Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help My Computer Is Infected


  • Please log in to reply
18 replies to this topic

#1 NinjaAyameX

NinjaAyameX

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:stockton, CA
  • Local time:01:47 AM

Posted 24 February 2008 - 06:45 PM

Okay, so my computer is infected with a virus, it appears that I am not the only one with this problem. My C drive has a red X and my computer is bombarded with thousands upon thousands of pos files and everytime I try to open my IE it closes, I keep getting storage protector pop ups and syntax errors and it takes like 3 years to load and my task bar disappears at random moments, I try to run spybot, but it freezes. What do I do to get rid of this? Can anyone help me?


Edited by NinjaAyameX, 24 February 2008 - 07:00 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:47 AM

Posted 25 February 2008 - 01:41 PM

Hello and welcome :flowers: to BC NinjaAyameX,

Please let us know what your operating system is: Windows XP, Vista etc. wo we can provide you with the proper cleaning instructions.

Also, please let us know what security programs you have installed besides Spybot.

Orange Blossom :thumbsup:

p.s. A request: Please do not use that color font, it is VERY hard to read. My poor eyes are burning.

p.p.s. Off topic: OOf. Three years to load up? Wow! How frustrating. Nice use of hyperbole in your post. English teacher gives you an A.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 NinjaAyameX

NinjaAyameX
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:stockton, CA
  • Local time:01:47 AM

Posted 28 February 2008 - 09:41 PM

Okay, so I am running on Windows XP and on my computer, I have Avira anti virus, but its not running because something went wrong with it, causing me to use a system restore. I have ad-aware 07 and I have Hijack this on my computer, ((But I have no idea on how to use it at all.))



p.s Oh, I'm sorry. Lime green happens to be my favorite color. ((Yay for an A))

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:47 AM

Posted 29 February 2008 - 02:06 AM

Hello NinjaAyameX,

At this point, I would like you to run a scan with SUPERAntiSpyware in Safe Mode. You will, of course, install it in Normal Mode. You may wish to print out the following directions or copy them to notepad so you will have them available in Safe Mode.

Download and install SUPERAntiSpyware free found here: SUPERAntiSpyware

Be sure to click on the download button to the left, not on the free trial download on the right.

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
  • Close browsers before scanning
  • Scan for tracking cookies
  • Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
Reboot into Safe Mode
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
Reboot into Normal Mode
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.

Please post the log in your next reply. Also, please let us know if you have XP Home or Pro and if you have SP2 or SP1 installed.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 randaddy

randaddy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:03:47 AM

Posted 29 February 2008 - 10:59 PM

THANK YOU FOR ALL YOUR HELP, I SCANNED ALL W/ SUPERANTISPYWARE. I HAD ABOUT 4000 PROBLEMS ON MY PC. IT TOOK ABOUT 1HR.& 15MINS. I STILL NEED HELP PROTECTING MY PC. ANY TIPS U CAN PASS ALONG..... PS. I HAVE WINDOWS XP HOME, SORRY I DONT KNOW WHAT SP1 OR SP2 IS IM A DUMMY! THANKS AGAIN...... PLEASE TELL ME HOW TO INSERT A COPYED OR SAVED LOG. IAM HAVING PROBLEMS SENDING MY SUPERAINTISPYWARE REPORT. DOOH.

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:47 AM

Posted 01 March 2008 - 12:18 AM

Hello randaddy,

To post the log, open the log per the directions provided earlier. Right click on the the text in the log, then click on Select All. Right Click on the log again and click on Copy. Now go to your topic, click on Add Reply, click in the text area where you type your responses in order to set the cursor, then right click in the text area and click on Copy. Your log should now be pasted in the text area.

SP1, which means service pack 1, was a major windows update several years ago. SP2, which means service pack 2, was another major windows update about 5 years ago. To see what you have, Right Click on My Computer, then click on Properties. A small window will open up. If it isn't already on the General tab, click on that tab. Under System, it will indicate whether there is a service pack installed and which number it is. If you do not see the words Service Pack, you do not have either installed.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 NinjaAyameX

NinjaAyameX
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:stockton, CA
  • Local time:01:47 AM

Posted 01 March 2008 - 02:44 AM

Alright. Took me three hours, but I got it. Here is the log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/29/2008 at 11:15 PM

Application Version : 4.0.1154

Core Rules Database Version : 3412
Trace Rules Database Version: 1404

Scan type : Complete Scan
Total Scan Time : 03:37:50

Memory items scanned : 182
Memory threats detected : 3
Registry items scanned : 4300
Registry threats detected : 94
File items scanned : 121647
File threats detected : 897

Trojan.Unclassifed/AffiliateBundle
C:\WINDOWS\SYSTEM32\LJJJIGE.DLL
C:\WINDOWS\SYSTEM32\LJJJIGE.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ljjjige

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\WVWUV.DLL
C:\WINDOWS\SYSTEM32\WVWUV.DLL

Trojan.Vundo/Variant-Installer/A
C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
[SpybotSD TeaTimer] C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
[SUPERAntiSpyware] C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
C:\WINDOWS\MROFINU572.EXE.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RCX842B.TMP
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP34\A0029448.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP34\A0030447.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP34\A0031447.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP36\A0031462.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP39\A0032486.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP39\A0032496.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP39\A0032497.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP39\A0033497.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP39\A0033498.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP39\A0033508.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP39\A0033509.EXE
C:\WINDOWS\Prefetch\TEATIMER.EXE-1F57E47A.pf
C:\WINDOWS\Prefetch\SUPERANTISPYWARE.EXE-07994D9B.pf

Trojan.Vundo/Variant-Installer
[load] C:\WINDOWS\SYSTEM32\WVWUV.EXE
C:\WINDOWS\SYSTEM32\WVWUV.EXE
[load] C:\WINDOWS\SYSTEM32\WVWUV.EXE
[load] C:\WINDOWS\SYSTEM32\WVWUV.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP17\A0014085.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP17\A0015075.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP18\A0016073.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP21\A0016086.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP22\A0017076.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP23\A0017087.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP24\A0017093.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP24\A0018074.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0018328.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0019328.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0020328.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0021330.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP27\A0022328.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP27\A0023328.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP27\A0024328.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP27\A0025328.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP27\A0026328.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP28\A0026346.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP29\A0026360.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP30\A0026504.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP31\A0026510.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP31\A0027349.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP32\A0028345.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP32\A0029345.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP34\A0029449.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP34\A0030449.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP34\A0031449.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP36\A0031464.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP39\A0032489.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP39\A0032499.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP39\A0033500.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP39\A0033510.EXE
C:\WINDOWS\Prefetch\WVWUV.EXE-35DF6735.pf

Adware.Vundo-Variant/Small-A
HKLM\Software\Classes\CLSID\{0c420448-cbe5-4363-b6c2-04d578478245}
HKCR\CLSID\{0C420448-CBE5-4363-B6C2-04D578478245}
HKCR\CLSID\{0C420448-CBE5-4363-B6C2-04D578478245}\InprocServer32
HKCR\CLSID\{0C420448-CBE5-4363-B6C2-04D578478245}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\FVKNTCFH.DLL
HKLM\Software\Classes\CLSID\{9cd92ab1-3968-4913-a94f-8a40f91fb9f9}
HKCR\CLSID\{9CD92AB1-3968-4913-A94F-8A40F91FB9F9}
HKCR\CLSID\{9CD92AB1-3968-4913-A94F-8A40F91FB9F9}\InprocServer32
HKCR\CLSID\{9CD92AB1-3968-4913-A94F-8A40F91FB9F9}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\BKOLTEGC.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c420448-cbe5-4363-b6c2-04d578478245}
C:\WINDOWS\SYSTEM32\JATRXBFG.DLL
C:\WINDOWS\SYSTEM32\BFMYWWVN.DLL
C:\WINDOWS\SYSTEM32\NFDKNLOS.DLL
C:\WINDOWS\SYSTEM32\IJEFHGIT.DLL
C:\WINDOWS\SYSTEM32\WEWKCPOY.DLL
C:\WINDOWS\SYSTEM32\ELCGBQPU.DLL
C:\WINDOWS\SYSTEM32\CBGKDNHX.DLL
C:\WINDOWS\SYSTEM32\WMIHNMLL.DLL
C:\WINDOWS\SYSTEM32\VJXUJMID.DLL
C:\WINDOWS\SYSTEM32\FGGWLFHA.DLL
C:\WINDOWS\SYSTEM32\ELUWOXRG.DLL
C:\WINDOWS\SYSTEM32\KTQIXIRD.DLL
C:\WINDOWS\SYSTEM32\VYCUWGHR.DLL
C:\WINDOWS\SYSTEM32\DOQKCFVS.DLL
C:\WINDOWS\SYSTEM32\ABABHETB.DLL
C:\WINDOWS\SYSTEM32\XPGXVBDI.DLL
C:\WINDOWS\SYSTEM32\DNLHFTNP.DLL
C:\WINDOWS\SYSTEM32\OPDPNWFC.DLL
C:\WINDOWS\SYSTEM32\ADCXFYOR.DLL
C:\WINDOWS\SYSTEM32\WGKYOHLE.DLL
C:\WINDOWS\SYSTEM32\BEFNWHJC.DLL
C:\WINDOWS\SYSTEM32\IUIUMJUE.DLL
C:\WINDOWS\SYSTEM32\SPEYFWBA.DLL
C:\WINDOWS\SYSTEM32\XDICGBRY.DLL
C:\WINDOWS\SYSTEM32\XOQWESAR.DLL
C:\WINDOWS\SYSTEM32\GHYXPOSE.DLL
C:\WINDOWS\SYSTEM32\YFGNFBEM.DLL
C:\WINDOWS\SYSTEM32\AQXXKPXN.DLL
C:\WINDOWS\SYSTEM32\VBMMSTED.DLL
C:\WINDOWS\SYSTEM32\LAQQHBYQ.DLL
C:\WINDOWS\SYSTEM32\OKLGUTDC.DLL
C:\WINDOWS\SYSTEM32\RFVJNWLN.DLL
C:\WINDOWS\SYSTEM32\CAXUYICP.DLL
C:\WINDOWS\SYSTEM32\GJEQKCQR.DLL
C:\WINDOWS\SYSTEM32\EQRPQREX.DLL
C:\WINDOWS\SYSTEM32\VPUWUKNQ.DLL
C:\WINDOWS\SYSTEM32\MEHTKSBV.DLL
C:\WINDOWS\SYSTEM32\DXKKKTQK.DLL
C:\WINDOWS\SYSTEM32\ABCYPRCJ.DLL
C:\WINDOWS\SYSTEM32\TOXHIUMD.DLL
C:\WINDOWS\SYSTEM32\OXOEATEN.DLL
C:\WINDOWS\SYSTEM32\JUCGPDAG.DLL
C:\WINDOWS\SYSTEM32\NABKXDYT.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP17\A0015069.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP17\A0015071.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP18\A0016069.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP22\A0017069.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP22\A0017070.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP22\A0017071.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP22\A0017072.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP24\A0018069.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP24\A0018076.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0018187.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0018192.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0018194.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0018201.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0018208.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0018209.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0018211.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0018237.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0018304.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0018306.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0018308.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0018309.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0018319.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0018320.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0018323.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP28\A0026342.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP31\A0027342.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP31\A0027343.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP31\A0027344.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP31\A0027345.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP34\A0029444.DLL

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\HNPWDGHN.DLL
HKLM\Software\Classes\CLSID\{E1759A31-E627-4758-9562-6899DF36C9C2}
HKCR\CLSID\{E1759A31-E627-4758-9562-6899DF36C9C2}
HKCR\CLSID\{E1759A31-E627-4758-9562-6899DF36C9C2}\InprocServer32
HKCR\CLSID\{E1759A31-E627-4758-9562-6899DF36C9C2}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1759A31-E627-4758-9562-6899DF36C9C2}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{E1759A31-E627-4758-9562-6899DF36C9C2}
HKCR\CLSID\{E1759A31-E627-4758-9562-6899DF36C9C2}

Adware.AdSponsor/ISM
HKLM\Software\Classes\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}
HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}
HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}
HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}#AppID
HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}\Implemented Categories
HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}\InprocServer32
HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}\InprocServer32#ThreadingModel
HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}\ProgID
HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}\TypeLib
HKCR\CLSID\{11B97CF9-C40E-4127-801D-0FE00EB35705}\VersionIndependentProgID
C:\PROGRAM FILES\ISM\BNDDRIVE5.DLL
HKLM\Software\Classes\CLSID\{8FB5B012-E8CB-46cd-B6D2-ED428FAE9043}
HKCR\CLSID\{8FB5B012-E8CB-46CD-B6D2-ED428FAE9043}
HKCR\CLSID\{8FB5B012-E8CB-46CD-B6D2-ED428FAE9043}
HKCR\CLSID\{8FB5B012-E8CB-46CD-B6D2-ED428FAE9043}#AppID
HKCR\CLSID\{8FB5B012-E8CB-46CD-B6D2-ED428FAE9043}\InprocServer32
HKCR\CLSID\{8FB5B012-E8CB-46CD-B6D2-ED428FAE9043}\InprocServer32#ThreadingModel
HKCR\CLSID\{8FB5B012-E8CB-46CD-B6D2-ED428FAE9043}\ProgID
HKCR\CLSID\{8FB5B012-E8CB-46CD-B6D2-ED428FAE9043}\TypeLib
HKCR\CLSID\{8FB5B012-E8CB-46CD-B6D2-ED428FAE9043}\VersionIndependentProgID
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8FB5B012-E8CB-46cd-B6D2-ED428FAE9043}
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{11B97CF9-C40E-4127-801D-0FE00EB35705}

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{5FE5C6EE-0641-4C6E-997B-4757B3E89BA1}
HKCR\CLSID\{5FE5C6EE-0641-4C6E-997B-4757B3E89BA1}
HKCR\CLSID\{5FE5C6EE-0641-4C6E-997B-4757B3E89BA1}\InprocServer32
HKCR\CLSID\{5FE5C6EE-0641-4C6E-997B-4757B3E89BA1}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FE5C6EE-0641-4C6E-997B-4757B3E89BA1}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}

Adware.ClickSpring
HKLM\Software\Classes\CLSID\{BEAAA714-16F9-4C5F-DA2B-3DE671815C93}
HKCR\CLSID\{BEAAA714-16F9-4C5F-DA2B-3DE671815C93}
HKCR\CLSID\{BEAAA714-16F9-4C5F-DA2B-3DE671815C93}\InprocServer32
HKCR\CLSID\{BEAAA714-16F9-4C5F-DA2B-3DE671815C93}\InprocServer32#ThreadingModel
HKCR\CLSID\{BEAAA714-16F9-4C5F-DA2B-3DE671815C93}\Programmable
HKCR\CLSID\{BEAAA714-16F9-4C5F-DA2B-3DE671815C93}\TypeLib
C:\WINDOWS\SYSTEM32\VNQ.DLL
HKLM\Software\Classes\CLSID\{C6ED6C23-84C6-DE6D-BB2D-FD8A37F02594}
HKCR\CLSID\{C6ED6C23-84C6-DE6D-BB2D-FD8A37F02594}
HKCR\CLSID\{C6ED6C23-84C6-DE6D-BB2D-FD8A37F02594}\InprocServer32
HKCR\CLSID\{C6ED6C23-84C6-DE6D-BB2D-FD8A37F02594}\InprocServer32#ThreadingModel
HKCR\CLSID\{C6ED6C23-84C6-DE6D-BB2D-FD8A37F02594}\Programmable
HKCR\CLSID\{C6ED6C23-84C6-DE6D-BB2D-FD8A37F02594}\TypeLib
C:\WINDOWS\SYSTEM32\OMIQ.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BEAAA714-16F9-4C5F-DA2B-3DE671815C93}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6ED6C23-84C6-DE6D-BB2D-FD8A37F02594}
HKLM\Software\ClickSpring
HKLM\Software\ClickSpring#UBWKR
C:\WINDOWS\SYSTEM32\DMLPMLBB.DLL
C:\WINDOWS\SYSTEM32\GPJLMUG.DLL
C:\WINDOWS\SYSTEM32\GTOQGDI.DLL
C:\WINDOWS\SYSTEM32\INVVLTM.DLL
C:\WINDOWS\SYSTEM32\RYOKTJW.DLL
C:\WINDOWS\SYSTEM32\VXNMSB.DLL
C:\WINDOWS\SYSTEM32\VJICVB.DLL
C:\WINDOWS\SYSTEM32\HVCFUL.DLL
C:\WINDOWS\SYSTEM32\TBNDBP.DLL
C:\WINDOWS\SYSTEM32\QKVJZT.DLL
C:\WINDOWS\SYSTEM32\CCTODY.DLL
C:\WINDOWS\SYSTEM32\ABXMZZ.DLL
C:\WINDOWS\SYSTEM32\UNDTO.DLL
C:\WINDOWS\SYSTEM32\KOZWS.DLL
C:\WINDOWS\SYSTEM32\HGVAX.DLL
C:\WINDOWS\SYSTEM32\MOXLZ.DLL
C:\WINDOWS\SYSTEM32\OIZUZ.DLL
C:\WINDOWS\SYSTEM32\XPJF.DLL
C:\WINDOWS\SYSTEM32\KYWH.DLL
C:\WINDOWS\SYSTEM32\ACUU.DLL
C:\WINDOWS\SYSTEM32\ELJZ.DLL
C:\WINDOWS\SYSTEM32\RZM.DLL
C:\WINDOWS\SYSTEM32\NMO.DLL
C:\WINDOWS\SYSTEM32\UEW.DLL
C:\WINDOWS\SYSTEM32\BJX.DLL
C:\WINDOWS\TEMP\SDEXE.EXE
C:\NEW FOLDER\OOTC\JAVAW.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMP21.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MY DOCUMENTS\OOTC\CHKDSK.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP17\A0015081.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP17\A0015083.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP17\A0015095.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP17\A0015096.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0021339.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0021348.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0021350.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0021351.EXE

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@media6degrees[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pandasoftware.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.realtechnetwork[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@azjmp[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.incentaclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-kasperskylab.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@freecodesource.advertserve[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@gaiainteractive.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@reduxads.valuead[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@overture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adlegend[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tremor.adbureau[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@windowsmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media.adrevolver[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@incentaclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@24713[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@login.tracking101[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver[1].txt
C:\WINDOWS\TEMP\Cookies\anyuser@findwhat[1].txt
C:\WINDOWS\TEMP\Cookies\anyuser@fastclick[1].txt
C:\WINDOWS\TEMP\Cookies\anyuser@ads.pointroll[1].txt
C:\WINDOWS\TEMP\Cookies\anyuser@questionmarket[2].txt
C:\WINDOWS\TEMP\Cookies\anyuser@tacoda[1].txt
C:\WINDOWS\TEMP\Cookies\anyuser@anad.tacoda[1].txt
C:\WINDOWS\TEMP\Cookies\anyuser@adrevolver[2].txt
C:\WINDOWS\TEMP\Cookies\anyuser@zedo[1].txt
C:\WINDOWS\TEMP\Cookies\anyuser@realmedia[1].txt
C:\WINDOWS\TEMP\Cookies\anyuser@atdmt[2].txt
C:\WINDOWS\TEMP\Cookies\anyuser@casalemedia[1].txt
C:\WINDOWS\TEMP\Cookies\anyuser@mediatraffic[1].txt
C:\WINDOWS\TEMP\Cookies\anyuser@trafficmp[1].txt
C:\WINDOWS\TEMP\Cookies\anyuser@advertising[2].txt
C:\WINDOWS\TEMP\Cookies\anyuser@adopt.euroclick[2].txt
C:\WINDOWS\TEMP\Cookies\anyuser@adlegend[1].txt
C:\WINDOWS\TEMP\Cookies\anyuser@burstnet[2].txt
C:\WINDOWS\TEMP\Cookies\anyuser@apmebf[1].txt
C:\WINDOWS\TEMP\Cookies\anyuser@adrevolver[3].txt
C:\WINDOWS\TEMP\Cookies\anyuser@mediamgr.ugo[1].txt
C:\WINDOWS\TEMP\Cookies\anyuser@mediaonenetwork[1].txt
C:\WINDOWS\TEMP\Cookies\anyuser@mediaplex[2].txt
C:\WINDOWS\TEMP\Cookies\anyuser@www.burstbeacon[1].txt
C:\WINDOWS\TEMP\Cookies\anyuser@media.adrevolver[2].txt
C:\WINDOWS\TEMP\Cookies\anyuser@www.burstnet[1].txt
C:\WINDOWS\TEMP\Cookies\anyuser@overture[1].txt
C:\WINDOWS\TEMP\Cookies\anyuser@countercentral[2].txt
C:\WINDOWS\TEMP\Cookies\anyuser@statcounter[2].txt
C:\WINDOWS\TEMP\Cookies\anyuser@adopt.specificclick[2].txt
C:\WINDOWS\TEMP\Cookies\anyuser@hornymatches[2].txt
C:\WINDOWS\TEMP\Cookies\anyuser@hitbox[2].txt
C:\WINDOWS\TEMP\Cookies\anyuser@ehg-globalgamingleague.hitbox[2].txt
C:\WINDOWS\TEMP\Cookies\anyuser@bs.serving-sys[1].txt
C:\WINDOWS\TEMP\Cookies\anyuser@serving-sys[2].txt
C:\WINDOWS\TEMP\Cookies\anyuser@thunderbolt.adjuggler[2].txt
C:\WINDOWS\TEMP\Cookies\anyuser@tribalfusion[1].txt
C:\WINDOWS\TEMP\Cookies\anyuser@rotator.dex.adjuggler[2].txt
C:\WINDOWS\TEMP\Cookies\anyuser@ad.yieldmanager[2].txt
C:\WINDOWS\TEMP\Cookies\anyuser@adserver[1].txt
C:\WINDOWS\TEMP\Cookies\anyuser@specificclick[1].txt
C:\WINDOWS\TEMP\Cookies\anyuser@revsci[1].txt
C:\WINDOWS\TEMP\Cookies\anyuser@ad.outerinfoads[1].txt
C:\WINDOWS\TEMP\Cookies\anyuser@eas.apm.emediate[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@z1.adserver[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@adrevolver[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@2o7[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@www.teenmusic[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@questionmarket[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@tripod[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@fastclick[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@dist.belnk[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@adserver.aim4media[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@perf.overture[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@rightmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@banner[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@partner2profit[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@www.macromedia[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@www4.paypopup[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@as-us.falkag[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@optimost[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@edge.ru4[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.jackpot[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.realcastmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.op-design[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@trafficmp[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@tribalfusion[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@adknowledge[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@realmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@creativeby.viewpoint[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@gostats[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@okcounter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@atwola[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.pointroll[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@bluestreak[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@advertising[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@emarketmakers[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@counter.fateback[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@targetnet[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@valueclick[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@www.burstbeacon[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@bs.serving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@a.websponsors[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@nextag[4].txt
C:\Documents and Settings\Administrator\Cookies\xx@casalemedia[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@revenue[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@adopt.specificclick[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@valueclick[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@maxserving[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@sales.liveperson[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@burstnet[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@teenmusic[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@fortunecity[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.addynamix[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@zedo[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@s.teenblvd[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@www.sexymalecelebs.co[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@as-eu.falkag[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@nextag[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@fastclick[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@servedby.advertising[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@eztracks.aavalue[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@z1.adserver[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@eboz[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@rightmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@teenidols2000[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@a.websponsors[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@adlegend[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@ww3.shoshkeles[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@questionmarket[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@www.entrepreneur[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@bs.serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@image.masterstats[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@hypertracker[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@www.sexymalecelebs.co[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.addesktop[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@top.addfreestats[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@fastclick[5].txt
C:\Documents and Settings\Administrator\Cookies\xx@ad.reunion[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@adopt.hbmediapro[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@adserver[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@servedby.advertising[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@teenmusic.about[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@superstats[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.monster[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.adsag[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.addynamix[5].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.realcastmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@exitexchange[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@tripod[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@revsci[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@www.burstnet[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@stats-tracking[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.pointroll[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@adorigin[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@hits.clickandtrack[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@qksrv[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@www.screensavers[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@qnsr[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.digitalpoint[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@as-us.falkag[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@focalex[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.addynamix[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@www.popuptraffic[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@partner2profit[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.jackpot[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@fortunecity[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@nextag[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@azjmp[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@nbtracking[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@certaclick[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@bluestreak[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@bizrate[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@fastclick[4].txt
C:\Documents and Settings\Administrator\Cookies\xx@2o7[4].txt
C:\Documents and Settings\Administrator\Cookies\xx@ad.admarketplace[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@overture[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@advertising[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.cjbmanagement[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.ecrush[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@interclick[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.eckhardsoft[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@revenue[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@adrevolver[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@tradedoubler[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@ad-logics[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@www.clickxchange[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@offeroptimizer[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@partypoker[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@as-eu.falkag[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@www.coolcounters[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@edge.ru4[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@paypopup[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@ad.specificmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@statse.webtrendslive[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@creativeby.viewpoint[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.cc214142[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@citi.bridgetrack[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@trafficmp[5].txt
C:\Documents and Settings\Administrator\Cookies\xx@h.starware[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@adecn[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@partypoker.touchclarity[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@www.burstbeacon[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@bigbanners[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@mediamgr.ugo[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@www.teenidols4you[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@apmebf[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@serving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@okcounter[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@belnk[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@coolsavings[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@burstnet[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@server.iad.liveperson[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@banner[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@bannerspace[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@icc.intellisrv[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@zedo[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@adrevolver[4].txt
C:\Documents and Settings\Administrator\Cookies\xx@experclick[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@stats.load[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@stat.onestat[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@realmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@ath.belnk[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@adserver.cheatplanet[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@sel.as-us.falkag[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@server.cpmstar[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@adopt.specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@tribalfusion[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@atwola[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@casalemedia[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@xml.bravenetmedianetwork[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@movieland[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@targetnet[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@statcounter[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@yieldmanager[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@maxserving[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@dist.belnk[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@adknowledge[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@trafficmp[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@hurricanedigitalmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@counter.xrea[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@ad.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@tacoda[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@www2.claxonmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@yesadvertising[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@mediamgr.ugo[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@belnk[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@ad.admarketplace[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@icc.intellisrv[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@questionmarket[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@tripod[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@www3.claxonmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@regalinteractive[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@fastclick[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@server.cpmstar[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@adknowledge[4].txt
C:\Documents and Settings\Administrator\Cookies\xx@as-us.falkag[4].txt
C:\Documents and Settings\Administrator\Cookies\xx@adecn[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@realmedia[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@trafficmp[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@ath.belnk[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@revsci[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@yieldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@tagworld[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@ad.yieldmanager[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@publishers.clickbooth[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@www.coolcounters[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@xml.bravenetmedianetwork[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@qnsr[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@citi.bridgetrack[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@as-eu.falkag[4].txt
C:\Documents and Settings\Administrator\Cookies\xx@dist.belnk[4].txt
C:\Documents and Settings\Administrator\Cookies\xx@adrevolver[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@adopt.euroclick[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@reduxads.valuead[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@overture[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@tribalfusion[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.realcastmedia[4].txt
C:\Documents and Settings\Administrator\Cookies\xx@campaign.indieclick[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.addynamix[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@serving-sys[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@interclick[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@statcounter[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@adserver[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@partypoker[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.cc214142[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@clicksor[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@a.websponsors[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@atwola[4].txt
C:\Documents and Settings\Administrator\Cookies\xx@qksrv[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@maxserving[4].txt
C:\Documents and Settings\Administrator\Cookies\xx@www.burstbeacon[4].txt
C:\Documents and Settings\Administrator\Cookies\xx@adrevolver[6].txt
C:\Documents and Settings\Administrator\Cookies\xx@edge.ru4[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.pointroll[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@login.tracking101[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.realtechnetwork[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@hits.clickandtrack[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@adopt.specificclick[4].txt
C:\Documents and Settings\Administrator\Cookies\xx@casalemedia[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@advertising[4].txt
C:\Documents and Settings\Administrator\Cookies\xx@msnportal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@msnportal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@advertising[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ads.mediamayhemcorp[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@tremor.adbureau[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adserver[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@mediaplex[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@gaiainteractive.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@www.elitesimbuilders[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adserver[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@optimost[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@overture[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@pro-market[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@casalemedia[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adinterax[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ehg-youtube.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@revenue[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@trafficmp[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@freecodesource.advertserve[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.adbrite[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@da-tracking[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@www.tqlkg[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@e-2dj6wgkiejczacq.stats.esomniture[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@brightcove.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@media.mtvnservices[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@enhance[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adbrite[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@videoegg.adbureau[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@metacafe.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adlegend[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@www.windowsmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@www.popuptraffic[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adecn[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adultfriendfinder[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ad.alldanzradio[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ad.choiceradio[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@4.adbrite[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@findwhat[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@anat.tacoda[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@charmingshoppes.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@server.cpmstar[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@stats[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ads.newgrounds[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@vip.clickzs[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@heavycom.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@www.burstbeacon[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@as1.falkag[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@r-kimedia.co[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adrevolver[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@kylieteen[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@justteensite[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@eyewonder[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@traffic.buyservices[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@azjmp[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@fastclick[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@xiti[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@burstnet[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@banners[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@collective-media[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@richmedia.yahoo[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@stats.adbrite[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ascendmedia.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@electronicarts.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adtech[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ad.outerinfoads[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@reduxads.valuead[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@realmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@zedo[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@perf.overture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@partner2profit[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@apmebf[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@arbitrack[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@eyewonder[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@www.xctrk[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ad.outerinfo[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ads.realtechnetwork[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@exitexchange[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@spamblockerutility[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ads.monster[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@atwola[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@indexstats[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ads.joinaxxess[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@tour.sexsearchcom[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@edge.ru4[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@a.websponsors[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@directtrack[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@nfm.directtrack[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@wt.sexsearch[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@www.burstnet[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adserver.easyad[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@goclick[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@anad.tacoda[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@mediatraffic[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@mystat.synch[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@revsci[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@interclick[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ads.addynamix[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adopt.euroclick[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@bs.serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ad.nozonedata[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@hornymatches[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@mpire.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@windowsmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@cupolaventures.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@atlas.entrepreneur[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ads.adbrite[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@newmotioninc.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ads.glispa[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@sales.liveperson[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@eas.apm.emediate[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@track.bestbuy[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@statcounter[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ad1.clickhype[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@linksynergy[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@server.iad.liveperson[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@tacoda[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@adsrevenue[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@specificclick[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@adopt.specificclick[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@advertising[5].txt
C:\Documents and Settings\Administrator\Cookies\xx@findwhat[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.pointroll[4].txt
C:\Documents and Settings\Administrator\Cookies\xx@questionmarket[5].txt
C:\Documents and Settings\Administrator\Cookies\xx@adopt.euroclick[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@gaiainteractive.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ad.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@tribalfusion[5].txt
C:\Documents and Settings\Administrator\Cookies\xx@atdmt[3].txt
C:\Documents and Settings\Administrator\Cookies\xx@www.xctrk[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@realmedia[5].txt
C:\Documents and Settings\Administrator\Cookies\xx@interclick[2].txt
C:\Documents and Settings\Administrator\Cookies\xx@hornymatches[1].txt
C:\Documents and Settings\Administrator\Cookies\xx@ads.realtechnetwork[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@media.adrevolver[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@bluestreak[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adrevolver[3].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@roiservice[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@questionmarket[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@mediatraffic[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@tribalfusion[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ads.pointroll[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adopt.specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@revsci[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@devart.adbureau[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@anad.tacoda[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@sexsearchcom[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@roiservice[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@revenue[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adserver[3].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@bridge.admarketplace[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@tour.sexsearchcom[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@login.revenueloop[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@lynxtrack[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ads.bridgetrack[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@www.elitecastingnetwork[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@elitecastingnetwork[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@www.xctrk[3].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@azjmp[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ad.outerinfoads[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adserver.mediaengine[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@overture[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@findwhat[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@incentaclick[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@waterfrontmedia.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@www.burstbeacon[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ads.imagineeasy[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adprofile[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@thunderbolt.adjuggler[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ads2.drivelinemedia[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@rotator.dex.adjuggler[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ads.realtechnetwork[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adserver.softwareonline[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@partners.tattomedia[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adserver.ringro[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@keywordmax[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@spamblockerutility[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adopt.euroclick[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@tremor.adbureau[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adbrite[3].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@click-new-download[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@countercentral[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@trafficdashboard[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@classifiedventures1.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@atwola[3].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@microsoftgamestudio.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@www.findit-quick[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@bidzcom.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@collective-media[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ads.e-planning[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@www.ticketsnow[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@dealtime[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ameriprisestats[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@www.tomtracker[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@publishers.clickbooth[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ads.adbrite[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@www.teenjobs[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adecn[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@tacoda[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@snagajob.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@nextag[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@communityconnect.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@www.clickxchange[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@www.ticketsnow2[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@edfinancial.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adultfriendfinder[3].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@yadro[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adserver.adreactor[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@optimize.indieclick[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@realmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@atlas.fixionmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@5.go.globaladsales[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@stat.onestat[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@3.adbrite[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@warnerbrothersrecords.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@server.iad.liveperson[3].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@iframe.mediaplazza[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@reduxads.valuead[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@server.cpmstar[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ads.newgrounds[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@sexual-health[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@serving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@www.incentaclick[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@superstats[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@sportskids.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@qnsr[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ads.gamershell[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@anat.tacoda[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@tribalfusion[3].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@multiply.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@philips.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ads.filecloud[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@nielsen.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@hornymatches[3].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@rotator.adjuggler[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@partner2profit[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@trafficmp[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@t2.trackalyzer[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@4.adbrite[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@path.pureadstracking[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@crackle[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ads.evtv1[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adlegend[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@interclick[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@care2.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@www.jackpotmadness[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.burstnet[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adinterax[3].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@mediapromoter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@247realmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@partners.trafficneeds[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@1800dentist.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adserver.hornymatches[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-globalgamingleague.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ads3.blastro[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@indextools[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ads4.blastro[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@aff.primaryads[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@eztracks.aavalue[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@bs.serving-sys[3].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@prospect.adbureau[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@interclick[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@teenpodcasters[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@login.tracking101[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@specificclick[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@nintendo.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ads.pointroll[3].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@a.websponsors[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ads.addynamix[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@edge.ru4[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@adopt.specificclick[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@questionmarket[3].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@2o7[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@vhost.oddcast[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@tripod[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@advertising[3].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@da-tracking[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@www.elitetvdownloads[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@elitetvdownloads[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@eas.apm.emediate[3].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@media6degrees[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@richmedia.yahoo[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@redirect.clickshield[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@findlinks.addresses[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@ad.zanox[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@jamster[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@pro-market[3].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@enhance[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@shopping.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@stat.dealtime[2].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@mediatraffic[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.outerinfoads[1].txt
C:\Documents and Settings\Administrator\Cookies\anyuser@windowsmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cdn.atwola[2].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@tribalfusion[1].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@zedo[1].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@adserver[1].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@adlegend[2].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@hitbox[2].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@adbrite[1].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@windowsmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@revsci[1].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@ehg-globalgamingleague.hitbox[2].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@adopt.euroclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@ads.pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@mediaplex[2].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@mediapromoter[2].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@www.burstnet[2].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@www.burstbeacon[1].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@ads.realtechnetwork[2].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@freecodesource.advertserve[2].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@ads.addynamix[1].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@specificclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@reduxads.valuead[1].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@bs.serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@serving-sys[2].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@ad.outerinfoads[1].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@fastclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@adopt.specificclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@ads.adbrite[1].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@trafficmp[1].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@advertising[2].txt
C:\Documents and Settings\NetworkService\Cookies\administrator@apmebf[1].txt

Adware.WhenU
HKCR\WUSN.1
HKCR\WUSN.1#WUSN_Id
C:\WINDOWS\TEMP\VVSNINST.EXE
C:\WINDOWS\TEMP\OLD9111.TMP
C:\WINDOWS\TEMP\OLD9236.TMP

Trojan.Unknown Origin
HKLM\Software\xpre
HKLM\Software\xpre#execount
C:\WINDOWS\SYSTEM\QUE1\ADED83122.EXE
C:\WINDOWS\CMD\COMMAND.EXE
C:\WINDOWS\CMD\SIORBNDFDABAYP6L6ANQIT.VBS
C:\WINDOWS\CMD\VRRAUEONVBNAEWFMJK.VBS
C:\PROGRAM FILES\COMMON FILES\MQKR\MQKRM.EXE
C:\PROGRAM FILES\TTX.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMP24.TMP
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP17\A0015084.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP17\A0015085.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0021346.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0021347.EXE

Adware.Web Buying
HKU\.DEFAULT\Software\WebBuying
HKU\S-1-5-20\Software\WebBuying
HKU\S-1-5-21-343818398-920026266-1343024091-500\Software\WebBuying
HKU\S-1-5-18\Software\WebBuying

Trojan.Net-MSV/VPS-H
HKCR\BndDrive2.Band
HKCR\BndDrive2.Band\CLSID
HKCR\BndDrive2.Band\CurVer
HKCR\BndDrive2.Band.1
HKCR\BndDrive2.Band.1\CLSID
HKCR\BndDrive2.BHO
HKCR\BndDrive2.BHO\CLSID
HKCR\BndDrive2.BHO\CurVer
HKCR\BndDrive2.BHO.1
HKCR\BndDrive2.BHO.1\CLSID

Adware.Adservs
C:\WINDOWS\SYSTEM\COMMS2\DNWLDR132.EXE
C:\WINDOWS\CMD\ASAPPSRV.DLL

Adware.ClickSpring/PuritySCAN
C:\WINDOWS\SYSTEM\WNSINTSV.EXE
C:\WINDOWS\SYSTEM32\WNSINTSV.EXE

Trojan.Downloader-Gen/DDC
C:\WINDOWS\SYSTEM32\VOOUERCD.EXE
C:\WINDOWS\SYSTEM32\GSFCETHF.EXE
C:\WINDOWS\SYSTEM32\KFJFVWIJ.EXE
C:\WINDOWS\SYSTEM32\VJQRKXAY.EXE
C:\WINDOWS\SYSTEM32\XGSVDXVD.EXE
C:\WINDOWS\SYSTEM32\TLICTSRO.EXE
C:\WINDOWS\SYSTEM32\GNGYLOJF.EXE
C:\WINDOWS\SYSTEM32\TMDTIRXD.EXE
C:\WINDOWS\SYSTEM32\LBMOKETT.EXE

Adware.ClickSpring/Resident
C:\WINDOWS\SYSTEM32\DDILIA.DLL

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\MCRH.TMP

Trojan.Downloader-Gen/MROFIN
C:\WINDOWS\MROFINU572.EXE

Adware.ClickSpring/Outer Info Network
C:\WINDOWS\TEMP\NDRF230.TMP.XML
C:\WINDOWS\TEMP\NDRA382.TMP.XML
C:\WINDOWS\TEMP\NDR80.TMP.XML
C:\WINDOWS\TEMP\NDRB124.TMP.XML
C:\WINDOWS\TEMP\NDR7320.TMP.XML
C:\WINDOWS\TEMP\NDR251.TMP.XML
C:\WINDOWS\TEMP\NDR6265.TMP.XML
C:\WINDOWS\TEMP\NDRA3A3.TMP.XML
C:\WINDOWS\TEMP\NDRB2E3.TMP.XML

Adware.Downloader Mirar/NetNucleus
C:\WINDOWS\TEMP\MBDOWNLOADER_876923.EXE

Adware.Mirar/NetNucleus
C:\WINDOWS\TEMP\NNBAR_VCSETUP_876923_LOG_IES_NODMY_AFF.EXE

TargetSaver, Inc. Process
C:\WINDOWS\TEMP\TSINSTALL_4_0_4_0_B4.EXE
C:\WINDOWS\TEMP\TSUPDATE_4_0_4_1_B3.EXE
C:\WINDOWS\TEMP\GLFB203GLFB203.EXE

Trojan.Unclassified/PackedInstaller
C:\WINDOWS\TEMP\RASESNET.EXE

Malware.LocusSoftware Inc/BestSellerAntivirus
C:\WINDOWS\TEMP\WINTAVSNET.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\QRJATYDI.EXE

Trojan.Downloader-Gen/Update
C:\WINDOWS\TEMP\!UPDATE.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\!UPDATE.EXE

Trojan.Downloader-Gen/TSITRA
C:\WINDOWS\TSITRA572.EXE
C:\WINDOWS\TSITRA.EXE

Trojan.Downloader-Gen/Insider
C:\PROGRAM FILES\INSIDER\INSIDER.EXE

Adware.Yazzle-Installer
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\YAZZSNET.EXE

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP17\A0015070.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP32\A0029431.DLL

Adware.WebBuying Assistant-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP17\A0015079.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0021337.EXE

Trojan.Downloader-Gen/BundleBase
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP17\A0015082.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD1E6839-04DA-4F0C-B076-003A1F68AE54}\RP26\A0021340.EXE

Trace.Known Threat Sources
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\4HGX4503\affupdate2[2].php
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\4HGX4503\tsupdate2[1].php


***I'm running Windows XP Pro. and I currently have service pack 3 v.3264***

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:47 AM

Posted 01 March 2008 - 02:54 AM

Hello NinjaAyameX,

Good job. Whew, :thumbsup: I see a number of infections in that log. It will take several steps to completely remove everything. Among these infections is Vundo. Let's take care of that next. Please follow the directions in this guide. If you have any questions while going through it, please post them as a reply to this topic. When you have finished the guide, please post the Vundo log as a reply.

Orange Blossom :flowers:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#9 NinjaAyameX

NinjaAyameX
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:stockton, CA
  • Local time:01:47 AM

Posted 01 March 2008 - 03:03 AM

Okay, so after I run Vundofix, where exactly am I to get the log that I'm supposed to post? Do I run another three hour scan? 0.o;

#10 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:47 AM

Posted 01 March 2008 - 03:24 AM

Hello NinjaAyameX,

The scan time varies, but I would be very surprised if it took anything close to the amount of time that the SAS scan took. Note: It may ask you to reboot if it finds a file it cannot remove. If it does, reboot and click on "Scan for Vundo" button when Vundofix shows up after rebooting.

You will find the Vundofix log here: C:\vundofix.txt To get there, go to My Computer. Open it, then open Local Disk. You will find the file listed in there. Open the file. It will open in notepad. Select all --> Copy then paste into the text screen in your reply.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#11 NinjaAyameX

NinjaAyameX
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:stockton, CA
  • Local time:01:47 AM

Posted 01 March 2008 - 10:53 PM

Okay here is the Vundo fix log:

VundoFix V6.7.8

Checking Java version...

Sun Java not detected
Scan started at 3:24:32 PM 2/24/2008

Listing files found while scanning....

C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\SYSTEM32\ababhetb.dll
C:\WINDOWS\SYSTEM32\abcyprcj.dll
C:\WINDOWS\SYSTEM32\adcxfyor.dll
C:\WINDOWS\SYSTEM32\aqxxkpxn.dll
C:\WINDOWS\SYSTEM32\befnwhjc.dll
C:\WINDOWS\SYSTEM32\bfmywwvn.dll
C:\WINDOWS\SYSTEM32\caxuyicp.dll
C:\WINDOWS\SYSTEM32\cbgkdnhx.dll
C:\WINDOWS\SYSTEM32\cjhwnfeb.ini
C:\WINDOWS\SYSTEM32\doqkcfvs.dll
C:\WINDOWS\SYSTEM32\dxkkktqk.dll
C:\WINDOWS\SYSTEM32\elcgbqpu.dll
C:\WINDOWS\SYSTEM32\eluwoxrg.dll
C:\WINDOWS\SYSTEM32\eqrpqrex.dll
C:\WINDOWS\SYSTEM32\fggwlfha.dll
C:\WINDOWS\SYSTEM32\ghyxpose.dll
C:\WINDOWS\SYSTEM32\gjeqkcqr.dll
C:\WINDOWS\SYSTEM32\gngylojf.exe
C:\WINDOWS\SYSTEM32\gsfcethf.exe
C:\WINDOWS\system32\hnpwdghn.dll
C:\WINDOWS\SYSTEM32\ijefhgit.dll
C:\WINDOWS\SYSTEM32\jatrxbfg.dll
C:\WINDOWS\SYSTEM32\jcrpycba.ini
C:\WINDOWS\SYSTEM32\jucgpdag.dll
C:\WINDOWS\SYSTEM32\kfjfvwij.exe
C:\WINDOWS\SYSTEM32\ktqixird.dll
C:\WINDOWS\SYSTEM32\laqqhbyq.dll
C:\WINDOWS\SYSTEM32\lbmokett.exe
C:\WINDOWS\SYSTEM32\ljjjige.dll
C:\WINDOWS\SYSTEM32\mehtksbv.dll
C:\WINDOWS\SYSTEM32\nabkxdyt.dll
C:\WINDOWS\SYSTEM32\netaeoxo.ini
C:\WINDOWS\SYSTEM32\nfdknlos.dll
C:\WINDOWS\SYSTEM32\npnniawu.dll
C:\WINDOWS\SYSTEM32\numnjput.dll
C:\WINDOWS\SYSTEM32\oklgutdc.dll
C:\WINDOWS\SYSTEM32\opdpnwfc.dll
C:\WINDOWS\SYSTEM32\oxoeaten.dll
C:\WINDOWS\SYSTEM32\pdxbfkra.dll
C:\WINDOWS\SYSTEM32\qrpfjely.dll
C:\WINDOWS\SYSTEM32\qywmugnx.dll
C:\WINDOWS\SYSTEM32\rfvjnwln.dll
C:\WINDOWS\SYSTEM32\rggufgyk.dll
C:\WINDOWS\SYSTEM32\royfxcda.ini
C:\WINDOWS\SYSTEM32\rqckqejg.ini
C:\WINDOWS\SYSTEM32\solnkdfn.ini
C:\WINDOWS\SYSTEM32\spenqock.dll
C:\WINDOWS\SYSTEM32\speyfwba.dll
C:\WINDOWS\SYSTEM32\svfckqod.ini
C:\WINDOWS\SYSTEM32\tlictsro.exe
C:\WINDOWS\SYSTEM32\tmdtirxd.exe
C:\WINDOWS\SYSTEM32\toxhiumd.dll
C:\WINDOWS\SYSTEM32\vbmmsted.dll
C:\WINDOWS\SYSTEM32\vhqpdvli.dll
C:\WINDOWS\SYSTEM32\vjqrkxay.exe
C:\WINDOWS\SYSTEM32\vjxujmid.dll
C:\WINDOWS\SYSTEM32\voouercd.exe
C:\WINDOWS\SYSTEM32\vpuwuknq.dll
C:\WINDOWS\SYSTEM32\vycuwghr.dll
C:\WINDOWS\SYSTEM32\wgkyohle.dll
C:\WINDOWS\SYSTEM32\wmihnmll.dll
C:\WINDOWS\SYSTEM32\wvwuv.dll
C:\WINDOWS\SYSTEM32\wvwuv.exe
C:\WINDOWS\SYSTEM32\xdicgbry.dll
C:\WINDOWS\SYSTEM32\xgsvdxvd.exe
C:\WINDOWS\SYSTEM32\xoqwesar.dll
C:\WINDOWS\SYSTEM32\yfgnfbem.dll
C:\WINDOWS\TEMP\rasesnet.exe
C:\windows\TEMP\U_GBOUND_setup.exe

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\cjhwnfeb.ini
C:\WINDOWS\SYSTEM32\cjhwnfeb.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jcrpycba.ini
C:\WINDOWS\SYSTEM32\jcrpycba.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\netaeoxo.ini
C:\WINDOWS\SYSTEM32\netaeoxo.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\npnniawu.dll
C:\WINDOWS\SYSTEM32\npnniawu.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\numnjput.dll
C:\WINDOWS\SYSTEM32\numnjput.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\pdxbfkra.dll
C:\WINDOWS\SYSTEM32\pdxbfkra.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qrpfjely.dll
C:\WINDOWS\SYSTEM32\qrpfjely.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qywmugnx.dll
C:\WINDOWS\SYSTEM32\qywmugnx.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\rggufgyk.dll
C:\WINDOWS\SYSTEM32\rggufgyk.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\royfxcda.ini
C:\WINDOWS\SYSTEM32\royfxcda.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\rqckqejg.ini
C:\WINDOWS\SYSTEM32\rqckqejg.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\solnkdfn.ini
C:\WINDOWS\SYSTEM32\solnkdfn.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\spenqock.dll
C:\WINDOWS\SYSTEM32\spenqock.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\svfckqod.ini
C:\WINDOWS\SYSTEM32\svfckqod.ini Has been deleted!

Attempting to delete C:\windows\TEMP\U_GBOUND_setup.exe
C:\windows\TEMP\U_GBOUND_setup.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.8

Checking Java version...

Sun Java not detected
Scan started at 12:18:54 AM 3/1/2008

Listing files found while scanning....


VundoFix V6.7.8

Checking Java version...

Sun Java not detected
Scan started at 5:53:06 PM 3/1/2008

Listing files found while scanning....

C:\WINDOWS\SYSTEM32\cnsfbikb.dll
C:\windows\SYSTEM32\hnpwdghn.dllbox
C:\WINDOWS\SYSTEM32\wivfxxoh.dll
C:\WINDOWS\SYSTEM32\xebdfqhg.dll

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\cnsfbikb.dll
C:\WINDOWS\SYSTEM32\cnsfbikb.dll Could not be deleted.

Attempting to delete C:\windows\SYSTEM32\hnpwdghn.dllbox
C:\windows\SYSTEM32\hnpwdghn.dllbox Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wivfxxoh.dll
C:\WINDOWS\SYSTEM32\wivfxxoh.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\xebdfqhg.dll
C:\WINDOWS\SYSTEM32\xebdfqhg.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\cnsfbikb.dll
C:\WINDOWS\SYSTEM32\cnsfbikb.dll Has been deleted!

Performing Repairs to the registry.
Done!

#12 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:47 AM

Posted 01 March 2008 - 11:09 PM

Good work NinjaAyameX,

At this point, I'm going to turn this thread over to someone with more experience than I. We need to be sure that all the Vundo has been removed, and there are other infections to deal with as well.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#13 NinjaAyameX

NinjaAyameX
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:stockton, CA
  • Local time:01:47 AM

Posted 01 March 2008 - 11:22 PM

Alright. I thank you for your help. =]

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:47 AM

Posted 02 March 2008 - 12:11 AM

I would say to run the SAS scan again and post another log. How is the pc running now . Have you rebooted?

What antivirus tools do you have?

Use the green download button and install and run the trial version of Malwarebytes' Anti-Malware
Double click the downloaded file to install the application on your computer. Once the application is installed, double click on the Malwarebytes' Anti-Malware icon to start the program. When the application is open, select Scan and the application will guide you through the remaining steps.

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply .
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:47 AM

Posted 02 March 2008 - 08:43 AM

I doubt this is going to resolve the problem.

This is a newer type of vundo infection which will create thousands of pos*.tmp files in the root of the system volume (usually your C: Drive) and may put a Red X on your drive icon(s). Deleting the files will only lead to their replacement. The malware may also attack legit programs and create new filenames with space(s) in the name before its extension. Complete removal usually requires further investigation and the use of more powerful tools than we recommend in this forum.

If your still having issues after rescanning with SAS, let us know and we will instruct you how to create and post a hijackthis log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users