Logfile of HijackThis v1.99.1
Scan saved at 11:33:23 AM, on 8/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\AOL\1154365368\ee\AOLSoftware.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe
C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe
C:\Program Files\SystemDoctor Free\sdmain.exe
C:\Program Files\Common Files\SystemDoctor\DNSE.exe
C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
c:\program files\common files\aol\1154365368\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1154365368\ee\aolsoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\AOL COMPANION\COMPANION.EXE
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\America Online 9.0a\waol.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...DTP&M=T3516
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1154365368\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" /startup
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] "C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe" /AUTORUN
O4 - HKLM\..\Run: [HelpCenter] "C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe" /P HelpCenter
O4 - HKLM\..\Run: [SystemDoctor Free] "C:\Program Files\SystemDoctor Free\sdmain.exe" /min
O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Common Files\SystemDoctor\DNSE.exe" -c
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6066\SiteAdv.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MeMe] "C:\Program Files\MeMe\MeMe.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MySpaceIM] "C:\Program Files\MySpace\IM\MySpaceIM.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Startup: DrAntispy.lnk = C:\Program Files\DrAntispy\DrAntispy.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19985B27-94B2-4958-B054-70ECD6A7F2E9}: NameServer = 205.188.146.145
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
THIS IS ANOTHER SCAN THAT I DID...
Incident Status Location
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Owner\Cookies\owner@systemdoctor[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Cookies\owner@target[2].txt
Potentially unwanted tool:Application/SystemDoctor2006 Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\USDR6_7777_BHLP0611\installer.exe
Virus:Generic Malware Disinfected C:\WINDOWS\Downloaded Program Files\MiniBugTransporter.dll
SUPERAntiSpyware Scan Log
Generated 08/01/2007 at 09:29 PM
Application Version : 3.6.1000
Core Rules Database Version : 3277
Trace Rules Database Version: 1288
Scan type : Complete Scan
Total Scan Time : 00:26:57
Memory items scanned : 689
Memory threats detected : 5
Registry items scanned : 5419
Registry threats detected : 68
File items scanned : 25734
File threats detected : 187
Trojan.Smitfraud Variant
C:\WINDOWS\SYSTEM32\GTAWCLV.DLL
C:\WINDOWS\SYSTEM32\GTAWCLV.DLL
HKLM\Software\Classes\CLSID\{e71aba09-d81a-4876-baa3-df133c1dfc48}
HKCR\CLSID\{E71ABA09-D81A-4876-BAA3-DF133C1DFC48}
HKCR\CLSID\{E71ABA09-D81A-4876-BAA3-DF133C1DFC48}\InProcServer32
HKCR\CLSID\{E71ABA09-D81A-4876-BAA3-DF133C1DFC48}\InProcServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{e71aba09-d81a-4876-baa3-df133c1dfc48}
Trojan.Media-Codec/V3
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESMN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESMN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IMSMAIN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IMSMAIN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESMIN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESMIN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IMSMN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IMSMN.EXE
HKLM\Software\Classes\CLSID\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}
HKCR\CLSID\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}
HKCR\CLSID\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}
HKCR\CLSID\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}\Implemented Categories
HKCR\CLSID\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}\InprocServer32
HKCR\CLSID\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESBPL.DLL
HKLM\Software\Classes\CLSID\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}
HKCR\CLSID\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}
HKCR\CLSID\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}#xxx
HKCR\CLSID\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}\InprocServer32
HKCR\CLSID\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESPLG.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#UninstallString
C:\Program Files\Video ActiveX Access\iesbunst.exe
C:\Program Files\Video ActiveX Access\iesunst.exe
C:\Program Files\Video ActiveX Access\ot.ico
C:\Program Files\Video ActiveX Access\ts.ico
C:\Program Files\Video ActiveX Access
C:\WINDOWS\Prefetch\IESMN.EXE-033DF62E.pf
C:\WINDOWS\Prefetch\IMSMAIN.EXE-0F631905.pf
Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@41409448[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@roiservice[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[2].txt
C:\Documents and Settings\Owner\Cookies\owner@LPservicemagic[2].txt
C:\Documents and Settings\Owner\Cookies\owner@focalex[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@1071470874[1].txt
C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@LPBofA1[1].txt
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@48986480[1].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner\Cookies\owner@file[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@popularscreensavers[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@clickbank[2].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@onlinerewardcenter[1].txt
C:\Documents and Settings\Owner\Cookies\owner@1069000761[1].txt
C:\Documents and Settings\Owner\Cookies\owner@qnsr[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adlegend[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@drivecleaner[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ez-tracks[2].txt
C:\Documents and Settings\Owner\Cookies\owner@coolsavings[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@stats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@interclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@jokes[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner\Cookies\owner@indextools[2].txt
C:\Documents and Settings\Owner\Cookies\owner@nextstat[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@optimost[2].txt
C:\Documents and Settings\Owner\Cookies\owner@1072304309[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@lynxtrack[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@nextag[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@html[3].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[3].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
C:\Documents and Settings\Owner\Cookies\owner@partner2profit[1].txt
C:\Documents and Settings\Owner\Cookies\owner@1066132848[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bizrate[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@76226072[2].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt
C:\Documents and Settings\Owner\Cookies\owner@1072725608[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@pro-market[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@57386690[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@amaena[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@1058124661[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@mediamall[1].txt
C:\Documents and Settings\Owner\Cookies\owner@directtrack[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@adultfriendfinder[1].txt
C:\Documents and Settings\Owner\Cookies\owner@1057664389[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revenue[1].txt
C:\Documents and Settings\Owner\Cookies\owner@toseeka[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@fortunecity[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@pp11[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@adtech[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@a[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@toplist[1].txt
C:\Documents and Settings\Owner\Cookies\owner@smileycentral[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@spamblockerutility[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@1070412771[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@dr1[2].txt
C:\Documents and Settings\Owner\Cookies\owner@1071207814[1].txt
Trojan.Media-Codec
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#user32.dll [ C:\Program Files\Video ActiveX Access\iesmn.exe ]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#rare [ C:\Program Files\Video ActiveX Access\imsmain.exe ]
Malware.VirusRescue
HKCR\Interface\{679B00B5-0783-4DE4-A478-7227FDD50825}
HKCR\Interface\{679B00B5-0783-4DE4-A478-7227FDD50825}\ProxyStubClsid
HKCR\Interface\{679B00B5-0783-4DE4-A478-7227FDD50825}\ProxyStubClsid32
HKCR\Interface\{679B00B5-0783-4DE4-A478-7227FDD50825}\TypeLib
HKCR\Interface\{679B00B5-0783-4DE4-A478-7227FDD50825}\TypeLib#Version
Malware.SpyLocked
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#UninstallString
Trojan.Media-Codec/V2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video AX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video AX Object#ProductionEnvironment
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video AX Object#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video AX Object#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video AX Object#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video AX Object#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video AX Object#DisplayVersion
Malware.DrAntiSpy
C:\Program Files\DrAntispy\DrAntispy.lic
C:\Program Files\DrAntispy\Uninstall.exe
C:\Program Files\DrAntispy
Malware.VirusProtectPro
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\aedxqdtpwh
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\ibjSFewykZAm
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\InprocServer32
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\Pxbrb
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\tleQNi
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\tsepzpTbfmf
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\vdskgaayomjW
HKCR\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}\veyaedbAfh
C:\Program Files\VirusProtectPro 3.5\vpp.ini
C:\Program Files\VirusProtectPro 3.5
Malware.VirusRanger
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\InprocServer
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\InprocServer32
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\InprocServer32#ThreadingModel
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\InprocServer32#InprocServer32
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\kkvMyMsxe
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\oQYvo
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\ssTmdvguKeEE
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\uqRmK
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\wwfweaxqosdi
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\yNggie
HKCR\CLSID\{14869272-E04B-66DC-80DD-58BAB2570CF0}\yWhphhf
HKCR\Interface\{139C109E-08C6-4B60-9142-860B8CD5D000}
HKCR\Interface\{139C109E-08C6-4B60-9142-860B8CD5D000}\ProxyStubClsid
HKCR\Interface\{139C109E-08C6-4B60-9142-860B8CD5D000}\ProxyStubClsid32
HKCR\Interface\{139C109E-08C6-4B60-9142-860B8CD5D000}\TypeLib
HKCR\Interface\{139C109E-08C6-4B60-9142-860B8CD5D000}\TypeLib#Version
C:\Program Files\VirusRanger\result.lst
C:\Program Files\VirusRanger\sdebug.log
C:\Program Files\VirusRanger\updater.plb
C:\Program Files\VirusRanger\vrext.dll
C:\Program Files\VirusRanger
Browser Hijacker.Favorites
C:\RECYCLER\S-1-5-21-3510669819-3275758053-2822232158-1003\DC21.URL
C:\RECYCLER\S-1-5-21-3510669819-3275758053-2822232158-1003\DC22.URL
OK I think this is all of the information that you asked for. Please let me know what I can do.