Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti-spy Storm Help


  • Please log in to reply
17 replies to this topic

#1 workingonit

workingonit

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 14 September 2007 - 05:23 PM

The Anti-Spy Storm spyware has infected my boss' laptop.
The wallpaper has been replaced by a black bg warning me of my IP's vulnerability. In addition it is plagued by constant "windows security center" text bubbles which direct me to Anti-Spy Storm. Also, google links get redirected to various shopping sties.
Your help in removal is greatly appreciated.

Here's my HJTlog:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:06:54 PM, on 9/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nusrmgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\BacsTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\AOL\1131468494\ee\AOLHostManager.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Common Files\AOL\1131468494\ee\AOLServiceHost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Zango /fleok=1D8A83A5C5E019769AA575760EA83FA5EF80752B94E2DC765A7D462A36C4 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.341.0\HostIE.dll (file missing)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: oembios32.msdn_hlp - {AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236} - C:\WINDOWS\system32\oembios32.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Zango - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.341.0\HostIE.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131468494\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-581541943-2590962829-1806583950-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-581541943-2590962829-1806583950-1007\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-581541943-2590962829-1806583950-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-581541943-2590962829-1806583950-1007\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - ?p=ZJxdm025MCUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C144589-8DD8-460A-83D6-FB28E9C7A238}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{24390BE2-8276-4A25-B921-67280BB430D4}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D2C265F-9652-49A2-A931-2E8610F44AE1}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14766 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:04 PM

Posted 16 September 2007 - 09:29 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 workingonit

workingonit
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 16 September 2007 - 01:43 PM

Hi Sam! :thumbsup:
Here's my combofix log:

ComboFix 07-09-14.2 - "Peter Montella" 2007-09-16 14:18:59.1 - NTFSx86
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\FindIt.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\FindItHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\findithotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\finditxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\Highlight.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\HighlightHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\highlighthotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\highlightxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\Reference.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\ReferenceHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\referencehotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\referencexp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\screensaver.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\Screensavers0.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\starware_toolbar_icon.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\Weather.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\weatherhotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\weatherxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\contexts\error.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\contexts\Related.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\contexts\Travel.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\images\walertXP.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\SimpleUpdate\ProductMessagingConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\SimpleUpdate\TimerManagerConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\FindIt.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\FindItHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\findithotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\finditxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\Highlight.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\HighlightHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\highlighthotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\highlightxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\Reference.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\ReferenceHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\referencehotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\referencexp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\screensaver.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\Screensavers0.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\starware_toolbar_icon.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\Weather.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\weatherhotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\weatherxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\contexts\error.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\contexts\Related.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\contexts\Travel.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\images\walertXP.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\SimpleUpdate\ProductMessagingConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\SimpleUpdate\TimerManagerConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\downloadmanager\agent.dll
C:\Program Files\downloadmanager\api.exe
C:\Program Files\downloadmanager\insdl.dll
C:\Program Files\downloadmanager\mptray.exe
C:\Program Files\downloadmanager\mpupdate.exe
C:\Program Files\downloadmanager\p2pinst.exe
C:\Program Files\downloadmanager\p2pl.exe
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\drivers\bg_bg.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\close_ico.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\icon_warning_big.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\remove_spyware_header.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\spyware_detected.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_ico.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((( Files Created from 2007-08-16 to 2007-09-16 )))))))))))))))))))))))))))))))
.

2007-09-16 14:16 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-14 17:49 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Talkback
2007-09-14 17:43 83,096 --a------ C:\WINDOWS\SYSTEM32\SSSensor.dll
2007-09-14 17:43 60,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Teefer.sys
2007-09-14 17:43 21,075 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wpsdrvnt.sys
2007-09-14 17:43 14,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg6n.sys
2007-09-14 17:43 14,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg5n.sys
2007-09-14 17:43 14,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg4n.sys
2007-09-14 17:43 14,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg3n.sys
2007-09-14 17:43 <DIR> d-------- C:\Program Files\Sygate
2007-09-14 16:07 76,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-09-14 16:02 <DIR> d-------- C:\DOCUME~1\PETERM~1\.housecall6.6
2007-09-14 15:54 20,224 --a------ C:\WINDOWS\SYSTEM32\ace16win.dll
2007-09-14 15:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-13 15:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-12 23:44 <DIR> d-------- C:\DOCUME~1\PETERM~1\APPLIC~1\Talkback
2007-09-11 16:03 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-11 16:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-11 16:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-11 14:48 4 --a------ C:\WINDOWS\SYSTEM32\stfv.bin
2007-09-11 13:09 18,432 --a------ C:\WINDOWS\winh32.exe
2007-09-11 12:52 <DIR> d-------- C:\WINDOWS\SYSTEM32\acespy
2007-09-11 12:31 21,504 --a------ C:\WINDOWS\SYSTEM32\oembios32.dll
2007-09-11 12:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZangoSA
2007-09-11 12:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2007-09-08 14:26 <DIR> d-------- C:\Program Files\MTV Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-16 14:21 --------- d-------- C:\Program Files\DownloadManager
2007-09-12 22:41 --------- d-------- C:\Program Files\Google
2007-09-12 22:37 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2007-07-19 01:59 3583488 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-07-12 18:31 765952 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\vgx.dll
2007-06-27 09:34 823808 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-06-27 09:34 671232 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-06-27 09:34 6058496 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-06-27 09:34 52224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-06-27 09:34 477696 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-06-27 09:34 459264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-06-27 09:34 44544 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-06-27 09:34 384512 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-06-27 09:34 383488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-06-27 09:34 27648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-06-27 09:34 267776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-06-27 09:34 232960 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-06-27 09:34 230400 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-06-27 09:34 193024 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-06-27 09:34 153088 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-06-27 09:34 132608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-06-27 09:34 124928 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-06-27 09:34 1152000 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-06-27 09:34 105984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-06-27 09:34 102400 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-06-27 03:27 63488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-06-27 03:27 625152 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-06-27 03:27 13824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-06-27 02:00 161792 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2007-06-26 01:08 1104896 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msxml3.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\SYSTEM32\gdi32.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
2004-08-04 07:56:46 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 07:56:42 1,028,096 --sha-w C:\WINDOWS\SYSTEM32\mfc42.dll
2004-08-04 07:56:43 54,784 --sh--w C:\WINDOWS\SYSTEM32\msvcirt.dll
2004-08-04 07:56:43 413,696 --sha-w C:\WINDOWS\SYSTEM32\msvcp60.dll
2004-08-04 07:56:43 343,040 --sha-w C:\WINDOWS\SYSTEM32\msvcrt.dll
2007-05-17 11:28:05 549,376 --sh--w C:\WINDOWS\SYSTEM32\oleaut32.dll
2004-08-04 07:56:44 83,456 --sha-w C:\WINDOWS\SYSTEM32\olepro32.dll
2004-08-04 07:56:55 11,776 --sh--w C:\WINDOWS\SYSTEM32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236}]
2007-09-11 12:31 21504 --a------ C:\WINDOWS\system32\oembios32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-10-26 13:01]
"nwiz"="nwiz.exe" [2004-10-26 13:01 C:\WINDOWS\SYSTEM32\nwiz.exe]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 05:59 C:\WINDOWS\BCMSMMSG.exe]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-02-02 15:32]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48]
"bacstray"="BacsTray.exe" [2003-05-14 18:37 C:\WINDOWS\SYSTEM32\BacsTray.exe]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 01:04]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 11:43]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-03-04 20:59]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-07-19 20:23]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-07-19 20:23]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 14:45]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 14:45]
"CXMon"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-09 17:06]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"HostManager"="C:\Program Files\Common Files\AOL\1131468494\ee\AOLHostManager.exe" [2005-08-02 14:33]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 08:43]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 20:51]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 19:37]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-03-02 19:19]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 20:28]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-07-19 20:22:53]
DESKTOP.INI [2004-03-20 12:58:38]

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-03-20 12:58:38]

C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-03-20 12:58:38]

C:\DOCUME~1\PETERM~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-03-20 12:58:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kddht.exe"



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-16 14:25:41
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwQueryDirectoryFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\kddht.exe

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2007-09-16 14:28:16 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-16 14:28
.
--- E O F ---

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:04 PM

Posted 17 September 2007 - 08:36 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Folder::
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZangoSA
C:\DOCUME~1\ALLUSE~1\APPLIC~1\2ACA5CC3-0F83-453D-A079-1076FE1A8B65

File::
C:\WINDOWS\SYSTEM32\stfv.bin
C:\WINDOWS\winh32.exe
C:\WINDOWS\SYSTEM32\oembios32.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"=-

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 workingonit

workingonit
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 18 September 2007 - 03:12 PM

Hey Sam! =D

Combofix:
ComboFix 07-09-14.2 - "Peter Montella" 2007-09-18 15:50:56.2 - NTFSx86

FILE::
C:\WINDOWS\SYSTEM32\stfv.bin
C:\WINDOWS\winh32.exe
C:\WINDOWS\SYSTEM32\oembios32.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ALLUSE~1\APPLIC~1\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZangoSA
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZangoSA\ZangoSA.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZangoSA\ZangoSA_kyf.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZangoSA\ZangoSAAbout.mht
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZangoSA\ZangoSAau.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZangoSA\ZangoSAEULA.mht
C:\WINDOWS\system32\kddht.exe
C:\WINDOWS\SYSTEM32\oembios32.dll
C:\WINDOWS\SYSTEM32\stfv.bin
C:\WINDOWS\winh32.exe

.
((((((((((((((((((((((((( Files Created from 2007-08-18 to 2007-09-18 )))))))))))))))))))))))))))))))
.

2007-09-16 14:16 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-14 17:49 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Talkback
2007-09-14 17:43 83,096 --a------ C:\WINDOWS\SYSTEM32\SSSensor.dll
2007-09-14 17:43 60,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Teefer.sys
2007-09-14 17:43 21,075 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wpsdrvnt.sys
2007-09-14 17:43 14,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg6n.sys
2007-09-14 17:43 14,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg5n.sys
2007-09-14 17:43 14,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg4n.sys
2007-09-14 17:43 14,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg3n.sys
2007-09-14 17:43 <DIR> d-------- C:\Program Files\Sygate
2007-09-14 16:07 76,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-09-14 16:02 <DIR> d-------- C:\DOCUME~1\PETERM~1\.housecall6.6
2007-09-14 15:54 20,224 --a------ C:\WINDOWS\SYSTEM32\ace16win.dll
2007-09-14 15:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-13 15:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-12 23:44 <DIR> d-------- C:\DOCUME~1\PETERM~1\APPLIC~1\Talkback
2007-09-11 16:03 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-11 16:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-11 16:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-11 12:52 <DIR> d-------- C:\WINDOWS\SYSTEM32\acespy
2007-09-08 14:26 <DIR> d-------- C:\Program Files\MTV Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-16 14:21 --------- d-------- C:\Program Files\DownloadManager
2007-09-12 22:41 --------- d-------- C:\Program Files\Google
2007-09-12 22:37 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2004-08-04 07:56:46 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 07:56:42 1,028,096 --sha-w C:\WINDOWS\SYSTEM32\mfc42.dll
2004-08-04 07:56:43 54,784 --sh--w C:\WINDOWS\SYSTEM32\msvcirt.dll
2004-08-04 07:56:43 413,696 --sha-w C:\WINDOWS\SYSTEM32\msvcp60.dll
2004-08-04 07:56:43 343,040 --sha-w C:\WINDOWS\SYSTEM32\msvcrt.dll
2007-05-17 11:28:05 549,376 --sh--w C:\WINDOWS\SYSTEM32\oleaut32.dll
2004-08-04 07:56:44 83,456 --sha-w C:\WINDOWS\SYSTEM32\olepro32.dll
2004-08-04 07:56:55 11,776 --sh--w C:\WINDOWS\SYSTEM32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-10-26 13:01]
"nwiz"="nwiz.exe" [2004-10-26 13:01 C:\WINDOWS\SYSTEM32\nwiz.exe]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 05:59 C:\WINDOWS\BCMSMMSG.exe]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-02-02 15:32]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48]
"bacstray"="BacsTray.exe" [2003-05-14 18:37 C:\WINDOWS\SYSTEM32\BacsTray.exe]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 01:04]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 11:43]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-03-04 20:59]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-07-19 20:23]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-07-19 20:23]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 14:45]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 14:45]
"CXMon"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-09 17:06]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"HostManager"="C:\Program Files\Common Files\AOL\1131468494\ee\AOLHostManager.exe" [2005-08-02 14:33]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 08:43]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 20:51]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 19:37]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-03-02 19:19]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 20:28]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-07-19 20:22:53]
DESKTOP.INI [2004-03-20 12:58:38]

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-03-20 12:58:38]

C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-03-20 12:58:38]

C:\DOCUME~1\PETERM~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-03-20 12:58:38]



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-18 15:56:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-18 15:58:53 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-18 15:58
C:\ComboFix2.txt ... 2007-09-16 14:28
.
--- E O F ---








HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:24 PM, on 9/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\BacsTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\1131468494\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1131468494\ee\AOLServiceHost.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131468494\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-581541943-2590962829-1806583950-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-581541943-2590962829-1806583950-1007\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-581541943-2590962829-1806583950-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-581541943-2590962829-1806583950-1007\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - ?p=ZJxdm025MCUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C144589-8DD8-460A-83D6-FB28E9C7A238}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{24390BE2-8276-4A25-B921-67280BB430D4}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D2C265F-9652-49A2-A931-2E8610F44AE1}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12484 bytes

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:04 PM

Posted 19 September 2007 - 09:12 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.
It's ok to replace the first script that we made in the last step.

Folder::
C:\WINDOWS\SYSTEM32\acespy

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12F02779-6D88-4958-8AD3-83C12D86ADC7}]

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 workingonit

workingonit
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 20 September 2007 - 02:24 PM

ComboFix 07-09-14.2 - "Peter Montella" 2007-09-20 14:18:06.3 - NTFSx86
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\acespy
C:\WINDOWS\SYSTEM32\acespy\__acelog.ndx
C:\WINDOWS\SYSTEM32\acespy\systune.exe

.
((((((((((((((((((((((((( Files Created from 2007-08-20 to 2007-09-20 )))))))))))))))))))))))))))))))
.

2007-09-16 14:16 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-14 17:49 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Talkback
2007-09-14 17:43 83,096 --a------ C:\WINDOWS\SYSTEM32\SSSensor.dll
2007-09-14 17:43 60,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Teefer.sys
2007-09-14 17:43 21,075 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wpsdrvnt.sys
2007-09-14 17:43 14,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg6n.sys
2007-09-14 17:43 14,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg5n.sys
2007-09-14 17:43 14,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg4n.sys
2007-09-14 17:43 14,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg3n.sys
2007-09-14 17:43 <DIR> d-------- C:\Program Files\Sygate
2007-09-14 16:07 76,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-09-14 16:02 <DIR> d-------- C:\DOCUME~1\PETERM~1\.housecall6.6
2007-09-14 15:54 20,224 --a------ C:\WINDOWS\SYSTEM32\ace16win.dll
2007-09-14 15:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-13 15:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-12 23:44 <DIR> d-------- C:\DOCUME~1\PETERM~1\APPLIC~1\Talkback
2007-09-11 16:03 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-11 16:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-11 16:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-08 14:26 <DIR> d-------- C:\Program Files\MTV Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-16 14:21 --------- d-------- C:\Program Files\DownloadManager
2007-09-12 22:41 --------- d-------- C:\Program Files\Google
2007-09-12 22:37 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2007-07-19 01:59 3583488 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-07-12 18:31 765952 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\vgx.dll
2007-06-27 09:34 823808 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-06-27 09:34 671232 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-06-27 09:34 6058496 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-06-27 09:34 52224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-06-27 09:34 477696 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-06-27 09:34 459264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-06-27 09:34 44544 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-06-27 09:34 384512 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-06-27 09:34 383488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-06-27 09:34 27648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-06-27 09:34 267776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-06-27 09:34 232960 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-06-27 09:34 230400 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-06-27 09:34 193024 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-06-27 09:34 153088 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-06-27 09:34 132608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-06-27 09:34 124928 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-06-27 09:34 1152000 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-06-27 09:34 105984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-06-27 09:34 102400 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-06-27 03:27 63488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-06-27 03:27 625152 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-06-27 03:27 13824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-06-27 02:00 161792 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2007-06-26 01:08 1104896 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msxml3.dll
2004-08-04 07:56:46 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 07:56:42 1,028,096 --sha-w C:\WINDOWS\SYSTEM32\mfc42.dll
2004-08-04 07:56:43 54,784 --sh--w C:\WINDOWS\SYSTEM32\msvcirt.dll
2004-08-04 07:56:43 413,696 --sha-w C:\WINDOWS\SYSTEM32\msvcp60.dll
2004-08-04 07:56:43 343,040 --sha-w C:\WINDOWS\SYSTEM32\msvcrt.dll
2007-05-17 11:28:05 549,376 --sh--w C:\WINDOWS\SYSTEM32\oleaut32.dll
2004-08-04 07:56:44 83,456 --sha-w C:\WINDOWS\SYSTEM32\olepro32.dll
2004-08-04 07:56:55 11,776 --sh--w C:\WINDOWS\SYSTEM32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-10-26 13:01]
"nwiz"="nwiz.exe" [2004-10-26 13:01 C:\WINDOWS\SYSTEM32\nwiz.exe]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 05:59 C:\WINDOWS\BCMSMMSG.exe]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-02-02 15:32]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48]
"bacstray"="BacsTray.exe" [2003-05-14 18:37 C:\WINDOWS\SYSTEM32\BacsTray.exe]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 01:04]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 11:43]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-03-04 20:59]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-07-19 20:23]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-07-19 20:23]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 14:45]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 14:45]
"CXMon"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-09 17:06]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"HostManager"="C:\Program Files\Common Files\AOL\1131468494\ee\AOLHostManager.exe" [2005-08-02 14:33]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 08:43]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 20:51]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 19:37]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-03-02 19:19]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 20:28]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-03-20 12:58:38]

C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-03-20 12:58:38]

C:\DOCUME~1\PETERM~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-03-20 12:58:38]



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-20 14:20:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-20 14:21:25
C:\ComboFix-quarantined-files.txt ... 2007-09-20 14:21
C:\ComboFix2.txt ... 2007-09-18 15:58
C:\ComboFix3.txt ... 2007-09-16 14:28
.
--- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:22:00 PM, on 9/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\BacsTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\AOL\1131468494\ee\AOLHostManager.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\AOL\1131468494\ee\AOLServiceHost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131468494\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-581541943-2590962829-1806583950-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-581541943-2590962829-1806583950-1007\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-581541943-2590962829-1806583950-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-581541943-2590962829-1806583950-1007\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - ?p=ZJxdm025MCUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C144589-8DD8-460A-83D6-FB28E9C7A238}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{24390BE2-8276-4A25-B921-67280BB430D4}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D2C265F-9652-49A2-A931-2E8610F44AE1}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12197 bytes

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:04 PM

Posted 20 September 2007 - 03:25 PM

You must disable Spybot's Teatimer function before proceeding with this fix. Otherwise it will intefere with hijackthis.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)


Reboot your computer.


While not technically considered malware, Viewpoint's practices are not entirely honorable.

http://www.clickz.com/showPage.html?page=3561546

I recommend that you uninstall Viewpoint Toolbar and Viewpoint Media Player.


Please post a new hijackthis log.
How is your computer working now? Any lingering problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 workingonit

workingonit
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 22 September 2007 - 08:42 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:15 AM, on 9/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\BacsTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\AOL\1131468494\ee\AOLHostManager.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Common Files\AOL\1131468494\ee\AOLServiceHost.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131468494\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-581541943-2590962829-1806583950-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-581541943-2590962829-1806583950-1007\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-581541943-2590962829-1806583950-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-581541943-2590962829-1806583950-1007\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - ?p=ZJxdm025MCUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C144589-8DD8-460A-83D6-FB28E9C7A238}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{24390BE2-8276-4A25-B921-67280BB430D4}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D2C265F-9652-49A2-A931-2E8610F44AE1}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11779 bytes



The constant messages have ceased. Thanks so much! =D However, the ominous black background still remains. Is that just a matter of changing my bg through the control panel and deleted the image file?

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:04 PM

Posted 23 September 2007 - 06:13 AM

Go ahead and disable Teatimer again and then fix this line with Hijackthis.

O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)


For your background, try this.
  • Click Start -> Control Panel -> Display
  • Go to the Desktop tab and click on the Customize Desktop button.
  • Go to the Web tab
  • Select everything except "My Current Homepage" and then click the Delete button.

Let me know if that takes care of it.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 workingonit

workingonit
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 24 September 2007 - 03:14 PM

When I went into control panel, "My Current Homepage" was the only option available, so no, that didn't clear it up. :\ The wallpaper is currently set to the image "default".
Here's the last HJT log after the last fix you gave me, just incase:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:08:34 PM, on 9/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\BacsTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\1131468494\ee\AOLHostManager.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\AOL\1131468494\ee\AOLServiceHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131468494\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-581541943-2590962829-1806583950-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-581541943-2590962829-1806583950-1007\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-581541943-2590962829-1806583950-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - ?p=ZJxdm025MCUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C144589-8DD8-460A-83D6-FB28E9C7A238}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{24390BE2-8276-4A25-B921-67280BB430D4}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D2C265F-9652-49A2-A931-2E8610F44AE1}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11347 bytes

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:04 PM

Posted 24 September 2007 - 06:01 PM

Looking back through your logs I see a file that I missed. Please delete this file.

C:\WINDOWS\SYSTEM32\ace16win.dll



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 workingonit

workingonit
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 25 September 2007 - 06:27 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/25/2007 at 05:00 PM

Application Version : 3.9.1008

Core Rules Database Version : 3312
Trace Rules Database Version: 1315

Scan type : Complete Scan
Total Scan Time : 01:20:08

Memory items scanned : 472
Memory threats detected : 0
Registry items scanned : 5608
Registry threats detected : 304
File items scanned : 56891
File threats detected : 555

Adware.HotBar/SpamBlockerUtility (Low Risk)
HKLM\Software\Classes\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Control
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Implemented Categories
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Implemented Categories\{00021494-0000-0000-C000-000000000046}
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\InprocServer32
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\InprocServer32#ThreadingModel
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Instance
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Instance#CLSID
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Instance\InitPropertyBag
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Instance\InitPropertyBag#Url
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\MiscStatus
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\MiscStatus\1
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\ProgID
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Programmable
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\ToolboxBitmap32
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\TypeLib
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Version
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\VersionIndependentProgID
C:\PROGRAM FILES\ZANGO\BIN\10.0.341.0\HOSTIE.DLL
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}
HKU\S-1-5-21-581541943-2590962829-1806583950-1007\Software\Microsoft\Internet Explorer\Explorer Bars\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}

Adware.Tracking Cookie
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@revsci[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@sales.liveperson[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@2o7[4].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adultbouncer[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@edge.ru4[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.porn-star-site[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@login.tracking101[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@pandasoftware.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ar.atwola[4].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@content.licenseacquisition[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@youporn[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@atdmt[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@atwola[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@stats.gamestop[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@adknowledge[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@admarketplace[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ads.adsag[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ads.ah-ha[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ads.as4x.tmcs.ticketmaster[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ads.boats[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ads.cnn[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ads.digitalpoint[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ads.joemonster[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ads.monster[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ads.telegraph.co[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ads.vegas[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ads.vitalix[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@adtech[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@adultcheck[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@adultlounge[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@adv.webmd[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@advertisingcom.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@altmedia101[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@americanexpress.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@apmebf[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@as1.falkag[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@atdmt[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ath.belnk[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@azoogleads[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@banner[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@belnk[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@bizrate[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@buycom.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@c.enhance[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@c.goclick[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@cbs.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@clickagents[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@cnn.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@counter.cnw[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@counter.hitslink[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@counter1.sextracker[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@counter11.sextracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@counter13.sextracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@counter14.sextracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@counter15.sextracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@counter2.hitslink[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@counter4.sextracker[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@counter8.sextracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@counter9.sextracker[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@creativeby.viewpoint[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@cz4.clickzs[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@cz9.clickzs[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@data1.perf.overture[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@data3.perf.overture[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@dealtime[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@e-2dj6wjlyslajikp.stats.esomniture[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@e-2dj6wjnyghczsgo.stats.esomniture[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@e-2dj6wjnyomdzagq.stats.esomniture[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-bestbuy.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-cafepress.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-chrysler.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-cisco.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-citrixonline.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-commjun.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-crain.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-digg.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-directv.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-findlaw.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-hollywood.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-ifilm.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-newarkinone.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-realtytrac.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-register.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-spafinder.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-theviptour.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-traderelectronicmedia.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-zoom.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@entrepreneur[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ez-tracks[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@findwhat[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@goclick[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@gostats[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@gozing.directtrack[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@h.starware[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@hc2.humanclick[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@hits_tracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@hurricanedigitalmedia[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@indextools[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@interclick[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@internetfuel[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@interracialporno[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@latinadultery[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@maxim.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@maxserving[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@media.hotels[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@media202[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@media3.sitebrand[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@media6.sitebrand[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@members.movieland[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@metacafe.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@microsofteup.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@movieland[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@msnportal.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@onlinerewardcenter[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@paypal.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@perf.overture[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@porn.iwantanewgirlfriend[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@pornaccess[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@pro-market[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@pt.crossmediaservices[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@publishers.clickbooth[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@qksrv[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@rccl.bridgetrack[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@reduxads.valuead[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@reunioncom.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@revenue[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@roi.clicklab[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@rotator.dex.adjuggler[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@sales.liveperson[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@sel.as-us.falkag[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@stat.dealtime[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@stat.onestat[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@stats.fullpond[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@superstats[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@tagworld[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@targetnet[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@thunderbolt.adjuggler[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ticketsnow[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@toplist[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@tracking[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@try.starware[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@valueclick[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@valueclick[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@verizonmysuperpages.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@versiontracker[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@volkswagen.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@webtracking.touchclarity[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@windowsmedia[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@wTracker[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.adult-movies[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.aol.entrepreneur[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.asiansexyshemales[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.bigfreesex[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.burstbeacon[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.directnetadvertising[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.entrepreneur[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.ez-tracks[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.freestats[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.jointheporn[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.movieland[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.newsexstars[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.rowise[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.s-tracking[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.tgsex[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.ticketsnow1[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.ticketsnow[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.twilightsex[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.xl-porn[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.xxxvogue[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www2.teenieblowjobs[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@xiti[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkochczclogydj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyomajolpwydj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyknczmcpqqdj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnywoazmboqydj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@yieldmanager[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@z1.adserver[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@247realmedia[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@247realmedia[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@2o7[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@3.adbrite[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@3.adbrite[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@4.adbrite[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@a.websponsors[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@a.websponsors[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ad.abum[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ad.yieldmanager[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ad.yieldmanager[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ad.yieldmanager[4].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ad.zanox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ad1.clickhype[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adbrite[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adbrite[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adinterax[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adlegend[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adlegend[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adopt.euroclick[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adopt.euroclick[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adopt.specificclick[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adopt.specificclick[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adprofile[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adrevolver[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.adbrite[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.adbrite[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.addynamix[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.addynamix[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.adsonar[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.glispa[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.pointroll[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.pointroll[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.realtechnetwork[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.revsci[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.topix[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.vegas[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.web.aol[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.web.aol[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads2.drivelinemedia[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads2.drivelinemedia[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adserver.easyad[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adserver.softwareonline[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adserver.toptenreviews[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adserving.cpxinteractive[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adultadworld[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adultbouncer[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@advertising.superpages[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@advertising[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@advertising[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@advertising[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@anad.tacoda[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@anad.tacoda[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@anat.tacoda[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@anat.tacoda[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@angleinteractive.directtrack[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@angleinteractive.directtrack[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@apmebf[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ar.atwola[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ar.atwola[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@as-eu.falkag[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@atwola[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@atwola[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@azjmp[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@bluestreak[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@bluestreak[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@bs.serving-sys[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@bs.serving-sys[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@burstnet[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@casalemedia[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@casalemedia[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@casalemedia[4].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@citi.bridgetrack[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@click.orgycash[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@clickability[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@clickbank[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@coolsavings[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@counter.hitslink[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@counter12.sextracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@counter12.sextracker[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@counter16.sextracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@counter2.sextracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@counter2.sextracker[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@counter3.sextracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@counter3.sextracker[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@counter7.sextracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@counter7.sextracker[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@cs.sexcounter[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@cupolaventures.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@cvhs.adbureau[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@cz8.clickzs[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@data2.perf.overture[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@devart.adbureau[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@dhdmedia[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@directtrack[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@directtrack[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@doubleclick[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@doubleclick[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@doubleclick[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@drnatura.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@e-2dj6wfkicmdjoeo.stats.esomniture[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@earth.goclick[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@eas.apm.emediate[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@edge.ru4[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@edge.ru4[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-accuweather.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-adaptivemarketing.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-bizjournals.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-cbsradio.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-classmates.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-electricbusiness.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-groupernetworks.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-harleydavidson.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-hillspet.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-lowermybills.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-lowermybills.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-newegg.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-scheringploughcorp.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-space.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-traderpublishing.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-verizon.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-warnerbrothers.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-youtube.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-zoom.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@electronicarts.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@everythingfreeporn[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@fastclick[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@fastclick[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@fcstats.bcentral[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@fortunecity[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@free.wegcash[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@go.sexprofit[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@gostats[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@h.starware[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@hg1.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@homestore.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@homestore.122.2o7[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@hotbar[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@i.screensavers[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@i.screensavers[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@icc.intellisrv[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ientry[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@image.masterstats[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@image.masterstats[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@imrworldwide[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@indextools[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@kanoodle[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@keywordmax[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@leeenterprises.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@livenation.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@login.tracking101[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@lynxtrack[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@m1.webstats.motigo[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@maxim.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@maxserving[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@media.adrevolver[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@media.adrevolver[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@media.iams[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@media.licenseacquisition[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@media.paychex[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@mediaplex[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@mediaplex[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@monstercom.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@msnportal.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@my-calorie-counter[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@myfirstsexteacher[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@mywebsearch[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@mywebsearch[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@nextag[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@nfm.directtrack[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@niteflirt.directtrack[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@overture[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@overture[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@partner2profit[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@partner2profit[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@paycounter[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@paycounter[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@phg.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@precisionclick[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@precisionclick[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@pro-market[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@publishers.clickbooth[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@qksrv[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@qnsr[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@questionmarket[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@rbsinteractive.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@realmedia[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@realmedia[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@realsexcash[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@revsci[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@revsci[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@revsci[4].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@revsci[5].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@richmedia.yahoo[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@roiservice[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@roiservice[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@rotator.adjuggler[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@rotator.adjuggler[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@sales.liveperson[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@salesleadform.aflac[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@screensavers[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@server.iad.liveperson[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@server.iad.liveperson[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@server.iad.liveperson[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@server.iad.liveperson[4].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@server.iad.liveperson[5].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@server.iad.liveperson[7].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@server.iad.liveperson[8].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@server.iad.liveperson[9].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@serving-sys[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@serving-sys[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@sexlist[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@sexlist[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@sexsearchcom[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@sextracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@sextracker[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@sexycitycash[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@sitestats.tiscali.co[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@smartmoney.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@smileycentral[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@snapfish.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@spamblockerutility[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@spamblockerutility[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@specificclick[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@specificclick[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@statcounter[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@statcounter[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@stats.privacyprotector[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@stats.sphere[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@statse.webtrendslive[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@statse.webtrendslive[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@statsgold[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@superpages.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@tacoda[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@tacoda[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@tasty18and19.tastyporn[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@teensforcash[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@teenslutbus[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@toplist[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@tour.sexsearchcom[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@tour.splash.sexsearch[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@tracking.foxnews[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@tracking.foxnews[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@tracking.foxnews[4].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@tradedoubler[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@trafficmp[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@trafficmp[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@tribalfusion[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@tribalfusion[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@tripod[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@try.screensavers[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@try.screensavers[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@try.starware[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@viacomedycentralrl.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@viamtvcom.112.2o7[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@w121.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@waterfrontmedia.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@web4.realtracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@web4.realtracker[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@webpower[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@wt.sexsearchcom[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@wt.sexsearch[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.adultcrowd[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.adultplayersclub[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.burstbeacon[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.burstnet[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.burstnet[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.clickmanage[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.googleadservices[10].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.googleadservices[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.googleadservices[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.googleadservices[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.googleadservices[4].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.googleadservices[5].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.googleadservices[6].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.googleadservices[7].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.googleadservices[8].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.googleadservices[9].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.halstats[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.japansexav[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.movieland[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.pornsitejourney[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.ppctracking[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.safelite[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.screensavers[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.sexsearchcom[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.stopzilla[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.teenjill[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.teensforcash[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.teensforcash[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.xctrk[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.xxxpower[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.xxxpower[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.xxxpower[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www1.addfreestats[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www3.addfreestats[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www5.addfreestats[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www6.addfreestats[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www6.addfreestats[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@xxxcounter[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@xxxcounter[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@xxxfolder[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@xxxpower[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@youngadultsteens[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@zedo[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@zedo[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@zedo[4].txt

Adware.Zango Toolbar/Hb
HKCR\CoreSrv.CoreServices
HKCR\CoreSrv.CoreServices\CLSID
HKCR\CoreSrv.CoreServices\CurVer
HKCR\CoreSrv.CoreServices.1
HKCR\CoreSrv.CoreServices.1\CLSID
HKCR\CoreSrv.LfgAx
HKCR\CoreSrv.LfgAx\CLSID
HKCR\CoreSrv.LfgAx\CurVer
HKCR\CoreSrv.LfgAx.1
HKCR\CoreSrv.LfgAx.1\CLSID
HKCR\HBMain.CommBand
HKCR\HBMain.CommBand\CLSID
HKCR\HBMain.CommBand\CurVer
HKCR\HBMain.CommBand.1
HKCR\HBMain.CommBand.1\CLSID
HKCR\hbr.HbMain
HKCR\hbr.HbMain\CLSID
HKCR\hbr.HbMain\CurVer
HKCR\hbr.HbMain.1
HKCR\hbr.HbMain.1\CLSID
HKCR\HostOL.MailAnim
HKCR\HostOL.MailAnim\CLSID
HKCR\HostOL.MailAnim\CurVer
HKCR\HostOL.MailAnim.1
HKCR\HostOL.MailAnim.1\CLSID
HKCR\HostOL.WebmailSend
HKCR\HostOL.WebmailSend\CLSID
HKCR\HostOL.WebmailSend\CurVer
HKCR\HostOL.WebmailSend.1
HKCR\HostOL.WebmailSend.1\CLSID
HKCR\InstIE.HbInstObj
HKCR\InstIE.HbInstObj\CLSID
HKCR\InstIE.HbInstObj\CurVer
HKCR\InstIE.HbInstObj.1
HKCR\InstIE.HbInstObj.1\CLSID
HKCR\Srv.CoreServices
HKCR\Srv.CoreServices\CLSID
HKCR\Srv.CoreServices\CurVer
HKCR\Srv.CoreServices.1
HKCR\Srv.CoreServices.1\CLSID
HKCR\Toolbar.HtmlMenuUI
HKCR\Toolbar.HtmlMenuUI\CLSID
HKCR\Toolbar.HtmlMenuUI\CurVer
HKCR\Toolbar.HtmlMenuUI.1
HKCR\Toolbar.HtmlMenuUI.1\CLSID
HKCR\Toolbar.ToolbarCtl
HKCR\Toolbar.ToolbarCtl\CLSID
HKCR\Toolbar.ToolbarCtl\CurVer
HKCR\Toolbar.ToolbarCtl.1
HKCR\Toolbar.ToolbarCtl.1\CLSID
HKCR\CLSID\{5B2E150D-4C8A-40E4-8C36-DD9C02771C67}
HKCR\CLSID\{5B2E150D-4C8A-40E4-8C36-DD9C02771C67}\InprocServer32
HKCR\CLSID\{5B2E150D-4C8A-40E4-8C36-DD9C02771C67}\InprocServer32#ThreadingModel
HKCR\CLSID\{5B2E150D-4C8A-40E4-8C36-DD9C02771C67}\ProgID
HKCR\CLSID\{5B2E150D-4C8A-40E4-8C36-DD9C02771C67}\Programmable
HKCR\CLSID\{5B2E150D-4C8A-40E4-8C36-DD9C02771C67}\TypeLib
HKCR\CLSID\{5B2E150D-4C8A-40E4-8C36-DD9C02771C67}\VersionIndependentProgID
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\Control
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\InprocServer32
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\InprocServer32#ThreadingModel
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\MiscStatus
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\MiscStatus\1
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\ProgID
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\Programmable
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\ToolboxBitmap32
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\TypeLib
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\Version
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\VersionIndependentProgID
HKCR\CLSID\{7138F250-5B72-48DD-ADFB-9A83B429DD9E}
HKCR\CLSID\{7138F250-5B72-48DD-ADFB-9A83B429DD9E}\LocalServer32
HKCR\CLSID\{7138F250-5B72-48DD-ADFB-9A83B429DD9E}\ProgID
HKCR\CLSID\{7138F250-5B72-48DD-ADFB-9A83B429DD9E}\Programmable
HKCR\CLSID\{7138F250-5B72-48DD-ADFB-9A83B429DD9E}\TypeLib
HKCR\CLSID\{7138F250-5B72-48DD-ADFB-9A83B429DD9E}\VersionIndependentProgID
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}\Control
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}\InprocServer32
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}\InprocServer32#ThreadingModel
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}\ProgID
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}\Programmable
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}\ToolboxBitmap32
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}\TypeLib
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}\VersionIndependentProgID
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}#AppID
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Control
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Implemented Categories
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\InprocServer32
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\InprocServer32#ThreadingModel
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\MiscStatus
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\MiscStatus\1
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\ProgID
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Programmable
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\ToolboxBitmap32
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\TypeLib
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Version
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\VersionIndependentProgID
HKCR\CLSID\{B88E4484-3FF6-4EA9-815B-A54FE20D4387}
HKCR\CLSID\{B88E4484-3FF6-4EA9-815B-A54FE20D4387}\InprocServer32
HKCR\CLSID\{B88E4484-3FF6-4EA9-815B-A54FE20D4387}\InprocServer32#ThreadingModel
HKCR\CLSID\{B88E4484-3FF6-4EA9-815B-A54FE20D4387}\ProgID
HKCR\CLSID\{B88E4484-3FF6-4EA9-815B-A54FE20D4387}\Programmable
HKCR\CLSID\{B88E4484-3FF6-4EA9-815B-A54FE20D4387}\TypeLib
HKCR\CLSID\{B88E4484-3FF6-4EA9-815B-A54FE20D4387}\VersionIndependentProgID
HKCR\CLSID\{BFC08CFF-C737-4433-BD5A-0EE7EFCFEE54}
HKCR\CLSID\{BFC08CFF-C737-4433-BD5A-0EE7EFCFEE54}\InprocServer32
HKCR\CLSID\{BFC08CFF-C737-4433-BD5A-0EE7EFCFEE54}\InprocServer32#ThreadingModel
HKCR\CLSID\{BFC08CFF-C737-4433-BD5A-0EE7EFCFEE54}\ProgID
HKCR\CLSID\{BFC08CFF-C737-4433-BD5A-0EE7EFCFEE54}\Programmable
HKCR\CLSID\{BFC08CFF-C737-4433-BD5A-0EE7EFCFEE54}\TypeLib
HKCR\CLSID\{BFC08CFF-C737-4433-BD5A-0EE7EFCFEE54}\VersionIndependentProgID
HKCR\CLSID\{D2221CCB-F2BB-4858-AAD4-57C754153603}
HKCR\CLSID\{D2221CCB-F2BB-4858-AAD4-57C754153603}\InprocServer32
HKCR\CLSID\{D2221CCB-F2BB-4858-AAD4-57C754153603}\InprocServer32#ThreadingModel
HKCR\CLSID\{D2221CCB-F2BB-4858-AAD4-57C754153603}\ProgID
HKCR\CLSID\{D2221CCB-F2BB-4858-AAD4-57C754153603}\TypeLib
HKCR\CLSID\{D2221CCB-F2BB-4858-AAD4-57C754153603}\VersionIndependentProgID
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}\InprocServer32
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}\InprocServer32#ThreadingModel
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}\ProgID
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}\Programmable
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}\TypeLib
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}\VersionIndependentProgID
HKCR\TypeLib\{08755390-F46D-4D09-968C-3430166B3189}
HKCR\TypeLib\{08755390-F46D-4D09-968C-3430166B3189}\1.0
HKCR\TypeLib\{08755390-F46D-4D09-968C-3430166B3189}\1.0\0
HKCR\TypeLib\{08755390-F46D-4D09-968C-3430166B3189}\1.0\0\win32
HKCR\TypeLib\{08755390-F46D-4D09-968C-3430166B3189}\1.0\FLAGS
HKCR\TypeLib\{08755390-F46D-4D09-968C-3430166B3189}\1.0\HELPDIR
HKCR\TypeLib\{0923208C-E259-4ED5-A778-CB607DA350AD}
HKCR\TypeLib\{0923208C-E259-4ED5-A778-CB607DA350AD}\1.0
HKCR\TypeLib\{0923208C-E259-4ED5-A778-CB607DA350AD}\1.0\0
HKCR\TypeLib\{0923208C-E259-4ED5-A778-CB607DA350AD}\1.0\0\win32
HKCR\TypeLib\{0923208C-E259-4ED5-A778-CB607DA350AD}\1.0\FLAGS
HKCR\TypeLib\{0923208C-E259-4ED5-A778-CB607DA350AD}\1.0\HELPDIR
HKCR\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB}
HKCR\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB}\1.0
HKCR\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB}\1.0\0
HKCR\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB}\1.0\0\win32
HKCR\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB}\1.0\FLAGS
HKCR\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB}\1.0\HELPDIR
HKCR\TypeLib\{9720DE03-5820-4059-B4A4-639D5E52BD09}
HKCR\TypeLib\{9720DE03-5820-4059-B4A4-639D5E52BD09}\1.0
HKCR\TypeLib\{9720DE03-5820-4059-B4A4-639D5E52BD09}\1.0\0
HKCR\TypeLib\{9720DE03-5820-4059-B4A4-639D5E52BD09}\1.0\0\win32
HKCR\TypeLib\{9720DE03-5820-4059-B4A4-639D5E52BD09}\1.0\FLAGS
HKCR\TypeLib\{9720DE03-5820-4059-B4A4-639D5E52BD09}\1.0\HELPDIR
HKCR\TypeLib\{C23FA5A4-1FEA-419F-8B14-F7465DF062BC}
HKCR\TypeLib\{C23FA5A4-1FEA-419F-8B14-F7465DF062BC}\1.0
HKCR\TypeLib\{C23FA5A4-1FEA-419F-8B14-F7465DF062BC}\1.0\0
HKCR\TypeLib\{C23FA5A4-1FEA-419F-8B14-F7465DF062BC}\1.0\0\win32
HKCR\TypeLib\{C23FA5A4-1FEA-419F-8B14-F7465DF062BC}\1.0\FLAGS
HKCR\TypeLib\{C23FA5A4-1FEA-419F-8B14-F7465DF062BC}\1.0\HELPDIR
HKCR\TypeLib\{CCC6E232-AA4C-4813-A019-9C14B27776B6}
HKCR\TypeLib\{CCC6E232-AA4C-4813-A019-9C14B27776B6}\1.0
HKCR\TypeLib\{CCC6E232-AA4C-4813-A019-9C14B27776B6}\1.0\0
HKCR\TypeLib\{CCC6E232-AA4C-4813-A019-9C14B27776B6}\1.0\0\win32
HKCR\TypeLib\{CCC6E232-AA4C-4813-A019-9C14B27776B6}\1.0\FLAGS
HKCR\TypeLib\{CCC6E232-AA4C-4813-A019-9C14B27776B6}\1.0\HELPDIR
HKCR\Interface\{00B77587-BE1B-4201-B8E9-09FCF50AB771}
HKCR\Interface\{00B77587-BE1B-4201-B8E9-09FCF50AB771}\ProxyStubClsid
HKCR\Interface\{00B77587-BE1B-4201-B8E9-09FCF50AB771}\ProxyStubClsid32
HKCR\Interface\{00B77587-BE1B-4201-B8E9-09FCF50AB771}\TypeLib
HKCR\Interface\{00B77587-BE1B-4201-B8E9-09FCF50AB771}\TypeLib#Version
HKCR\Interface\{067C6A37-72EA-4437-863A-5BE20C246F3C}
HKCR\Interface\{067C6A37-72EA-4437-863A-5BE20C246F3C}\ProxyStubClsid
HKCR\Interface\{067C6A37-72EA-4437-863A-5BE20C246F3C}\ProxyStubClsid32
HKCR\Interface\{067C6A37-72EA-4437-863A-5BE20C246F3C}\TypeLib
HKCR\Interface\{067C6A37-72EA-4437-863A-5BE20C246F3C}\TypeLib#Version
HKCR\Interface\{1A2AF056-1FE1-47CA-993D-5D09D18E674E}
HKCR\Interface\{1A2AF056-1FE1-47CA-993D-5D09D18E674E}\ProxyStubClsid
HKCR\Interface\{1A2AF056-1FE1-47CA-993D-5D09D18E674E}\ProxyStubClsid32
HKCR\Interface\{1A2AF056-1FE1-47CA-993D-5D09D18E674E}\TypeLib
HKCR\Interface\{1A2AF056-1FE1-47CA-993D-5D09D18E674E}\TypeLib#Version
HKCR\Interface\{2B81F920-6660-4F76-93BF-B1C67BF5D1A0}
HKCR\Interface\{2B81F920-6660-4F76-93BF-B1C67BF5D1A0}\ProxyStubClsid
HKCR\Interface\{2B81F920-6660-4F76-93BF-B1C67BF5D1A0}\ProxyStubClsid32
HKCR\Interface\{2B81F920-6660-4F76-93BF-B1C67BF5D1A0}\TypeLib
HKCR\Interface\{2B81F920-6660-4F76-93BF-B1C67BF5D1A0}\TypeLib#Version
HKCR\Interface\{34E29700-0D13-46AA-B9A5-ACE68E21A091}
HKCR\Interface\{34E29700-0D13-46AA-B9A5-ACE68E21A091}\ProxyStubClsid
HKCR\Interface\{34E29700-0D13-46AA-B9A5-ACE68E21A091}\ProxyStubClsid32
HKCR\Interface\{34E29700-0D13-46AA-B9A5-ACE68E21A091}\TypeLib
HKCR\Interface\{34E29700-0D13-46AA-B9A5-ACE68E21A091}\TypeLib#Version
HKCR\Interface\{3661AF2D-C27B-499C-9BCF-66C8502A3806}
HKCR\Interface\{3661AF2D-C27B-499C-9BCF-66C8502A3806}\ProxyStubClsid
HKCR\Interface\{3661AF2D-C27B-499C-9BCF-66C8502A3806}\ProxyStubClsid32
HKCR\Interface\{3661AF2D-C27B-499C-9BCF-66C8502A3806}\TypeLib
HKCR\Interface\{3661AF2D-C27B-499C-9BCF-66C8502A3806}\TypeLib#Version
HKCR\Interface\{3F0915B8-B238-4C2D-AD1E-60DB1E14D27A}
HKCR\Interface\{3F0915B8-B238-4C2D-AD1E-60DB1E14D27A}\ProxyStubClsid
HKCR\Interface\{3F0915B8-B238-4C2D-AD1E-60DB1E14D27A}\ProxyStubClsid32
HKCR\Interface\{3F0915B8-B238-4C2D-AD1E-60DB1E14D27A}\TypeLib
HKCR\Interface\{3F0915B8-B238-4C2D-AD1E-60DB1E14D27A}\TypeLib#Version
HKCR\Interface\{49155DAE-C471-40FA-98EE-B2B3CAD115CE}
HKCR\Interface\{49155DAE-C471-40FA-98EE-B2B3CAD115CE}\ProxyStubClsid
HKCR\Interface\{49155DAE-C471-40FA-98EE-B2B3CAD115CE}\ProxyStubClsid32
HKCR\Interface\{49155DAE-C471-40FA-98EE-B2B3CAD115CE}\TypeLib
HKCR\Interface\{49155DAE-C471-40FA-98EE-B2B3CAD115CE}\TypeLib#Version
HKCR\Interface\{4D783385-0DDA-4188-A529-C97DC3D67CBD}
HKCR\Interface\{4D783385-0DDA-4188-A529-C97DC3D67CBD}\ProxyStubClsid
HKCR\Interface\{4D783385-0DDA-4188-A529-C97DC3D67CBD}\ProxyStubClsid32
HKCR\Interface\{4D783385-0DDA-4188-A529-C97DC3D67CBD}\TypeLib
HKCR\Interface\{4D783385-0DDA-4188-A529-C97DC3D67CBD}\TypeLib#Version
HKCR\Interface\{4E8B851B-05B0-4BAF-B24D-D0DFE88DDED3}
HKCR\Interface\{4E8B851B-05B0-4BAF-B24D-D0DFE88DDED3}\ProxyStubClsid
HKCR\Interface\{4E8B851B-05B0-4BAF-B24D-D0DFE88DDED3}\ProxyStubClsid32
HKCR\Interface\{4E8B851B-05B0-4BAF-B24D-D0DFE88DDED3}\TypeLib
HKCR\Interface\{4E8B851B-05B0-4BAF-B24D-D0DFE88DDED3}\TypeLib#Version
HKCR\Interface\{5A4737A8-B92A-4E54-970E-C2891D98CE3F}
HKCR\Interface\{5A4737A8-B92A-4E54-970E-C2891D98CE3F}\ProxyStubClsid
HKCR\Interface\{5A4737A8-B92A-4E54-970E-C2891D98CE3F}\ProxyStubClsid32
HKCR\Interface\{5A4737A8-B92A-4E54-970E-C2891D98CE3F}\TypeLib
HKCR\Interface\{5A4737A8-B92A-4E54-970E-C2891D98CE3F}\TypeLib#Version
HKCR\Interface\{62B0B239-F9AC-4A5B-BFAE-62C7A23F7627}
HKCR\Interface\{62B0B239-F9AC-4A5B-BFAE-62C7A23F7627}\ProxyStubClsid
HKCR\Interface\{62B0B239-F9AC-4A5B-BFAE-62C7A23F7627}\ProxyStubClsid32
HKCR\Interface\{62B0B239-F9AC-4A5B-BFAE-62C7A23F7627}\TypeLib
HKCR\Interface\{62B0B239-F9AC-4A5B-BFAE-62C7A23F7627}\TypeLib#Version
HKCR\Interface\{6E10479B-31E8-4A3B-81B1-DDAF39097F19}
HKCR\Interface\{6E10479B-31E8-4A3B-81B1-DDAF39097F19}\ProxyStubClsid
HKCR\Interface\{6E10479B-31E8-4A3B-81B1-DDAF39097F19}\ProxyStubClsid32
HKCR\Interface\{6E10479B-31E8-4A3B-81B1-DDAF39097F19}\TypeLib
HKCR\Interface\{6E10479B-31E8-4A3B-81B1-DDAF39097F19}\TypeLib#Version
HKCR\Interface\{726F0AB9-B842-4AE4-90C7-230E233E6A99}
HKCR\Interface\{726F0AB9-B842-4AE4-90C7-230E233E6A99}\ProxyStubClsid
HKCR\Interface\{726F0AB9-B842-4AE4-90C7-230E233E6A99}\ProxyStubClsid32
HKCR\Interface\{726F0AB9-B842-4AE4-90C7-230E233E6A99}\TypeLib
HKCR\Interface\{726F0AB9-B842-4AE4-90C7-230E233E6A99}\TypeLib#Version
HKCR\Interface\{99123AC9-7DDA-4C82-B252-44C2804BF392}
HKCR\Interface\{99123AC9-7DDA-4C82-B252-44C2804BF392}\ProxyStubClsid
HKCR\Interface\{99123AC9-7DDA-4C82-B252-44C2804BF392}\ProxyStubClsid32
HKCR\Interface\{99123AC9-7DDA-4C82-B252-44C2804BF392}\TypeLib
HKCR\Interface\{99123AC9-7DDA-4C82-B252-44C2804BF392}\TypeLib#Version
HKCR\Interface\{ACE99E77-AA2A-43C2-8C9D-CAF2020FDF2B}
HKCR\Interface\{ACE99E77-AA2A-43C2-8C9D-CAF2020FDF2B}\ProxyStubClsid
HKCR\Interface\{ACE99E77-AA2A-43C2-8C9D-CAF2020FDF2B}\ProxyStubClsid32
HKCR\Interface\{ACE99E77-AA2A-43C2-8C9D-CAF2020FDF2B}\TypeLib
HKCR\Interface\{ACE99E77-AA2A-43C2-8C9D-CAF2020FDF2B}\TypeLib#Version
HKCR\Interface\{B247F5BF-BD9D-4ECD-8FC1-365F36A1FDA1}
HKCR\Interface\{B247F5BF-BD9D-4ECD-8FC1-365F36A1FDA1}\ProxyStubClsid
HKCR\Interface\{B247F5BF-BD9D-4ECD-8FC1-365F36A1FDA1}\ProxyStubClsid32
HKCR\Interface\{B247F5BF-BD9D-4ECD-8FC1-365F36A1FDA1}\TypeLib
HKCR\Interface\{B247F5BF-BD9D-4ECD-8FC1-365F36A1FDA1}\TypeLib#Version
HKCR\Interface\{B9CC2B92-5611-453F-8381-8B6F72D9C0B8}
HKCR\Interface\{B9CC2B92-5611-453F-8381-8B6F72D9C0B8}\ProxyStubClsid
HKCR\Interface\{B9CC2B92-5611-453F-8381-8B6F72D9C0B8}\ProxyStubClsid32
HKCR\Interface\{B9CC2B92-5611-453F-8381-8B6F72D9C0B8}\TypeLib
HKCR\Interface\{B9CC2B92-5611-453F-8381-8B6F72D9C0B8}\TypeLib#Version
HKCR\Interface\{BBBFB891-98AE-4678-86F3-BD5A2EED86C9}
HKCR\Interface\{BBBFB891-98AE-4678-86F3-BD5A2EED86C9}\ProxyStubClsid
HKCR\Interface\{BBBFB891-98AE-4678-86F3-BD5A2EED86C9}\ProxyStubClsid32
HKCR\Interface\{BBBFB891-98AE-4678-86F3-BD5A2EED86C9}\TypeLib
HKCR\Interface\{BBBFB891-98AE-4678-86F3-BD5A2EED86C9}\TypeLib#Version
HKCR\Interface\{C4543E64-1498-410D-8E72-4744EEA99AB9}
HKCR\Interface\{C4543E64-1498-410D-8E72-4744EEA99AB9}\ProxyStubClsid
HKCR\Interface\{C4543E64-1498-410D-8E72-4744EEA99AB9}\ProxyStubClsid32
HKCR\Interface\{C4543E64-1498-410D-8E72-4744EEA99AB9}\TypeLib
HKCR\Interface\{C4543E64-1498-410D-8E72-4744EEA99AB9}\TypeLib#Version
HKCR\Interface\{E0FB1610-B25B-49F6-BE20-751B2F230E6F}
HKCR\Interface\{E0FB1610-B25B-49F6-BE20-751B2F230E6F}\ProxyStubClsid
HKCR\Interface\{E0FB1610-B25B-49F6-BE20-751B2F230E6F}\ProxyStubClsid32
HKCR\Interface\{E0FB1610-B25B-49F6-BE20-751B2F230E6F}\TypeLib
HKCR\Interface\{E0FB1610-B25B-49F6-BE20-751B2F230E6F}\TypeLib#Version
HKCR\Interface\{E420A65F-9984-4B8C-9FA9-1ED69D3B0A13}
HKCR\Interface\{E420A65F-9984-4B8C-9FA9-1ED69D3B0A13}\ProxyStubClsid
HKCR\Interface\{E420A65F-9984-4B8C-9FA9-1ED69D3B0A13}\ProxyStubClsid32
HKCR\Interface\{E420A65F-9984-4B8C-9FA9-1ED69D3B0A13}\TypeLib
HKCR\Interface\{E420A65F-9984-4B8C-9FA9-1ED69D3B0A13}\TypeLib#Version
HKCR\Interface\{EA58C2EA-BE26-49DD-9B9A-C8E4E5CA7791}
HKCR\Interface\{EA58C2EA-BE26-49DD-9B9A-C8E4E5CA7791}\ProxyStubClsid
HKCR\Interface\{EA58C2EA-BE26-49DD-9B9A-C8E4E5CA7791}\ProxyStubClsid32
HKCR\Interface\{EA58C2EA-BE26-49DD-9B9A-C8E4E5CA7791}\TypeLib
HKCR\Interface\{EA58C2EA-BE26-49DD-9B9A-C8E4E5CA7791}\TypeLib#Version
HKCR\Interface\{FCA28AC5-C1E1-4D67-A5AE-C44D6C374D9F}
HKCR\Interface\{FCA28AC5-C1E1-4D67-A5AE-C44D6C374D9F}\ProxyStubClsid
HKCR\Interface\{FCA28AC5-C1E1-4D67-A5AE-C44D6C374D9F}\ProxyStubClsid32
HKCR\Interface\{FCA28AC5-C1E1-4D67-A5AE-C44D6C374D9F}\TypeLib
HKCR\Interface\{FCA28AC5-C1E1-4D67-A5AE-C44D6C374D9F}\TypeLib#Version
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP521\A0126536.DLL

Trojan.ZenoSearch
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL\C_AMERICA ONLINE 9.0\OPTCLEAN.EXE

Adware.MovieLand/MediaPipe
C:\PROGRAM FILES\DOWNLOADMANAGER\DM.EXE
C:\PROGRAM FILES\DOWNLOADMANAGER\DOWNLOADMANAGER.EXE
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\DOWNLOADMANAGER\MPTRAY.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\DOWNLOADMANAGER\MPUPDATE.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP548\A0127301.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP548\A0127302.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP551\A0127624.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP555\A0128022.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP555\A0128023.EXE

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DRIVERS\BG_BG.GIF.VIR

Trojan.Downloader-FakeRX
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\OEMBIOS32.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP556\A0128235.DLL

Adware.180solutions/Seekmo
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP521\A0126526.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP521\A0126535.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP521\A0126537.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP521\A0126538.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP521\A0126539.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP522\A0126546.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127209.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127210.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127211.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127212.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127214.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127215.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127216.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127217.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127218.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127219.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127220.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127221.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127229.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127230.DLL

Adware.180solutions/ZangoSearch
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP521\A0126533.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127228.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127241.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127242.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127243.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127244.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127246.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127247.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127248.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127249.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127250.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127251.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127252.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127253.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP548\A0127307.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP548\A0127463.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP548\A0127465.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP548\A0127466.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP549\A0127469.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP551\A0127627.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP551\A0127628.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP551\A0127630.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP551\A0127631.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP551\A0127632.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP551\A0127633.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP551\A0127634.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP551\A0127635.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP551\A0127637.EXE

Adware.Starware
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP548\A0127306.EXE

Trojan.Net-NUSR
C:\WINDOWS\SYSTEM32\NUSRMGR.EXE

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:04 PM

Posted 26 September 2007 - 08:51 AM

It looks like your log was too big to fit all in one post. Can you post the rest of it?
It shows a bit more than I expected.

Also post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 workingonit

workingonit
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 27 September 2007 - 05:52 PM

The previous superantispyware log was the complete log, but I'll post again.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/25/2007 at 05:00 PM

Application Version : 3.9.1008

Core Rules Database Version : 3312
Trace Rules Database Version: 1315

Scan type : Complete Scan
Total Scan Time : 01:20:08

Memory items scanned : 472
Memory threats detected : 0
Registry items scanned : 5608
Registry threats detected : 304
File items scanned : 56891
File threats detected : 555

Adware.HotBar/SpamBlockerUtility (Low Risk)
HKLM\Software\Classes\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Control
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Implemented Categories
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Implemented Categories\{00021494-0000-0000-C000-000000000046}
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\InprocServer32
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\InprocServer32#ThreadingModel
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Instance
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Instance#CLSID
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Instance\InitPropertyBag
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Instance\InitPropertyBag#Url
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\MiscStatus
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\MiscStatus\1
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\ProgID
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Programmable
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\ToolboxBitmap32
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\TypeLib
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\Version
HKCR\CLSID\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}\VersionIndependentProgID
C:\PROGRAM FILES\ZANGO\BIN\10.0.341.0\HOSTIE.DLL
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}
HKU\S-1-5-21-581541943-2590962829-1806583950-1007\Software\Microsoft\Internet Explorer\Explorer Bars\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}

Adware.Tracking Cookie
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@revsci[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@sales.liveperson[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@2o7[4].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adultbouncer[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@edge.ru4[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.porn-star-site[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@login.tracking101[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@pandasoftware.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ar.atwola[4].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@content.licenseacquisition[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@youporn[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@atdmt[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@atwola[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@stats.gamestop[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@adknowledge[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@admarketplace[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ads.adsag[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ads.ah-ha[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ads.as4x.tmcs.ticketmaster[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ads.boats[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ads.cnn[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ads.digitalpoint[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ads.joemonster[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ads.monster[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ads.telegraph.co[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ads.vegas[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ads.vitalix[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@adtech[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@adultcheck[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@adultlounge[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@adv.webmd[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@advertisingcom.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@altmedia101[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@americanexpress.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@apmebf[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@as1.falkag[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@atdmt[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ath.belnk[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@azoogleads[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@banner[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@belnk[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@bizrate[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@buycom.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@c.enhance[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@c.goclick[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@cbs.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@clickagents[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@cnn.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@counter.cnw[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@counter.hitslink[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@counter1.sextracker[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@counter11.sextracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@counter13.sextracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@counter14.sextracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@counter15.sextracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@counter2.hitslink[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@counter4.sextracker[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@counter8.sextracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@counter9.sextracker[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@creativeby.viewpoint[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@cz4.clickzs[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@cz9.clickzs[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@data1.perf.overture[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@data3.perf.overture[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@dealtime[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@e-2dj6wjlyslajikp.stats.esomniture[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@e-2dj6wjnyghczsgo.stats.esomniture[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@e-2dj6wjnyomdzagq.stats.esomniture[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-bestbuy.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-cafepress.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-chrysler.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-cisco.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-citrixonline.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-commjun.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-crain.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-digg.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-directv.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-findlaw.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-hollywood.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-ifilm.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-newarkinone.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-realtytrac.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-register.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-spafinder.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-theviptour.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-traderelectronicmedia.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ehg-zoom.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@entrepreneur[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ez-tracks[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@findwhat[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@goclick[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@gostats[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@gozing.directtrack[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@h.starware[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@hc2.humanclick[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@hits_tracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@hurricanedigitalmedia[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@indextools[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@interclick[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@internetfuel[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@interracialporno[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@latinadultery[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@maxim.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@maxserving[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@media.hotels[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@media202[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@media3.sitebrand[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@media6.sitebrand[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@members.movieland[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@metacafe.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@microsofteup.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@movieland[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@msnportal.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@onlinerewardcenter[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@paypal.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@perf.overture[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@porn.iwantanewgirlfriend[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@pornaccess[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@pro-market[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@pt.crossmediaservices[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@publishers.clickbooth[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@qksrv[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@rccl.bridgetrack[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@reduxads.valuead[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@reunioncom.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@revenue[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@roi.clicklab[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@rotator.dex.adjuggler[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@sales.liveperson[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@sel.as-us.falkag[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@stat.dealtime[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@stat.onestat[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@stats.fullpond[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@superstats[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@tagworld[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@targetnet[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@thunderbolt.adjuggler[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@ticketsnow[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@toplist[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@tracking[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@try.starware[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@valueclick[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@valueclick[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@verizonmysuperpages.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@versiontracker[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@volkswagen.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@webtracking.touchclarity[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@windowsmedia[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@wTracker[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.adult-movies[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.aol.entrepreneur[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.asiansexyshemales[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.bigfreesex[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.burstbeacon[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.directnetadvertising[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.entrepreneur[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.ez-tracks[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.freestats[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.jointheporn[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.movieland[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.newsexstars[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.rowise[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.s-tracking[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.tgsex[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.ticketsnow1[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.ticketsnow[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.twilightsex[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.xl-porn[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www.xxxvogue[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@www2.teenieblowjobs[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@xiti[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkochczclogydj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyomajolpwydj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyknczmcpqqdj6x9ny-1seq-2-2.stats.esomniture[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnywoazmboqydj6x9ny-1seq-2-2.stats.esomniture[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@yieldmanager[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter montella@z1.adserver[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@247realmedia[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@247realmedia[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@2o7[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@3.adbrite[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@3.adbrite[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@4.adbrite[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@a.websponsors[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@a.websponsors[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ad.abum[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ad.yieldmanager[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ad.yieldmanager[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ad.yieldmanager[4].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ad.zanox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ad1.clickhype[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adbrite[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adbrite[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adinterax[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adlegend[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adlegend[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adopt.euroclick[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adopt.euroclick[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adopt.specificclick[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adopt.specificclick[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adprofile[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adrevolver[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.adbrite[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.adbrite[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.addynamix[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.addynamix[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.adsonar[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.glispa[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.pointroll[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.pointroll[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.realtechnetwork[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.revsci[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.topix[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.vegas[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.web.aol[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads.web.aol[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads2.drivelinemedia[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ads2.drivelinemedia[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adserver.easyad[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adserver.softwareonline[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adserver.toptenreviews[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adserving.cpxinteractive[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adultadworld[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@adultbouncer[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@advertising.superpages[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@advertising[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@advertising[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@advertising[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@anad.tacoda[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@anad.tacoda[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@anat.tacoda[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@anat.tacoda[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@angleinteractive.directtrack[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@angleinteractive.directtrack[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@apmebf[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ar.atwola[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ar.atwola[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@as-eu.falkag[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@atwola[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@atwola[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@azjmp[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@bluestreak[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@bluestreak[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@bs.serving-sys[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@bs.serving-sys[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@burstnet[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@casalemedia[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@casalemedia[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@casalemedia[4].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@citi.bridgetrack[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@click.orgycash[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@clickability[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@clickbank[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@coolsavings[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@counter.hitslink[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@counter12.sextracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@counter12.sextracker[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@counter16.sextracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@counter2.sextracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@counter2.sextracker[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@counter3.sextracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@counter3.sextracker[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@counter7.sextracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@counter7.sextracker[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@cs.sexcounter[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@cupolaventures.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@cvhs.adbureau[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@cz8.clickzs[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@data2.perf.overture[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@devart.adbureau[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@dhdmedia[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@directtrack[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@directtrack[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@doubleclick[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@doubleclick[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@doubleclick[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@drnatura.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@e-2dj6wfkicmdjoeo.stats.esomniture[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@earth.goclick[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@eas.apm.emediate[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@edge.ru4[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@edge.ru4[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-accuweather.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-adaptivemarketing.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-bizjournals.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-cbsradio.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-classmates.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-electricbusiness.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-groupernetworks.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-harleydavidson.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-hillspet.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-lowermybills.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-lowermybills.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-newegg.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-scheringploughcorp.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-space.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-traderpublishing.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-verizon.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-warnerbrothers.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-youtube.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ehg-zoom.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@electronicarts.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@everythingfreeporn[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@fastclick[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@fastclick[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@fcstats.bcentral[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@fortunecity[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@free.wegcash[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@go.sexprofit[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@gostats[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@h.starware[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@hg1.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@homestore.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@homestore.122.2o7[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@hotbar[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@i.screensavers[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@i.screensavers[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@icc.intellisrv[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ientry[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@image.masterstats[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@image.masterstats[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@imrworldwide[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@indextools[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@kanoodle[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@keywordmax[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@leeenterprises.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@livenation.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@login.tracking101[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@lynxtrack[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@m1.webstats.motigo[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@maxim.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@maxserving[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@media.adrevolver[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@media.adrevolver[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@media.iams[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@media.licenseacquisition[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@media.paychex[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@mediaplex[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@mediaplex[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@monstercom.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@msnportal.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@my-calorie-counter[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@myfirstsexteacher[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@mywebsearch[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@mywebsearch[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@nextag[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@nfm.directtrack[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@niteflirt.directtrack[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@overture[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@overture[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@partner2profit[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@partner2profit[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@paycounter[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@paycounter[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@phg.hitbox[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@precisionclick[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@precisionclick[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@pro-market[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@publishers.clickbooth[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@qksrv[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@qnsr[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@questionmarket[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@rbsinteractive.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@realmedia[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@realmedia[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@realsexcash[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@revsci[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@revsci[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@revsci[4].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@revsci[5].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@richmedia.yahoo[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@roiservice[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@roiservice[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@rotator.adjuggler[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@rotator.adjuggler[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@sales.liveperson[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@salesleadform.aflac[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@screensavers[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@server.iad.liveperson[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@server.iad.liveperson[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@server.iad.liveperson[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@server.iad.liveperson[4].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@server.iad.liveperson[5].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@server.iad.liveperson[7].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@server.iad.liveperson[8].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@server.iad.liveperson[9].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@serving-sys[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@serving-sys[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@sexlist[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@sexlist[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@sexsearchcom[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@sextracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@sextracker[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@sexycitycash[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@sitestats.tiscali.co[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@smartmoney.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@smileycentral[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@snapfish.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@spamblockerutility[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@spamblockerutility[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@specificclick[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@specificclick[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@statcounter[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@statcounter[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@stats.privacyprotector[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@stats.sphere[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@statse.webtrendslive[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@statse.webtrendslive[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@statsgold[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@superpages.122.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@tacoda[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@tacoda[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@tasty18and19.tastyporn[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@teensforcash[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@teenslutbus[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@toplist[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@tour.sexsearchcom[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@tour.splash.sexsearch[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@tracking.foxnews[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@tracking.foxnews[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@tracking.foxnews[4].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@tradedoubler[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@trafficmp[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@trafficmp[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@tribalfusion[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@tribalfusion[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@tripod[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@try.screensavers[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@try.screensavers[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@try.starware[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@viacomedycentralrl.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@viamtvcom.112.2o7[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@w121.hitbox[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@waterfrontmedia.112.2o7[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@web4.realtracker[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@web4.realtracker[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@webpower[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@wt.sexsearchcom[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@wt.sexsearch[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.adultcrowd[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.adultplayersclub[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.burstbeacon[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.burstnet[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.burstnet[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.clickmanage[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.googleadservices[10].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.googleadservices[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.googleadservices[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.googleadservices[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.googleadservices[4].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.googleadservices[5].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.googleadservices[6].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.googleadservices[7].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.googleadservices[8].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.googleadservices[9].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.halstats[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.japansexav[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.movieland[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.pornsitejourney[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.ppctracking[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.safelite[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.screensavers[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.sexsearchcom[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.stopzilla[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.teenjill[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.teensforcash[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.teensforcash[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.xctrk[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.xxxpower[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.xxxpower[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www.xxxpower[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www1.addfreestats[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www3.addfreestats[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www5.addfreestats[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www6.addfreestats[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@www6.addfreestats[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@xxxcounter[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@xxxcounter[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@xxxfolder[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@xxxpower[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@youngadultsteens[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@zedo[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@zedo[3].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@zedo[4].txt

Adware.Zango Toolbar/Hb
HKCR\CoreSrv.CoreServices
HKCR\CoreSrv.CoreServices\CLSID
HKCR\CoreSrv.CoreServices\CurVer
HKCR\CoreSrv.CoreServices.1
HKCR\CoreSrv.CoreServices.1\CLSID
HKCR\CoreSrv.LfgAx
HKCR\CoreSrv.LfgAx\CLSID
HKCR\CoreSrv.LfgAx\CurVer
HKCR\CoreSrv.LfgAx.1
HKCR\CoreSrv.LfgAx.1\CLSID
HKCR\HBMain.CommBand
HKCR\HBMain.CommBand\CLSID
HKCR\HBMain.CommBand\CurVer
HKCR\HBMain.CommBand.1
HKCR\HBMain.CommBand.1\CLSID
HKCR\hbr.HbMain
HKCR\hbr.HbMain\CLSID
HKCR\hbr.HbMain\CurVer
HKCR\hbr.HbMain.1
HKCR\hbr.HbMain.1\CLSID
HKCR\HostOL.MailAnim
HKCR\HostOL.MailAnim\CLSID
HKCR\HostOL.MailAnim\CurVer
HKCR\HostOL.MailAnim.1
HKCR\HostOL.MailAnim.1\CLSID
HKCR\HostOL.WebmailSend
HKCR\HostOL.WebmailSend\CLSID
HKCR\HostOL.WebmailSend\CurVer
HKCR\HostOL.WebmailSend.1
HKCR\HostOL.WebmailSend.1\CLSID
HKCR\InstIE.HbInstObj
HKCR\InstIE.HbInstObj\CLSID
HKCR\InstIE.HbInstObj\CurVer
HKCR\InstIE.HbInstObj.1
HKCR\InstIE.HbInstObj.1\CLSID
HKCR\Srv.CoreServices
HKCR\Srv.CoreServices\CLSID
HKCR\Srv.CoreServices\CurVer
HKCR\Srv.CoreServices.1
HKCR\Srv.CoreServices.1\CLSID
HKCR\Toolbar.HtmlMenuUI
HKCR\Toolbar.HtmlMenuUI\CLSID
HKCR\Toolbar.HtmlMenuUI\CurVer
HKCR\Toolbar.HtmlMenuUI.1
HKCR\Toolbar.HtmlMenuUI.1\CLSID
HKCR\Toolbar.ToolbarCtl
HKCR\Toolbar.ToolbarCtl\CLSID
HKCR\Toolbar.ToolbarCtl\CurVer
HKCR\Toolbar.ToolbarCtl.1
HKCR\Toolbar.ToolbarCtl.1\CLSID
HKCR\CLSID\{5B2E150D-4C8A-40E4-8C36-DD9C02771C67}
HKCR\CLSID\{5B2E150D-4C8A-40E4-8C36-DD9C02771C67}\InprocServer32
HKCR\CLSID\{5B2E150D-4C8A-40E4-8C36-DD9C02771C67}\InprocServer32#ThreadingModel
HKCR\CLSID\{5B2E150D-4C8A-40E4-8C36-DD9C02771C67}\ProgID
HKCR\CLSID\{5B2E150D-4C8A-40E4-8C36-DD9C02771C67}\Programmable
HKCR\CLSID\{5B2E150D-4C8A-40E4-8C36-DD9C02771C67}\TypeLib
HKCR\CLSID\{5B2E150D-4C8A-40E4-8C36-DD9C02771C67}\VersionIndependentProgID
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\Control
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\InprocServer32
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\InprocServer32#ThreadingModel
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\MiscStatus
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\MiscStatus\1
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\ProgID
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\Programmable
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\ToolboxBitmap32
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\TypeLib
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\Version
HKCR\CLSID\{627D894A-8A77-416E-B522-432EAF2C818E}\VersionIndependentProgID
HKCR\CLSID\{7138F250-5B72-48DD-ADFB-9A83B429DD9E}
HKCR\CLSID\{7138F250-5B72-48DD-ADFB-9A83B429DD9E}\LocalServer32
HKCR\CLSID\{7138F250-5B72-48DD-ADFB-9A83B429DD9E}\ProgID
HKCR\CLSID\{7138F250-5B72-48DD-ADFB-9A83B429DD9E}\Programmable
HKCR\CLSID\{7138F250-5B72-48DD-ADFB-9A83B429DD9E}\TypeLib
HKCR\CLSID\{7138F250-5B72-48DD-ADFB-9A83B429DD9E}\VersionIndependentProgID
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}\Control
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}\InprocServer32
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}\InprocServer32#ThreadingModel
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}\ProgID
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}\Programmable
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}\ToolboxBitmap32
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}\TypeLib
HKCR\CLSID\{8971CB48-9FCA-445A-BE77-E8E8A4CC9DF7}\VersionIndependentProgID
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}#AppID
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Control
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Implemented Categories
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\InprocServer32
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\InprocServer32#ThreadingModel
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\MiscStatus
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\MiscStatus\1
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\ProgID
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Programmable
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\ToolboxBitmap32
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\TypeLib
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Version
HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\VersionIndependentProgID
HKCR\CLSID\{B88E4484-3FF6-4EA9-815B-A54FE20D4387}
HKCR\CLSID\{B88E4484-3FF6-4EA9-815B-A54FE20D4387}\InprocServer32
HKCR\CLSID\{B88E4484-3FF6-4EA9-815B-A54FE20D4387}\InprocServer32#ThreadingModel
HKCR\CLSID\{B88E4484-3FF6-4EA9-815B-A54FE20D4387}\ProgID
HKCR\CLSID\{B88E4484-3FF6-4EA9-815B-A54FE20D4387}\Programmable
HKCR\CLSID\{B88E4484-3FF6-4EA9-815B-A54FE20D4387}\TypeLib
HKCR\CLSID\{B88E4484-3FF6-4EA9-815B-A54FE20D4387}\VersionIndependentProgID
HKCR\CLSID\{BFC08CFF-C737-4433-BD5A-0EE7EFCFEE54}
HKCR\CLSID\{BFC08CFF-C737-4433-BD5A-0EE7EFCFEE54}\InprocServer32
HKCR\CLSID\{BFC08CFF-C737-4433-BD5A-0EE7EFCFEE54}\InprocServer32#ThreadingModel
HKCR\CLSID\{BFC08CFF-C737-4433-BD5A-0EE7EFCFEE54}\ProgID
HKCR\CLSID\{BFC08CFF-C737-4433-BD5A-0EE7EFCFEE54}\Programmable
HKCR\CLSID\{BFC08CFF-C737-4433-BD5A-0EE7EFCFEE54}\TypeLib
HKCR\CLSID\{BFC08CFF-C737-4433-BD5A-0EE7EFCFEE54}\VersionIndependentProgID
HKCR\CLSID\{D2221CCB-F2BB-4858-AAD4-57C754153603}
HKCR\CLSID\{D2221CCB-F2BB-4858-AAD4-57C754153603}\InprocServer32
HKCR\CLSID\{D2221CCB-F2BB-4858-AAD4-57C754153603}\InprocServer32#ThreadingModel
HKCR\CLSID\{D2221CCB-F2BB-4858-AAD4-57C754153603}\ProgID
HKCR\CLSID\{D2221CCB-F2BB-4858-AAD4-57C754153603}\TypeLib
HKCR\CLSID\{D2221CCB-F2BB-4858-AAD4-57C754153603}\VersionIndependentProgID
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}\InprocServer32
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}\InprocServer32#ThreadingModel
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}\ProgID
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}\Programmable
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}\TypeLib
HKCR\CLSID\{EA0B6A1A-6A59-4A58-9C41-9966504898A5}\VersionIndependentProgID
HKCR\TypeLib\{08755390-F46D-4D09-968C-3430166B3189}
HKCR\TypeLib\{08755390-F46D-4D09-968C-3430166B3189}\1.0
HKCR\TypeLib\{08755390-F46D-4D09-968C-3430166B3189}\1.0\0
HKCR\TypeLib\{08755390-F46D-4D09-968C-3430166B3189}\1.0\0\win32
HKCR\TypeLib\{08755390-F46D-4D09-968C-3430166B3189}\1.0\FLAGS
HKCR\TypeLib\{08755390-F46D-4D09-968C-3430166B3189}\1.0\HELPDIR
HKCR\TypeLib\{0923208C-E259-4ED5-A778-CB607DA350AD}
HKCR\TypeLib\{0923208C-E259-4ED5-A778-CB607DA350AD}\1.0
HKCR\TypeLib\{0923208C-E259-4ED5-A778-CB607DA350AD}\1.0\0
HKCR\TypeLib\{0923208C-E259-4ED5-A778-CB607DA350AD}\1.0\0\win32
HKCR\TypeLib\{0923208C-E259-4ED5-A778-CB607DA350AD}\1.0\FLAGS
HKCR\TypeLib\{0923208C-E259-4ED5-A778-CB607DA350AD}\1.0\HELPDIR
HKCR\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB}
HKCR\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB}\1.0
HKCR\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB}\1.0\0
HKCR\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB}\1.0\0\win32
HKCR\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB}\1.0\FLAGS
HKCR\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB}\1.0\HELPDIR
HKCR\TypeLib\{9720DE03-5820-4059-B4A4-639D5E52BD09}
HKCR\TypeLib\{9720DE03-5820-4059-B4A4-639D5E52BD09}\1.0
HKCR\TypeLib\{9720DE03-5820-4059-B4A4-639D5E52BD09}\1.0\0
HKCR\TypeLib\{9720DE03-5820-4059-B4A4-639D5E52BD09}\1.0\0\win32
HKCR\TypeLib\{9720DE03-5820-4059-B4A4-639D5E52BD09}\1.0\FLAGS
HKCR\TypeLib\{9720DE03-5820-4059-B4A4-639D5E52BD09}\1.0\HELPDIR
HKCR\TypeLib\{C23FA5A4-1FEA-419F-8B14-F7465DF062BC}
HKCR\TypeLib\{C23FA5A4-1FEA-419F-8B14-F7465DF062BC}\1.0
HKCR\TypeLib\{C23FA5A4-1FEA-419F-8B14-F7465DF062BC}\1.0\0
HKCR\TypeLib\{C23FA5A4-1FEA-419F-8B14-F7465DF062BC}\1.0\0\win32
HKCR\TypeLib\{C23FA5A4-1FEA-419F-8B14-F7465DF062BC}\1.0\FLAGS
HKCR\TypeLib\{C23FA5A4-1FEA-419F-8B14-F7465DF062BC}\1.0\HELPDIR
HKCR\TypeLib\{CCC6E232-AA4C-4813-A019-9C14B27776B6}
HKCR\TypeLib\{CCC6E232-AA4C-4813-A019-9C14B27776B6}\1.0
HKCR\TypeLib\{CCC6E232-AA4C-4813-A019-9C14B27776B6}\1.0\0
HKCR\TypeLib\{CCC6E232-AA4C-4813-A019-9C14B27776B6}\1.0\0\win32
HKCR\TypeLib\{CCC6E232-AA4C-4813-A019-9C14B27776B6}\1.0\FLAGS
HKCR\TypeLib\{CCC6E232-AA4C-4813-A019-9C14B27776B6}\1.0\HELPDIR
HKCR\Interface\{00B77587-BE1B-4201-B8E9-09FCF50AB771}
HKCR\Interface\{00B77587-BE1B-4201-B8E9-09FCF50AB771}\ProxyStubClsid
HKCR\Interface\{00B77587-BE1B-4201-B8E9-09FCF50AB771}\ProxyStubClsid32
HKCR\Interface\{00B77587-BE1B-4201-B8E9-09FCF50AB771}\TypeLib
HKCR\Interface\{00B77587-BE1B-4201-B8E9-09FCF50AB771}\TypeLib#Version
HKCR\Interface\{067C6A37-72EA-4437-863A-5BE20C246F3C}
HKCR\Interface\{067C6A37-72EA-4437-863A-5BE20C246F3C}\ProxyStubClsid
HKCR\Interface\{067C6A37-72EA-4437-863A-5BE20C246F3C}\ProxyStubClsid32
HKCR\Interface\{067C6A37-72EA-4437-863A-5BE20C246F3C}\TypeLib
HKCR\Interface\{067C6A37-72EA-4437-863A-5BE20C246F3C}\TypeLib#Version
HKCR\Interface\{1A2AF056-1FE1-47CA-993D-5D09D18E674E}
HKCR\Interface\{1A2AF056-1FE1-47CA-993D-5D09D18E674E}\ProxyStubClsid
HKCR\Interface\{1A2AF056-1FE1-47CA-993D-5D09D18E674E}\ProxyStubClsid32
HKCR\Interface\{1A2AF056-1FE1-47CA-993D-5D09D18E674E}\TypeLib
HKCR\Interface\{1A2AF056-1FE1-47CA-993D-5D09D18E674E}\TypeLib#Version
HKCR\Interface\{2B81F920-6660-4F76-93BF-B1C67BF5D1A0}
HKCR\Interface\{2B81F920-6660-4F76-93BF-B1C67BF5D1A0}\ProxyStubClsid
HKCR\Interface\{2B81F920-6660-4F76-93BF-B1C67BF5D1A0}\ProxyStubClsid32
HKCR\Interface\{2B81F920-6660-4F76-93BF-B1C67BF5D1A0}\TypeLib
HKCR\Interface\{2B81F920-6660-4F76-93BF-B1C67BF5D1A0}\TypeLib#Version
HKCR\Interface\{34E29700-0D13-46AA-B9A5-ACE68E21A091}
HKCR\Interface\{34E29700-0D13-46AA-B9A5-ACE68E21A091}\ProxyStubClsid
HKCR\Interface\{34E29700-0D13-46AA-B9A5-ACE68E21A091}\ProxyStubClsid32
HKCR\Interface\{34E29700-0D13-46AA-B9A5-ACE68E21A091}\TypeLib
HKCR\Interface\{34E29700-0D13-46AA-B9A5-ACE68E21A091}\TypeLib#Version
HKCR\Interface\{3661AF2D-C27B-499C-9BCF-66C8502A3806}
HKCR\Interface\{3661AF2D-C27B-499C-9BCF-66C8502A3806}\ProxyStubClsid
HKCR\Interface\{3661AF2D-C27B-499C-9BCF-66C8502A3806}\ProxyStubClsid32
HKCR\Interface\{3661AF2D-C27B-499C-9BCF-66C8502A3806}\TypeLib
HKCR\Interface\{3661AF2D-C27B-499C-9BCF-66C8502A3806}\TypeLib#Version
HKCR\Interface\{3F0915B8-B238-4C2D-AD1E-60DB1E14D27A}
HKCR\Interface\{3F0915B8-B238-4C2D-AD1E-60DB1E14D27A}\ProxyStubClsid
HKCR\Interface\{3F0915B8-B238-4C2D-AD1E-60DB1E14D27A}\ProxyStubClsid32
HKCR\Interface\{3F0915B8-B238-4C2D-AD1E-60DB1E14D27A}\TypeLib
HKCR\Interface\{3F0915B8-B238-4C2D-AD1E-60DB1E14D27A}\TypeLib#Version
HKCR\Interface\{49155DAE-C471-40FA-98EE-B2B3CAD115CE}
HKCR\Interface\{49155DAE-C471-40FA-98EE-B2B3CAD115CE}\ProxyStubClsid
HKCR\Interface\{49155DAE-C471-40FA-98EE-B2B3CAD115CE}\ProxyStubClsid32
HKCR\Interface\{49155DAE-C471-40FA-98EE-B2B3CAD115CE}\TypeLib
HKCR\Interface\{49155DAE-C471-40FA-98EE-B2B3CAD115CE}\TypeLib#Version
HKCR\Interface\{4D783385-0DDA-4188-A529-C97DC3D67CBD}
HKCR\Interface\{4D783385-0DDA-4188-A529-C97DC3D67CBD}\ProxyStubClsid
HKCR\Interface\{4D783385-0DDA-4188-A529-C97DC3D67CBD}\ProxyStubClsid32
HKCR\Interface\{4D783385-0DDA-4188-A529-C97DC3D67CBD}\TypeLib
HKCR\Interface\{4D783385-0DDA-4188-A529-C97DC3D67CBD}\TypeLib#Version
HKCR\Interface\{4E8B851B-05B0-4BAF-B24D-D0DFE88DDED3}
HKCR\Interface\{4E8B851B-05B0-4BAF-B24D-D0DFE88DDED3}\ProxyStubClsid
HKCR\Interface\{4E8B851B-05B0-4BAF-B24D-D0DFE88DDED3}\ProxyStubClsid32
HKCR\Interface\{4E8B851B-05B0-4BAF-B24D-D0DFE88DDED3}\TypeLib
HKCR\Interface\{4E8B851B-05B0-4BAF-B24D-D0DFE88DDED3}\TypeLib#Version
HKCR\Interface\{5A4737A8-B92A-4E54-970E-C2891D98CE3F}
HKCR\Interface\{5A4737A8-B92A-4E54-970E-C2891D98CE3F}\ProxyStubClsid
HKCR\Interface\{5A4737A8-B92A-4E54-970E-C2891D98CE3F}\ProxyStubClsid32
HKCR\Interface\{5A4737A8-B92A-4E54-970E-C2891D98CE3F}\TypeLib
HKCR\Interface\{5A4737A8-B92A-4E54-970E-C2891D98CE3F}\TypeLib#Version
HKCR\Interface\{62B0B239-F9AC-4A5B-BFAE-62C7A23F7627}
HKCR\Interface\{62B0B239-F9AC-4A5B-BFAE-62C7A23F7627}\ProxyStubClsid
HKCR\Interface\{62B0B239-F9AC-4A5B-BFAE-62C7A23F7627}\ProxyStubClsid32
HKCR\Interface\{62B0B239-F9AC-4A5B-BFAE-62C7A23F7627}\TypeLib
HKCR\Interface\{62B0B239-F9AC-4A5B-BFAE-62C7A23F7627}\TypeLib#Version
HKCR\Interface\{6E10479B-31E8-4A3B-81B1-DDAF39097F19}
HKCR\Interface\{6E10479B-31E8-4A3B-81B1-DDAF39097F19}\ProxyStubClsid
HKCR\Interface\{6E10479B-31E8-4A3B-81B1-DDAF39097F19}\ProxyStubClsid32
HKCR\Interface\{6E10479B-31E8-4A3B-81B1-DDAF39097F19}\TypeLib
HKCR\Interface\{6E10479B-31E8-4A3B-81B1-DDAF39097F19}\TypeLib#Version
HKCR\Interface\{726F0AB9-B842-4AE4-90C7-230E233E6A99}
HKCR\Interface\{726F0AB9-B842-4AE4-90C7-230E233E6A99}\ProxyStubClsid
HKCR\Interface\{726F0AB9-B842-4AE4-90C7-230E233E6A99}\ProxyStubClsid32
HKCR\Interface\{726F0AB9-B842-4AE4-90C7-230E233E6A99}\TypeLib
HKCR\Interface\{726F0AB9-B842-4AE4-90C7-230E233E6A99}\TypeLib#Version
HKCR\Interface\{99123AC9-7DDA-4C82-B252-44C2804BF392}
HKCR\Interface\{99123AC9-7DDA-4C82-B252-44C2804BF392}\ProxyStubClsid
HKCR\Interface\{99123AC9-7DDA-4C82-B252-44C2804BF392}\ProxyStubClsid32
HKCR\Interface\{99123AC9-7DDA-4C82-B252-44C2804BF392}\TypeLib
HKCR\Interface\{99123AC9-7DDA-4C82-B252-44C2804BF392}\TypeLib#Version
HKCR\Interface\{ACE99E77-AA2A-43C2-8C9D-CAF2020FDF2B}
HKCR\Interface\{ACE99E77-AA2A-43C2-8C9D-CAF2020FDF2B}\ProxyStubClsid
HKCR\Interface\{ACE99E77-AA2A-43C2-8C9D-CAF2020FDF2B}\ProxyStubClsid32
HKCR\Interface\{ACE99E77-AA2A-43C2-8C9D-CAF2020FDF2B}\TypeLib
HKCR\Interface\{ACE99E77-AA2A-43C2-8C9D-CAF2020FDF2B}\TypeLib#Version
HKCR\Interface\{B247F5BF-BD9D-4ECD-8FC1-365F36A1FDA1}
HKCR\Interface\{B247F5BF-BD9D-4ECD-8FC1-365F36A1FDA1}\ProxyStubClsid
HKCR\Interface\{B247F5BF-BD9D-4ECD-8FC1-365F36A1FDA1}\ProxyStubClsid32
HKCR\Interface\{B247F5BF-BD9D-4ECD-8FC1-365F36A1FDA1}\TypeLib
HKCR\Interface\{B247F5BF-BD9D-4ECD-8FC1-365F36A1FDA1}\TypeLib#Version
HKCR\Interface\{B9CC2B92-5611-453F-8381-8B6F72D9C0B8}
HKCR\Interface\{B9CC2B92-5611-453F-8381-8B6F72D9C0B8}\ProxyStubClsid
HKCR\Interface\{B9CC2B92-5611-453F-8381-8B6F72D9C0B8}\ProxyStubClsid32
HKCR\Interface\{B9CC2B92-5611-453F-8381-8B6F72D9C0B8}\TypeLib
HKCR\Interface\{B9CC2B92-5611-453F-8381-8B6F72D9C0B8}\TypeLib#Version
HKCR\Interface\{BBBFB891-98AE-4678-86F3-BD5A2EED86C9}
HKCR\Interface\{BBBFB891-98AE-4678-86F3-BD5A2EED86C9}\ProxyStubClsid
HKCR\Interface\{BBBFB891-98AE-4678-86F3-BD5A2EED86C9}\ProxyStubClsid32
HKCR\Interface\{BBBFB891-98AE-4678-86F3-BD5A2EED86C9}\TypeLib
HKCR\Interface\{BBBFB891-98AE-4678-86F3-BD5A2EED86C9}\TypeLib#Version
HKCR\Interface\{C4543E64-1498-410D-8E72-4744EEA99AB9}
HKCR\Interface\{C4543E64-1498-410D-8E72-4744EEA99AB9}\ProxyStubClsid
HKCR\Interface\{C4543E64-1498-410D-8E72-4744EEA99AB9}\ProxyStubClsid32
HKCR\Interface\{C4543E64-1498-410D-8E72-4744EEA99AB9}\TypeLib
HKCR\Interface\{C4543E64-1498-410D-8E72-4744EEA99AB9}\TypeLib#Version
HKCR\Interface\{E0FB1610-B25B-49F6-BE20-751B2F230E6F}
HKCR\Interface\{E0FB1610-B25B-49F6-BE20-751B2F230E6F}\ProxyStubClsid
HKCR\Interface\{E0FB1610-B25B-49F6-BE20-751B2F230E6F}\ProxyStubClsid32
HKCR\Interface\{E0FB1610-B25B-49F6-BE20-751B2F230E6F}\TypeLib
HKCR\Interface\{E0FB1610-B25B-49F6-BE20-751B2F230E6F}\TypeLib#Version
HKCR\Interface\{E420A65F-9984-4B8C-9FA9-1ED69D3B0A13}
HKCR\Interface\{E420A65F-9984-4B8C-9FA9-1ED69D3B0A13}\ProxyStubClsid
HKCR\Interface\{E420A65F-9984-4B8C-9FA9-1ED69D3B0A13}\ProxyStubClsid32
HKCR\Interface\{E420A65F-9984-4B8C-9FA9-1ED69D3B0A13}\TypeLib
HKCR\Interface\{E420A65F-9984-4B8C-9FA9-1ED69D3B0A13}\TypeLib#Version
HKCR\Interface\{EA58C2EA-BE26-49DD-9B9A-C8E4E5CA7791}
HKCR\Interface\{EA58C2EA-BE26-49DD-9B9A-C8E4E5CA7791}\ProxyStubClsid
HKCR\Interface\{EA58C2EA-BE26-49DD-9B9A-C8E4E5CA7791}\ProxyStubClsid32
HKCR\Interface\{EA58C2EA-BE26-49DD-9B9A-C8E4E5CA7791}\TypeLib
HKCR\Interface\{EA58C2EA-BE26-49DD-9B9A-C8E4E5CA7791}\TypeLib#Version
HKCR\Interface\{FCA28AC5-C1E1-4D67-A5AE-C44D6C374D9F}
HKCR\Interface\{FCA28AC5-C1E1-4D67-A5AE-C44D6C374D9F}\ProxyStubClsid
HKCR\Interface\{FCA28AC5-C1E1-4D67-A5AE-C44D6C374D9F}\ProxyStubClsid32
HKCR\Interface\{FCA28AC5-C1E1-4D67-A5AE-C44D6C374D9F}\TypeLib
HKCR\Interface\{FCA28AC5-C1E1-4D67-A5AE-C44D6C374D9F}\TypeLib#Version
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP521\A0126536.DLL

Trojan.ZenoSearch
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL\C_AMERICA ONLINE 9.0\OPTCLEAN.EXE

Adware.MovieLand/MediaPipe
C:\PROGRAM FILES\DOWNLOADMANAGER\DM.EXE
C:\PROGRAM FILES\DOWNLOADMANAGER\DOWNLOADMANAGER.EXE
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\DOWNLOADMANAGER\MPTRAY.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\DOWNLOADMANAGER\MPUPDATE.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP548\A0127301.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP548\A0127302.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP551\A0127624.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP555\A0128022.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP555\A0128023.EXE

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DRIVERS\BG_BG.GIF.VIR

Trojan.Downloader-FakeRX
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\OEMBIOS32.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP556\A0128235.DLL

Adware.180solutions/Seekmo
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP521\A0126526.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP521\A0126535.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP521\A0126537.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP521\A0126538.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP521\A0126539.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP522\A0126546.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127209.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127210.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127211.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127212.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127214.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127215.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127216.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127217.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127218.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127219.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127220.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127221.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127229.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127230.DLL

Adware.180solutions/ZangoSearch
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP521\A0126533.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127228.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127241.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127242.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127243.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127244.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127246.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127247.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127248.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127249.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127250.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127251.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127252.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP545\A0127253.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP548\A0127307.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP548\A0127463.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP548\A0127465.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP548\A0127466.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP549\A0127469.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP551\A0127627.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP551\A0127628.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP551\A0127630.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP551\A0127631.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP551\A0127632.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP551\A0127633.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP551\A0127634.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP551\A0127635.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP551\A0127637.EXE

Adware.Starware
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP548\A0127306.EXE

Trojan.Net-NUSR
C:\WINDOWS\SYSTEM32\NUSRMGR.EXE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:46:11 PM, on 9/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\BacsTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\AOL\1131468494\ee\AOLHostManager.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\AOL\1131468494\ee\AOLServiceHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131468494\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-581541943-2590962829-1806583950-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-581541943-2590962829-1806583950-1007\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-581541943-2590962829-1806583950-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-581541943-2590962829-1806583950-1007\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - ?p=ZJxdm025MCUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C144589-8DD8-460A-83D6-FB28E9C7A238}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{24390BE2-8276-4A25-B921-67280BB430D4}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D2C265F-9652-49A2-A931-2E8610F44AE1}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11590 bytes



Also, here is my superantispyware log that I ran today before posting, just in case:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/27/2007 at 03:54 PM

Application Version : 3.9.1008

Core Rules Database Version : 3312
Trace Rules Database Version: 1315

Scan type : Complete Scan
Total Scan Time : 00:19:19

Memory items scanned : 458
Memory threats detected : 0
Registry items scanned : 5599
Registry threats detected : 0
File items scanned : 56508
File threats detected : 10

Adware.Tracking Cookie
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@revsci[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@2o7[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@edge.ru4[2].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@ar.atwola[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@atdmt[1].txt
C:\Documents and Settings\Peter Montella\Cookies\peter_montella@atwola[2].txt

Trojan.ZenoSearch
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP559\A0129629.EXE

Adware.MovieLand/MediaPipe
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP559\A0129630.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP559\A0129631.EXE

Trojan.Main/SPP
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP559\A0129632.EXE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users