View Full Version : SurfSideKick; Windows Security Center disabled
renegade
2006-07-27, 22:50
've been having trouble with the windows security center problems in spybot. i scanned through a few threads but it didn't seem to help me because my computer DID have malware (SurfSideKick). in the last few days, but i've manually cleaned out all of Surf SideKick that i know-- and it hasn't shown up in the sweep when i run it. so this is my next problem-- i'm not sure whether it has to do with SurfSideKick, or if its something new:
when i run spybot all 7 of the security center alerts come up. however when i got to the control panel > security center, it says that my firewall is off. when i go to recommendations and select "enable now" it says something like "We're sorry, windows security center cannot turn on the firewalls. please try to turn them on yourself by...."
so i go back to the security center home and select "windows firewall", but heres where the problem occurs. the entire "general" tab is dimmed, so i cannot turn the firewall off.
lastly, when i go to my registry editor, to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
there are the problems, the firewall.override, etc. etc.
i try to delete them, and they do delete, but then whenever i try to access the security center again, they pop back up in the registry editor.
lastly, sometimes random processes start running and slow down my computer-- taking up to 99% CPU. i'm not sure if this has anything to do with the same virus, but they definitely are not supposed to be running and when it happens i boot up the comp in safe mode and delete them manually (they refuse to end or delete while in normal mode)
i am at wits end on what to do... any help is greatly appreciated. thank you in advance =)
~Renegade
Hello.
Please follow the instructions for posting in the malware forum as I responded here:
http://forums.spybot.info/showpost.php?p=35137&postcount=41
Here is the link again:
BEFORE you post and who will advise you. Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)
Two of your posts in other members malware topics were removed.
Thank you.
renegade
2006-07-28, 01:52
Logfile of HijackThis v1.99.1
Scan saved at 6:50:30 PM, on 7/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\taskib.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1134336251\ee\aolsoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\cjnr4r4zskdwpi.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Wei Jia Ni\Desktop\HJT\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ozbyq Class - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - C:\WINDOWS\system32\xeymi.dll (file missing)
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134336251\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [keyboard] C:\\kybrdef_7.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKLM\..\Run: [defender] C:\\dfndref_7.exe
O4 - HKLM\..\Run: [{0D-DB-BF-F4-ZN}] c:\windows\system32\dwdsregt.exe CORN003
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Documents and Settings\Wei Jia Ni\Desktop\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [spywarebot] C:\Documents and Settings\Wei Jia Ni\Desktop\SpywareBot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIMKatie\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIMKatie\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\ivxmontr.dll (file missing)
O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\system32\kqdur.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\ExnClass.Dll (file missing)
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\apmlib.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Print Spooler Service (SpoolSvc203) - Unknown owner - C:\WINDOWS\system32\cjnr4r4zskdwpi.exe
O23 - Service: Network Station Task Manager (TSKIB) - Unknown owner - C:\WINDOWS\taskib.exe
LonnyRJones
2006-08-02, 09:18
Welcome renegade
Thanks for your patience, if your still in need of assistance and are not
recieving it at another forum, uninstall SpywareBot and quicklinks via addremove programs then Post a fresh hijackthis log please.
renegade
2006-08-03, 22:17
Logfile of HijackThis v1.99.1
Scan saved at 3:16:37 PM, on 8/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1134336251\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIMKatie\aim.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\system32\winlogon.exe
C:\Documents and Settings\Wei Jia Ni\Desktop\HJT\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ozbyq Class - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - C:\WINDOWS\system32\xeymi.dll (file missing)
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134336251\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{0D-DB-BF-F4-ZN}] c:\windows\system32\dwdsregt.exe CORN003
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Documents and Settings\Wei Jia Ni\Desktop\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIMKatie\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIMKatie\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\ivxmontr.dll (file missing)
O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\system32\kqdur.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\ExnClass.Dll (file missing)
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\apmlib.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Print Spooler Service (SpoolSvc203) - Unknown owner - C:\WINDOWS\system32\cjnr4r4ngyrk.exe (file missing)
is that right?
LonnyRJones
2006-08-04, 01:35
Open a command prompt (start run type cmd press enter) type
sc delete "SpoolSvc203"
press enter type
sc delete TSKIB
press enter, type exit and press enter to exit the command prompt
Start Hijackthis and place a check next to these items If there.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
O2 - BHO: Ozbyq Class - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - C:\WINDOWS\system32\xeymi.dll (file missing)
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [{0D-DB-BF-F4-ZN}] c:\windows\system32\dwdsregt.exe CORN003
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.
renegade
2006-08-04, 20:25
okay, i did everything up to the combofix. i downloaded combofix but it doesn't work properly. when i type "y" and hit enter, it gives me an error message like "possible rootkit interference. talk to a forum helper"
any suggestions?
LonnyRJones
2006-08-05, 00:22
Please download Look2Me-Destroyer.exe to your to the root drive, eg: Local Disk C: or partition where your operating system is installed.
http://www.atribune.org/content/view/28/
Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 to five minute's. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Wait about Four minutes, Turn your computer back on.
Please post the contents of Look2Me-Destroyer.txx
Post a report from this tool if any FILES show
F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml
Click the i accept button near the bottom of that page.
Download and run blacklite click > scan then > next, next again then exit
there will be a new txt near blacklite. post it please.
Important: If any files show Do not rename them YET.....legitimate files can be listed.
AndyManchesta
2006-08-07, 02:04
Hi Renegade
Lonny has asked me to post on this topic as there is a fixtool available for the rootkit infection that is present on your system,
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.zip) and save it to your desktop.
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will count down from 15 Seconds and restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will display Finished, press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
Let us know if you have any problems
Thanks
Andy
renegade
2006-08-10, 22:54
SDFix Version 1.06
************************
Scan Time/Date:
03:51 PM
Thu 08/10/2006
Microsoft Windows XP [Version 5.1.2600]
Running from directory:
C:\Documents and Settings\-Katie-\Desktop\SDFix
Stage One...
Exporting Service Information:
Service Name
**************
Service File Path
*******************
Deleting Services
*******************
Repairing SDBot Registry Changes....
Adding Reg Key To Run On Reboot
Stage One Complete...
Rebooting!
Stage Two...
Removing Malware Files and Registry Entries
***********************************************
Registry Cleaning Finished...
Checking For Malware Files...
(If any are found they will be listed below)...
C:\WINDOWS\Temp\cjnr4r436B7FF94.tmp
Backing Up and Deleting any Files Listed....
Finished :)
renegade
2006-08-10, 22:55
Logfile of HijackThis v1.99.1
Scan saved at 3:54:04 PM, on 8/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\1134336251\ee\aolsoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIMKatie\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Wei Jia Ni\Desktop\HJT\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134336251\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Documents and Settings\Wei Jia Ni\Desktop\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [keyboard] C:\\kybrdef_7.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKLM\..\Run: [defender] C:\\dfndref_7.exe
O4 - HKLM\..\Run: [{0D-DB-BF-F4-ZN}] c:\windows\system32\dwdsregt.exe CORN003
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
O4 - HKLM\..\Run: [spywarebot] C:\Documents and Settings\Wei Jia Ni\Desktop\SpywareBot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIMKatie\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIMKatie\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\ivxmontr.dll (file missing)
O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\system32\kqdur.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\ExnClass.Dll (file missing)
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\apmlib.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
AndyManchesta
2006-08-11, 00:19
Hi Renegade
Thanks for the log, if there is a rootkit on your system it doesnt appear to be connected to the HackerDefender variant as the report is clear, with it showing the file in your running processes in your earlier log the rootkit component may not of installed correctly but it was worth making sure, the script should of repaired the problems you was having with the Security Center but let me know if Spybot is still finding problems, the infection has just been updated within the last hour or two but the script is still removing it so you may have something else on board which is interfering. Lets get things cleaned up abit then run a rootkit scan and take it from there.
Id recommend removing SpywareBot from the Add/Remove screen (Start Menu > Control Panel > Add or Remove Programs), It has no connection to Spybot Search and Destroy although it did use the name Search and Destroy on its website pages and search engines at one stage to trick novice users into thinking they were getting Spybot S&D, If you have payed for it then its up to you if you trust the company that makes it but if its free, Id suggest it be removed from your system.
Run Hijack This and choose Do A System Scan then place a check next to these entries
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = ht*p://www.mrfindalot.com/search.asp?si=
O4 - HKLM\..\Run: [keyboard] C:\\kybrdef_7.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKLM\..\Run: [defender] C:\\dfndref_7.exe
O4 - HKLM\..\Run: [{0D-DB-BF-F4-ZN}] c:\windows\system32\dwdsregt.exe CORN003
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\ivxmontr.dll (file missing)
O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\system32\kqdur.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\ExnClass.Dll (file missing)
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\apmlib.dll (file missing)
Close all open browser and other windows except for Hijack This and press the Fix Checked button
Download Killbox from Here (http://www.killbox.net/downloads/KillBox.exe)
Click killbox.exe
Select the option "Delete on reboot".
Click the button: All Files (Important!)
Now it should flash green.
Next copy the contents of the code box to clipboard by left clicking and covering the text then right click inside the highlighted area and choose Copy:
C:\\kybrdef_7.exe
C:\WINDOWS\system32\ssn6tuu.exe
C:\\dfndref_7.exe
c:\windows\system32\dwdsregt.exe
C:\WINDOWS\system32\xeymi.dll
After copying the above text to Clipboard click File on the killbox menu bar and choose Paste From Clipboard
Then press the Delete File button (Red Circle with a White X).
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES
If you don't get that message, reboot manually.
Your computer should reboot now.
After reboot please complete the steps Lonny posted:
Please download Look2Me-Destroyer.exe (http://www.atribune.org/ccount/click.php?id=7) to your desktop.
Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If you receive a message from your firewall about this program accessing the internet please allow it.
If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
Then download Blacklight beta HERE (https://europe.f-secure.com/blacklight/try.shtml) and save it to your desktop.
Run the program, accept statement > click next then scan
When its finished scanning exit the program and post back the log if it detects hidden files, The log is called 'fsbl-<date/time>.log' which will save to the same location as the blbeta.exe file.
Please then post back the Look2me destroyer.txt, Blacklight's log if it finds any hidden files and a new HijackThis log.
Cheers
Andy
renegade
2006-08-11, 04:16
thank you for all your help so far =)
i no longer get Windows Security Center alerts from Spybot
however, i'm looking on my add/remove list, and SpywareBot isn't on there. only SpyBot...?
also, i did okay up to the Killbox step. i downloaded Killbox but when i tried to copy the code, Killbox only takes the first line of the copied text. i'm not sure exactly how to put in the other text so that it will work properly.
AndyManchesta
2006-08-11, 04:42
Hey Renegade
No Problem about the help, there's still alot left to check to help you get the PC clean again.
If SpywareBot isnt on the Add/Remove screen and you did want to remove it then fix this entry with HijackThis
Run Hijack This and choose Do A System Scan then place a check next to this entry
O4 - HKLM\..\Run: [spywarebot] C:\Documents and Settings\Wei Jia Ni\Desktop\SpywareBot\SpywareBot.exe -boot
Close all open browser and other windows except for Hijack This and press the Fix Checked button
Then delete the SpywareBot folder on the Desktop if it still exists.
For Killbox,
When you run the program and choose delete on reboot you then need to click the All Files button (it then flashes green), you can then copy the file list to clipboard by covering the text and right click and choose copy
C:\\kybrdef_7.exe
C:\WINDOWS\system32\ssn6tuu.exe
C:\\dfndref_7.exe
c:\windows\system32\dwdsregt.exe
C:\WINDOWS\system32\xeymi.dll
Then click File on the killbox menu bar and choose Paste From Clipboard and it should then add all the files and you just need to press the delete button. Ive just tested it on myown system by creating files with the same names and it worked fine but if you have any problems with it then manually delete these files:
C:\\kybrdef_7.exe
C:\\dfndref_7.exe
C:\WINDOWS\system32\ssn6tuu.exe
c:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\xeymi.dll
If you need to remove them manually and have problems finding any then please set Windows to show hidden files and folders and check again to make sure they do not exist.
Click Start. Goto MyComputer then C:\drive
Select the Tools menu from the top bar and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
UnCheck the "Hide protected operating system files (recommended)" option.
Click Yes to confirm then OK
Set this back once you have removed the files by opening the same page and pressing the Restore Defaults button the click Apply and OK.
Let us know if you have any problems and post back the look2me destroyer and blacklight logs once they have been run.
Thanks
Andy
renegade
2006-08-11, 20:06
again, when i try to copy the Killbox code, it only pastes the first line (as there is only one form line in the killbox prompt). so i tried to put them all in separately using "single file" instead. however when it tried to shut down, the program hit me with an error message:
"PendingFileRenameOperations Registry Data has been Removed by External Process!"
BlackLight Beta did not find anything.
Here is the Look2Me log:
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 8/11/2006 12:56:03 PM
Attempting to delete infected files...
Making registry repairs.
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1D62C33B-48B4-4126-8E38-678C2147DFAC}"
HKCR\Clsid\{1D62C33B-48B4-4126-8E38-678C2147DFAC}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{AAAE9F4D-52B4-4EC2-8233-4CE2C81C8CAD}"
HKCR\Clsid\{AAAE9F4D-52B4-4EC2-8233-4CE2C81C8CAD}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{676CBB1A-D1FA-4D99-8F03-A498174DA0F6}"
HKCR\Clsid\{676CBB1A-D1FA-4D99-8F03-A498174DA0F6}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0BE1DEA3-8C95-44A6-834E-6FA27A8ED865}"
HKCR\Clsid\{0BE1DEA3-8C95-44A6-834E-6FA27A8ED865}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9EC0CCCB-A5F6-47A7-95A6-AEC2701A872D}"
HKCR\Clsid\{9EC0CCCB-A5F6-47A7-95A6-AEC2701A872D}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E19F8941-02C7-44C5-BE60-410C62DE8B45}"
HKCR\Clsid\{E19F8941-02C7-44C5-BE60-410C62DE8B45}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{633A7BE0-EA03-4A7D-BDEE-44529817DE98}"
HKCR\Clsid\{633A7BE0-EA03-4A7D-BDEE-44529817DE98}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrators - Succeeded
AndyManchesta
2006-08-11, 20:34
Hi Renegade,
No Problem, just delete those files manually ,
There maybe still some malware issues which are causing problems with the tools so It's best we check your system in more detail and see if any problems show in the results.
Download Ewido Anti-Spyware (http://www.ewido.net/en/download/)
Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Click on the Scanner tab at the top and then click on Complete System Scan
Ewido will list any infections found on the left, when the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will then display "All actions have been applied" on the right.
Click on "Save Report" after Ewido has removed the entries, then click "Save Report As". This will create a text file which you can then save to the Desktop and post back
Next can you run the following batch file and post back the results.
Open Notepad (Start Menu > Run > Type notepad and press OK)
Copy and Paste the contents of the code box into Notepad
if exist Check.txt del /q Check.txt
echo. >> Check.txt
echo Uninstall List: >> Check.txt
echo. >> Check.txt
regedit /e List.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
FIND "DisplayName" < List.txt | find /v "QuietDisplayName" | find /v "ParentDisplayName" | find /v "ShowDisplayName" | find /v "WebFldrs XP" > List1.txt
for /f "tokens=2 delims==" %%a in (List1.txt) do echo %%~a >> Check.txt
echo. >> Check.txt
echo Policy Keys: >> Check.txt
echo. >> Check.txt
regedit /e Policy1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies"
regedit /e Policy2.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies"
Type Policy*.txt >> Check.txt
del /q Policy*.txt
del /q List*.txt
Notepad Check.txt
Goto File on the top bar and choose Save As, Change the Save As Type to All Files, Name it Check.bat then save it to your desktop
Double click Check.bat and it will export the information from the uninstall key and the policy keys and then open the information in notepad, please post the contents of that text file (Check.txt) back on the forum
Finally run Hijack This, Choose Open the Misc tools section, On the StartUp List area at the top, place a check next to List Also Minor Sections (full) and List Empty Sections (complete) then press Generate StartUp List Log and Yes at the prompt. Please post the text file that opens into your next reply.
Please then post back the Ewido report, the Check.bat export details and the StartupList (Post them in seperate replies if needed to make sure all the information is included)
Let us know if you have any problems
Andy
renegade
2006-08-12, 18:42
StartupList report, 8/12/2006, 11:39:52 AM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Wei Jia Ni\Desktop\HJT\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Documents and Settings\-Katie-\Desktop\Anti-Virus Stuff\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\1134336251\ee\aolsoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\-Katie-\Desktop\Anti-Virus Stuff\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\AIMKatie\aim.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Wei Jia Ni\Desktop\HJT\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\-Katie-\Start Menu\Programs\Startup]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
VTTimer = VTTimer.exe
VTTrayp = VTtrayp.exe
SoundMan = SOUNDMAN.EXE
ShStatEXE = "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
McAfeeUpdaterUI = "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
Network Associates Error Reporting Service = "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
HostManager = C:\Program Files\Common Files\AOL\1134336251\ee\AOLHostManager.exe
ViewMgr = C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
UnlockerAssistant = "C:\Documents and Settings\Wei Jia Ni\Desktop\Unlocker\UnlockerAssistant.exe"
!ewido = "C:\Documents and Settings\-Katie-\Desktop\Anti-Virus Stuff\ewido anti-spyware 4.0\ewido.exe" /minimized
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
AIM = C:\Program Files\AIMKatie\aim.exe -cnetwait.odl
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\ssstars.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
--------------------------------------------------
Enumerating Task Scheduler jobs:
MP Scheduled Scan.job
XoftSpySE.job
--------------------------------------------------
Enumerating Download Program Files:
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204
[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AMD Processor Driver: system32\DRIVERS\AmdK8.sys (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: system32\DRIVERS\arp1394.sys (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
renegade
2006-08-12, 18:43
Canon Camera Access Library 8: C:\Program Files\Canon\CAL\CALMAIN.exe (autostart)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
EntDrv51: \??\C:\WINDOWS\system32\drivers\EntDrv51.sys (manual start)
EPSON Printer Status Agent2: C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (autostart)
EPSON USB Storage Driver: system32\DRIVERS\epusbsto.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
ewido anti-spyware 4.0 driver: \??\C:\Documents and Settings\-Katie-\Desktop\Anti-Virus Stuff\ewido anti-spyware 4.0\guard.sys (system)
ewido anti-spyware 4.0 guard: C:\Documents and Settings\-Katie-\Desktop\Anti-Virus Stuff\ewido anti-spyware 4.0\guard.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
VIA Rhine-Family Fast Ethernet Adapter Driver Service: system32\DRIVERS\fetnd5bv.sys (manual start)
VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver: system32\DRIVERS\fetnd5.sys (manual start)
VIA Rhine Family Fast Ethernet Adapter Driver Service: system32\DRIVERS\fetnd5b.sys (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms: system32\DRIVERS\gagp30kx.sys (system)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
iPodService: C:\Program Files\iPod\bin\iPodService.exe (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
McAfee Framework Service: C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart (autostart)
Network Associates McShield: "C:\Program Files\Network Associates\VirusScan\Mcshield.exe" (autostart)
Network Associates Task Manager: "C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe" (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
NaiAvFilter1: system32\drivers\naiavf5x.sys (manual start)
NaiAvTdi1: system32\drivers\mvstdi5x.sys (system)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: system32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Upper Class Filter Driver: system32\DRIVERS\NTIDrvr.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NTSIM: \??\C:\WINDOWS\system32\ntsim.sys (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
VIA OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (system)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
802.11a/g USB Driver: system32\DRIVERS\WUSB20XP.sys (manual start)
Processor Driver: system32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Sony USB Filter Driver (SONYPVU1): system32\DRIVERS\SONYPVU1.SYS (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{9310F0C6-FAB2-47F8-817E-B22F867DFB99} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
viagfx: system32\DRIVERS\vtmini.sys (manual start)
ViaIde: system32\DRIVERS\viaide.sys (system)
viamraid: system32\DRIVERS\viamraid.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Defender Service: "C:\Program Files\Windows Defender\MsMpEng.exe" (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: *Registry key not found*
SysTray: C:\WINDOWS\system32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
End of report, 33,217 bytes
Report generated in 0.078 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
renegade
2006-08-12, 18:44
Uninstall List:
S3GSetup
Adobe Shockwave Player
Adobe Download Manager 2.0 (Remove Only)
AOL Explorer
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
ewido anti-spyware 4.0
Film Factory
Quicklinks
HijackThis 1.99.1
Canon Utilities PhotoStitch 3.1
Canon Camera Window DSLR 5 for ZoomBrowser EX
NTI DVD-Maker
VIA Platform Device Manager
Canon PowerShot S45 WIA Driver
NTI DriveBackup! 4
NTI Backup NOW! 4
iPod for Windows 2006-01-10
Canon RAW Image Task for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
iTunes
Canon Camera Window MC 6 for ZoomBrowser EX
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Utilities RemoteCapture 2.7
QuickTime
Canon Utilities File Viewer Utility 1.2
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
LimeWire 4.12.4
Mozilla Firefox (1.5)
Canon PhotoRecord
Macromedia Flash Player 8
Spybot - Search & Destroy 1.4
VIA/S3G Display Driver
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VIA Rhine-Family Fast Ethernet Adapter
Windows Genuine Advantage Validation Tool
Windows Genuine Advantage Notifications (KB905474)
Windows Media Format Runtime
Windows Media Player 10
The GIMP 2.2.12
GTK+ 2.8.18-1 runtime environment
Microsoft Office 2000 SR-1 Premium
Microsoft Office 2000 Disc 2
PhotoStitch
Camera Window DS
NTI DVD-Maker
Platform
Google Talk (remove only)
Ad-Aware SE Plus
Canon Camera WIA Driver
S3GSetup
NTI DriveBackup! 4
J2SE Runtime Environment 5.0 Update 6
NTI Backup NOW! 4
iPod for Windows 2006-01-10
RAW Image Task
Adober Photoshopr Album Starter Edition 3.0
MovieEdit Task
Camera Window DVC
iTunes
McAfee VirusScan Enterprise
Windows Genuine Advantage v1.3.0254.0
PowerDVD
Camera Window MC
Camera Access Library
Camera Support Core Library
Camera Window DVC
Windows Defender Signatures
Adobe Reader 7.0.5
Windows Defender
RemoteCapture 2.7.0
Athlon 64 Processor Driver
Canon ZoomBrowser EX (E)
QuickTime
File Viewer Utility 1.2
Realtek AC'97 Audio
Policy Keys:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments]
"ScanWithAntiVirus"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]
"{17492023-C23A-453E-A040-C7C580BBF700}"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"=dword:00000001
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}"=dword:40000021
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"=dword:00000020
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000
renegade
2006-08-12, 18:48
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 11:35:33 AM 8/12/2006
+ Scan result:
D:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\WINDOWS\cbtdtkxd.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3636GVY6\bbqa[1].cab/cvn0.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-583907252-1004336348-839522115-500\Dc22.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3636GVY6\bbqa[1].cab/wfxqhv.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3636GVY6\bbqa[1].cab/zqskw.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-583907252-1004336348-839522115-500\Dc18.dll -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-583907252-1004336348-839522115-500\Dc19.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-583907252-1004336348-839522115-500\Dc20.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-583907252-1004336348-839522115-500\Dc21.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3636GVY6\venus[1].tar -> Downloader.Adload.db : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-583907252-1004336348-839522115-1005\Dc2.exe -> Downloader.Adload.db : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-583907252-1004336348-839522115-500\Dc25.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\lt.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
:mozilla.126:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.192:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.196:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.198:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.199:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.200:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.417:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\Wei Jia Ni\Application Data\Mozilla\Firefox\Profiles\m2ygovnx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\-Katie-\Cookies\-katie-@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\-Katie-\Cookies\-katie-@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\-Katie-\Cookies\-katie-@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Wei Jia Ni\Cookies\wei jia ni@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.127:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.128:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.129:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.170:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.171:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.113:C:\Documents and Settings\Wei Jia Ni\Application Data\Mozilla\Firefox\Profiles\m2ygovnx.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.114:C:\Documents and Settings\Wei Jia Ni\Application Data\Mozilla\Firefox\Profiles\m2ygovnx.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.115:C:\Documents and Settings\Wei Jia Ni\Application Data\Mozilla\Firefox\Profiles\m2ygovnx.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.96:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned.
:mozilla.97:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned.
:mozilla.98:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned.
:mozilla.99:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Adorigin : Cleaned.
:mozilla.139:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.140:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.141:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.177:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.178:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.179:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.188:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.189:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.190:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.76:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.102:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.103:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.104:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.122:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.123:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.124:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.125:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.126:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.127:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.128:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.309:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.310:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.95:C:\Documents and Settings\Wei Jia Ni\Application Data\Mozilla\Firefox\Profiles\m2ygovnx.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.96:C:\Documents and Settings\Wei Jia Ni\Application Data\Mozilla\Firefox\Profiles\m2ygovnx.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.23:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.26:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.27:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.30:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.31:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.32:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt ->
renegade
2006-08-12, 18:49
TrackingCookie.Advertising : Cleaned.
:mozilla.33:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.33:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.44:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.45:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.46:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.50:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.11:C:\Documents and Settings\Dandan\Application Data\Mozilla\Firefox\Profiles\6hvqf06w.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.22:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.35:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.39:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.50:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.53:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.302:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.131:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.132:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.116:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.117:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.250:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.144:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.18:C:\Documents and Settings\Dandan\Application Data\Mozilla\Firefox\Profiles\6hvqf06w.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.191:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.10:C:\Documents and Settings\Dandan\Application Data\Mozilla\Firefox\Profiles\6hvqf06w.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.49:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.89:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.90:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.92:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.93:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.94:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.9:C:\Documents and Settings\Dandan\Application Data\Mozilla\Firefox\Profiles\6hvqf06w.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.107:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.108:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.180:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.212:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.213:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.214:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.215:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.216:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.217:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt ->
TrackingCookie.Casalemedia : Cleaned.
:mozilla.73:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.74:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.221:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Clickagents : Cleaned.
:mozilla.9:C:\Documents and Settings\Wei Jia Ni\Application Data\Mozilla\Firefox\Profiles\m2ygovnx.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.11:C:\Documents and Settings\Wei Jia Ni\Application Data\Mozilla\Firefox\Profiles\m2ygovnx.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.348:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.42:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.43:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.270:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.271:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.273:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.264:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.265:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.10:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\a32sx80h.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.7:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\a32sx80h.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.88:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.89:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.8:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\a32sx80h.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.90:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.91:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.9:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\a32sx80h.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Katie.WEIJIA-PC\Cookies\katie@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.19:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.25:C:\Documents and Settings\Dandan\Application Data\Mozilla\Firefox\Profiles\6hvqf06w.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.27:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.28:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.69:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.6:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.253:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.254:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.255:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.256:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.257:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.73:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.73:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.74:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.74:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt ->
renegade
2006-08-12, 18:50
TrackingCookie.Euroclick : Cleaned.
:mozilla.75:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.75:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.76:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.77:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\-Katie-\Cookies\-katie-@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.202:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.100:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.18:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.25:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.26:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.37:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.91:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.95:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.96:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.97:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.98:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.99:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.75:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Gator : Cleaned.
:mozilla.130:C:\Documents and Settings\Wei Jia Ni\Application Data\Mozilla\Firefox\Profiles\m2ygovnx.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.291:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.120:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.121:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.132:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.133:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.204:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.237:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Linkbuddies : Cleaned.
:mozilla.137:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.138:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.261:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.262:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.258:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.259:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.260:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.124:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.125:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.19:C:\Documents and Settings\Dandan\Application Data\Mozilla\Firefox\Profiles\6hvqf06w.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.20:C:\Documents and Settings\Dandan\Application Data\Mozilla\Firefox\Profiles\6hvqf06w.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.32:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.33:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.66:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.88:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.94:C:\Documents and Settings\Wei Jia Ni\Application Data\Mozilla\Firefox\Profiles\m2ygovnx.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.263:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.266:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.267:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.203:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.262:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.62:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.63:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.100:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.101:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.102:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.192:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.193:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.194:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.195:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.77:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.78:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.79:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.80:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.17:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.18:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.19:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.20:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.20:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.21:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.22:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.34:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.36:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.61:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.71:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.278:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt ->
renegade
2006-08-12, 18:52
TrackingCookie.Ru4 : Cleaned.
:mozilla.279:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.32:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.75:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\-Katie-\Cookies\-katie-@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned.
:mozilla.125:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.126:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.127:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.128:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.373:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.374:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.375:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.376:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.377:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.129:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.287:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.288:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.289:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.290:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.86:C:\Documents and Settings\Wei Jia Ni\Application Data\Mozilla\Firefox\Profiles\m2ygovnx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.87:C:\Documents and Settings\Wei Jia Ni\Application Data\Mozilla\Firefox\Profiles\m2ygovnx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.88:C:\Documents and Settings\Wei Jia Ni\Application Data\Mozilla\Firefox\Profiles\m2ygovnx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.158:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.159:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.160:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.161:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.162:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.16:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.21:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.22:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.23:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.24:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.190:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned.
:mozilla.342:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.92:C:\Documents and Settings\Wei Jia Ni\Application Data\Mozilla\Firefox\Profiles\m2ygovnx.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.425:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.426:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.427:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.428:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.429:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.430:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.69:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.70:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.71:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.72:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.73:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.74:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.76:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.105:C:\Documents and Settings\Wei Jia Ni\Application Data\Mozilla\Firefox\Profiles\m2ygovnx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.115:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.130:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.131:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.31:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt ->
TrackingCookie.Tribalfusion : Cleaned.
:mozilla.85:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.86:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.87:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.88:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.89:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.90:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.91:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.93:C:\Documents and Settings\Wei Jia Ni\Application Data\Mozilla\Firefox\Profiles\m2ygovnx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.387:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.388:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.389:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.390:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.92:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.93:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.10:D:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\t9kpbuhb.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.10:D:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\jvdlkfr4.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.113:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.114:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.11:D:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\t9kpbuhb.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.130:D:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\qahktnsp.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.258:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.6:D:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\jvdlkfr4.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.7:D:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\t9kpbuhb.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.7:D:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\jvdlkfr4.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.8:D:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\t9kpbuhb.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.8:D:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\jvdlkfr4.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.9:D:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\t9kpbuhb.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.9:D:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\jvdlkfr4.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.104:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.105:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.106:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.107:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.108:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.109:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.10:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.110:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.111:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.11:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.12:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.13:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.14:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.157:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.158:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.159:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.15:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.163:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.164:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.16:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\a32sx80h.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.17:C:\Documents and Settings\Dandan\Application Data\Mozilla\Firefox\Profiles\6hvqf06w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.17:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\a32sx80h.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.18:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\a32sx80h.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.54:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.55:C:\Documents and Settings\Katie.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\0558k74l.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.8:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.9:C:\Documents and Settings\Dandan.WEIJIA-PC\Application Data\Mozilla\Firefox\Profiles\4aidahot.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.149:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.152:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vwae2nns.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.165:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.166:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.167:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.168:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.169:C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Common Files\{1400DBF4-0710-1033-0721-050422050001}\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined).
::Report end
AndyManchesta
2006-08-12, 22:10
Hi Renegade
Thanks for the logs, just a couple of entries to mention but they look fine :)
Remove Quicklinks from the Add/Remove screen, you read more about Quicklinks Here (http://research.sunbelt-software.com/threatdisplay.aspx?name=QuickLinks/Forethought&threatid=44217).
The Add/Remove list is also showing Viewpoint Manager & Viewpoint Media Player installed which is a optional fix. Viewpoint is classed as Foistware and a Potentially unwanted program as its sometimes installed without the users consent, there maybe some indications that they will move into tracking users at some stage and displaying adverts which you can read more about Here (http://www.clickz.com/news/article.php/3561546). If you value the service they provide then it can be left on the system but if not then it can be removed using the Add/Remove screen by removing both Viewpoint products listed.
Delete this folder if it still exists:
C:\Program Files\Common Files\{1400DBF4-0710-1033-0721-050422050001}
To clear out the temp files and recycle bin download Ccleaner from Here (http://www.ccleaner.com/downloadbuilds.asp). When the download page opens scroll down to the center download which is called (CCleaner v1.31.325 - Basic - No Toolbar - 561KB) then click Download Now. Run the setup file and press Next, click I Agree on the Licence Agreement then Next again, click Install and then finally click Finish, Run Ccleaner and press the Run Cleaner button to remove temp files then exit Ccleaner.
Please then attempt to use ComboFix again to see if it's still showing a rootkit warning. (Here's the download instructions again incase you removed the file)
Download combofix (http://download.bleepingcomputer.com/sUBs/combofix.exe) and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall
Thanks
Andy
renegade
2006-08-13, 04:04
the CCleaner went fine but the ComboFix still gives me the same rootkit message.
renegade
2006-08-13, 04:08
also, when i tried to delete Quicklinks it said it no longer existed, and removed it from the list. i also deleted Viewpoint.
AndyManchesta
2006-08-13, 05:02
Hi Renegade
It's fine that QuickLinks was already removed, it would of been one of the files we removed earlier or one Ewido removed.
Let's run some Rootkit scanners
Download GMER from Here (http://www.gmer.net/gmer.zip)
Unzip it and start GMER.exe. Click the rootkit-tab and click scan.
Once done, click the Copy button. This will copy the results to clipboard.
You can then right click into a notepad file or straight back on here and choose Paste to post the results back.
Next download Rootkit Revealer from HERE (http://www.sysinternals.com/Files/RootkitRevealer.zip) and save it to your desktop.
Launch rootkit revealer on the system and press the Scan button.
RootkitRevealer scans the system reporting its actions in a status area at the bottom of its window and noting discrepancies in the output list. When its finished you can press file and save the logfile, change the save location to the desktop or C:Drive and then post back the log in your next reply.
If you have any problems running them in Normal Mode then GMER can be run in safe mode (reboot and tap the F8 key and choose safe mode from the list) Rootkit Revealer does have to be run in Normal Mode though so let us know if you have problems.
Please post back both reports and we can take it from there.
Andy
renegade
2006-08-13, 20:49
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04 8/13/2006 1:07 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\13 8/13/2006 1:07 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\13\4d7685a8-67b744ed-ed72f991-98e86761.qtch 8/13/2006 1:07 PM 3.09 MB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Apple Computer\QuickTime\downloads\tmp 8/13/2006 1:09 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\00E3F5DAd01 8/13/2006 1:00 PM 18.19 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\027A5294d01 8/13/2006 12:58 PM 20.46 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\03F8D435d01 8/13/2006 12:56 PM 19.21 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\058F7DF4d01 8/13/2006 12:59 PM 19.67 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\06667E26d01 8/13/2006 12:57 PM 13.06 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\083FAD37d01 8/13/2006 12:57 PM 19.20 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\09573B7Fd01 8/13/2006 1:00 PM 1.23 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\0BD10317d01 8/13/2006 1:05 PM 26.20 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\0EB0C714d01 8/13/2006 1:00 PM 36.59 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\0EBE4439d01 8/13/2006 12:59 PM 39.61 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\0F49FF26d01 8/13/2006 1:04 PM 38.53 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\0FCB7E07d01 8/13/2006 12:57 PM 12.12 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\12452055d01 8/13/2006 12:57 PM 166.09 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\13AB8FCCd01 8/13/2006 1:00 PM 34.04 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\13EA7BF2d01 8/13/2006 12:59 PM 16.38 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\15816CC2d01 8/13/2006 12:57 PM 23.72 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\17E8495Cd01 8/13/2006 12:59 PM 18.00 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\18510ECDd01 8/13/2006 1:00 PM 24.55 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\1978A1EAd01 8/13/2006 12:58 PM 15.98 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\1A0F01D4d01 8/13/2006 12:57 PM 3.90 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\1B3DF8BDd01 8/13/2006 12:55 PM 14.52 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\1B4BC6B5d01 8/13/2006 12:59 PM 21.27 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\1FCF18DEd01 8/13/2006 12:55 PM 60.49 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\20DE2300d01 8/13/2006 12:58 PM 196.75 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\24E28E30d01 8/13/2006 12:57 PM 37.15 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\2D9980CFd01 8/13/2006 1:05 PM 26.33 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\2E0F8F4Cd01 8/13/2006 12:52 PM 31.16 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\31EF38E0d01 8/13/2006 12:56 PM 28.21 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\32A13BC7d01 8/13/2006 12:56 PM 1.92 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\3340B86Dd01 8/13/2006 12:56 PM 28.78 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\33C57470d01 8/13/2006 12:57 PM 24.17 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\340C735Cd01 8/13/2006 12:58 PM 29.95 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\346426EAd01 8/13/2006 12:54 PM 17.55 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\3485288Ad01 8/13/2006 12:58 PM 20.25 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\368C24BFd01 8/13/2006 1:04 PM 58.99 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\373E132Ad01 8/13/2006 12:55 PM 21.12 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\380D3ED1d01 8/13/2006 12:52 PM 180.22 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\39889632d01 8/13/2006 12:57 PM 13.11 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\39AE68CDd01 8/13/2006 12:57 PM 23.85 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\3C1C2CBAd01 8/13/2006 12:57 PM 10.94 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\3C1C2CBDd01 8/13/2006 12:59 PM 10.94 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\41F33E44d01 8/13/2006 1:04 PM 27.22 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\433B21A9d01 8/13/2006 12:56 PM 17.67 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\43A9FB32d01 8/13/2006 12:55 PM 23.72 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\4629F962d01 8/13/2006 1:05 PM 28.65 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\46DC76FEd01 8/13/2006 12:55 PM 394 bytes Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\477E4018d01 8/13/2006 12:56 PM 18.70 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\479C174Ad01 8/13/2006 12:59 PM 7.92 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\4864B0D6d01 8/13/2006 12:59 PM 19.84 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\4DC7980Cd01 8/13/2006 12:57 PM 36.43 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\53B24D45d01 8/13/2006 12:54 PM 24.75 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\54DC79FEd01 8/13/2006 12:57 PM 36.43 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\58939F84d01 8/13/2006 12:57 PM 50.21 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\5E9BDA6Bd01 8/13/2006 12:56 PM 14.51 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\5EEC7373d01 8/13/2006 12:55 PM 36.80 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\5F55558Ed01 8/13/2006 12:55 PM 16.05 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\6384C342d01 8/13/2006 12:55 PM 2.46 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\63B4DB41d01 8/13/2006 12:57 PM 2.46 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\645B0890d01 8/13/2006 1:00 PM 27.74 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\65016EC0d01 8/13/2006 1:00 PM 16.14 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\65770FEEd01 8/13/2006 12:55 PM 17.78 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\66BE608Fd01 8/13/2006 12:53 PM 16.79 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\67775245d01 8/13/2006 12:55 PM 53.86 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\67CFBE03d01 8/13/2006 12:59 PM 18.01 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\6A68727Ad01 8/13/2006 1:00 PM 39.19 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\6AF8E8FBd01 8/13/2006 12:57 PM 20.48 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\6B8D25D7d01 8/13/2006 1:05 PM 16.26 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\6BEDA3FBd01 8/13/2006 12:53 PM 17.49 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\6F0CDE33d01 8/13/2006 12:58 PM 27.65 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\6F4D1C69d01 8/13/2006 12:56 PM 26.34 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\725FEC12d01 8/13/2006 12:58 PM 7.01 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\72E14EADd01 8/13/2006 12:56 PM 38.19 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\77190B1Cd01 8/13/2006 12:57 PM 14.19 KB Hidden from Windows API.
renegade
2006-08-13, 20:50
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\78B57E95d01 8/13/2006 12:56 PM 20.93 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\7A839A73d01 8/13/2006 12:59 PM 12.97 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\7B78B93Dd01 8/13/2006 12:56 PM 23.85 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\7B78BE46d01 8/13/2006 12:57 PM 23.85 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\7BE3EE67d01 8/13/2006 12:56 PM 38.59 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\7CB9CA16d01 8/13/2006 1:01 PM 21.99 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\7D63245Dd01 8/13/2006 12:59 PM 12.52 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\7D8D8321d01 8/13/2006 1:01 PM 10.58 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\7EAE6CB0d01 8/13/2006 1:03 PM 363.73 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\8139ED28d01 8/13/2006 12:55 PM 35.88 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\825FED25d01 8/13/2006 12:58 PM 7.01 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\83B767D1d01 8/13/2006 1:05 PM 19.13 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\84BFA6EBd01 8/13/2006 12:57 PM 14.74 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\8615A4E6d01 8/13/2006 12:52 PM 31.27 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\875FD0A3d01 8/13/2006 12:57 PM 7.01 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\8A60D4BBd01 8/13/2006 1:00 PM 24.77 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\8FA02E39d01 8/13/2006 12:57 PM 9.94 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\90482D95d01 8/13/2006 12:57 PM 2.47 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\90570026d01 8/13/2006 1:00 PM 22.30 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\90C3BA98d01 8/13/2006 1:00 PM 4.40 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\915F9BABd01 8/13/2006 1:00 PM 7.01 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\92A9360Ad01 8/13/2006 1:05 PM 16.17 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\93A9364Ad01 8/13/2006 12:56 PM 17.32 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\942860C6d01 8/13/2006 1:05 PM 7.27 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\94BFC5FAd01 8/13/2006 12:55 PM 37.47 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\97332CE6d01 8/13/2006 12:58 PM 15.98 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\97381138d01 8/13/2006 1:00 PM 15.98 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\97386EC8d01 8/13/2006 12:56 PM 15.98 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\97890199d01 8/13/2006 12:58 PM 15.98 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\979D1C28d01 8/13/2006 12:59 PM 15.98 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\97C33A93d01 8/13/2006 1:00 PM 15.98 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\97E93AF5d01 8/13/2006 12:57 PM 15.98 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\97F5AADAd01 8/13/2006 12:58 PM 20.46 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\987F7070d01 8/13/2006 12:53 PM 28.77 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\9ADD0078d01 8/13/2006 12:57 PM 28.10 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\9BB9A9F2d01 8/13/2006 12:55 PM 29.12 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\9C149666d01 8/13/2006 12:56 PM 12.24 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\9C8C9D96d01 8/13/2006 12:54 PM 32.65 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\A0259F82d01 8/13/2006 12:55 PM 2.48 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\A04DDC17d01 8/13/2006 12:56 PM 29.69 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\A3EDA66Cd01 8/13/2006 12:55 PM 29.18 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\A447D213d01 8/13/2006 12:55 PM 11.36 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\A874D9D4d01 8/13/2006 12:56 PM 34.69 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\A874DA84d01 8/13/2006 12:58 PM 42.08 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\A874DCE4d01 8/13/2006 12:57 PM 52.94 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\A874DEB4d01 8/13/2006 12:57 PM 33.51 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\A874E284d01 8/13/2006 1:00 PM 30.99 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\A874E984d01 8/13/2006 1:00 PM 45.58 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\A874EDB4d01 8/13/2006 12:56 PM 9.07 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\A874F274d01 8/13/2006 12:57 PM 26.50 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\A874FDD4d01 8/13/2006 12:59 PM 44.47 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\A877D9D4d01 8/13/2006 12:59 PM 38.52 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\A877DC64d01 8/13/2006 12:59 PM 48.93 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\A877E284d01 8/13/2006 1:00 PM 28.85 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\A877E294d01 8/13/2006 1:00 PM 42.85 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\A877EDF4d01 8/13/2006 1:00 PM 44.65 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\A877EEA4d01 8/13/2006 12:59 PM 18.52 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\A877F864d01 8/13/2006 12:58 PM 15.18 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\A877FDD4d01 8/13/2006 12:55 PM 40.30 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\A877FFD4d01 8/13/2006 12:56 PM 74.14 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\A966133Fd01 8/13/2006 12:52 PM 74.87 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\AA2D0C41d01 8/13/2006 1:00 PM 1.23 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\AA2D3C41d01 8/13/2006 1:00 PM 1.23 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\AF945AC0d01 8/13/2006 12:57 PM 228 bytes Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\B05FF062d01 8/13/2006 1:00 PM 7.01 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\B15F2036d01 8/13/2006 12:58 PM 7.01 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\B316D184d01 8/13/2006 12:57 PM 17.67 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\B321B776d01 8/13/2006 1:00 PM 9.52 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\B63E086Dd01 8/13/2006 12:57 PM 12.75 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\B75F583Bd01 8/13/2006 1:05 PM 29.56 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\B93C0F58d01 8/13/2006 12:55 PM 35.71 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\B9D1236Ad01 8/13/2006 1:00 PM 29.14 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\BA3F2849d01 8/13/2006 1:05 PM 7.01 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\BB0B8E3Ad01 8/13/2006 1:04 PM 16.41 KB Hidden from Windows API.
renegade
2006-08-13, 20:51
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\C0312338d01 8/13/2006 12:58 PM 13.75 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\C10F42C4d01 8/13/2006 12:57 PM 23.24 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\C14428ADd01 8/13/2006 12:54 PM 21.06 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\C14628ADd01 8/13/2006 12:54 PM 37.52 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\C14728ADd01 8/13/2006 12:54 PM 18.30 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\C4B8C182d01 8/13/2006 1:04 PM 25.51 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\C55F2C1Ad01 8/13/2006 12:56 PM 7.01 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\C5C69AC3d01 8/13/2006 12:54 PM 49.43 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\C809701Fd01 8/13/2006 12:57 PM 27.51 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\C8C5957Bd01 8/13/2006 12:58 PM 19.71 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\C91E2469d01 8/13/2006 1:02 PM 19.86 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\CA735122d01 8/13/2006 12:57 PM 19.43 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\CB33BAF8d01 8/13/2006 12:59 PM 15.22 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\CBEF597Cd01 8/13/2006 12:56 PM 32.03 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\D37FBA3Ad01 8/13/2006 12:56 PM 52.97 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\D9179788d01 8/13/2006 12:58 PM 30.15 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\D9BB1A66d01 8/13/2006 1:01 PM 17.98 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\DB156ED2d01 8/13/2006 12:55 PM 31.42 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\DBD56C40d01 8/13/2006 1:03 PM 31.26 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\DD02DAEBd01 8/13/2006 12:56 PM 31.12 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\E0147139d01 8/13/2006 12:56 PM 1.08 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\E1222CBBd01 8/13/2006 12:56 PM 12.62 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\E4C09799d01 8/13/2006 12:54 PM 24.25 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\E505E0EAd01 8/13/2006 1:05 PM 2.54 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\E61BB849d01 8/13/2006 12:56 PM 1.71 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\E6830944d01 8/13/2006 12:55 PM 22.86 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\E765817Cd01 8/13/2006 12:55 PM 3.89 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\E8CA905Cd01 8/13/2006 12:57 PM 8.83 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\E8CD7434d01 8/13/2006 1:00 PM 21.88 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\EBE44595d01 8/13/2006 12:57 PM 48.00 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\EBE44794d01 8/13/2006 1:04 PM 48.00 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\ED9C8FD8d01 8/13/2006 12:58 PM 15.06 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\EE0A5B49d01 8/13/2006 12:55 PM 41.27 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\F3447FF9d01 8/13/2006 12:58 PM 26.71 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\F3C0A71Ad01 8/13/2006 1:00 PM 28.76 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\F619EFF1d01 8/13/2006 12:59 PM 24.02 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\F7F8E4A3d01 8/13/2006 12:59 PM 7.01 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\F9605041d01 8/13/2006 12:59 PM 37.45 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\FBEFB505d01 8/13/2006 12:59 PM 25.77 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\FC68E950d01 8/13/2006 12:54 PM 37.86 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\FED5C65Bd01 8/13/2006 1:00 PM 27.38 KB Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Temp\plugtmp-1 8/13/2006 1:01 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\-Katie-\Local Settings\Temp\White Trash Girl.url 8/13/2006 1:10 PM 152 bytes Hidden from Windows API.
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP269\A0039907.exe 7/26/2006 12:46 PM 73.65 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP269\A0039924.exe 7/26/2006 2:32 PM 73.65 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP270\A0041039.exe 7/26/2006 9:17 PM 74.46 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP271\A0041118.exe 7/27/2006 4:03 PM 74.46 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP271\A0041120.exe 7/27/2006 10:59 AM 74.46 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP273\A0041210.exe 7/29/2006 9:55 PM 74.46 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP274\A0041235.exe 7/30/2006 3:06 PM 74.46 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP274\A0041238.exe 7/20/2006 8:13 PM 22.73 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP274\A0041252.exe 7/31/2006 1:55 PM 74.46 KB Visible in Windows API, but not in MFT or directory index.
D:\Documents and Settings\All Users\Start Menu\Programs\Math Advantage \Algebra.lnk 3/16/2004 9:10 PM 1.17 KB Hidden from Windows API.
D:\Documents and Settings\All Users\Start Menu\Programs\Math Advantage \Quick Tour.lnk 3/16/2004 9:10 PM 1.04 KB Hidden from Windows API.
D:\Documents and Settings\All Users\Start Menu\Programs\Math Advantage \QuickTime Setup.lnk 3/16/2004 9:10 PM 281 bytes Hidden from Windows API.
D:\Documents and Settings\All Users\Start Menu\Programs\Math Advantage \Readme.lnk 3/16/2004 9:10 PM 320 bytes Hidden from Windows API.
D:\Documents and Settings\All Users\Start Menu\Programs\Math Advantage\Algebra.lnk 3/16/2004 10:10 PM 1.17 KB Visible in Windows API, but not in MFT or directory index.
D:\Documents and Settings\All Users\Start Menu\Programs\Math Advantage\Quick Tour.lnk 3/16/2004 10:10 PM 1.04 KB Visible in Windows API, but not in MFT or directory index.
D:\Documents and Settings\All Users\Start Menu\Programs\Math Advantage\QuickTime Setup.lnk 3/16/2004 10:10 PM 281 bytes Visible in Windows API, but not in MFT or directory index.
D:\Documents and Settings\All Users\Start Menu\Programs\Math Advantage\Readme.lnk 3/16/2004 10:10 PM 320 bytes Visible in Windows API, but not in MFT or directory index.
GMER Report
GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-13 12:49:55
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.10 ----
SSDT 84B83109 ZwCreateThread
SSDT \??\C:\Documents and Settings\-Katie-\Desktop\Anti-Virus Stuff\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT \??\C:\Documents and Settings\-Katie-\Desktop\Anti-Virus Stuff\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess
---- Files - GMER 1.0.10 ----
File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}
File D:\System Volume Information\MountPointManagerRemoteDatabase
File D:\System Volume Information\tracking.log
File D:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}
File E:\System Volume Information\MountPointManagerRemoteDatabase
File E:\System Volume Information\tracking.log
File E:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}
---- EOF - GMER 1.0.10 ----
AndyManchesta
2006-08-14, 04:39
Hi Renegade
I will reply again as soon as possible, I just want to have a chat with Combofix's author to try get some info' on what maybe causing those alerts.
Thanks
AndyManchesta
2006-08-14, 08:38
Hi Renegade,
The Author of ComboFix (sUBs) has said it will show that alert if there is something interfering with command.com being run so can you try replacing the file incase it's damaged
Download the correct version for your system
XP Home
http://homepage.ntlworld.com/spencer.greystrong/XPHomeFiles.exe
XP Pro
http://homepage.ntlworld.com/spencer.greystrong/XPProfiles.exe
Save it to your desktop and then run the installer. Its a self extracting file so all you need to press is the Unzip button, then close it and reboot the pc.
Let me know if you can then run Combofix.
Andy
renegade
2006-08-16, 04:48
combofix still doesn't work =( same error message. i tried downloading both of the files, so its not because i downloaded the wrong one.
AndyManchesta
2006-08-16, 04:54
This is abit strange as it doesnt look like you have a rootkit present so Im not sure what is causing the problem, we can work round it by using a switch on combofix but its concerning that its giving rootkit warnings.
Make sure the last set of files you downloaded were the correct ones for your OS to prevent any compatibility issues,
Can you do a quick test, goto start > run > type
command.com
then Press ok and let me know if the command screen opens and shows something like this:
Microsoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-2001.
renegade
2006-08-16, 21:50
i downloaded the first, unzipped and restarted and tried combofix. then i downloaded the other one. neither worked.
when i tried to type in command.com it said told me that Windows cannot find command.com.
AndyManchesta
2006-08-17, 02:20
Thanks for that, there is a problem if you cannot run command.com but I'm not sure exactly what that is at the moment, you can run batch files so it doesnt look like a path problem and the file should exist if you have run the setup file from my last post. Ive tried deleting the paths from my registry to recreate the problem you are having but the only way I can make it show the file cannot be found message it by manually deleting the file, If I do that then Combofix detects that its missing and prompts me to download it so it's abit strange.
Are you using the Administrator account on your PC ?
Can you run the following batch file to check for .com files and check the path in the registry :
Open Notepad (Start Menu > Run > Type notepad and press OK)
Copy and Paste the contents of the code box into Notepad
If exist C:\Find.txt del /q C:\Find.txt
CD %systemroot%\system32
echo .COM files in %systemroot%\system32: >>C:\Find.txt
echo ------------------------------------ >>C:\Find.txt
echo. >>C:\Find.txt
Dir /b *.com >>C:\Find.txt
echo. >>C:\Find.txt
CD %systemroot%\
echo .COM files in %systemroot%: >>C:\Find.txt
echo --------------------------- >>C:\Find.txt
Dir /b *.com >>C:\Find.txt
echo. >>C:\Find.txt
echo Session Manager Check >>C:\Find.txt
echo --------------------- >>C:\Find.txt
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" >> C:\Find.txt
notepad C:\Find.txt
Goto File on the top bar and choose Save As, Change the Save As Type to All Files, Name it Find.bat then save it to your desktop
Double click Find.bat and it will check the Windows and System32 folder for .com files and also export the Session Manager reg key then open the information in notepad, please post the contents of that text file (Find.txt) back on the forum
Run Kaspersky WebScanner
Please go HERE (http://www.kaspersky.com/virusscanner) and click Kaspersky Online Scanner
Read and Accept the Agreement
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
If you see a Windows dialog asking if you want to install this software, click the Install button.
The program will launch and then begin downloading the latest definition files,
When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
Under "Please select a target to scan:", click My Computer to start the scan.
When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
Finally try running Combofix by going to Start Menu > Run and copy and pasting:
"%userprofile%\desktop\combofix.exe" /F3m
Then press OK
let us know how it goes
Cheers
Andy
renegade
2006-08-17, 04:33
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, August 16, 2006 9:28:53 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 17/08/2006
Kaspersky Anti-Virus database records: 215674
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
I:\
Scan Statistics:
Total number of scanned objects: 79690
Number of viruses found: 17
Number of infected objects: 75 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:17:24
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\-Katie-\Application Data\Aim\eoqrwujd\GiveMeACookiexx\cert8.db Object is locked skipped
C:\Documents and Settings\-Katie-\Application Data\Aim\eoqrwujd\GiveMeACookiexx\key3.db Object is locked skipped
C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\cert8.db Object is locked skipped
C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\history.dat Object is locked skipped
C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\key3.db Object is locked skipped
C:\Documents and Settings\-Katie-\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\parent.lock Object is locked skipped
C:\Documents and Settings\-Katie-\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\-Katie-\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\-Katie-\Local Settings\Application Data\Mozilla\Firefox\Profiles\x80n17qd.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\-Katie-\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\-Katie-\Local Settings\Temp\hsperfdata_-Katie-\3756 Object is locked skipped
C:\Documents and Settings\-Katie-\Local Settings\Temp\Perflib_Perfdata_984.dat Object is locked skipped
C:\Documents and Settings\-Katie-\Local Settings\Temp\Perflib_Perfdata_e04.dat Object is locked skipped
renegade
2006-08-17, 04:34
C:\Documents and Settings\-Katie-\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\-Katie-\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped
C:\Documents and Settings\-Katie-\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\-Katie-\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\004f184e9991a1322d567a1c56798344_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\005d4e8b2794abaa8954e4e66813d780_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\02903911aef5e74856ea8b429ab8661e_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\02e1b1ac6869c2cde7105a1d2472b147_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0315a41bb3e25791d25389b7b9777f1f_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\05aa91996d34635fb32a6be7f0a19d2f_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0634ead095f5e15f31e3046c59fe4f06_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\06480f139f667be1bb452c4602f570d7_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07029fdbb9840ef98b30064412a8f999_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07fd4ff89303765a5404d49cfacb703a_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0996f136399985c888e0a0b224763962_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0da285a98b1dec99627657c28e17ed24_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f7c46de65397998641b3572f90595e6_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0fc74f917c52e18610f39e4d686ccdf8_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0fe98eba4bd4a76d509885079877bd20_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\10c7acffec2fc5700f013c5aa1d08f29_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\10d7fa479c4e897b1d1f20a695bb3be0_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\126fd9706739d7e9e5fe94d7f3a1d557_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\128efbb365a55672eb0571a7c3cba64f_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\157b96c9d98dde45f58ce0ac3500f126_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\172faa34c6ea99b0c5db71994f4ca4c4_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a63961c16e3b6b587e67b2752e0988e_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a89c7b5877309125f30dfd57375f436_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a9b2d71a396b47e7887efd1271cdfc7_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1b0a142ee3ee068b29124e34874593d8_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1b25c952d0131c1778080be4611ede08_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c9363c75468d57e01e1319030432c99_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1d4a1f4563cf9631e9b9c4c8fac6544e_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1f0d4bcd34b04a2589dc5fdc503378cc_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1f857caea59f7ef6eab89a7d81d78cd1_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2079d2366804c248c2393af0e2d45312_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\207cef51e9f70e7f5be4fb0008f395d6_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\215254075446ad2cc31f54f784386901_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2193f0162a4bfb075090697b91f5daf6_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\21f9eb6c1b0432d4bf6bb3c5beadc73d_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\221a48283ff048b53a2e87ddd1509315_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\232c4c9cda3b74531902af0597191f68_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\23bcf7ce366fc633c6cb0332d3b23847_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\27bcf5c7de0b492f890fb1161d6f1305_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\29513a41f13d4a3d7918cca073780498_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\296039fc2391d87d62c7447d9e8b8e5b_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2a78163a15b3b2e9c5f59c6023937974_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b1e94d406c215db1d4dcac36454242d_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b325a5d2145197a28ffd854d52db92e_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b61f4f7aca4536757f11c305b204473_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2ce22547d5a8a75b368b0c262b8d213f_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2cf038bb93e660dff11a69cc546290dc_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f2da76648b3f04ce438ee3b23f772ab_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f7c3c278da0572086c1bfb79c1f6816_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2fa3536dfd3eb2766b6f588efc578a0c_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\307c7e4d15747cf53c63ce38327bcc1a_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\318c388b5ee191532697a599b2f7c68b_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\334c03537c0589d8fabcbbbc55541d79_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\34b9fedfcf2258cf79129d8ad22a0420_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\36bee3faa6980437feba9f53322511e6_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3766319c19aaf1292f1dd26eb0f62473_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37864377ea38df5b31c7699f4bba8ed7_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37c47696b5d18dae9b92c667fec62e63_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\38eadd0eb5324b3f8d2ac231577749bb_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39fada7f2ade0fcc0287bb10577e6565_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3b0ef95e7b8ff28459d90c866bdaabdd_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3c4b71a914cde3f5799fd2051017e802_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3df7596d60e3a7664c0a20e7f2e12704_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e45789d4b76a3d1c5b8e682370f14e1_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ebb748aba750b25444400e5073d8030_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ecb916aded829421343550a780e365d_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ffdafcda1514e964899e49144853587_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4072b1d0a0626b405de9f45a4712c01d_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\414f9ad7655b27c222644ab01b76b817_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\42cadef2d265c12d173599e77e084910_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\43413fcc885356f874ca5d32212f8968_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\44eb8b24572a529ef4843cc76e366c12_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\48c2f0ff8b6724d87b4fd8de54b4fbea_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4991dbccb75502a043304ff516a4d1db_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4b558c91b72d8ee6aad1bb0de50f67d3_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
renegade
2006-08-17, 04:34
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4c79eed6c95ef9a790dafee64a7005b7_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4db13618d5be98c442da0c63adfab508_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4e0981b344fe67b04fba1af892f1c085_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4ea798628c127a224107ecbda208617d_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4ff51ecbd6d94ed2ad26c0d94284879e_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4ffc8d1ffa18a707d5a927e19bd70242_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5161cf21470336d03df0cf3670fa9bdd_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\529477e2a6ebfd63bbc7651dd2905b38_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5655d2508c81fb17a2c6dfcb07647876_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\570af7275977ad5662443a3579384a54_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\57db25d76bce0867a5e3d21e4e5f610d_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5816e1aa376ea95d98165f8551f298fb_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a3a8d6304fff6dc6f2d5d1225b12e25_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5accc6e5c47ff2e26cda33b48f41bcdb_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5bb9cb489bd94673e101879eddbd71c1_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5bdd7361aaee3074b210eab861d98050_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5c2253e1b2bd251b6ee5f04f8bceb8f1_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5e89496acea68a83eb916f66ab0daa47_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5edb2bc6e8b57e8665205dbb33ea4c8a_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5efe697a3d49e0b400f60048b29df680_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f582dfe14f4fc8b0fb90bed558a62bf_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5fe59dc1f2142511fc65843f571c08c3_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ffc9ec38834f6713442c196bd54ae5a_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\60741870e4e92a39e67a61c25506b9ec_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\60f37ac9102b9e060ce7ee53a3517a40_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\61a3f359e8d74a3f87e0c3a96cef4240_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6206363799966f0cec969adf560fe8d8_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\626416ac557ed6798c2f0e166907aa8b_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\63cb5f9ba917686ce10c36002fc0e3a0_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\64f4b0173ed92d21aabb40b471509442_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6539912c78536b5abfabb3fbdc4ff235_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6570781433c6ba50ebb7ccfa2ca221dc_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\689237a3e34af60be5986fcc3617f85b_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\69650dabc4ebc967bf027005fd4f5261_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6a0927fab51485f85daf1dbf10a57ea8_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6a2916924ff25b8913186931b425b9b9_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6a31541051ee7c06ce040e061523b5bb_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b992c4a76533339361f758d4fbc38e5_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6be90ca2422abceb1d5fab16e87d9381_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6c1a43d565ae161eacdaf01f682cd3fd_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6efd790dff24ebaaa7caa21151ef350f_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\70063be4f4eb743cd811c3467469c550_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\716f8b72d3677ca91db410e1831cf1ba_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\72aca8f2f41bc807fd287f41ce7d7381_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\74707bb7ffecf921894b6c617b041236_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\74ca9361aa3096d9f81db7907f837c44_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\74cc1998c88fa89c5e01a7cdda5b755e_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7731be63413d0a0a56bc7bec229dec9b_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\782f10491fef4019053e381763ed4447_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a172644a3340cb41544ffe40b5df802_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ab66f352fd9ac671a3b7ae03884abdd_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7b7de997196b03facb43147241b3d6cd_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ba55752a8dada9e7b53b6eb8a57fd61_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7e08d45118640c63b9955e136176f762_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f3c5d9f4f76d72678f793899ca20ed5_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8248b0e534a4053e1492eb0891ac0ae0_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\82fdb88b2738ca590e3d2fdfc7a8c0ed_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\833a64c90a693cbea8ebf8e33b26ddf9_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\846bf5e0e45847694cae911407bea934_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\84b8c92ff6f7d91682965842da97d2cd_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\84d5d1faf656fee55e0f46a3ecff1b6b_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\856a01f3c68752a24522b0b383fb7133_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8615172245ee6112c60b1f5f3c8db7e4_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\866ade17d880f26426621d80925cbeb8_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\86c0c48d992034cf3fa1b8635e6672ef_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8869168442e4ff17fe28305ab8f7f2d4_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8a27d56e232f82cf6e3e2db97047baf9_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8a59f003e9ed08e5c3ef2f1b502c1dc7_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8a78b7a362d1ca24da4f7ea9e114a5f8_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c7000fb8f91c1eb88a4c0f3e3bcf9b6_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8eedb4e46b36b873a8603864b6948737_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\90793f5ed6312b0bb6a19f68b09b2e69_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9081cc59d2f2c55190eb38087d401724_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\93195f00872d3fbc15da08f7db720876_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\93a412bd0076cef28096f82ff2019b5e_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\93b1664527a688792296ce102a241f1a_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9572aaabfe0ffa72d0caff50ce994c71_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\95e980917105f89c7a9e0fa52a60ddcc_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\95ef669a1e46640b505701c90a2c99a0_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\96e4b37eba18b8b50dbc61b5c6e8b0b2_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9710a384abe66379fd3f2558031cafd1_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\97f0404b4d34753e328e2ee38c8d26aa_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\987e6b15a05d2bb6f8664b54e015f249_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9985308fbbb5d658726866679cab67d9_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9c3d5e7a978a0d118ad4b79cde88d06c_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9c582f8f2fe3b09fdc3e99d51d8dca16_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9e4fc93bcaedfb53df0749b457b10632_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9f7710c5f3d436d1c5dbe5ce0ba17438_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
renegade
2006-08-17, 04:35
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9fb42e6bca15ee4aea85800de0a78e5e_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a08af833906881c576e5cbbeb38482ab_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a12312fd1a5e03e0a049190a996c625e_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a14c74d185ae244ebf91d77e43de24b4_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a1811c25b52f4489eaefc6271916a079_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a1a0581f00ad5591891c4de259ab1938_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a1c617f5df8154bf46cff95cfd2be245_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a2c8f9f56679b6e7307469190b10ca3b_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a3318d7d7d2b860ce86243e5e2d90d93_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a41713ff3728dd73a10b327dbb2c4b5e_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a444fcb2b7e18464adfb9a6091ded2f1_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a5ab99fdffbee508e0c26dd35bed07e9_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a5db0f3d76c2a9f4755c642361cf5e11_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a5e8b59b7e46fe359ee49fb906c3366f_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a66469838a3b4f306e0ab6761cfc8c02_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a8db4cbd8aae1a4a535e2b0ea98a7795_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a921f0fdcaf06207f5fa57f2144233b5_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ad812160ab9f45064a08e57484b373ef_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ae158630ac5331aaf7cb746866eed798_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b0a9e75f83373ae24f27ef204706f60e_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b1b4f2169ffce2e87ff5e35e7c227d7b_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b1e3624f51d748dc85f610ad4926d11c_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b2f7ff901cea6500fbea74739555711f_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b32aa75abc112789d80fa6eb4b6b3338_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b337328c3c1b6b3a8cd877d5e3d92cbc_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b428a0f1f22eb37a334e57d9b326ce1b_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b5679b5938871a05b74554e080c8df1b_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b5fa48c1ba75c3dc1a89d8b1acaa64b0_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b72bfdf01c5c32b0a47bdd6976dc8375_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b7ca836058a17cf733117ae3111b5ea9_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b869586ca378c71c3208e6c4fe32c6c5_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb12c9474939013637a7b4d6c35df1d6_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bcc5f81c59acdba1ea71d7e319b66688_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bcdcce5603c81507dc62b683d2ae5e7a_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bff82586ecdbf83ff726584ced0b2ef3_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c09bd7e1cf106b1d30552331e4864696_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c0ac813a7f85bceead64d7aa18957360_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c0b7513bdc432ef3a54cee765d084af3_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c317f2d5bb665b197f6e21757d0dff8b_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c3c9bdd2a2a6c6b5d903eb5483579d63_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c3f3106f8baf1229758dbccbffc1de37_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4da4135a683527126e2fa943b697f52_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c67aa4a2d01ff8288349db52353d5fe8_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c7f33e43a785a66ae7bd97e1a7c842ae_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c81d125335186da0964a8307dd47167e_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c8d068ec90e86ae37c84177dfc67bda9_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c8ecd62c5b935702f81921f1655d291c_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c94dfd0fd52f1c4bec0cad68981ba05d_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cb40fa265cb2f2169106dd5cc503b0ac_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cc9df5c193237dfa9be12398ba7bad32_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ccc0748d5d33c6ec2bac553f5467923a_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ccf32f95af973be21df0f0f05016565c_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cdaf40b6de351f268ddc47e131e157bc_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ce3e80c8c6daf10a9d8f28bf12c245e7_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d1516780e2c453f4ce68381ed06d3f09_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d29426395cfe17fb27cee4d2302f7093_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d40261cdf2983373ef1e0f98f90f8403_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
renegade
2006-08-17, 04:36
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d56de7c2cec8b36575273785a25c6500_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d6435fd72ea587606c252efd6dab56c0_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d780ff85a83566fc114c1205906a9c54_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d7c6e208877ff8ba3e3f01834a8647a1_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d919a6d5264c0cf35c401a73005bed1d_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d945dbcacf19f813f2fc47ad393f0407_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc3c9c1d95630b10c4725f04f80be70a_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc41ab4024b0e8cc8c3eeb0d64a1b037_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc898e0f21e5ffc8837e007e8cee7764_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dd7194af77fcf34d45530247ae463f82_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dfed01e1e86bb7f3f3ce8dc55ebd420c_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dfed1ce899074cd1679ecc405b58dbde_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e0c25c4dbe7ad75328500a958948eb5a_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e18332ecd1ceaefdd4c03f54dd7e9286_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e2efab96355376d150a32dd1ee78d824_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e2fe99fc22bdcc2b5d2ab444368b6ba1_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e3d9b3442468680c151ec55b8a6ef110_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e462c7f76590ce4dbe131938e534f037_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e48fbf931997867e5a00dc0987253266_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e4f47ca5868ec00bafa64cb25aac2b8b_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e5114a6ee064eece4668e1763937b965_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e5e86f3a9a27171ffc441d15de1ccdbf_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e61032e6e1283eae90a0292b10774a26_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e9339d03ab676829b8fb83d071066ca3_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e95b2a256e89398813a7b162489c3715_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ed752ce6f00a2f6372a1d8ba39d40e2a_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eea014a83f71e551ef1ce4fd819e805e_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ef4c40eb950420aeca6635c83ec3b977_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ef84be0948873e09a8d66c784c99dbaf_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f0c84d396ed76fed734758055c8fc825_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f1cbaa6bee7c296579323e343afe432a_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2a699bcd2aff8de60a339fa5593840e_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2cd48c77b3972501ec43bd910e11e7f_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
renegade
2006-08-17, 04:36
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2fde229cdb5969a4377353b91737ee5_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f4998af1fa63032c5c54c1306ff71a51_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f5bf9ab3070c5367c4746506f9216a2e_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f5c734efe36f0bbc78bcc2e75b88ec85_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f610909e4d8dcd4fcf77d73ab0d014fb_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f616f09374f4fe2ea88eac4ec83154c6_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f7b3c4db103359ee15d0533f89a5c7f2_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f803d981ba2b8b1c08b1e1fc2428af52_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f80aec8aa76e40fafe7bdc9253f84310_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8ad67ea6628918938a19332eb882e13_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8ccdc8d273115a42b9ed5a2577951bc_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb271ab658b31d122722c572a7f43865_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fbc67b4a9050806e80fabd9100ef4996_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe215c10295a73a26dfbac3ce6fefa73_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-07212006-175902.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20060816_Time-124043781_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20060816_Time-124043781_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_WEIJIA-PC.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_WEIJIA-PC.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3636GVY6\vacationimages[1].zip/data.rar/aupdate32.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3636GVY6\vacationimages[1].zip/data.rar/aupdate32.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3636GVY6\vacationimages[1].zip/data.rar/aupdate32.exe Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3636GVY6\vacationimages[1].zip/data.rar/winupdate.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3636GVY6\vacationimages[1].zip/data.rar Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3636GVY6\vacationimages[1].zip RarSFX: infected - 5 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6TIZTMJ9\vacationimages[1].zip/data.rar/aupdate32.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6TIZTMJ9\vacationimages[1].zip/data.rar/aupdate32.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6TIZTMJ9\vacationimages[1].zip/data.rar/aupdate32.exe Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6TIZTMJ9\vacationimages[1].zip/data.rar/winupdate.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6TIZTMJ9\vacationimages[1].zip/data.rar Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6TIZTMJ9\vacationimages[1].zip RarSFX: infected - 5 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RAFN5E7N\vacationimages[1].zip/data.rar/aupdate32.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RAFN5E7N\vacationimages[1].zip/data.rar/aupdate32.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RAFN5E7N\vacationimages[1].zip/data.rar/aupdate32.exe Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RAFN5E7N\vacationimages[1].zip/data.rar/winupdate.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RAFN5E7N\vacationimages[1].zip/data.rar Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RAFN5E7N\vacationimages[1].zip RarSFX: infected - 5 skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP237\A0030779.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP244\A0032049.exe Infected: Trojan-Downloader.Win32.Adload.de skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP244\A0032064.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.q skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP244\A0032084.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP253\A0033196.exe/data0002 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP253\A0033196.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP253\A0033196.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP263\A0038253.exe Infected: Trojan-Downloader.Win32.Adload.de skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0038564.exe Infected: Trojan-Downloader.Win32.VB.ada skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039550.exe Infected: Trojan-Downloader.Win32.Adload.cy skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039551.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039552.exe Infected: Trojan-Downloader.Win32.Adload.cu skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039553.exe Infected: Trojan-Downloader.Win32.Adload.cy skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039554.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039555.exe Infected: Trojan-Clicker.Win32.VB.nh skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039556.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039557.exe Infected: Trojan-PSW.Win32.LdPinch.arr skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039563.exe Infected: Trojan-PSW.Win32.LdPinch.arr skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039575.exe Infected: Trojan-Downloader.Win32.Adload.de skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039576.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039581.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039581.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039581.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039582.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039582.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039582.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039583.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039583.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039583.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039584.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039584.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039584.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039585.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039585.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039585.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP267\A0039668.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP267\A0039669.exe Infected: Trojan-PSW.Win32.LdPinch.arr skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP267\A0039768.exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP267\A0039779.exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP268\A0039807.exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP268\A0039818.exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP270\A0041052.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP270\A0041053.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP270\A0041054.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP270\A0041055.exe Infected: Trojan.Win32.Runner.j skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP270\A0041056.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.f skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP274\A0041237.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP291\A0042079.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP291\A0042082.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP291\A0042083.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP291\A0042084.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP291\A0042085.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP291\A0042086.exe Infected: Trojan.Win32.Runner.j skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP291\A0042087.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.f skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP291\A0042088.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP295\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP295\change.log Object is locked skipped
D:\WINNT\lycos.exe/data0004 Infected: not-a-virus:AdWare.Win32.Sidesearch.a skipped
D:\WINNT\lycos.exe NSIS: infected - 1 skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP295\change.log Object is locked skipped
Scan process completed.
renegade
2006-08-17, 04:39
.COM files in C:\WINDOWS\system32:
------------------------------------
chcp.com
command.com
diskcomp.com
diskcopy.com
edit.com
format.com
graftabl.com
graphics.com
kb16.com
loadfix.com
locate.com
mode.com
more.com
tree.com
win.com
.COM files in C:\WINDOWS:
---------------------------
Session Manager Check
---------------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\
windir REG_EXPAND_SZ %SystemRoot%
FP_NO_HOST_CHECK REG_SZ NO
OS REG_SZ Windows_NT
PROCESSOR_ARCHITECTURE REG_SZ x86
PROCESSOR_LEVEL REG_SZ 15
PROCESSOR_IDENTIFIER REG_SZ x86 Family 15 Model 28 Stepping 0, AuthenticAMD
PROCESSOR_REVISION REG_SZ 1c00
NUMBER_OF_PROCESSORS REG_SZ 1
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
CLASSPATH REG_EXPAND_SZ .;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
QTJAVA REG_EXPAND_SZ C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
renegade
2006-08-17, 04:41
lastly, i could not run combofix. it still gave me the same error.
AndyManchesta
2006-08-17, 07:16
Hi Renegade
The logs looking ok so Im not sure what the issue is with command.com but as the AV scans and Rootkit scans are not showing any active infections its difficult to know what to suggest.
Can you go to Start Menu > My Computer > C:\Drive > Windows > System32
then double click command.com and let me know what it does.
The scan report is showing this
D:\WINNT
do you also have a Windows folder setup on your D:\Drive ?
Please delete this file :
D:\WINNT\lycos.exe
Also delete the SDFix folder if its still on your system as it contains a backup of one of the hackerdefender components, its only a temp file but the folder should still be removed.
Run Ccleaner again to clear out the Temporary Internet Files as there is some Adware components in there, it's also worth installing SpywareBlaster if it isnt already on the system as it will help to prevent the malware being able to get back on your system.
http://www.javacoolsoftware.com/spywareblaster.html
The scan detected a variant of Trojan-PSW.Win32.LdPinch has been on your system at some stage so you should change all passwords for any sites you use, especially any confidential sites such as ebay, paypal, banking, email etc.. as there is no way of knowing if any information was stolen.
Finally clear the system restore points and start a new one as alot are infected
Click Start Menu > All Programs > Accessories > System Tools > SystemRestore
Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.
Next goto Start Menu > Run > type
cleanmgr
Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.
To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.
It might also be worth running the System File Checker using your windows disk to make sure none of the protected files are damaged or missing.
Goto Start Menu -> Run -> type
SFC /SCANNOW
(There's a space after SFC) , Press OK and it will run the System File Checker. Follow the prompts, and insert your Windows installation CD if requested then reboot the computer after it has finished.
Apart from that the logs are all looking fine, the export results are fine and command.com is present, the registry paths also look fine, the rootkit scans do not show any rootkits present and the Kaspersky scan isnt showing any active infections and is mostly detecting files in the temporary folder and system restore so the above steps should clear those out.
Let us know if you can run command.com by opening the system32 folder and double clicking the file and if you are still noticing any remaining problems.
Cheers
Andy
renegade
2006-08-17, 23:21
i tried to open the command.com but it said it could not be found. very strange.
also for the sfc /scannow... it asked me to put the XP professional pack cd in, but i don't have that... all my microsoft stuff is from the office 2000 cd (from my old computer.)
as for the D drive, i'm not totally sure but it may be that i do have all the windows files on there as well... the D drive was from my old computer, which we took out and put into the new one when our old computer refused to boot up anymore for some reason.
i did everything else and it went fine. as of now there are no other problems that i can see and the computer appears to be working pretty much normally.
AndyManchesta
2006-08-18, 11:45
Hi Renegade
I think we have checked everything possible regarding any malware or rootkit infections but something does sound abit damaged on your system, if you had the original Windows disk I would suggest backing up all your important data and either performing a repair install of Windows or a full format and reinstall but if you only have the office 2000 cd it wouldn't be possible to repair the system using that.
If everything else is working fine then its maybe best to leave things as they are and then if you have any problems in the future we can help more as I dont think asking you to run more scanners is going to solve the issue based on the results up to now. If you would like to try some more scans then we can use them but I didnt want to waste your time as it sounds like a repair install of Windows maybe needed here as the problem you are having isnt common but without the Windows disk it wouldnt be possible to do that.
Leave it a few days and let us know how things are running and if you feel there is still any problems
Thanks
Andy
renegade
2006-08-18, 20:54
-nod- i agree... besides i think you must have spent much too much time trying to help me anyways xD
also i have a question.... someone i know suggested to me that if all else failed, i could back up any important files to flash drive(s) and then reformat the hard disk. i realize i'd have to reinstall all the programs if i did this, but if it will completely fix all the problems, then i'd be willing to do that. what are your thoughts on this?
AndyManchesta
2006-08-19, 07:54
Hey Renegade,
Its not a problem regarding time, Im always happy to help where I can but I didnt want to make you go round in circles and end up with the same issue as there is no signs of remaining malware problems at this stage.
A format and reinstall of the OS would fully fix any remaining problems but if you do not have a Windows Disk though I dont think that is an option as the office 2000 cd would be just a collection of office tools, you read more about that here
http://www.bcschools.net/staff/MicrosoftOffice.htm
If you can format though then it would solve any remaining issues and anytime a backdoor infection has been found which is the case on your system as you had a backdoor trojan and parts of the hacker defender rootkit installed, a format should really be considered as its difficult to know what damage has been caused if the backdoor was used and someone had access to your system
You can read more about formatting here
http://www.michaelstevenstech.com/format_XP.htm
http://support.microsoft.com/?kbid=313348
or info on a repair install here which would allow you to repair damage without losing all your data
http://www.michaelstevenstech.com/XPrepairinstall.htm
Both options would require a genuine Windows XP disk though
Let us know how it goes or if you have any problems
Andy
renegade
2006-08-19, 17:08
alright, thanks =) i'll look into these. i do have the windows xp disk installation disk but not the professional pack disks.
AndyManchesta
2006-08-21, 15:27
Sorry for the delay, If you have the installation disk then you should be able to repair or format using that, you would have to get the protection programs in place first then visit Windows Updates to get all the available updates and keep going back after reboots until you have them all installed again, if you have all the other disks to reinstall programs or can backup data to disk first then it shouldnt take you too long to get back up and running.
Let us know if we can help more anytime
Regards
Andy
renegade
2006-08-22, 01:47
okay, then i'll probably reformat once i get everything i need backed up =)
thank you for all your help! and i hopefully won't need to come back here for help lol.
AndyManchesta
2006-08-22, 01:53
I agree, we would rather not have repeat customers for your sake :)
Information on how to prevent malware and to explain how you got infected can be found Here (http://computercops.biz/postlite7736-.html) (By Tony Klein)
but let us know if you have questions or problems anytime
All The Best
Andy
Well you all did a lot of work, good luck for the future renegade. :)
This topic has been archived.