PC Help Forum - Free Computer Help, Windows, Hardware, Software and more!
   
 
Become a Member Today!
Search PC Help Forum for Answers
 
Go Back   PC Help Forum - Free Computer Help, Windows, Hardware, Software and more! > Security & Safety > Spyware / AdWare > [In Progress] HiJackThis! Logs
Reload this Page HJT Prework logs - IE issues
[In Progress] HiJackThis! Logs - HJT Prework logs - IE issues posted in the Spyware / AdWare forums; I've attached all my logs. I did not get a log after running AVG. Explained my problems after all the logs. SUPERAntiSpyware Scan Log SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware! ...

REGISTER NOW to remove these Ads

Reply
 
LinkBack Thread Tools Display Modes Language
  #1  
Old 1 Week Ago
Jkloby's Avatar
New Poster
  
Posts: 2
PC Experience: Some Experience
Jkloby - See this Members User comments on their Profile page
Question HJT Prework logs - IE issues
I've attached all my logs. I did not get a log after running AVG. Explained my problems after all the logs.



SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

Generated 05/03/2008 at 04:24 AM

Application Version : 4.0.1154

Core Rules Database Version : 3452
Trace Rules Database Version: 1404

Scan type : Complete Scan
Total Scan Time : 01:21:45

Memory items scanned : 183
Memory threats detected : 0
Registry items scanned : 5220
Registry threats detected : 9
File items scanned : 32503
File threats detected : 444

Adware.ClickSpring/Outer Info Network
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Outerinfo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Outerinfo#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Outerinfo#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\OuterinfoninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Outerinfo#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Outerinfo#InstallLocation
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Outerinfo#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Outerinfo#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Outerinfo#DisplayVersion

Adware.Tracking Cookie
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@stats.myspacesuppor t[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@tripod[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@ipoint.targetpoint[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@atwola[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@ads.associatedconte nt[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@server.iad.livepers on[4].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@server.iad.livepers on[3].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@optimize.indieclick[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@5.go.globaladsales[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@qnsr[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@ads.revsci[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@precisionclick[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@ads.edelmantech[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@ads.active[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@partner2profit[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@sixapart.adbureau[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@stats.crayola[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@cracked[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@media.mtvnservices[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@blizzardtracker[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@roiservice[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@vhost.oddcast[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@clickaider[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@inteletrack[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@eyewonder[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@track.bestbuy[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@tracking.citibank[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@www1.addfreestats[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@ads.ytmnd[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@gcc-08.googleadservices[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@gcc-00.googleadservices[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@nextag[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@bizrate[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@ads.hairboutique[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@emp3finder[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@ads.us.e-planning[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@adv.surinter[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@petfinder[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@ads.realtechnetwork[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@www.googleadservice s[11].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@www.googleadservice s[10].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@ads.boardgamegeek[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@prospect.adbureau[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@ads.glispa[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@indextools[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@aclickintime[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@adlegend[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@ads.monster[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@clickintext[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@da-tracking[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@fliptrack[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@fr.24.slidein.click intext[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@gtb1.acecounter[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@imrworldwide[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@keywordmax[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@parentingteens.abou t[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@s3.trafficmaxx[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@sales.liveperson[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@sales.liveperson[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@sales.liveperson[5].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@server.cpmstar[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@www.clickmanage[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@www.cracked[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@www.googleadservice s[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@www.googleadservice s[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@www.googleadservice s[3].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@www.googleadservice s[6].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@www.googleadservice s[7].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@www.googleadservice s[8].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Joanne\Cookies\joanne@www.googleadservice s[9].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@ticketsnow[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@ads.realtechnetwork[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@adserver.coacht[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@www.ticketsnow[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@www.sexhungrymoms[3].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@www.sexhungrymoms[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@porn.naughtyfiles[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@www.googleadservices[3].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@www.3dstats[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@www.warezquality[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@www.fullreleases[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@ads.adultswim[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@ad.adtoma[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@a.websponsors[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@ad.uk.tangozebra[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@ad.wedoo[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@ad.yieldx[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@ad.zanox[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@ad2.ip[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@ads.as4x.tmcs.ticketmaster[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@adcast.clickfly[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@adecn[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@adinterax[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@adlegend[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@ads.revsci[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@adserver.adreactor[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@adserver.easyad[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@adultadworld[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@adultfriendfinder[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@adultswim[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@adv.surinter[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@aff.primaryads[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@ar.atwola[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@atwola[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@azjmp[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@belnk[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@bizoing.tripod[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@britishliterature0.tripod[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@clickaider[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@clicktracks.commercebox[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@counter.mtree[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@dist.belnk[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@groceryfind[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@i.screensavers[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@kanoodle[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@imrworldwide[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@indextools[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@m1.webstats.motigo[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@maturefuckboy[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@millnicmedia.directtrack[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@media.adrevolver[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@media6degrees[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@mommygotfucked[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@nextag[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@onlinerewardcenter[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@optimize.indieclick[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@partner2profit[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@porn365[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@pornaccess[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@precisionclick[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@qnsr[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@richmedia.yahoo[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@screensavers[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@shefinds[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@server.cpmstar[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@server.iad.liveperson[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@sexhungrymoms[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@sexy-datings[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@stats.manticoretechnology[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@tripod[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@tracker.bitebbs[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@trafficvenuedirect[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@tremor.adbureau[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@try.screensavers[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@usenext[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@webtrack.bestsoftware[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@videoegg.adbureau[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@voodooglowskulls.tripod[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@webtrack.bestsoftware[3].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@www.findfreesheetmusic[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@www.porn365[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@www.ppctracking[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@www7.addfreestats[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\JT\Cookies\jt@xiti[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Michael\Cookies\michael@collective-media[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Michael\Cookies\michael@media.adrevolver[3].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Michael\Cookies\michael@videoegg.adbureau[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Michael\Cookies\michael@tremor.adbureau[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Michael\Cookies\michael@media6degrees[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Michael\Cookies\michael@imrworldwide[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@ads.revsci[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@order.jamster[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@images.teenspot[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@nextag[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@ads.revsci[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@ads.ecrush[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@a.websponsors[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@click.spleekums[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@forum.coolteenworld[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@i.screensavers[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@ads.myyearbook[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@ad.zanox[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@www.teenspot[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@www3.addfreestats[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@www1.addfreestats[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@adserver.adreactor[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@precisionclick[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@qnsr[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@xiti[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@www7.addfreestats[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@www4.addfreestats[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@statsgod[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@ads.joinaxxess[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@partner2profit[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@clickaider[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@eb.adbureau[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@consumergain[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@www8.addfreestats[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@ar.atwola[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@azjmp[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@media6degrees[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@onlinerewardcenter[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@mommygotfucked[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@winantivirus[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@ads.realtechnetwork[3].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@ads.realtechnetwork[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@ads.mediaturf[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@ads.as4x.tmcs.ticke tmaster[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@azoogleads[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@maxserving[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@apmebf[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@stats.ecrush[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@teenspot[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@clicket[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@www.jamster[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@server.iad.livepers on[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@teensites.student[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@adserver6.teracent[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@adserver4.teracent[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@adbriteandfreestyle[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@indextools[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@atwola[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@dist.belnk[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@screensavers[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@tremor.adbureau[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@gcc-00.googleadservices[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@www.googleadservice s[3].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@ads.newgrounds[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@www.googleadservice s[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@directtrack[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@adserver.easyad[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@freecodesource.adve rtserve[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@adlegend[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@adknowledge[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@media303[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@ads.uncoverthenet[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@chordfind[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@server.cpmstar[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@s3.trafficmaxx[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@media.adrevolver[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@jamster[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@coolsavings[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@icc.intellisrv[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@da-tracking[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@keywordmax[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@perfectpaycheck.dir ecttrack[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@ads.monster[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@try.screensavers[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@belnk[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@m1.webstats.motigo[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@adinterax[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@collective-media[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@imrworldwide[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@www.addfreestats[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@richmedia.yahoo[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@teenvogue[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Morgan\Cookies\morgan@clicks.emarketmaker s[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@casalemedia[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@statse.webtren dslive[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@questionmarket[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@sixapart.adbur eau[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@stats.channel4[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@tribalfusion[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@ad.yieldmanage r[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@realmedia[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@stat.onestat[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@serving-sys[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@fastclick[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@2o7[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@anad.tacoda[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@media6degrees[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@hitbox[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@e-2dj6wjligkajsfq.stats.esomniture[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@mediaplex[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@cendantchg.112 .2o7[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@doubleclick[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@bluestreak[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@www.googleadse rvices[5].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@www.googleadse rvices[4].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@www.googleadse rvices[3].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@www.googleadse rvices[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@www.googleadse rvices[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@ads.pointroll[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@server.iad.liv eperson[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@adlegend[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@server.iad.liv eperson[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@atdmt[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@yadro[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@server.iad.liv eperson[4].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@imrworldwide[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@media.adrevolv er[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@media.adrevolv er[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@counter.hitsli nk[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@statcounter[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@www.3dstats[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@partner2profit[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@ehg-dig.hitbox[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@ehg-youtube.hitbox[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@specificclick[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@adrevolver[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@tacoda[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@ads.revsci[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@ads.adbrite[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@adopt.euroclic k[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@revsci[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@www.burstnet[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@adbrite[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@ehg-chartercommunications.hitbox[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@bs.serving-sys[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@burstnet[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@zedo[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@perf.overture[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@advertising[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@trafficmp[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@adopt.specific click[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@sales.livepers on[3].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@sales.livepers on[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@traffic[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@apmebf[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@ads.bridgetrac k[2].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@atwola[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@ads.addynamix[1].txt
C:\My Backup -- 08-02-05 0509PM\Documents and Settings\Owner.OFFICE\Cookies\owner@msnportal.112. 2o7[1].txt
C:\Documents and Settings\Guest\Cookies\guest@media6degrees[2].txt
C:\Documents and Settings\Guest\Cookies\guest@interclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@imrworldwide[2].txt
C:\Documents and Settings\Guest\Cookies\guest@adserver.coacht[2].txt
C:\Documents and Settings\Guest\Cookies\guest@precisionclick[1].txt
C:\Documents and Settings\JT\Cookies\jt@ads.vidsense[1].txt
C:\Documents and Settings\JT\Cookies\jt@ads.adgoto[1].txt
C:\Documents and Settings\JT\Cookies\jt@adserver.coacht[2].txt
C:\Documents and Settings\JT\Cookies\jt@media6degrees[2].txt
C:\Documents and Settings\JT\Cookies\jt@www.homefuckfest[2].txt
C:\Documents and Settings\JT\Cookies\jt@www.3dstats[2].txt
C:\Documents and Settings\JT\Cookies\jt@www.mybigteenmovie[1].txt
C:\Documents and Settings\JT\Cookies\jt@adprofile[1].txt
C:\Documents and Settings\JT\Cookies\jt@ad.flux[2].txt
C:\Documents and Settings\JT\Cookies\jt@adecn[2].txt
C:\Documents and Settings\JT\Cookies\jt@adinterax[1].txt
C:\Documents and Settings\JT\Cookies\jt@adultadworld[2].txt
C:\Documents and Settings\JT\Cookies\jt@ads.cellrants[2].txt
C:\Documents and Settings\JT\Cookies\jt@ads.gmodules[1].txt
C:\Documents and Settings\JT\Cookies\jt@ads.gmodules[3].txt
C:\Documents and Settings\JT\Cookies\jt@ads.revsci[1].txt
C:\Documents and Settings\JT\Cookies\jt@adv.surinter[1].txt
C:\Documents and Settings\JT\Cookies\jt@atwola[2].txt
C:\Documents and Settings\JT\Cookies\jt@chitika[2].txt
C:\Documents and Settings\JT\Cookies\jt@choice4adults[2].txt
C:\Documents and Settings\JT\Cookies\jt@clickintext[2].txt
C:\Documents and Settings\JT\Cookies\jt@clicksor[2].txt
C:\Documents and Settings\JT\Cookies\jt@collective-media[2].txt
C:\Documents and Settings\JT\Cookies\jt@devart.adbureau[1].txt
C:\Documents and Settings\JT\Cookies\jt@everybodyfucks[2].txt
C:\Documents and Settings\JT\Cookies\jt@hot-adulttube08[1].txt
C:\Documents and Settings\JT\Cookies\jt@hot-adulttube08[2].txt
C:\Documents and Settings\JT\Cookies\jt@hot-adulttube08[4].txt
C:\Documents and Settings\JT\Cookies\jt@imrworldwide[2].txt
C:\Documents and Settings\JT\Cookies\jt@interclick[1].txt
C:\Documents and Settings\JT\Cookies\jt@justsexyvideos[2].txt
C:\Documents and Settings\JT\Cookies\jt@keywordmax[1].txt
C:\Documents and Settings\JT\Cookies\jt@media.zoominfo[1].txt
C:\Documents and Settings\JT\Cookies\jt@media.adrevolver[3].txt
C:\Documents and Settings\JT\Cookies\jt@mommygotfucked[2].txt
C:\Documents and Settings\JT\Cookies\jt@mystats[1].txt
C:\Documents and Settings\JT\Cookies\jt@optimize.indieclick[2].txt
C:\Documents and Settings\JT\Cookies\jt@partner2profit[1].txt
C:\Documents and Settings\JT\Cookies\jt@pcstats[1].txt
C:\Documents and Settings\JT\Cookies\jt@pornhost[2].txt
C:\Documents and Settings\JT\Cookies\jt@precisionclick[1].txt
C:\Documents and Settings\JT\Cookies\jt@sales.liveperson[3].txt
C:\Documents and Settings\JT\Cookies\jt@sitestat.mayoclinic[1].txt
C:\Documents and Settings\JT\Cookies\jt@sixapart.adbureau[2].txt
C:\Documents and Settings\JT\Cookies\jt@tremor.adbureau[1].txt
C:\Documents and Settings\JT\Cookies\jt@www.fuckinghomemade[1].txt
C:\Documents and Settings\Morgan\Cookies\morgan@optimize.indieclick[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@precisionclick[1].txt
C:\Documents and Settings\Morgan\Cookies\morgan@www.teenspot[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@partner2profit[1].txt
C:\Documents and Settings\Morgan\Cookies\morgan@azjmp[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@mystats[1].txt
C:\Documents and Settings\Morgan\Cookies\morgan@adecn[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@media6degrees[1].txt
C:\Documents and Settings\Morgan\Cookies\morgan@track.bestbuy[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@sr1.ads2media[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@ads.realtechnetwork[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@teenspot[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@tripod[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@atwola[1].txt
C:\Documents and Settings\Morgan\Cookies\morgan@tremor.adbureau[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@freecodesource.adve rtserve[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@jamster[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@imrworldwide[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@collective-media[2].txt
C:\Documents and Settings\Morgan\Cookies\morgan@interclick[2].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@casalemedia[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@track.bestbuy[2].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@sitestat.mayoclinic[2].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@statse.webtrendslive[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@questionmarket[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@ehg.hitbox[2].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@dmtracker[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@overture[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@fastclick[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@anad.tacoda[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@serving-sys[2].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@anat.tacoda[2].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@edge.ru4[2].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@media6degrees[2].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@adserving.autotrader[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@iacas.adbureau[2].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@www.googleadservices[4].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@traffic.prod.cobaltgroup[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@ehg-lifetimeentertainment.hitbox[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@msthirteen[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@www.googleadservices[5].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@kelleybluebook.112.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@interclick[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@findarticles[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@www.googleadservices[9].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@www.googleadservices[8].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@marketlive.122.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@goodyear.122.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@imrworldwide[2].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@collective-media[2].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@ads.franklinis[2].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@ehg-freddiemac.hitbox[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@partner2profit[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@e-2dj6wjmyujajseq.stats.esomniture[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@ads.revsci[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@nextag[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@phg.hitbox[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@zedo[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@burstnet[2].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@bp.specificclick[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@247realmedia[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@sales.liveperson[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@trafficmp[2].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@traffic[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@ehg-autozone.hitbox[2].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@trackapartner[2].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@commission-junction[2].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@a.findarticles[1].txt
C:\Documents and Settings\Owner.YOUR-A0DD45FB7F\Cookies\owner@atwola[1].txt

Adware.ClickSpring/Yazzle
C:\PROGRAM FILES\COMMON FILES\YAZZLE1552OINADMIN.EXE
C:\PROGRAM FILES\COMMON FILES\YAZZLE1552OINUNINSTALLER.EXE
C:\WINDOWS\Prefetch\YAZZLE1552OINADMIN.EXE-01D813FF.pf

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\000070.EXE
C:\WINDOWS\Prefetch\000070.EXE-122E4FF3.pf


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:34 PM, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA DA.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...ys=DTP&M=T6540
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...ys=DTP&M=T6540
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA DA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/tes...enXInstall.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/...nlineGames.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: J - Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources - C:\DOCUME~1\Joanne\LOCALS~1\Temp\J.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 8063 bytes


Anytime we log on with internet explorer it would log us out with an error message saying encountered a problem must close - sent a report. one time a got a pop up telling me to disable Dr. Watson - but since I had not gone to the Microsoft site myself I ignored it. We had Live One Care trial - because the computer completly crashed a couple of months ago and we lost everything. Had to reinstall. It would not recognize that this computer was previoustly licensed - so did the trial. We also lost our sound. No sound device is found. I removed Live one care and installed Pc tools anti virus and ran it - found nothing- downloaded AD aware - scanned and fixed - then downloaded Hijack this and scanned - uploaded and chose your site. Then did the prework. I am able to get online with Mozilla Firefox that my son had downloaded prev to use. But it still gives me problems connecting to various servers - ie: Grisoft, Panda etc....
Hope this helps you to help us. Much appreciate it. Tired of a very slow system and the inability to do what we want.

Thanks,
Joanne
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #2  
Old 1 Week Ago
Pancake's Avatar
Senior Security Analyst
  
Posts: 1,620
PC Experience: Elite PC Guru
Location: Victoria, Australia
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: HJT Prework logs - IE issues
Please download SDFix from here and save it to your desktop
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.
=================================

Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.
Please visit this webpage for download links, and instructions for running ComboFix

When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

__________________
  • An Australian Member of
  • and
My real name is Eddy
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #3  
Old 1 Week Ago
Jkloby's Avatar
New Poster
  
Posts: 2
PC Experience: Some Experience
Jkloby - See this Members User comments on their Profile page
Default Re: HJT Prework logs - IE issues
I am unable to connect to the website to download ComboFix. I also cannot download IE from Microsoft website. Any other ideas to get the file? Also her is the log from the SDfix.


SDFix: Version 1.179
Run by Joanne on Sun 05/04/2008 at 12:19 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\000080.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 12:38:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Nls\MUILanguages\RCV2\clb.dll]
"0"=hex:00,00,28,0a,01,00,05,00
"1"=hex:b6,00,b6,eb,2f,6b,03,cb,5a,e8,c3,ac,b9,40, 38,e1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Nls\MUILanguages\RCV2\clbcatex.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:cf,24,2a,85,a4,d7,fe,3c,03,76,96,fe,18,b6, ec,d3
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Nls\MUILanguages\RCV2\clbcatq.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:6a,b7,9d,1d,7d,d8,1d,46,23,79,12,2a,da,6a, 19,42
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vmdesched.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Network\vmdesched.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\clbdriver]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\??\globalroot\systemroot\syst em32\drivers\vmdesched.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nl s\MUILanguages\RCV2\clb.dll]
"0"=hex:00,00,28,0a,01,00,05,00
"1"=hex:b6,00,b6,eb,2f,6b,03,cb,5a,e8,c3,ac,b9,40, 38,e1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nl s\MUILanguages\RCV2\clbcatex.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:cf,24,2a,85,a4,d7,fe,3c,03,76,96,fe,18,b6, ec,d3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nl s\MUILanguages\RCV2\clbcatq.dll]
"0"=hex:2a,00,3e,11,0c,00,d1,07
"1"=hex:6a,b7,9d,1d,7d,d8,1d,46,23,79,12,2a,da,6a, 19,42
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Sa feBoot\Minimal\vmdesched.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Sa feBoot\Network\vmdesched.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\c lbdriver]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\??\globalroot\systemroot\syst em32\drivers\vmdesched.sys"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\clbImageData]
"affid"="7"
"subid"="run01"
"prov"="10010"
"server"=" "
"flagged"=dword:00000001
"googleadserver"="pagead2.googlesyndication.co m"
"control"=hex:1a,00,15,13,07,11,5b,1b,1e,1b,0b,15, 08,13,1b,0a,0b,f2,e0,ec,f0,..

scanning hidden files ...

C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll 110080 bytes executable
C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll 498688 bytes executable
C:\WINDOWS\system32\drivers\vmdesched.sys 6656 bytes executable
C:\WINDOWS\system32\clb.dll 10752 bytes executable
C:\WINDOWS\system32\clbcatex.dll 110080 bytes executable
C:\WINDOWS\system32\clbcatq.dll 498688 bytes executable
C:\WINDOWS\system32\clbcfg.dat 1695 bytes
C:\WINDOWS\system32\cdosys.dll 35328 bytes executable
C:\WINDOWS\system32\clbinit.dll 1695 bytes
C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll 110080 bytes executable
C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll 501248 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 11


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Prog ram Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled: AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Prog ram Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled: AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1202258772\\EE\\AOLServiceHost.exe"="C :\\Program Files\\Common Files\\AOL\\1202258772\\EE\\AOLServiceHost.exe:*:E nabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\ \Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Ena bled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax "
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:Tur boTax Update Manager"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpac eIM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 14 May 2003 49,224 A..H. --- "C:\Program Files\America Online 8.0\aolphx.exe"
Wed 14 May 2003 36,940 A..H. --- "C:\Program Files\America Online 8.0\aoltray.exe"
Wed 14 May 2003 237,636 A..H. --- "C:\Program Files\America Online 8.0\waol.exe"
Wed 18 Oct 2006 64,000 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
Thu 26 Jul 2007 8 ..SHR --- "C:\My Backup -- 08-02-05 0509PM\WINDOWS\system32\E6675BD8B6.sys"
Thu 26 Jul 2007 2,516 A.SH. --- "C:\My Backup -- 08-02-05 0509PM\WINDOWS\system32\KGyGaAvL.sys"
Wed 14 May 2003 49,226 A..H. --- "C:\Program Files\America Online 8.0\COMIT\cswitch.exe"
Wed 27 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 15 Feb 2007 4,348 A.SH. --- "C:\My Backup -- 08-02-05 0509PM\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 8 Jul 2007 146,432 ..SHR --- "C:\My Backup -- 08-02-05 0509PM\Program Files\Verizon Wireless\V CAST Music Manager (A950)\Setup.exe"
Mon 7 May 2007 53,248 A.SHR --- "C:\My Backup -- 08-02-05 0509PM\Program Files\Verizon Wireless\V CAST Music Manager (A950)\_Setupx.dll"
Thu 5 Jul 2007 146,432 ..SHR --- "C:\My Backup -- 08-02-05 0509PM\Program Files\Verizon Wireless\V CAST Music Manager\Setup.exe"
Mon 7 May 2007 53,248 A.SHR --- "C:\My Backup -- 08-02-05 0509PM\Program Files\Verizon Wireless\V CAST Music Manager\_Setupx.dll"
Tue 5 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72 525ea90a47679441587835c9\BIT1.tmp"
Thu 1 Feb 2007 0 A.SH. --- "C:\My Backup -- 08-02-05 0509PM\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 14 May 2003 106,496 A..H. --- "C:\Program Files\Common Files\aolshare\shell\us\shellext.dll"
Tue 15 Jan 2008 8 A..H. --- "C:\My Backup -- 08-02-05 0509PM\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch1\lock.tmp"
Tue 15 Jan 2008 8 A..H. --- "C:\My Backup -- 08-02-05 0509PM\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch2\lock.tmp"
Tue 15 Jan 2008 8 A..H. --- "C:\My Backup -- 08-02-05 0509PM\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch3\lock.tmp"
Tue 15 Jan 2008 8 A..H. --- "C:\My Backup -- 08-02-05 0509PM\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch4\lock.tmp"
Wed 16 Jan 2008 8 A..H. --- "C:\My Backup -- 08-02-05 0509PM\Documents and Settings\All Users\Application Data\Microsoft\OC\Channels\ch5\lock.tmp"

Finished!
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #4  
Old 1 Week Ago
Pancake's Avatar
Senior Security Analyst
  
Posts: 1,620
PC Experience: Elite PC Guru
Location: Victoria, Australia
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: HJT Prework logs - IE issues
SDfix has removed a trojan and I cant see any more so that may have fixed your problem

__________________
  • An Australian Member of
  • and
My real name is Eddy
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
Reply

« HJT Log | log »

Go Back   PC Help Forum - Free Computer Help, Windows, Hardware, Software and more! > Security & Safety > Spyware / AdWare > [In Progress] HiJackThis! Logs
Reload this Page HJT Prework logs - IE issues




Thread Tools