Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Critical System Error


  • Please log in to reply
10 replies to this topic

#1 tricky_b13

tricky_b13

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 05 December 2007 - 07:35 PM

Hello everyone, I keep getting a pop up that says i have been infected with the Trojan.win32.Agent.akk virus and must download a spyware program. Can anyone help me remove this trojan? thanx a lot.

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,192 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:28 AM

Posted 05 December 2007 - 09:25 PM

Use the Smitfraudfix tool in the link below.
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

Important==Follow up with SAS.
Download and Install Super Antispyware free. Reboot and run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

How to Start Windows in Safe Mode:
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

Post back with results of scans and for further instruction.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 tricky_b13

tricky_b13
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 05 December 2007 - 11:02 PM

okay this is the scan from smit fraud fix after it searched and cleaned
------------------------------

SmitFraudFix v2.258

Scan done at 19:05:55.00, Wed 12/05/2007
Run from C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

DNS Before Fix

Description: Wireless LAN PCI 802.11 b/g adapter WN5301A - Packet Scheduler Miniport
DNS Server Search Order: 16.92.3.242
DNS Server Search Order: 16.92.3.243
DNS Server Search Order: 16.81.3.243
DNS Server Search Order: 16.118.3.243

Description: Intel® 82562V 10/100 Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A1BC0B6E-4303-43FF-B734-C1E728FAEB9C}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A1BC0B6E-4303-43FF-B734-C1E728FAEB9C}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A1BC0B6E-4303-43FF-B734-C1E728FAEB9C}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1

DNS After Fix

Description: Wireless LAN PCI 802.11 b/g adapter WN5301A - Packet Scheduler Miniport
DNS Server Search Order: 16.92.3.242
DNS Server Search Order: 16.92.3.243
DNS Server Search Order: 16.81.3.243
DNS Server Search Order: 16.118.3.243

Description: Intel® 82562V 10/100 Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A1BC0B6E-4303-43FF-B734-C1E728FAEB9C}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A1BC0B6E-4303-43FF-B734-C1E728FAEB9C}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A1BC0B6E-4303-43FF-B734-C1E728FAEB9C}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1

---------------------------------------
The SAS log is as follows.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/05/2007 at 07:54 PM

Application Version : 3.9.1008

Core Rules Database Version : 3356
Trace Rules Database Version: 1355

Scan type : Complete Scan
Total Scan Time : 00:46:48

Memory items scanned : 645
Memory threats detected : 0
Registry items scanned : 7178
Registry threats detected : 17
File items scanned : 58127
File threats detected : 372

Trojan.Smitfraud Variant-Gen/IEDef
HKLM\Software\Classes\CLSID\{2FA3B736-1AC7-454D-8E94-8BA8158BF064}
HKCR\CLSID\{2FA3B736-1AC7-454D-8E94-8BA8158BF064}
HKCR\CLSID\{2FA3B736-1AC7-454D-8E94-8BA8158BF064}
HKCR\CLSID\{2FA3B736-1AC7-454D-8E94-8BA8158BF064}#AppID
HKCR\CLSID\{2FA3B736-1AC7-454D-8E94-8BA8158BF064}#LocalizedString
HKCR\CLSID\{2FA3B736-1AC7-454D-8E94-8BA8158BF064}\Elevation
HKCR\CLSID\{2FA3B736-1AC7-454D-8E94-8BA8158BF064}\Elevation#Enabled
HKCR\CLSID\{2FA3B736-1AC7-454D-8E94-8BA8158BF064}\Implemented Categories
HKCR\CLSID\{2FA3B736-1AC7-454D-8E94-8BA8158BF064}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{2FA3B736-1AC7-454D-8E94-8BA8158BF064}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{2FA3B736-1AC7-454D-8E94-8BA8158BF064}\InprocServer32
HKCR\CLSID\{2FA3B736-1AC7-454D-8E94-8BA8158BF064}\InprocServer32#ThreadingModel
HKCR\CLSID\{2FA3B736-1AC7-454D-8E94-8BA8158BF064}\ProgID
HKCR\CLSID\{2FA3B736-1AC7-454D-8E94-8BA8158BF064}\TypeLib
HKCR\CLSID\{2FA3B736-1AC7-454D-8E94-8BA8158BF064}\Version
C:\WINDOWS\SYSTEM32\SYSVIDEO32.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2FA3B736-1AC7-454D-8E94-8BA8158BF064}

Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@yadro[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@imrworldwide[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@offers.intermediainteractive[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@soundclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atwola[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.3dstats[2].txt
C:\Documents and Settings\Guest\Cookies\guest@105-bmp.googleadservices[2].txt
C:\Documents and Settings\Guest\Cookies\guest@2.go.globaladsales[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ad.uk.tangozebra[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ad.xplusone[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ad.yieldx[2].txt
C:\Documents and Settings\Guest\Cookies\guest@adbrite[1].txt
C:\Documents and Settings\Guest\Cookies\guest@adbrite[2].txt
C:\Documents and Settings\Guest\Cookies\guest@adopt.euroclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@adopt.specificclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.adbrite[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.addesktop[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.as4x.tmcs.ticketmaster[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.realtechnetwork[2].txt
C:\Documents and Settings\Guest\Cookies\guest@anad.tacoda[1].txt
C:\Documents and Settings\Guest\Cookies\guest@as-eu.falkag[2].txt
C:\Documents and Settings\Guest\Cookies\guest@as-us.falkag[1].txt
C:\Documents and Settings\Guest\Cookies\guest@as.casalemedia[2].txt
C:\Documents and Settings\Guest\Cookies\guest@azjmp[2].txt
C:\Documents and Settings\Guest\Cookies\guest@azoogleads[1].txt
C:\Documents and Settings\Guest\Cookies\guest@bluestreak[2].txt
C:\Documents and Settings\Guest\Cookies\guest@burstnet[2].txt
C:\Documents and Settings\Guest\Cookies\guest@casalemedia[1].txt
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ehg-bestbuy.hitbox[1].txt
C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@freecodesource.advertserve[1].txt
C:\Documents and Settings\Guest\Cookies\guest@icc.intellisrv[2].txt
C:\Documents and Settings\Guest\Cookies\guest@imrworldwide[2].txt
C:\Documents and Settings\Guest\Cookies\guest@login.tracking101[2].txt
C:\Documents and Settings\Guest\Cookies\guest@media.fastclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@mediaservices.myspace[2].txt
C:\Documents and Settings\Guest\Cookies\guest@precisionclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@questionmarket[2].txt
C:\Documents and Settings\Guest\Cookies\guest@realmedia[2].txt
C:\Documents and Settings\Guest\Cookies\guest@sales.liveperson[1].txt
C:\Documents and Settings\Guest\Cookies\guest@sales.liveperson[3].txt
C:\Documents and Settings\Guest\Cookies\guest@statse.webtrendslive[1].txt
C:\Documents and Settings\Guest\Cookies\guest@track.bestbuy[1].txt
C:\Documents and Settings\Guest\Cookies\guest@trafficmp[1].txt
C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[2].txt
C:\Documents and Settings\Guest\Cookies\guest@www.burstbeacon[2].txt
C:\Documents and Settings\Guest\Cookies\guest@www.burstnet[1].txt
C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@1.adbrite[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@3.adbrite[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@4.adbrite[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@a.websponsors[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad1.clickhype[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adecn[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adinterax[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adlegend[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adrevolver[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.active[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.adbrite[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.adgoto[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.adultswim[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.belointeractive[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.buuk[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.cnn[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.glispa[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.madisonavenue[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.pointroll[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.realtechnetwork[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.realtechnetwork[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.revsci[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.us.e-planning[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads2.blastro[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads2.firingsquad[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adserver.adreactor[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adserver.easyad[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adserver5.teracent[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adserver6.teracent[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adtech[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adultadworld[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@affiliate.budsinc[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@affiliates.ticketsnow[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@anad.tacoda[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@anat.tacoda[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@anheuserbusch.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@apmebf[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@azjmp[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@azoogleads[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@banners.pictures.sprintpcs[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@belnk[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bizrate[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bluestreak[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bmw.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@brightcove.112.2o7[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bs.serving-sys[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@burstnet[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@buycom.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bzresults.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cartoonnetwork.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cartoonsexmania[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cbs.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@citi.bridgetrack[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clickaider[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clickbank[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clicksor[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clicktracks.commercebox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cnn.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@collective-media[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@counter.plugin[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@counter12.sextracker[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@counter2.hitslink[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cpvfeed[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@directmediaplus[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@dist.belnk[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick.hertz[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wak4umdjwlq.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wak4wiajwep.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6waliqmczkdo.stats.esomniture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6walociczwfp.stats.esomniture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wamiulajolo.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wbk4oiazwdo.stats.esomniture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wbkoajcjwho.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wbliojdjcdq.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wbloogcpgho.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wblygndjkfq.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wblyopcpeep.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wclougd5sep.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wcmyelcpmgp.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfk4kjajwbo.stats.esomniture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfkiehdzklo.stats.esomniture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfkieldjolo.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfkiglazcgo.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfkoenc5aep.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfkoeod5efp.stats.esomniture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfliqocpacp.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfliqodzkfo.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wflismajihp.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfliwkdzghq.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfloepcpofq.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfloomdjilp.stats.esomniture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wflowgazogq.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfmyulcpgkp.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wgk4gldpebo.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wgk4klczikq.stats.esomniture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wgkywhazefo.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wgmigoajico.stats.esomniture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wgmyklajedq.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6whkicldjogo.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6whlokkdpckq.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjk4akdzcko.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjk4klazogp.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjk4ohczsao.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjk4qncpekp.stats.esomniture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjkococzedq.stats.esomniture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjkoqjcpmgp.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjkyaic5sbo.stats.esomniture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjl4chdjwbp.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjl4kjdpckp.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjl4sndpako.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjloaoc5ocq.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjloekazakp.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjlooiazcao.stats.esomniture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjlyggazklp.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjlyojczago.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjlyqkc5wgo.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjlywhc5oeo.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjlywnazkcp.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjlywpcjido.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjmiuld5wep.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjnyojdjkao.stats.esomniture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjnyqgczogo.stats.esomniture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjnysgcjmeo.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjnyskcpkhp.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjnyupajkbp.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjnywnd5iko.stats.esomniture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@eas.apm.emediate[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@eb.adbureau[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ecnext.advertserve[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@educationmanagementllc.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@efashionsolutions.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-aig.hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-autozone.hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-bmwna.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-cardomain.hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-christiandior.hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-classifiedventures.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-darden.hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-davidsbridal.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-discoverynetwork.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-findlaw.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-groupernetworks.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-gucciamericainc.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-hollywoodmedia.hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-interval.hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-legacy.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-lifetimeentertainment.hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-newscientist.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-onestopinternet.hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-penguingroupusa.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-researchinmotion.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-rodale.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-rylandgrp.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-safeharbor.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-simstar.hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-sixflags.hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-space.hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-starbucks.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-theactivenetwork.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-theviptour.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-traderelectronicmedia.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-uniontrib.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-verizon.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-verizoncommunications.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-viacom.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-warnerbrothers.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-youtube.hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@equityresidential.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@eyewonder[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ez-tracks[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@financialcontent.advertserve[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@flixbanner.bearshare[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@focalex[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ford.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@freecodesource.advertserve[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@gcc-00.googleadservices[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@gms.adbureau[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@goodyear.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@gostats[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@h.starware[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@harpo.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hearstmagazines.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hertz.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hornymatches[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hotlog[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@humornsex[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@humornsex[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@i.screensavers[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@iacas.adbureau[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ice.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@imeem.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@indextools[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@interclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@keywordmax[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@leeenterprises.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@linksynergy[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@linkto.mediafire[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@livenation.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@login.tracking101[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@m2omedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@makeawish.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@marketlive.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media-bucket[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.mtvnservices[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.pc.ign[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.tinypic[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.xfire[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media6degrees[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediafire[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediamax[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@metacafe.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@microsoftwlsearchcrm.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@multiply.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mywebsearch[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@nbcuniversal.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@newlinecinema.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@nextag[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@optimize.indieclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@overture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@partner2profit[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@partypoker[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@path.pureadstracking[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@paycounter[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@paypal.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@pbh.adbureau[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@perf.overture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@precisionclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@pro-market[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@pt.crossmediaservices[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@questionmarket[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@realmedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@relocationcentral.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@revenue[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@revsci[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@reztrack[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rhinestonejewelry.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@richmedia.yahoo[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rimmel.ai-media[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@roiservice[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rotator.adjuggler[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@s.clickability[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@saynotocrack[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@scholastic.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@screensavers[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sec1.liveperson[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sec1.liveperson[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@server2.bkvtrack[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@serving-sys[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sextracker[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sitestat.mayoclinic[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sitestat.mayoclinic[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@soundtrack[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@specificclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@spylog[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stat.dealtime[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stat.onestat[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statcounter[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stats.gamestop[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@superstats[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tacoda[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ticketsnow.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ticketsnow[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@track.bestbuy[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@track.leadjunky[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tracker.mediatracker.co[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tracking.foxnews[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@trackmon.itor[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tradedoubler[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@traffic.buyservices[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@trafficvenuedirect[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tremor.adbureau[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@try.screensavers[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@try.starware[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@vhost.oddcast[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@viacomedycentralrl.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@videoegg.adbureau[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@waterfrontmedia.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@web1.soundtrack[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@wpni.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.0stats[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstbeacon[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstnet[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.clickmanage[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.clickxchange[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.ez-tracks[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.femalehealthmadesimple[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.googleadservices[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.googleadservices[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.m2omedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.mediafire[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.popuptraffic[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.seventeen[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.ticketsnow2[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.ticketsnow[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.tns-counter[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.trackspace[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.w3counter[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www1.addfreestats[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www2.addfreestats[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www3.addfreestats[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www5.addfreestats[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www8.addfreestats[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@xiti[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@zhenghe.tripod[1].txt

Rogue.IEDefender
HKU\S-1-5-21-1750370765-4001579231-145676592-1007\Software\IEDefender
C:\Program Files\IE Defender

Trojan.Downloader-Gen/Suspicious
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\EVO8OOXP\SPEEDGEARV5.00CRACKFFF[1]\SPEED GEAR V5.00 CRACK.EXE

BearShare File Sharing Client
C:\PROGRAM FILES\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,467 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:28 AM

Posted 05 December 2007 - 11:11 PM

You did not follow all the instructions for using Smitfruadfix. Please print out these "instructions".
Make sure you scroll down to Clean and perform the steps where you reboot in "Safe Mode" and run option #2.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 tricky_b13

tricky_b13
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 05 December 2007 - 11:30 PM

oh sorry, here is the log after in safe mode.

------------------------------------------

SmitFraudFix v2.258

Scan done at 20:21:24.29, Wed 12/05/2007
Run from C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts


127.0.0.1 localhost

Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A1BC0B6E-4303-43FF-B734-C1E728FAEB9C}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A1BC0B6E-4303-43FF-B734-C1E728FAEB9C}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A1BC0B6E-4303-43FF-B734-C1E728FAEB9C}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,467 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:28 AM

Posted 05 December 2007 - 11:33 PM

Are you getting any more pop up alerts?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 tricky_b13

tricky_b13
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 05 December 2007 - 11:39 PM

nope thats a good sign right? lol

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,467 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:28 AM

Posted 06 December 2007 - 12:02 AM

Good job.

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 tricky_b13

tricky_b13
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 06 December 2007 - 12:08 AM

okidoki did it. Is that all that i have to do?

#10 buddy215

buddy215

  • Moderator
  • 13,192 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:28 AM

Posted 06 December 2007 - 06:53 AM

The "third party cookies" that SAS found and removed can be blocked from reinstalling on your computer.
Follow the simple directions in the link below to do that in IE.
http://www.howtogeek.com/howto/windows-vis...cookies-in-ie7/

Once you have blocked the "third party cookies" from installing, use Ccleaner to remove the existing ones.
Remove temporary files, logs, cookies, etc. by using Ccleaner. Do not use "Advanced Settings" or the "Issues" button. Use only the default settings. http://www.ccleaner.com/
During install of Ccleaner you will be offered the Yahoo Toolbar. UNcheck if you don't want it.

You can keep SAS and just update it once a week so it will be ready when needed.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,467 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:28 AM

Posted 06 December 2007 - 08:07 AM

To protect yourself against malware and reduce the potential for re-infection, be sure to read:
"Simple and easy ways to keep your computer safe".
"How did I get infected?, With steps so it does not happen again!".
"The Ten Most Dangerous Things Users Do Online".
"The 10 Biggest Security Risks".
"Hardening Windows Security - Part 1" and "Hardening Windows Security - Part 2".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users