro-market[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@spylog[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.pointroll[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@zedo[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@media.hotels[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@ehg-comcast.hitbox[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@ads.stileproject[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@burstnet[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@ad.yieldmanager[5].txt
C:\Documents and Settings\ferns\Cookies\ferns@mediaservices.myspace[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@microsoftwga.112.2o7[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@questionmarket[6].txt
C:\Documents and Settings\ferns\Cookies\ferns@tracker.myspacemaps[2].txt
C:\Documents and Settings\ferns\Cookies\ferns@fastclick[9].txt
C:\Documents and Settings\ferns\Cookies\ferns@edge.ru4[8].txt
C:\Documents and Settings\ferns\Cookies\ferns@data2.perf.overture[1].txt
C:\Documents and Settings\ferns\Cookies\ferns@media.fastclick[3].txt
C:\Documents and Settings\ferns\Cookies\ferns@offers.intermediainteractive[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@valueclick.ne[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@revenue[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@247realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@techtracker[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@as.adwave[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@revenue[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@eboz[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ads.monster[4].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@fastclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@doubleclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@versiontracker[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@atdmt[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@clicks.emarketmakers[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@clickagents[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@adv.webmd[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@fastclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ads.gorillanation[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ad.lastminutetravel[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@rccl.bridgetrack[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ww3.shoshkeles[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@free-porn-megasite[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@offeroptimizer[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ads.monster[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ads.specificclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@banners.netcraft[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@tribalfusion[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ehg-sonyesolutions.hitbox[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@fcstats.bcentral[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@citi.bridgetrack[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ads.specificpop[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@exitexchange[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@edge.ru4[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@xiti[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ehg-cafepress.hitbox[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@dealtime[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@counter7.sextracker[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@stats.klsoft[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ads.stileproject[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ads.adsag[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@eboz[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@hestia.sextrail.trakkerd[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@cz6.clickzs[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@counter4.sextracker[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ads.monster[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ads.swirve[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@macromedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@specificpop[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@1.primaryads[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ehg.hitbox[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@superstats[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@www3.paypopup[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@c2.gostats[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyqjazsepgudj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyulazagow6dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@112.2o7[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@-1shz2prbmdj6wvny-1sez2pra2dj6wjk4cgczobpq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyuhdpsapa6dj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@teenkelly[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@sextracker[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkowlc5wgpqydj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnygkajkcoqudj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@paycounter[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@counter5.sextracker[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@free.wegcash[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnygkdpekoq6dj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyglcjwkoaydj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmygncjmhoqqdj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlispcjobqq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@-1shz2prbmdj6wvny-1sez2pra2dj6wjkygmc5ofpw-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4uoczwfoaudj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyuhd5choa2dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyupczecpgqdj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@phg.hitbox[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ads.mm.ap[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@cz3.clickzs[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ads.asia1.com[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@counter[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@emarketmakers[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@tribalfusion[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@intellisrv[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ad-rotator[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@webpower[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyomdjeeqqsdj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@techtracker[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@versiontracker[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@overture[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@qksrv[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ehg-tickleinc.hitbox[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@creativeby.viewpoint[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@counter2.hitslink[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@valueclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@revenue[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@hypertracker[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@nextag[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ehg-comcast.hitbox[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@www.0stats[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ad-logics[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ads.x10[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@a-1shz2prbmdj6wvny-1sez2pra2dj6wjk4wjajslqq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiqgcjidpwmdj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoknc5wkow6dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@tripod[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ads.tripod.lycos[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@fastclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@yadro[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@adclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@adinterax[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@hotlog[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@indextools[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@fortunecity[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@mediamgr.ugo[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@sexlist[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@www.thepornhost[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@hit1.vioclicks[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ehg-apcc.hitbox[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@as1.falkag[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@stat.onestat[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@www.entrepreneur[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@statcounter[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@okcounter[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@image.masterstats[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@www.adult777[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliokc5igoaudj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@www.burstbeacon[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ad-rag[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@overture[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@focalex[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@bannerspace[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@as-us.falkag[4].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ehg-viacom.hitbox[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@metareward[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@banner[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@commission-junction[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@www5.yesadvertising[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@adprofile[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@a.as-us.falkag[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@rightmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@perf.overture[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@bs.serving-sys[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@www.metareward[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ads.uproar[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@adknowledge[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@windowsmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ads.as4x.tmcs[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ads.as4x.tmcs.ticketmaster[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@edge.ru4[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@serving-sys[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@adrevolver[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@247realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@dealtime.co[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@atwola[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ehg-tigerdirect2.hitbox[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@www.pcstats[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@banner2.inet-traffic[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ehg-newegg.hitbox[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkokjdpkboq6dj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ehg-bmwna.hitbox[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@partner2profit[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkoejazagqq2dj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ehg-peoplepc.hitbox[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@stats.manticoretechnology[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@servedby.advertising[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@mediaplex[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ads.addynamix[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@valueclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ezz.ezzmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@campaign.indieclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@www.paypopup[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@z1.adserver[4].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4qic5efpg2dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@spylog[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ehg-micron.hitbox[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@hg1.hitbox[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ads.pointroll[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@adlegend[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@advertising[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@adserver.gamesquad[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@bluestreak[4].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@hitbox[4].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@www1.paypopup[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ehg-bestbuy.hitbox[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkocnajoeoaqdj6x9ny-1seq-2-2.stats.esomniture[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4ujazwlqqmdj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ads.euniverseads[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@internetfuel[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@maxserving[4].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ezzmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@server.iad.liveperson[4].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyeldzwfow6dj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkocod5ghpg-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@casalemedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ehg-enotes.hitbox[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@trafficmp[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@xxxtoolbar[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@c8.zedo[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@targetnet[4].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@stat.dealtime[4].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@hc2.humanclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@questionmarket[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@ehg-dig.hitbox[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@zedo[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@2o7[2].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@install.xxxtoolbar[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@www.xxxtoolbar[1].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@realmedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@centralmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\ferns@icc.intellisrv[3].txt

Adware.ClickSpring/Outer Info Network
C:\Documents and Settings\ferns\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\ferns\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\ferns\Start Menu\Programs\Outerinfo

Adware.ClearSearch
C:\WINDOWS\SYSTEM32\GRLNT01.DLL

Adware.eZula
C:\WINDOWS\SYSTEM32\EZST4.EXE

Adware.MyWay
C:\WINDOWS\SYSTEM32\XCITE.DLL

Adware.Spyware Labs
C:\WINDOWS\DOWNLOADED PROGRAM FILES\VBOUNCEROUTER1203.EXE

Adware.eXactAdvertising-Installer
C:\WINDOWS\MSBBI.EXE

Adware.Vundo Variant
C:\VUNDOFIX BACKUPS\AWTQQPO.DLL.BAD
C:\VUNDOFIX BACKUPS\CBXUTUS.DLL.BAD
C:\VUNDOFIX BACKUPS\KHFFFFF.DLL.BAD
C:\VUNDOFIX BACKUPS\LJJHHIJ.DLL.BAD
C:\VUNDOFIX BACKUPS\SSQNKJH.DLL.BAD
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\GTHXKVFU.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FDCOBHMX.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\PJAPQSIG.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WDHVVQTT.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TSJKFAAE.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\UGFFYEBO.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FCNHSNDO.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VIKGJBHE.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\EMUTNLHT.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KAGWSBDS.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CMMHYRGN.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DHIIDASQ.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BSEJAMGT.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WEDABGLN.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\APIEIUMU.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\IVYEWUVT.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TSRJUVHE.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VSXWDMHA.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BRPIVJDD.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KTQKBXQQ.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CLYFYRYY.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NHPMANKM.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\ULGMMACJ.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\QPXSLFAQ.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DSJKSNIP.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\AAWSJCEY.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\OXLENNTU.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\AQTEOXTU.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\IQHFMBAB.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\AXRGQVXK.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\PRMIFCFP.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\YHYFJFDR.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RBFHOXTC.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\YKTJEFFR.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\PDHONPLS.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XUNBNNCG.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XUKQUVKN.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\HMODFQTF.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XGAUEVAI.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\UKKFBSXM.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WKIHBCDY.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WOACSFJG.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XSUMDSMQ.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RTLTWPLB.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KKCYVWHA.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FXMPWARC.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RCHOUPLH.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BQVHHJTT.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\YGBJCREH.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\GYNTHWLE.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KPTIVLUS.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BNJITCRB.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\AGKASNIY.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TDGUOOFW.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\MHKFVCIW.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BBNJPSYO.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RVNMNQIN.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CRAGYALY.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TMSIFETD.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CXGBEOXJ.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\ETQRBBJE.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\MQMTXNNI.DLL.VIR

Unclassified.Unknown Origin
C:\VUNDOFIX BACKUPS\EFCBAAB.DLL.BAD
C:\VUNDOFIX BACKUPS\EFCYYVU.DLL.BAD
C:\VUNDOFIX BACKUPS\OPNKHGH.DLL.BAD

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WNSAPIICOM.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\B129.EXE.VIR
D:\SDFIX\BACKUPS\WIN1B2.TMP.EXE
D:\SDFIX\BACKUPS\WIN81.TMP.EXE

Adware.ClickSpring
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SSEMBL~1\DLLHOST.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\PPATCH~1\MSIEXEC.EXE.VIR
C:\QOOBOX\QUARANTINE\C\DOCUME~1\FERNS\MYDOCU~1\FNTS~1\CSRSS.EXE.VIR

Trojan.Downloader-CREW
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\AUBMIGTH.DLL.VIR

Trojan.Downloader-Gen/Installer
C:\QOOBOX\QUARANTINE\C\WINDOWS\B122.EXE.VIR

Trojan.Downloader-Gen/HitItQuitIt
D:\DOCUMENTS\BACKUPS\BACKUP-20070606-093936-456.DLL
D:\DOCUMENTS\BACKUPS\BACKUP-20070606-094316-553.DLL
D:\DOCUMENTS\BACKUPS\BACKUP-20070616-092906-320.DLL
D:\DOCUMENTS\BACKUPS\BACKUP-20070616-092952-230.DLL
D:\DOCUMENTS\BACKUPS\BACKUP-20070616-093006-965.DLL
D:\DOCUMENTS\BACKUPS\BACKUP-20070616-165435-969.DLL
D:\DOCUMENTS\BACKUPS\BACKUP-20070623-110714-995.DLL

Adware.ClickSpring/Resident
D:\DOCUMENTS\BACKUPS\BACKUP-20070614-113610-530.DLL
D:\DOCUMENTS\BACKUPS\BACKUP-20070616-165435-302.DLL
D:\DOCUMENTS\BACKUPS\BACKUP-20070623-110714-458.DLL




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:27 PM, on 7/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Documents\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Documents\Super antispyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Documents\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Documents\Super antispyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C339B9B6-80CB-4FA3-9690-30B00C9FC344}: NameServer = 68.94.156.1 68.94.157.1
O20 - Winlogon Notify: !SASWinLogon - D:\Documents\Super antispyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: Network Associates McShield (McShield) - Unknown owner - C:\Program Files\Network Associates\VirusScan\mcshield.exe (file missing)
O23 - Service: Network Associates Task Manager (McTaskManager) - Unknown owner - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4821 bytes

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 26 July 2007 - 05:12 AM

Your log is clean :thumbsup:
If all's ok,please do the following.

Find and delete:
Combofix.exe
Avenger

C:\Avenger
C:\QOOBOX

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading unselect 'Show hidden files and folders'.
* Re-check the 'Hide file extensions for known types' option.
* Re-check the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

------------------------------------------------

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

-------------------------------------------------

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users