View Full Version : Command Service help
Sunflash
2006-10-19, 05:22
Hey, I've been infected with a Command Service virus. I've Run SpyBot numerous times as well as Adaware and Avast Cleaner and CCleaner. Nothing seems to be working. Whats more, the virus seems to be spawning new viruses every time I scan. I just downloaded and ran Hijackthis.exe, here is the log:
Logfile of HijackThis v1.99.1
Scan saved at 8:15:44 PM, on 10/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\PROGRA~1\Network Associates\Common Framework\naPrdMgr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\xload.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\kgsgk.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,vbakurm.exe
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CW] "C:\Program Files\CW4\cw4.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [venf449c] RUNDLL32.EXE w19b254e.dll,n 005f44970000001219b254e
O4 - HKLM\..\Run: [mmnext06] C:\WINDOWS\next06.exe
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [xload] "C:\WINDOWS\xload.exe"
O4 - HKLM\..\Run: [{68-81-17-7E-ZN}] C:\windows\system32\ojdsregm.exe ELT001
O4 - HKLM\..\Run: [ms05605186-1338] C:\WINDOWS\ms05605186-1338.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: UPS OnLine PLD Reminder Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.mcafeeasap.com
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} - http://vs.mcafeeasap.com/MC/ENU/VS40/bin/myCioAgt.20060504175614.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KitsapPayroll.local
O17 - HKLM\Software\..\Telephony: DomainName = KitsapPayroll.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = KitsapPayroll.local
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0792.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0792.00.dll
O20 - AppInit_DLLs: dxclib303562752.dll
O21 - SSODL: B0DGIBHE - {1431317B-4B9E-24A3-6AF8-0CBB4E634506} - C:\WINDOWS\system32\Lkkbda32.dll (file missing)
O21 - SSODL: mtklefap - {1522EB60-18DF-4E9A-4993-92BAA694032F} - (no file)
O21 - SSODL: mtklefa - {333A83B4-46A3-472B-C684-46DC29992870} - C:\WINDOWS\system32\ormhm32.dll (file missing)
O21 - SSODL: SysTray.Exmr - {73F8D5FF-6F5C-4f5b-B964-E6F214F6F852} - C:\WINDOWS\system32\gnbfgbei.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SmltIENyYXN3ZWxs\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
What should I do?
Sunflash
2006-10-19, 05:24
ANother thing I forgot to mention is that whenever I run either Firfox or Internet Explorer, I'm bombarded with popups.
pskelley
2006-10-19, 22:52
Welcome to the forum, if you still need help and are not receiving it elsewhere I will see what I can do.
You are badly infected and my first suggestion will be to keep the computer offline as much as possible, this junk will attract more and you have enough now. We will start like this:
Thanks to sUBs and anyone who helped with this fix.
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.
After you post combofix log, post a fresh HJT log as well. Use "Post reply" to stay in this same topic.
Thanks
Sunflash
2006-10-21, 20:26
Ok, I'm gonna do that now, I'll have the logs posted monentarily. Thanks for the help :-)
Sunflash
2006-10-21, 21:04
Ok, tell me if this isn't right, the only log that ComboFix.exe gave me was this:
administrator - 06-10-21 11:48:45.80 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\"
The first time I ran it it came up with a bunch of infected files, then it restarted the computer, and when it came back up there was only one bad file found (as far as I can tell.) It said it was SurfSideKick. Then ComboFix.exe closed.
Anyways, here is the HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 12:01, on 06-10-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Network Associates\Common Framework\naPrdMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\next06.exe
C:\WINDOWS\xload.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\userinit.exe
C:\hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CW] "C:\Program Files\CW4\cw4.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [venf449c] RUNDLL32.EXE w19b254e.dll,n 005f44970000001219b254e
O4 - HKLM\..\Run: [mmnext06] C:\WINDOWS\next06.exe
O4 - HKLM\..\Run: [xload] "C:\WINDOWS\xload.exe"
O4 - HKLM\..\Run: [{68-81-17-7E-ZN}] C:\windows\system32\ojdsregm.exe ELT001
O4 - HKLM\..\Run: [ms05605186-1338] C:\WINDOWS\ms05605186-1338.exe
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: UPS OnLine PLD Reminder Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.mcafeeasap.com
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} - http://vs.mcafeeasap.com/MC/ENU/VS40/bin/myCioAgt.20060504175614.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KitsapPayroll.local
O17 - HKLM\Software\..\Telephony: DomainName = KitsapPayroll.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = KitsapPayroll.local
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0792.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0792.00.dll
O20 - AppInit_DLLs: dxclib303562752.dll
O21 - SSODL: B0DGIBHE - {1431317B-4B9E-24A3-6AF8-0CBB4E634506} - C:\WINDOWS\system32\Lkkbda32.dll (file missing)
O21 - SSODL: mtklefap - {1522EB60-18DF-4E9A-4993-92BAA694032F} - (no file)
O21 - SSODL: mtklefa - {333A83B4-46A3-472B-C684-46DC29992870} - C:\WINDOWS\system32\ormhm32.dll (file missing)
O21 - SSODL: SysTray.Exmr - {73F8D5FF-6F5C-4f5b-B964-E6F214F6F852} - C:\WINDOWS\system32\gnbfgbei.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
pskelley
2006-10-21, 21:13
Not sure what you are doing, try it again. Look at the combofix log in this topic:
http://forums.spybot.info/showthread.php?t=8190 Yours will NOT be the same but it will be similiar. Read and follow the directions carefully. I would like to see that combofix log, it will save us both a lot of work.
There is a combofix log in this topic you can view also:
http://forums.spybot.info/showthread.php?p=47994#post47994
Continue to copy/paste your information like you are.
Thanks
Sunflash
2006-10-22, 02:26
Ok, here's where the problem is, what causes it I don't know. When ComboFix says that it's going to close, then reopen in no more then 10 seconds, it closes, but never comes back up.
pskelley
2006-10-22, 03:05
OK, listen up. You have a badly infected computer here and you need to keep it offline as much as possible, this junk will attract more. Command.exe is Spybot locating leftover junk Ad-aware removed badly. I understand Ad-aware may now be updated to remove what it left the last time. Update Ad-aware and run it to see. That is by far the least of your problems. You have a Qoologic trojan, DeluxeCommunications which is the hackers new SurfSideKick and loads of other junk. I suggest you may have gotten a bad download, and that you remove everything you downloaded for combofix and try the download again. This tool will remove several of the infections at once. If after you try a fresh download you are still not able to run it, post to let me know. I will start preparing instructions for removing the junk one at a time, but I will not do this until morning EST.
Thanks
pskelley
2006-10-23, 13:12
Did you have more success when you uninstalled combofix and downloaded it again? I am waiting on you.
Thanks
Sunflash
2006-10-24, 07:39
Yeah. I had to do it several times. Each time yielded better results, until finally I got the entire log. Here it is:
administrator - 06-10-23 21:32:52.33 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\"
((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\DeluxeCommunications\bak
C:\Program Files\DeluxeCommunications\Dxc.exe
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
C:\Program Files\DeluxeCommunications\bak
C:\Program Files\DeluxeCommunications\Dxc.exe
((((((((((((((((((((((((((((((( Files Created from 2006-09-23 to 2006-10-23 ))))))))))))))))))))))))))))))))))
2006-10-23 20:43 688,180 --------- C:\WINDOWS\SYSTEM32\pmkjk.dll
2006-10-23 19:54 276,918 --a------ C:\combofix.exe
2006-10-21 11:27 67,604 --a------ C:\WINDOWS\SYSTEM32\byblqaff.exe
2006-10-18 21:29 516,063 ---hs---- C:\WINDOWS\SYSTEM32\jlkkj.bak2
2006-10-18 20:33 864,256 --a------ C:\WINDOWS\SYSTEM32\DevIL.dll
2006-10-18 20:33 81,920 --a------ C:\WINDOWS\SYSTEM32\ILU.dll
2006-10-18 20:33 36,864 --a------ C:\WINDOWS\SYSTEM32\ILUT.dll
2006-10-18 20:33 161,280 --a------ C:\WINDOWS\SYSTEM32\fmod.dll
2006-10-17 21:33 66,264 --a------ C:\WINDOWS\SYSTEM32\ipv6monl.dll
2006-10-17 21:33 18,432 --a------ C:\svhost.exe
2006-10-17 21:24 98,324 --a------ C:\WINDOWS\SYSTEM32\mbjcohlm.dll
2006-10-17 21:24 465,903 ---hs---- C:\WINDOWS\SYSTEM32\jlkkj.bak1
2006-10-17 21:24 143,380 --a------ C:\WINDOWS\SYSTEM32\adqibqai.exe
2006-10-17 21:23 684,084 ---hs---- C:\WINDOWS\SYSTEM32\jkklj.dll
2006-10-17 21:08 919 --a------ C:\WINDOWS\SYSTEM32\winpfg32.sys
2006-10-17 21:07 73,728 --a------ C:\WINDOWS\win320986-133860512006.exe
2006-10-17 21:03 139,264 --a------ C:\WINDOWS\MirarSetup_876057.exe
2006-10-17 21:02 217,346 --a------ C:\WINDOWS\Setup90.exe
2006-10-17 21:01 45,065 --a------ C:\WINDOWS\TIELT001.exe
2006-10-17 21:01 433,632 --a------ C:\WINDOWS\hancerdoem.exe
2006-10-17 21:01 2,560 --a------ C:\WINDOWS\ac3_0002.exe
2006-10-17 21:00 25,600 --a------ C:\WINDOWS\xload.exe
2006-10-17 20:57 96,768 --a------ C:\WINDOWS\SYSTEM32\dxclib303562752.dll
2006-10-17 20:57 45,056 --a------ C:\WINDOWS\wpfmzds.exe
2006-10-17 20:57 353,280 --a------ C:\WINDOWS\SYSTEM32\1011_113.exe
2006-10-17 20:57 32,768 --a------ C:\WINDOWS\unstall.exe
2006-10-17 20:57 186,381 --a------ C:\WINDOWS\srvnhsvgzz.exe
2006-10-17 20:56 40,973 ---hs---- C:\WINDOWS\SYSTEM32\iifgfcd.dll
2006-10-17 20:56 32,768 --a------ C:\WINDOWS\DXCecho.exe
2006-10-17 20:56 25,600 --a------ C:\WINDOWS\next06.exe
2006-10-17 20:56 221,533 --a------ C:\WINDOWS\1011_emi03.exe
2006-10-17 20:56 2,560 --a------ C:\WINDOWS\ac3_0018.exe
2006-10-17 20:56 147,456 --a------ C:\WINDOWS\aff_0006.exe
2006-10-17 20:56 1,288 --a------ C:\WINDOWS\SYSTEM32\venf449c.sys
2006-10-12 07:14 78,848 --a------ C:\WINDOWS\SYSTEM32\nswB5C.dll
2006-10-11 10:51 115,131 --a------ C:\WINDOWS\SYSTEM32\Eim03.exe
2006-10-11 09:39 96,932 --a------ C:\WINDOWS\SYSTEM32\ts_www2.exe
2006-10-08 18:19 0 --a------ C:\AUTOEXEC.BAT
2006-10-02 12:04 806,912 --a------ C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2006-10-02 12:04 806,912 --a------ C:\WINDOWS\SYSTEM32\divx_xx07.dll
2006-10-02 12:04 790,528 --a------ C:\WINDOWS\SYSTEM32\divx_xx11.dll
2006-10-02 12:04 635,486 --a------ C:\WINDOWS\SYSTEM32\DivX.dll
2006-09-28 14:55 53,248 --a------ C:\WINDOWS\SYSTEM32\PhysXLoader.dll
2006-09-26 14:01 45,056 -ra------ C:\WINDOWS\SYSTEM32\AgCPanelJapanese.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-23 21:35 817 --ahs---- C:\WINDOWS\SYSTEM32\mmf.sys
2006-10-23 20:01 -------- d-------- C:\Program Files\DeluxeCommunications
2006-10-23 15:54 -------- d-------- C:\Program Files\CyberPay
2006-10-21 17:25 -------- d-------- C:\Program Files\QuickTime
2006-10-21 17:24 25600 --a------ C:\WINDOWS\SYSTEM32\igfxtray.exe
2006-10-21 17:24 25600 --a------ C:\WINDOWS\SYSTEM32\hkcmd.exe
2006-10-21 17:24 25600 --a------ C:\WINDOWS\SYSTEM32\ctfmon.exe
2006-10-21 11:48 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-21 11:29 -------- d-------- C:\Program Files\Common Files
2006-10-21 11:28 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\SearchToolbarCorp
2006-10-21 11:27 -------- d-------- C:\Program Files\VSToolbar
2006-10-18 19:25 -------- d-------- C:\Program Files\Windows NT
2006-10-18 19:25 -------- d-------- C:\Program Files\Common Files\rwwf
2006-10-18 19:21 -------- d-------- C:\Program Files\Lavasoft
2006-10-18 19:19 -------- d-------- C:\Program Files\Windows Media Player
2006-10-18 19:19 -------- d-------- C:\Program Files\Messenger
2006-10-17 21:35 -------- d-------- C:\Program Files\SysShield Tools
2006-10-17 21:26 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-17 21:23 -------- d-------- C:\Program Files\Microsoft Games
2006-10-17 21:23 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\Microsoft
2006-10-17 21:23 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\Microsoft
2006-10-17 21:23 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\Microsoft
2006-10-17 21:23 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\Microsoft
2006-10-17 21:17 -------- d-------- C:\Program Files\Google
2006-10-17 21:04 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\àppPatch
2006-10-17 21:04 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\àppPatch
2006-10-17 21:03 -------- d-------- C:\Program Files\T?sks
2006-10-17 21:03 -------- d-------- C:\Program Files\T?sks
2006-10-17 21:03 -------- d-------- C:\Program Files\Common Files\?ymantec
2006-10-17 21:02 -------- d-------- C:\Program Files\s?mbols
2006-10-17 21:02 -------- d-------- C:\Program Files\s?mbols
2006-10-17 21:02 -------- d-------- C:\Program Files\Common Files\çasks
2006-10-17 21:02 -------- d-------- C:\Program Files\Common Files\çasks
2006-10-17 21:02 -------- d-------- C:\Program Files\Common Files\çasks
2006-10-17 21:01 -------- d-------- C:\Program Files\çasks
2006-10-17 21:01 -------- d-------- C:\Program Files\çasks
2006-10-17 21:01 -------- d-------- C:\Program Files\çasks
2006-10-17 21:00 -------- d-------- C:\Program Files\s?curity
2006-10-17 21:00 -------- d-------- C:\Program Files\s?curity
2006-10-17 21:00 -------- d-------- C:\Program Files\Common Files\?ecurity
2006-10-17 21:00 -------- d-------- C:\Program Files\?ecurity
2006-10-17 21:00 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\s?curity
2006-10-17 21:00 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\s?curity
2006-10-17 21:00 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\?ssembly
2006-10-17 20:59 -------- d-------- C:\Program Files\Common Files\àppPatch
2006-10-17 20:59 -------- d-------- C:\Program Files\Common Files\àppPatch
2006-10-17 20:59 -------- d-------- C:\Program Files\Common Files\àppPatch
2006-10-17 20:59 -------- d-------- C:\Program Files\Common Files\s?curity
2006-10-17 20:59 -------- d-------- C:\Program Files\Common Files\s?curity
2006-10-17 20:59 -------- d-------- C:\Program Files\Common Files\M?crosoft
2006-10-17 20:59 -------- d-------- C:\Program Files\Common Files\M?crosoft
2006-10-17 20:59 -------- d-------- C:\Program Files\A?pPatch
2006-10-17 20:59 -------- d-------- C:\Program Files\A?pPatch
2006-10-17 20:59 -------- d-------- C:\Program Files\?icrosoft
2006-10-17 20:59 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\T?sks
2006-10-17 20:59 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\?racle
2006-10-17 20:59 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\?racle
2006-10-17 20:58 -------- d-------- C:\Program Files\M?crosoft
2006-10-17 20:58 -------- d-------- C:\Program Files\Common Files\W?nSxS
2006-10-17 20:58 -------- d-------- C:\Program Files\Common Files\T?sks
2006-10-17 20:58 -------- d-------- C:\Program Files\Common Files\T?sks
2006-10-17 20:58 -------- d-------- C:\Program Files\Common Files\s?mbols
2006-10-17 20:58 -------- d-------- C:\Program Files\Common Files\s?mbols
2006-10-17 20:58 -------- d-------- C:\Program Files\Common Files\S?mantec
2006-10-17 20:58 -------- d-------- C:\Program Files\Common Files\S?mantec
2006-10-17 20:58 -------- d-------- C:\Program Files\Common Files\M?crosoft.NET
2006-10-17 20:58 -------- d-------- C:\Program Files\Common Files\M?crosoft.NET
2006-10-17 20:58 -------- d-------- C:\Program Files\Common Files\F?nts
2006-10-17 20:58 -------- d-------- C:\Program Files\Common Files\F?nts
2006-10-17 20:58 -------- d-------- C:\Program Files\Common Files\a?sembly
2006-10-17 20:58 -------- d-------- C:\Program Files\Common Files\a?sembly
2006-10-17 20:58 -------- d-------- C:\Program Files\Common Files\?ystem32
2006-10-17 20:58 -------- d-------- C:\Program Files\Common Files\?ystem32
2006-10-17 20:58 -------- d-------- C:\Program Files\Common Files\?ssembly
2006-10-17 20:58 -------- d-------- C:\Program Files\Common Files\?icrosoft.NET
2006-10-17 20:58 -------- d-------- C:\Program Files\?ystem
2006-10-17 20:58 -------- d-------- C:\Program Files\?ssembly
2006-10-17 20:58 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\çasks
2006-10-17 20:58 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\çasks
2006-10-17 20:58 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\çasks
2006-10-17 20:58 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\àdobe
2006-10-17 20:58 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\W?nSxS
2006-10-17 20:58 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\s?stem32
2006-10-17 20:58 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\s?stem32
2006-10-17 20:58 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\s?mbols
2006-10-17 20:58 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\s?mbols
2006-10-17 20:58 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\S?mantec
2006-10-17 20:58 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\S?mantec
2006-10-17 20:58 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\F?nts
2006-10-17 20:58 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\F?nts
2006-10-17 20:58 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\?ystem
2006-10-17 20:58 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\?ystem
2006-10-17 20:58 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\?ymbols
2006-10-17 20:57 -------- d-------- C:\Program Files\àppPatch
2006-10-17 20:57 -------- d-------- C:\Program Files\àppPatch
2006-10-17 20:57 -------- d-------- C:\Program Files\àdobe
2006-10-17 20:57 -------- d-------- C:\Program Files\W?nSxS
2006-10-17 20:57 -------- d-------- C:\Program Files\s?stem32
2006-10-17 20:57 -------- d-------- C:\Program Files\s?stem32
2006-10-17 20:57 -------- d-------- C:\Program Files\s?stem
2006-10-17 20:57 -------- d-------- C:\Program Files\s?stem
2006-10-17 20:57 -------- d-------- C:\Program Files\S?mantec
2006-10-17 20:57 -------- d-------- C:\Program Files\S?mantec
2006-10-17 20:57 -------- d-------- C:\Program Files\Common Files\àdobe
2006-10-17 20:57 -------- d-------- C:\Program Files\Common Files\?ymbols
2006-10-17 20:57 -------- d-------- C:\Program Files\Common Files\?racle
2006-10-17 20:57 -------- d-------- C:\Program Files\Common Files\?icrosoft
2006-10-17 20:57 -------- d-------- C:\Program Files\a?sembly
2006-10-17 20:57 -------- d-------- C:\Program Files\a?sembly
2006-10-17 20:57 -------- d-------- C:\Program Files\?ystem32
2006-10-17 20:57 -------- d-------- C:\Program Files\?ymbols
2006-10-17 20:57 -------- d-------- C:\Program Files\?racle
2006-10-17 20:57 -------- d-------- C:\Program Files\?racle
2006-10-17 20:57 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\a?sembly
2006-10-17 20:57 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\a?sembly
2006-10-17 20:57 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\?ystem32
2006-10-17 20:57 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\?ecurity
2006-10-17 20:56 -------- d-------- C:\Program Files\F?nts
2006-10-17 20:56 -------- d-------- C:\Program Files\?ymantec
2006-10-17 20:56 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\M?crosoft.NET
2006-10-17 20:56 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\M?crosoft.NET
2006-10-17 20:56 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\A?pPatch
2006-10-17 20:56 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\A?pPatch
2006-10-17 20:56 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\?ymantec
2006-10-14 14:46 -------- d-------- C:\Program Files\DivX
2006-10-14 14:36 -------- d-------- C:\Program Files\MTV Networks
2006-10-14 14:24 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-10-13 22:06 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-13 22:03 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-09 20:21 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\AdobeUM
2006-10-08 15:51 -------- d-------- C:\Program Files\3D World Studio
2006-10-08 12:52 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\Right Hemisphere
2006-10-08 12:51 -------- d-------- C:\Program Files\Right Hemisphere
2006-10-08 12:04 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\Adobe
2006-10-07 14:46 -------- d-------- C:\Program Files\AGEIA Technologies
2006-10-07 14:05 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-09-22 07:38 53248 --a------ C:\WINDOWS\109uninst.exe
2006-09-22 07:36 53248 --a------ C:\WINDOWS\uni_7eh.exe
2006-09-19 21:41 -------- d-------- C:\Program Files\MSN Messenger
2006-09-10 13:05 -------- d-------- C:\Program Files\Adobe
2006-09-10 13:05 -------- d-------- C:\Program Files\Adobe
2006-09-08 09:01 45056 -ra------ C:\WINDOWS\SYSTEM32\AgCPanelTraditionalChinese.dll
2006-09-08 09:01 45056 -ra------ C:\WINDOWS\SYSTEM32\AgCPanelSwedish.dll
2006-09-08 09:01 45056 -ra------ C:\WINDOWS\SYSTEM32\AgCPanelSpanish.dll
2006-09-08 09:01 45056 -ra------ C:\WINDOWS\SYSTEM32\AgCPanelSimplifiedChinese.dll
2006-09-08 09:01 45056 -ra------ C:\WINDOWS\SYSTEM32\AgCPanelPortugese.dll
2006-09-08 09:01 45056 -ra------ C:\WINDOWS\SYSTEM32\AgCPanelKorean.dll
2006-09-08 09:01 45056 -ra------ C:\WINDOWS\SYSTEM32\AgCPanelGerman.dll
2006-09-08 09:01 45056 -ra------ C:\WINDOWS\SYSTEM32\AgCPanelFrench.dll
2006-08-30 22:05 -------- d-------- C:\Documents and Settings\administrator.KITSAPPAYROLL\Application Data\Skype
2006-08-24 22:42 8704 --a------ C:\WINDOWS\SYSTEM32\wdfmgr.exe
2006-08-24 22:42 8704 --a------ C:\WINDOWS\SYSTEM32\uwdf.exe
2006-08-24 22:30 99840 --a------ C:\WINDOWS\SYSTEM32\wmpshell.dll
2006-08-24 22:30 990208 --a------ C:\WINDOWS\SYSTEM32\drmv2clt.dll
2006-08-24 22:30 937984 --a------ C:\WINDOWS\SYSTEM32\WMNetMgr.dll
2006-08-24 22:30 8337920 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
2006-08-24 22:30 790016 --------- C:\WINDOWS\SYSTEM32\WMVSENCD.dll
2006-08-24 22:30 757248 --a------ C:\WINDOWS\SYSTEM32\WMADMOD.dll
2006-08-24 22:30 7168 --a------ C:\WINDOWS\SYSTEM32\asferror.dll
The rest is in the next post:
Sunflash
2006-10-24, 07:39
2006-08-24 22:30 656896 --------- C:\WINDOWS\SYSTEM32\WMVXENCD.dll
2006-08-24 22:30 63488 --a------ C:\WINDOWS\SYSTEM32\wpdmtpus.dll
2006-08-24 22:30 629760 --a------ C:\WINDOWS\SYSTEM32\wpd_ci.dll
2006-08-24 22:30 611840 --------- C:\WINDOWS\SYSTEM32\wmpmde.dll
2006-08-24 22:30 603648 --a------ C:\WINDOWS\SYSTEM32\WMSPDMOD.dll
2006-08-24 22:30 537600 --a------ C:\WINDOWS\SYSTEM32\blackbox.dll
2006-08-24 22:30 532992 --------- C:\WINDOWS\SYSTEM32\wmdrmsdk.dll
2006-08-24 22:30 428032 --a------ C:\WINDOWS\SYSTEM32\wmdrmdev.dll
2006-08-24 22:30 414208 --a------ C:\WINDOWS\SYSTEM32\msscp.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\SYSTEM32\wmvdmoe2.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\SYSTEM32\wmvdmod.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\SYSTEM32\WMVADVE.DLL
2006-08-24 22:30 4096 --a------ C:\WINDOWS\SYSTEM32\WMVADVD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\SYSTEM32\wmsdmoe2.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\SYSTEM32\wmsdmod.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\SYSTEM32\wdfapi.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\SYSTEM32\MPG4DMOD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\SYSTEM32\MP4SDMOD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\SYSTEM32\MP43DMOD.dll
2006-08-24 22:30 37376 --a------ C:\WINDOWS\SYSTEM32\wmdmps.dll
2006-08-24 22:30 35840 --a------ C:\WINDOWS\SYSTEM32\wpdconns.dll
2006-08-24 22:30 349184 --a------ C:\WINDOWS\SYSTEM32\wpdsp.dll
2006-08-24 22:30 347648 --a------ C:\WINDOWS\SYSTEM32\wmdrmnet.dll
2006-08-24 22:30 33792 --a------ C:\WINDOWS\SYSTEM32\wmdmlog.dll
2006-08-24 22:30 320512 --a------ C:\WINDOWS\SYSTEM32\mswmdm.dll
2006-08-24 22:30 316928 --------- C:\WINDOWS\SYSTEM32\MP4SDECD.dll
2006-08-24 22:30 314368 --a------ C:\WINDOWS\SYSTEM32\wmpdxm.dll
2006-08-24 22:30 305152 --------- C:\WINDOWS\SYSTEM32\MSDelta.dll
2006-08-24 22:30 295424 --------- C:\WINDOWS\SYSTEM32\wmpeffects.dll
2006-08-24 22:30 284160 --------- C:\WINDOWS\SYSTEM32\PortableDeviceApi.dll
2006-08-24 22:30 276480 --a------ C:\WINDOWS\SYSTEM32\audiodev.dll
2006-08-24 22:30 27648 --a------ C:\WINDOWS\SYSTEM32\mspmsnsv.dll
2006-08-24 22:30 259072 --------- C:\WINDOWS\SYSTEM32\MPG4DECD.dll
2006-08-24 22:30 2589184 --------- C:\WINDOWS\SYSTEM32\WpdShext.dll
2006-08-24 22:30 258560 --------- C:\WINDOWS\SYSTEM32\MP43DECD.dll
2006-08-24 22:30 2450944 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-08-24 22:30 242176 --a------ C:\WINDOWS\SYSTEM32\wmpasf.dll
2006-08-24 22:30 228352 --a------ C:\WINDOWS\SYSTEM32\cewmdm.dll
2006-08-24 22:30 227328 --a------ C:\WINDOWS\SYSTEM32\wmerror.dll
2006-08-24 22:30 222208 --a------ C:\WINDOWS\SYSTEM32\WMASF.dll
2006-08-24 22:30 211968 --------- C:\WINDOWS\SYSTEM32\MFPLAT.dll
2006-08-24 22:30 210432 --a------ C:\WINDOWS\SYSTEM32\qasf.dll
2006-08-24 22:30 204800 --a------ C:\WINDOWS\SYSTEM32\wmpsrcwp.dll
2006-08-24 22:30 198144 --------- C:\WINDOWS\SYSTEM32\PortableDeviceWMDRM.dll
2006-08-24 22:30 179712 --a------ C:\WINDOWS\SYSTEM32\msnetobj.dll
2006-08-24 22:30 175104 --a------ C:\WINDOWS\SYSTEM32\mspmsp.dll
2006-08-24 22:30 166912 --------- C:\WINDOWS\SYSTEM32\PortableDeviceTypes.dll
2006-08-24 22:30 1660416 --a------ C:\WINDOWS\SYSTEM32\wmpencen.dll
2006-08-24 22:30 157184 --a------ C:\WINDOWS\SYSTEM32\wmidx.dll
2006-08-24 22:30 154624 --a------ C:\WINDOWS\SYSTEM32\wpdmtp.dll
2006-08-24 22:30 1539584 --------- C:\WINDOWS\SYSTEM32\WMVDECOD.dll
2006-08-24 22:30 1532416 --------- C:\WINDOWS\SYSTEM32\WMVENCOD.dll
2006-08-24 22:30 1392128 --------- C:\WINDOWS\SYSTEM32\WMVSDECD.dll
2006-08-24 22:30 133120 --------- C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll
2006-08-24 22:30 1327616 --a------ C:\WINDOWS\SYSTEM32\WMSPDMOE.dll
2006-08-24 22:30 132096 --------- C:\WINDOWS\SYSTEM32\PortableDeviceWiaCompat.dll
2006-08-24 22:30 130048 --------- C:\WINDOWS\SYSTEM32\wmpps.dll
2006-08-24 22:30 11264 --a------ C:\WINDOWS\SYSTEM32\LAPRXY.dll
2006-08-24 22:30 1118208 --a------ C:\WINDOWS\SYSTEM32\WMADMOE.dll
2006-08-24 22:30 101888 --------- C:\WINDOWS\SYSTEM32\PortableDeviceClassExtension.dll
2006-08-24 20:31 100864 --a------ C:\WINDOWS\SYSTEM32\logagent.exe
2006-08-24 20:27 249344 --------- C:\WINDOWS\SYSTEM32\drmupgds.exe
2006-08-24 20:26 95288 --------- C:\WINDOWS\SYSTEM32\WUDFCoinstaller.dll
2006-08-24 20:26 38656 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wpdusb.sys
2006-08-24 20:26 17408 --------- C:\WINDOWS\SYSTEM32\wpdshextautoplay.exe
2006-08-24 19:22 90112 --------- C:\WINDOWS\SYSTEM32\DRIVERS\WudfRd.sys
2006-08-24 19:19 316416 --------- C:\WINDOWS\SYSTEM32\WUDFx.dll
2006-08-24 19:19 145920 --------- C:\WINDOWS\SYSTEM32\WudfHost.exe
2006-08-24 19:18 84864 --------- C:\WINDOWS\SYSTEM32\DRIVERS\WudfPf.sys
2006-08-24 19:18 56320 --------- C:\WINDOWS\SYSTEM32\WudfSvc.dll
2006-08-24 19:18 168448 --------- C:\WINDOWS\SYSTEM32\WudfPlatform.dll
2006-08-11 20:14 22752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2006-08-10 16:03 73728 --a------ C:\WINDOWS\SYSTEM32\dpl100.dll
2006-08-10 16:03 196608 --a------ C:\WINDOWS\SYSTEM32\dtu100.dll
2006-08-07 08:17 61440 --a------ C:\WINDOWS\SYSTEM32\BattyRun2.dll
2006-07-28 09:30 62744 --a------ C:\WINDOWS\SYSTEM32\xinput1_2.dll
2006-07-28 09:30 236824 --a------ C:\WINDOWS\SYSTEM32\xactengine2_3.dll
2006-07-27 10:28 3596288 --a------ C:\WINDOWS\SYSTEM32\qt-dx331.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Synchronization Manager"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,\
73,74,65,6d,33,32,5c,6d,6f,62,73,79,6e,63,2e,65,78,65,20,2f,6c,6f,67,6f,6e,\
00
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"CW"="\"C:\\Program Files\\CW4\\cw4.exe\""
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\TBMon.exe\""
"venf449c"="RUNDLL32.EXE w19b254e.dll,n 005f44970000001219b254e"
"mmnext06"="C:\\WINDOWS\\next06.exe"
"xload"="\"C:\\WINDOWS\\xload.exe\""
"{68-81-17-7E-ZN}"="C:\\windows\\system32\\ojdsregm.exe ELT001"
"ms05605186-1338"="C:\\WINDOWS\\ms05605186-1338.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"Register Homesite+.exe"="\"C:\\Program Files\\Macromedia\\HomeSite+\\Homesite+.exe\" /REGSERVER"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\Windows Media Player\\kyzerek.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Messenger\\howypyheg.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"ClassicShell"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"ClassicShell"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"ClassicShell"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"B0DGIBHE"="{1431317B-4B9E-24A3-6AF8-0CBB4E634506}"
"mtklefap"="{1522EB60-18DF-4E9A-4993-92BAA694032F}"
"mtklefa"="{333A83B4-46A3-472B-C684-46DC29992870}"
"SysTray.Exmr"="{73F8D5FF-6F5C-4f5b-B964-E6F214F6F852}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Intuit\\QUICKB~1\\QBUpdate\\qbupdate.exe "
"item"="QuickBooks Update Agent"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bldbubg"
"hkey"="HKLM"
"command"="c:\\dell\\bldbubg.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DSAgnt"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DVDLauncher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hkcmd.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxtray.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSCD_Creator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PreODM"
"hkey"="HKLM"
"command"="c:\\Dell\\PreODM.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QBReminder"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Intuit\\QuickBooks 2005\\Atom\\QBReminder.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="smax4pnp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"inimapping"="0"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dvd4free
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkklj
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DELL100-Jim Craswell).job
Completion time: 06-10-23 22:02:04.79
C:\ComboFix.txt ... 06-10-23 22:02
C:\ComboFix2.txt ... 06-10-23 20:02
pskelley
2006-10-24, 12:24
Thanks for getting combofix to work:bigthumb: that got some of the junk. I need to see a new HJT log. It will require a little time to research questionable files located and I may need your help. Post the HJT log and try to stay offline if possible. The junk will attract more junk.
Thanks
pskelley
2006-10-24, 14:40
You have a real mess, I suggest you keep this computer offline eccept when troubleshooting. This junk is going to attract more.
Return here: C:\hijackthis\HijackThis.exe <<< rename this file to say Sunflash.exe Make sure you restart the computer. I think we have a hidden Vundo trojan, the next HJT will tell us.
Once you post that log then follow the instructions in this link:
http://www.virusvault.co.uk/fusionbb/showtopic.php?tid/33/
Thanks to John McKenna for the tutorial
Post the scan results when you get them, include a new HJT log with those results.
Thanks
Sunflash
2006-10-24, 16:35
Ok. The scan is going on now. I have to leave to school any minute so I'm not sure how much I can get done this morning. I'll be gone all day to. I'll try to get those logs up before I leave though.
gahhh! It froze my computer. Drats. it was just quarintined. Hmm, I'll let it sit awhile and maybe it will start working.
Sunflash
2006-10-24, 16:59
OK, in the end I had to restart the scanning process. It's going now. I'm really mad I didn't get that log, but if it helps, all (or at least most) of the infections are listed on a page of AVG. If you really need it, I could take screen shots of each page, but I doubt it contains as much info as a log would.
Anyways, here's the scan results:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 07:54 06-10-24
+ Scan result:
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0054049.dll -> Adware.AutoSearch : Ignored.
C:\WINDOWS\aff_0006.exe/AutoSearch.dll -> Adware.AutoSearch : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0054076.dll -> Adware.CASClient : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0054294.exe -> Adware.CASClient : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP361\A0054688.exe -> Adware.CASClient : Ignored.
C:\WINDOWS\SYSTEM32\BattyRun2.dll -> Adware.CASClient : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0054288.exe -> Adware.CommAd : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0054620.dll -> Adware.CommAd : Ignored.
C:\Program Files\DeluxeCommunications -> Adware.DeluxeCommunications : Ignored.
C:\Program Files\DeluxeCommunications\Dxc.exe -> Adware.DeluxeCommunications : Ignored.
C:\Program Files\DeluxeCommunications\bak -> Adware.DeluxeCommunications : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0052781.dll -> Adware.EZula : Ignored.
C:\WINDOWS\motorsix.ocx -> Adware.MediaMotor : Ignored.
C:\WINDOWS\unstall.exe -> Adware.MediaMotor : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0054053.dll -> Adware.Mirar : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP361\A0054685.dll -> Adware.Mirar : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0052814.exe -> Adware.PurityScan : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0054042.exe -> Adware.PurityScan : Ignored.
C:\WINDOWS\MirarSetup_876057.exe -> Adware.SaveNow : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP363\A0055024.exe -> Adware.SurfSide : Ignored.
C:\WINDOWS\SYSTEM32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[1068] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[1128] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[1260] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[1432] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[1456] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[1540] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[1596] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[1640] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[1664] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[1680] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[1776] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[2788] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[3892] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[652] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[700] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[712] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[896] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[968] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP363\A0055025.dll -> Adware.TargetServer : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0052357.dll -> Adware.TrafficSol : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0053855.dll -> Adware.TrafficSol : Ignored.
C:\WINDOWS\SYSTEM32\iifgfcd.dll -> Adware.Virtumonde : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0052782.exe -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0052783.dll -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0053841.exe -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0053844.exe -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0053845.dll -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0053846.exe -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0053847.dll -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0053848.exe -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0053850.dll -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0053851.exe -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0053861.dll -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0053862.dll -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0054065.exe -> Adware.ZenoSearch : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0054067.exe -> Adware.ZenoSearch : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0054068.exe -> Adware.ZenoSearch : Ignored.
C:\WINDOWS\TIELT001.exe -> Adware.ZenoSearch : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP363\A0055022.exe -> Downloader.Small.cln : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP363\A0055019.exe -> Downloader.Small.cyh : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP363\A0055020.exe -> Downloader.Small.cyh : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP363\A0055015.exe -> Downloader.TSUpdate.f : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP363\A0055014.exe -> Downloader.TSUpdate.r : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP363\A0055021.exe -> Downloader.VB.wz : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP363\A0055023.exe -> Dropper.Agent.mu : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP363\A0055016.exe -> Dropper.Delf.aad : Ignored.
C:\Documents and Settings\cheryl\Local Settings\Temporary Internet Files\Content.IE5\VLQULHAY\WinAntiVirusPro2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0054062.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP363\A0055017.exe -> Trojan.VB.tg : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP363\A0055018.exe -> Trojan.VB.tg : Ignored.
::Report end
The HijackThis.exe log will follow.
Sunflash
2006-10-24, 17:09
Here's the new HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 08:05, on 06-10-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\userinit.exe
C:\hijackthis\Sunflash.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\mbjcohlm.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {4d62db20-b5ff-4199-9666-b44e12c67d6a} - C:\WINDOWS\system32\CSS591.dll
O2 - BHO: (no name) - {5CBE8308-7437-4218-9EDF-76B0CC9A0D05} - C:\WINDOWS\system32\jkklj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [CW] "C:\Program Files\CW4\cw4.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [venf449c] RUNDLL32.EXE w19b254e.dll,n 005f44970000001219b254e
O4 - HKLM\..\Run: [{68-81-17-7E-ZN}] C:\windows\system32\ojdsregm.exe ELT001
O4 - HKLM\..\Run: [ms05605186-1338] C:\WINDOWS\ms05605186-1338.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: UPS OnLine PLD Reminder Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.mcafeeasap.com
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} - http://vs.mcafeeasap.com/MC/ENU/VS40/bin/myCioAgt.20060504175614.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KitsapPayroll.local
O17 - HKLM\Software\..\Telephony: DomainName = KitsapPayroll.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = KitsapPayroll.local
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0792.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0792.00.dll
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: awvtr - awvtr.dll (file missing)
O20 - Winlogon Notify: CSS591 - C:\WINDOWS\SYSTEM32\CSS591.dll
O20 - Winlogon Notify: dvd4free - dvd4free.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkklj - C:\WINDOWS\system32\jkklj.dll (file missing)
O21 - SSODL: B0DGIBHE - {1431317B-4B9E-24A3-6AF8-0CBB4E634506} - C:\WINDOWS\system32\Lkkbda32.dll (file missing)
O21 - SSODL: mtklefap - {1522EB60-18DF-4E9A-4993-92BAA694032F} - (no file)
O21 - SSODL: mtklefa - {333A83B4-46A3-472B-C684-46DC29992870} - C:\WINDOWS\system32\ormhm32.dll (file missing)
O21 - SSODL: SysTray.Exmr - {73F8D5FF-6F5C-4f5b-B964-E6F214F6F852} - C:\WINDOWS\system32\gnbfgbei.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
pskelley
2006-10-24, 17:36
Why would you "ignore" the junk the spyware program located??? Make sure you run it in Safe Mode:
http://www.bleepingcomputer.com/tutorials/tutorial61.html
choose to delete or quarantine whatever it locates unless you know it is not bad. You are making this much harder on both of us than it should be.
When you have deleted or quarantined what AVG Anti-Spyware locates, follow the directions in the tutorial to save and post the log. Include a new HJT log that is created after the AVG Anti-Spyware scan is complete.
Thanks:sad:
Sunflash
2006-10-24, 18:46
I saved the log, then I quirintined the infected files. Whenever I quirintine it goes half way then freezes the computer. The log says it's ignored because that was the current setting when I save the log. The HJT log was taken after everything from the HJT scan that could be was cleaned.
pskelley
2006-10-24, 18:52
Please go back and read the instructions for running AVG Anti-Spyware I posted. Then follow the directions I posted.
Thanks
Sunflash
2006-10-25, 08:36
Gahhh! I finally got both the log, then I restarted windows again and booted into windows noramally, but it erased my log!! Gahh... So I'm going to do it all over again, but this time, if it's ok, I'm going to allow netorking in safe mode so I can place the logs on a drive that my other computers can access.
Sunflash
2006-10-25, 08:42
Oh, nevermind. I was able to locate the backup files that each program saves on default. Here's the AVG log:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 11:19:42 PM 10/24/2006
+ Scan result:
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0054049.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\aff_0006.exe/AutoSearch.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0054076.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0054294.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP361\A0054688.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\BattyRun2.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0054288.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0054620.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Program Files\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
C:\Program Files\DeluxeCommunications\bak -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0052781.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\WINDOWS\motorsix.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\unstall.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0054053.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP361\A0054685.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0052814.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0054042.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\MirarSetup_876057.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP363\A0055028.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP363\A0055029.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP363\A0055025.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0052357.dll -> Adware.TrafficSol : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0053855.dll -> Adware.TrafficSol : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\iifgfcd.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0052782.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0052783.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0053841.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0053844.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0053845.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0053846.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0053847.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0053848.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0053850.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0053851.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0053861.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0053862.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0054065.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0054067.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0054068.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\TIELT001.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\cheryl\Local Settings\Temporary Internet Files\Content.IE5\VLQULHAY\WinAntiVirusPro2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0054062.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
C:\Documents and Settings\cheryl\Cookies\cheryl@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@247realmedia[3].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@247realmedia[4].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@247realmedia[5].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[10].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[11].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[12].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[13].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[14].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[15].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[16].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[17].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[18].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[19].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[20].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[21].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[22].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[23].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[24].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[25].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[26].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[27].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[28].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[29].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[30].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[31].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[32].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[33].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[34].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[35].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[36].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[37].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[38].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[3].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[4].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[5].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[6].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[7].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[8].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@2o7[9].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@americanexpress.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@bookspan.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@cnn.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@coxhsi.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@dealnews.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@harpo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@hollywoodentertainment.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ldproducts.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@nbcuniversal.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tcompany.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@wastatedor.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.addynamix[3].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.addynamix[4].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.addynamix[5].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.addynamix[6].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@rotator.dex.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@rotator.dex.adjuggler[3].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@thunderbolt.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@thunderbolt.adjuggler[3].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@thunderbolt.adjuggler[4].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@adrevolver[10].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@adrevolver[12].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@adrevolver[5].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@adrevolver[9].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@z1.adserver[10].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@z1.adserver[2].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@z1.adserver[4].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@z1.adserver[5].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@z1.adserver[6].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@z1.adserver[7].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@z1.adserver[8].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@z1.adserver[9].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@advertising[10].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@advertising[11].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@advertising[12].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@advertising[13].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@advertising[14].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@advertising[15].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@advertising[16].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@advertising[17].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@advertising[18].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@advertising[19].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@advertising[20].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@advertising[21].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@advertising[4].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@advertising[5].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@advertising[6].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@advertising[7].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@advertising[8].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@advertising[9].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@atdmt[4].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@bfast[3].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@bluestreak[3].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@bluestreak[4].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@bluestreak[5].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@bluestreak[6].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@bluestreak[7].txt -> TrackingCookie.Bluestreak : Cleaned.
Continued on next post:
Sunflash
2006-10-25, 08:43
C:\Documents and Settings\cheryl\Cookies\cheryl@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@citi.bridgetrack[4].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@citi.bridgetrack[5].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@www.burstbeacon[10].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@www.burstbeacon[11].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@www.burstbeacon[12].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@www.burstbeacon[3].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@www.burstbeacon[4].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@www.burstbeacon[5].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@www.burstbeacon[6].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@www.burstbeacon[7].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@www.burstbeacon[8].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@www.burstbeacon[9].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@burstnet[10].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@burstnet[12].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@burstnet[3].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@burstnet[4].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@burstnet[5].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@burstnet[6].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@burstnet[7].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@burstnet[8].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@burstnet[9].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@www.burstnet[3].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@www.burstnet[4].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@www.burstnet[5].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@www.burstnet[6].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@www.burstnet[7].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@www.burstnet[8].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@www.burstnet[9].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@casalemedia[10].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@casalemedia[11].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@casalemedia[3].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@casalemedia[4].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@casalemedia[5].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@casalemedia[6].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@casalemedia[7].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@casalemedia[8].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@com[3].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@commission-junction[2].txt -> TrackingCookie.Commission-junction : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@twci.coremetrics[2].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@bilbo.counted[1].txt -> TrackingCookie.Counted : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@bilbo.counted[2].txt -> TrackingCookie.Counted : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ad.doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ad.doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@doubleclick[3].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@adopt.euroclick[3].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@fastclick[3].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@fastclick[4].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@fastclick[5].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@fastclick[6].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@fastclick[7].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@fastclick[8].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@media.fastclick[3].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@media.fastclick[4].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@media.fastclick[5].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@cityclub.gamingpromo[2].txt -> TrackingCookie.Gamingpromo : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@gamingpromo[1].txt -> TrackingCookie.Gamingpromo : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@c.goclick[3].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ehg-bestbuy.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ehg-bestwestern.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ehg-bestwestern.hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ehg-bizjournals.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ehg-comcast.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ehg-comcast.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ehg-darden.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ehg-dig.hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ehg-hollywood.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ehg-knightridder.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ehg-medtronic.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ehg-pcsecurityshield.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ehg-vigetlabs.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ehg-vmware.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ehg.hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ehg.hitbox[4].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@hitbox[10].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@hitbox[11].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@hitbox[12].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@hitbox[13].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@hitbox[14].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@hitbox[16].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@hitbox[4].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@hitbox[5].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@hitbox[6].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@hitbox[7].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@hitbox[8].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@hitbox[9].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@server.iad.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@server.iad.liveperson[4].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@server.iad.liveperson[5].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@mediaplex[3].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@mediaplex[4].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@overture[3].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@overture[4].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@overture[6].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.pointroll[10].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.pointroll[11].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.pointroll[12].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.pointroll[13].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.pointroll[14].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.pointroll[15].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.pointroll[16].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.pointroll[17].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.pointroll[18].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.pointroll[19].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.pointroll[20].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.pointroll[21].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.pointroll[22].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.pointroll[23].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.pointroll[24].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.pointroll[26].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.pointroll[3].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.pointroll[4].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.pointroll[5].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.pointroll[6].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.pointroll[7].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.pointroll[8].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ads.pointroll[9].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@qksrv[3].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@qksrv[4].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@questionmarket[10].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@questionmarket[11].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@questionmarket[12].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@questionmarket[13].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@questionmarket[14].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@questionmarket[15].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@questionmarket[16].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@questionmarket[17].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@questionmarket[18].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@questionmarket[19].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@questionmarket[20].txt -> TrackingCookie.Questionmarket : Cleaned.
Continued:
Sunflash
2006-10-25, 08:44
C:\Documents and Settings\cheryl\Cookies\cheryl@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@revenue[3].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@edge.ru4[3].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@edge.ru4[4].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@edge.ru4[5].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@edge.ru4[6].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@edge.ru4[7].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@edge.ru4[8].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@edge.ru4[9].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@bs.serving-sys[3].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@bs.serving-sys[4].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@bs.serving-sys[5].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@bs.serving-sys[6].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@serving-sys[3].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@serving-sys[4].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@serving-sys[5].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@serving-sys[6].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@serving-sys[7].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@serving-sys[8].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@serving-sys[9].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@adopt.specificclick[3].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@adopt.specificclick[4].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@adopt.specificclick[5].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@adopt.specificclick[6].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@adopt.specificclick[7].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@adopt.specificclick[8].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@h.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@statcounter[10].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@statcounter[3].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@statcounter[4].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@statcounter[5].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@statcounter[6].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@statcounter[7].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@statcounter[9].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@anad.tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@anad.tacoda[4].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@anat.tacoda[4].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tacoda[10].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tacoda[11].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tacoda[12].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tacoda[13].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tacoda[14].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tacoda[15].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tacoda[16].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tacoda[17].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tacoda[18].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tacoda[19].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tacoda[20].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tacoda[21].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tacoda[22].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tacoda[4].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tacoda[5].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tacoda[6].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tacoda[7].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tacoda[8].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tacoda[9].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@trafficmp[3].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@trafficmp[5].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@trafficmp[6].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tribalfusion[10].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tribalfusion[11].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tribalfusion[3].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tribalfusion[4].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tribalfusion[5].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tribalfusion[6].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tribalfusion[7].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tribalfusion[8].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@tribalfusion[9].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@statse.webtrendslive[10].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@statse.webtrendslive[11].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@statse.webtrendslive[12].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@statse.webtrendslive[13].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@statse.webtrendslive[14].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@statse.webtrendslive[3].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@statse.webtrendslive[4].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@statse.webtrendslive[5].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@statse.webtrendslive[6].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@statse.webtrendslive[7].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@statse.webtrendslive[8].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@statse.webtrendslive[9].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ad.yieldmanager[4].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ad.yieldmanager[5].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ad.yieldmanager[6].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@ad.yieldmanager[8].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@c1.zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@zedo[10].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@zedo[11].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@zedo[12].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@zedo[13].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@zedo[14].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@zedo[15].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@zedo[16].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@zedo[17].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@zedo[18].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@zedo[20].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@zedo[21].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@zedo[22].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@zedo[23].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@zedo[24].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@zedo[3].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@zedo[4].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@zedo[5].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@zedo[6].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@zedo[7].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@zedo[8].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\cheryl\Cookies\cheryl@zedo[9].txt -> TrackingCookie.Zedo : Cleaned.
::Report end
Sunflash
2006-10-25, 08:45
And here's the HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 11:27:05 PM, on 10/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\windows\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis\Sunflash2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\mbjcohlm.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {4d62db20-b5ff-4199-9666-b44e12c67d6a} - C:\WINDOWS\system32\CSS591.dll
O2 - BHO: (no name) - {5CBE8308-7437-4218-9EDF-76B0CC9A0D05} - C:\WINDOWS\system32\jkklj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [CW] "C:\Program Files\CW4\cw4.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [venf449c] RUNDLL32.EXE w19b254e.dll,n 005f44970000001219b254e
O4 - HKLM\..\Run: [{68-81-17-7E-ZN}] C:\windows\system32\ojdsregm.exe ELT001
O4 - HKLM\..\Run: [ms05605186-1338] C:\WINDOWS\ms05605186-1338.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: UPS OnLine PLD Reminder Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} - http://vs.mcafeeasap.com/MC/ENU/VS40/bin/myCioAgt.20060504175614.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KitsapPayroll.local
O17 - HKLM\Software\..\Telephony: DomainName = KitsapPayroll.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = KitsapPayroll.local
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0792.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0792.00.dll
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: awvtr - awvtr.dll (file missing)
O20 - Winlogon Notify: CSS591 - C:\WINDOWS\SYSTEM32\CSS591.dll
O20 - Winlogon Notify: dvd4free - dvd4free.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkklj - C:\WINDOWS\system32\jkklj.dll (file missing)
O21 - SSODL: B0DGIBHE - {1431317B-4B9E-24A3-6AF8-0CBB4E634506} - C:\WINDOWS\system32\Lkkbda32.dll (file missing)
O21 - SSODL: mtklefap - {1522EB60-18DF-4E9A-4993-92BAA694032F} - (no file)
O21 - SSODL: mtklefa - {333A83B4-46A3-472B-C684-46DC29992870} - C:\WINDOWS\system32\ormhm32.dll (file missing)
O21 - SSODL: SysTray.Exmr - {73F8D5FF-6F5C-4f5b-B964-E6F214F6F852} - C:\WINDOWS\system32\gnbfgbei.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
pskelley
2006-10-25, 12:58
Thanks for returning the information, however we have these two problems.
1) The log was run in safe mode, post all logs in Normal Mode unless I request otherwise.
2) You are running MSCONFIG in Selective Startup. I must see the logs with everything enabled. Return to MSConfig (Start > Run > type msconfig then ok. Click the Startup tab, then the Enable All button. Then Apply and OK your way out. You can return to Selective Startup to save your resources when your computer is clean.
**we have a lot of work to do, I am choosing the less complex methods to make it easier on you. You must read the instructions and follow it carefully, print the instructions if it helps. If there is something you do not understand, post to ask. Anything you think I should know, post it for me.
You need to keep this infected machine offline until we get it cleaned up, the junk will attract more. Let's proceed like this.
3) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
4) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
5) Thanks to Atribune and any others who helped with this fix. You may have to run this fix several times, you wat all of the files it located to be deleted.
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
If there is a file VundoFix doesn't find we need it submitted. Please submit
the files to upload malware http://www.uploadmalware.com
(Save the reports until you are finished the instructions)
6) Start > Control Panel > Add Remove programs and uninstall VSToolbar and MyWaySearch if there. Also uninstall any other program you know do not belong there. If you are not sure, let me know and I will look.
7) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\mbjcohlm.dll
O2 - BHO: (no name) - {4d62db20-b5ff-4199-9666-b44e12c67d6a} - C:\WINDOWS\system32\CSS591.dll
O2 - BHO: (no name) - {5CBE8308-7437-4218-9EDF-76B0CC9A0D05} - C:\WINDOWS\system32\jkklj.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [venf449c] RUNDLL32.EXE w19b254e.dll,n 005f44970000001219b254e
O4 - HKLM\..\Run: [{68-81-17-7E-ZN}] C:\windows\system32\ojdsregm.exe ELT001 G
O4 - HKLM\..\Run: [ms05605186-1338] C:\WINDOWS\ms05605186-1338.exe
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: awvtr - awvtr.dll (file missing)
O20 - Winlogon Notify: CSS591 - C:\WINDOWS\SYSTEM32\CSS591.dll
O20 - Winlogon Notify: dvd4free - dvd4free.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkklj - C:\WINDOWS\system32\jkklj.dll (file missing)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
8) RIGHT Click on Start then click on Explore. Locate and delete these itemsif they are there. Do not miss them.
C:\windows\system32\ojdsregm.exe <<< delete that file
C:\WINDOWS\ms05605186-1338.exe <<< delete that file
C:\Program Files\MyWaySearch\ <<< delete that folder
C:\Program Files\VSToolbar\ <<< delete that folder
9) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart the computer and post the vundofix.txt, a new HJT log and any comments you think will help. Make sure that HJT log is posted with everything enabled in MSConfig and in Normal Mode.
Thanks
Sunflash
2006-10-26, 03:43
Ok, thanks Kelly. I'll try and do all that before I go to bed tonight.
Sunflash
2006-10-26, 05:19
Ok, I've finished it all. Tell me if this works.
NOTES:
1) When removing the items you told me with Hijackthis.exe, I didn't find the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
2) When deleting the 2 files and 2 folders you told me to get, I only found the two folders. I couldn't locate either of the files.
3) When removing the programs, I successfully uninstalled VSToolbar, however, When I tried to delete the program MyWay Search Assistant Windows returned an error saying "Error: [path]. Module could not be located." So that application hasn't been removed.
Here is the VundoFix.exe log:
VundoFix V6.2.6
Checking Java version...
Java version is 1.4.2.3
Java version is 1.5.0.6
Scan started at 19:08:58 06-10-25
Listing files found while scanning....
C:\WINDOWS\SYSTEM32\mbjcohlm.dll
C:\WINDOWS\SYSTEM32\adqibqai.exe
C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\jlkkj.ini
C:\WINDOWS\system32\jlkkj.bak1
C:\WINDOWS\system32\jlkkj.bak2
Beginning removal...
Attempting to delete C:\WINDOWS\SYSTEM32\mbjcohlm.dll
C:\WINDOWS\SYSTEM32\mbjcohlm.dll Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\adqibqai.exe
C:\WINDOWS\SYSTEM32\adqibqai.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\jlkkj.ini
C:\WINDOWS\system32\jlkkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jlkkj.bak1
C:\WINDOWS\system32\jlkkj.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jlkkj.bak2
C:\WINDOWS\system32\jlkkj.bak2 Has been deleted!
Performing Repairs to the registry.
Done!
The HJT log is in the next post:
Sunflash
2006-10-26, 05:20
Logfile of HijackThis v1.99.1
Scan saved at 19:47, on 06-10-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\Sunflash4.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {4d62db20-b5ff-4199-9666-b44e12c67d6a} - C:\WINDOWS\system32\CSS591.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [CW] "C:\Program Files\CW4\cw4.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QBReminderFlash] "C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe"
O4 - HKLM\..\Run: [OSCD_Creator] c:\Dell\PreODM.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\RunOnce: [OSCD_Creator] C:\Dell\PreODM.EXE /2
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: UPS OnLine PLD Reminder Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.mcafeeasap.com
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} - http://vs.mcafeeasap.com/MC/ENU/VS40/bin/myCioAgt.20060504175614.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KitsapPayroll.local
O17 - HKLM\Software\..\Telephony: DomainName = KitsapPayroll.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = KitsapPayroll.local
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0792.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0792.00.dll
O20 - Winlogon Notify: CSS591 - C:\WINDOWS\SYSTEM32\CSS591.dll
O21 - SSODL: B0DGIBHE - {1431317B-4B9E-24A3-6AF8-0CBB4E634506} - C:\WINDOWS\system32\Lkkbda32.dll (file missing)
O21 - SSODL: mtklefap - {1522EB60-18DF-4E9A-4993-92BAA694032F} - (no file)
O21 - SSODL: mtklefa - {333A83B4-46A3-472B-C684-46DC29992870} - C:\WINDOWS\system32\ormhm32.dll (file missing)
O21 - SSODL: SysTray.Exmr - {73F8D5FF-6F5C-4f5b-B964-E6F214F6F852} - C:\WINDOWS\system32\gnbfgbei.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
Thanks for your help:-)
-Sunflash
pskelley
2006-10-26, 15:54
Thanks for the feedback, I notice you are running old versions of Java and if I mentioned this earlier, I apologize, I am helping a let of folks. See this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Follow those instructions to uninstall all old versons of Java, they will get you infected, make sure you are running the newest version.
http://javatester.org/version.html
http://www.java.com/en/download/installed.jsp
Having a look at the HJT log, do you have anyone in the house that can help you with this job? I have had issues with you being able to use the tools and follow the directions. I am going to attempt to continue, but things are not going real well at present.
The first thing I want you to do is follow the directions in item number three (3) It appears the Guard function is running in AVG Anti-Spyware:
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe and that is blocking the registry changes we must make.
http://www.virusvault.co.uk/fusionbb/showtopic.php?tid/33/
Deactivate the Resident Shield
- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
- To do this, click "Change State" to the right of the Resident Shield option in the main window.
- You will clearly see the status change to Inactive if you have done this correctly.
If we have to we will uninstall the program later. Look at a HJT log and make sure that Guard.exe is no longer running.
____________________________________________________
Next we have this that looks like it is a Vundo trojan:
O2 - BHO: (no name) - {4d62db20-b5ff-4199-9666-b44e12c67d6a} - C:\WINDOWS\system32\CSS591.dll
O20 - Winlogon Notify: CSS591 - C:\WINDOWS\SYSTEM32\CSS591.dll
We will tackle it in a bit, but I want to be sure that file: CSS591.dll gets uploaded to Atribune, follow these instructions:
If there is a file VundoFix doesn't find we need it submitted. Please submit
the files to upload malware http://www.uploadmalware.com
Make sure your hidden files and folders are showing:
How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Understand that HJT will remove about all of this junk if you have followed the directions. If it does not, then Uninstall AVG Anti-Spyware and try again.
Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {4d62db20-b5ff-4199-9666-b44e12c67d6a} - C:\WINDOWS\system32\CSS591.dll
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.mcafeeasap.com
O15 - Trusted Zone: *.sxload.com
O20 - Winlogon Notify: CSS591 - C:\WINDOWS\SYSTEM32\CSS591.dll
O21 - SSODL: B0DGIBHE - {1431317B-4B9E-24A3-6AF8-0CBB4E634506} - C:\WINDOWS\system32\Lkkbda32.dll (file missing)
O21 - SSODL: mtklefap - {1522EB60-18DF-4E9A-4993-92BAA694032F} - (no file)
O21 - SSODL: mtklefa - {333A83B4-46A3-472B-C684-46DC29992870} - C:\WINDOWS\system32\ormhm32.dll (file missing)
O21 - SSODL: SysTray.Exmr - {73F8D5FF-6F5C-4f5b-B964-E6F214F6F852} - C:\WINDOWS\system32\gnbfgbei.dll (file missing)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
Look for these files and delete them if you find them. They may be gone just DO NOT miss them.
C:\WINDOWS\SYSTEM32\dwdsregt.exe <<< delete this file
C:\WINDOWS\system32\CSS591.dll <<< delete this file, if you can not, tell me why.
Run ATF-Cleaner and then restart the computer. Post a new HJT log.
Thanks
Sunflash
2006-10-27, 01:40
Ok, I'll do that when I get home from school. In regard to the Gaurd.exe program running, I have deactivated the Shield, but it must have ben reactivated when I restarted the computer.
LonnyRJones
2006-11-03, 13:17
Due to lack of responses this thread is closed
If you still need assistance a new log will be needed, send me or Tashi a PM (personal message) and we will re-open it.