Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Think I Am Infected......again


  • This topic is locked This topic is locked
26 replies to this topic

#1 onemanmosh

onemanmosh

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 23 September 2006 - 06:57 AM

Heres the HJT log, i think i am infected again.

Logfile of HijackThis v1.99.1
Scan saved at 7:56:01 AM, on 9/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Soulseek\slsk.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomestart.com/misfits/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://awesomestart.com/misfits/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomestart.com/misfits/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://locator1.cdn.imageservr.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct2_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/ht...ALStreaming.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098651608343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137194252906
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/heavyweap...aploader_v6.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


Edited by onemanmosh, 23 September 2006 - 06:58 AM.


BC AdBot (Login to Remove)

 


m

#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 23 September 2006 - 11:14 AM

Hello onemanmosh, my name is Charles and I will be dealing with your log today.

Please take note of the following:
  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
Please give me some time to look over your log and I will get back to you as soon as possible.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 23 September 2006 - 05:16 PM

Hello onemanmosh, sorry for the delay in getting back to you.

======

Using My Computer/Windows Explorer, navigate to C:\Program Files\HijackThis and right-click on the hijackthis.exe file. Select "Rename", call it fluffybunny.exe and press enter.

======

Open HijackThis (fluffybunny.exe)
- Click the Config... button, then go to the Misc Tools section.
- Click on Open Uninstall Manager. You'll see a list of programs.
- Click on Save List...

The file "uninstall_list.txt" will be created. Copy and paste the contents of this file to your next reply.

======

Please post back with the following:
- Uninstall_list.txt
- New HijackThis log (once again, remembering that it's called fluffybunny.exe)

Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#4 onemanmosh

onemanmosh
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 25 September 2006 - 03:01 PM

okay, there is only one problem. Windows Explorer has recently been crashing whenever i try to open my computer/folder/etc.

#5 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 25 September 2006 - 03:33 PM

Hmm, wierd...

======

Try clicking Start | Run typing C:\Program Files\Hijackthis\ and hitting enter? Does this work? If so, use this method for finding files and folders.

======

If not, right click on your Start Button and select Explore. Does this work?

======

What about in Safe Mode? (This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list. )

======

Final method, I'm outta ideas here, this one will sound wierd but it might work:
-Open Windows Media Player
-Use this to browse to C:\Program Files\Hijackthis, and then try the renaming thing.

======

Let me know if any of these methods work, and if so, continue with my fix.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#6 onemanmosh

onemanmosh
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 27 September 2006 - 02:45 PM

okay, it worked in safe mode,so here is uninstall_list.txt

µTorrent
Ad-Aware SE Personal
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Download Manager 1.2 (Remove Only)
Adobe Help Center 1.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS2
Adobe Reader 7.0
Adobe Shockwave Player
Adobe Stock Photos 1.0
AOL Instant Messenger
Audio Converter
BCM V.92 56K Modem
Creative MediaSource
Creative Removable Disk Manager
Creative System Information
Creative Zen MicroPhoto
dBpowerAMP AAC to Mp4 Codec
dBPowerAMP AIFF codec r3
dBPowerAMP Dalet codec R1
dBpowerAMP FLAC Codec
dBpowerAMP GoGo Codec
dBpowerAMP Monkeys Audio Codec
dBpowerAMP Mp2 (ToLame CLI)
dBPowerAMP Mp2 and BwfMp2 codec r4
dBpowerAMP Mp3 Blade Codec
dBpowerAMP mp3PRO Input Codec
dBpowerAMP Mp4 Codec
dBpowerAMP Musepack Codec
dBpowerAMP Music Converter
dBpowerAMP NVF Codec
dBpowerAMP Ogg Vorbis Codec
dBpowerAMP Real Audio Codec
dBPowerAMP Real Audio Encoder R3
dBpowerAMP Shorten Codec
dBpowerAMP VCD Codec
dBpowerAMP VOC Codec
dBpowerAMP Winamp Codec
dBpowerAMP WMA V9 Codec
dBpowerAMP WMA V9.1 Codec
Dell Digital Jukebox Driver
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support 5.0.0 (766)
DFX for Windows Media Player
Digital Camera 640X480 Driver
DVDSentry
Easy CD Creator 5 Basic
ewido anti-spyware 4.0
Finale NotePad 2005a
Google Toolbar for Internet Explorer
Harry Potter and the Prisoner of Azkaban™
Hijackthis 1.99.1
HijackThis 1.99.1
HP Deskjet 5400 series
HP PrecisionScan
IE Host R3
Indeo® Software
Intel® PRO Network Adapters and Drivers
Intel® PROSet
J2SE Runtime Environment 5.0 Update 5
Java 2 Runtime Environment, SE v1.4.2_05
K-Lite Codec Pack 2.72 Full
Last.fm 1.0.4
LiveUpdate 1.90 (Symantec Corporation)
Logic Hit Kit
Lyra Personal Audio Player (RD1071/1075)
Lyra System File Update Utility
Macromedia Flash Player 8
Magic Online
Memorex exPressit Label Design Studio
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB886906)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft Office 2000 Professional
Microsoft Picture It! Photo 7.0
Microsoft Rise Of Nations Trial
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Streets and Trips 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Mozilla Firefox (1.5.0.7)
MSXML4 Parser
MUSICMATCH® Jukebox
Nancy Drew: Secret of the Old Clock
NVIDIA Windows 2000/XP Display Drivers
Paint Shop Pro 7
Palm Desktop
PowerDVD
Project64 1.6
QuickTime
RealPlayer
Rio Internet Update
Rio Music Manager
Rio Taxi
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB925486)
Sony ACID Pro 6.0
Sony Media Manager 2.1
SoulSeek Client 156c
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Starcraft
StyleXP (remove only)
Symantec AntiVirus Client
The Sims Deluxe Edition
The Sims House Party
Tiger Woods PGA TOUR 2003
Tweak UI
Ulead GIF Animator 5 ESD
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VSToolbar for Internet Explorer
Wal-Mart Music Downloads Store
Web Savings from Ebates
WEEI Sport Club
Winamp (remove only)
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
Yahoo! Anti-Spy
Yahoo! Install Manager
Yahoo! Toolbar for Internet Explorer

and here is the new HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 3:43:13 PM, on 9/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\fluffybunny.exe.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomestart.com/misfits/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://awesomestart.com/misfits/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomestart.com/misfits/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SDWin32 Class - {091C22F2-FAD5-4FC7-866F-F56490104B7E} - C:\WINDOWS\system32\wsvmd.dll (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {31766E6D-4D8C-51E4-626D-A45B42FF663A} - C:\WINDOWS\system32\otiaivbb\foxyxwvg.dll (file missing)
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {5062FAF2-85FF-8417-C1F4-9A18066421EB} - C:\WINDOWS\system32\jvnvktwy\kgjiliax.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6E527CF7-F606-A1D2-DEFE-7836B168B9AD} - C:\WINDOWS\system32\iuczvvhc.dll (file missing)
O2 - BHO: (no name) - {77312BA7-3D82-B06C-FC0B-6F619C1E4A0C} - C:\WINDOWS\system32\saboxiyy\hdoyxlrp.dll
O2 - BHO: (no name) - {7B5C66D6-4395-E7DA-DF6C-14FE50531771} - C:\WINDOWS\system32\snaqftoi\qmlknjge.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\iaceejxi.dll (file missing)
O2 - BHO: (no name) - {DF5005AE-826E-7E56-8C24-EE974259BAD3} - C:\WINDOWS\system32\nmehryrv\ddamqbmx.dll
O2 - BHO: (no name) - {E2816395-D6D3-C649-B46A-7C7D490B4969} - C:\WINDOWS\system32\cinuspug\vhtmsxtw.dll
O2 - BHO: (no name) - {E4AA5E19-BA88-E171-A4AE-E1CB249B0FC3} - C:\WINDOWS\system32\hjmowvod.dll (file missing)
O2 - BHO: (no name) - {E67DC663-7806-FDCA-C1AB-2D666AA7D8F5} - C:\WINDOWS\system32\bdsuydlx\sutijosk.dll (file missing)
O2 - BHO: (no name) - {F43572A0-D8B4-DA16-9A70-15D76232C376} - C:\WINDOWS\system32\jurgokmh\ligxdifi.dll
O2 - BHO: (no name) - {F7F6FFF4-A807-4DA8-8586-B9FEF908134D} - C:\WINDOWS\system32\vtuts.dll
O2 - BHO: (no name) - {FCF233C0-7C14-DCAF-2020-307CECA9959E} - C:\WINDOWS\system32\bkhdptht\ltyyxxct.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://locator1.cdn.imageservr.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct2_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/ht...ALStreaming.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098651608343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137194252906
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/heavyweap...aploader_v6.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\wwvdmoe2.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe



#7 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 27 September 2006 - 04:02 PM

Hello Onemanmosh, sorry for the delay in getting back to you.

======

Update Java:
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    It should have this icon next to it: Posted Image
    Select it and click Remove.
  • The current version can be downloaded from Sun here: http://java.sun.com/javase/downloads/index.jsp Scroll down the page to 'Java Runtime Environment (JRE) 5.0 Update 8' and press the 'Download' button. On the new web page, click the 'Accept License Agreement' button. Then select 'Windows Offline Installation, Multi-language' in the Windows Platform area just below the Accept button.
======

Go to Start | Control Panel | Add/Remove Programs and remove the following (if they exist):

µTorrent
IE Host R3
SoulSeek Client 156c
VSToolbar for Internet Explorer
Web Savings from Ebates

The ones highlighted in red are what we call optional fixes. These are related to peer-to-peer programs. However, anytime you are running any type of p2p application, you are more prone to infection by malware. The choice to remove it is entirely up to you, but I would strongly recommend that you get rid of it. If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.

Remember that these may require you to reboot your computer to complete the uninstallation- just let them.

======

Please download VundoFix.exe to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.
VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

======

Please post the contents of C:\vundofix.txt and a new HijackThis log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#8 onemanmosh

onemanmosh
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 29 September 2006 - 09:04 PM

heres the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:01:37 PM, on 9/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\cidaemon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DWHWIZRD.EXE
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\fluffybunny.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomestart.com/misfits/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://awesomestart.com/misfits/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomestart.com/misfits/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SDWin32 Class - {091C22F2-FAD5-4FC7-866F-F56490104B7E} - C:\WINDOWS\system32\wsvmd.dll (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {31766E6D-4D8C-51E4-626D-A45B42FF663A} - C:\WINDOWS\system32\otiaivbb\foxyxwvg.dll (file missing)
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {5062FAF2-85FF-8417-C1F4-9A18066421EB} - C:\WINDOWS\system32\jvnvktwy\kgjiliax.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6E527CF7-F606-A1D2-DEFE-7836B168B9AD} - C:\WINDOWS\system32\iuczvvhc.dll (file missing)
O2 - BHO: (no name) - {71A011F6-0C2C-4671-B48E-7584A2371C7C} - C:\WINDOWS\system32\vtuts.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {77312BA7-3D82-B06C-FC0B-6F619C1E4A0C} - C:\WINDOWS\system32\saboxiyy\hdoyxlrp.dll
O2 - BHO: (no name) - {7B5C66D6-4395-E7DA-DF6C-14FE50531771} - C:\WINDOWS\system32\snaqftoi\qmlknjge.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\iaceejxi.dll (file missing)
O2 - BHO: (no name) - {BC8147CD-B382-4E84-B24E-80CA1359998A} - C:\WINDOWS\system32\vtuts.dll (file missing)
O2 - BHO: (no name) - {CCDED787-9975-45C4-9111-37217C68F09D} - C:\WINDOWS\system32\vtuts.dll (file missing)
O2 - BHO: (no name) - {DF5005AE-826E-7E56-8C24-EE974259BAD3} - C:\WINDOWS\system32\nmehryrv\ddamqbmx.dll
O2 - BHO: (no name) - {E2816395-D6D3-C649-B46A-7C7D490B4969} - C:\WINDOWS\system32\cinuspug\vhtmsxtw.dll
O2 - BHO: (no name) - {E4AA5E19-BA88-E171-A4AE-E1CB249B0FC3} - C:\WINDOWS\system32\hjmowvod.dll (file missing)
O2 - BHO: (no name) - {E67DC663-7806-FDCA-C1AB-2D666AA7D8F5} - C:\WINDOWS\system32\bdsuydlx\sutijosk.dll (file missing)
O2 - BHO: (no name) - {F43572A0-D8B4-DA16-9A70-15D76232C376} - C:\WINDOWS\system32\jurgokmh\ligxdifi.dll
O2 - BHO: (no name) - {FCF233C0-7C14-DCAF-2020-307CECA9959E} - C:\WINDOWS\system32\bkhdptht\ltyyxxct.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://locator1.cdn.imageservr.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct2_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/ht...ALStreaming.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098651608343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137194252906
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/heavyweap...aploader_v6.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\wwvdmoe2.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

and heres the VundoFix.txt

VundoFix V6.1.6

Checking Java version...

Java version is 1.4.2.5

Java version is 1.5.0.9

Scan started at 3:37:15 PM 9/29/2006

Listing files found while scanning....

C:\WINDOWS\SYSTEM32\ddcyy.dll
C:\WINDOWS\SYSTEM32\sstts.dll
C:\WINDOWS\SYSTEM32\vtuts.dll
C:\WINDOWS\SYSTEM32\stutv.ini
C:\WINDOWS\SYSTEM32\stutv.bak1
C:\WINDOWS\SYSTEM32\stutv.bak2
C:\WINDOWS\SYSTEM32\stutv.ini2
C:\WINDOWS\SYSTEM32\stutv.tmp
C:\Program Files\Common Files\{CC568248-0A21-1033-0428-030416030001}\services.dll

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\ddcyy.dll
C:\WINDOWS\SYSTEM32\ddcyy.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\sstts.dll
C:\WINDOWS\SYSTEM32\sstts.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\vtuts.dll
C:\WINDOWS\SYSTEM32\vtuts.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\stutv.ini
C:\WINDOWS\SYSTEM32\stutv.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\stutv.bak1
C:\WINDOWS\SYSTEM32\stutv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\stutv.bak2
C:\WINDOWS\SYSTEM32\stutv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\stutv.ini2
C:\WINDOWS\SYSTEM32\stutv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\stutv.tmp
C:\WINDOWS\SYSTEM32\stutv.tmp Has been deleted!

Attempting to delete C:\Program Files\Common Files\{CC568248-0A21-1033-0428-030416030001}\services.dll
C:\Program Files\Common Files\{CC568248-0A21-1033-0428-030416030001}\services.dll Has been deleted!

Performing Repairs to the registry.
Done!



#9 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 02 October 2006 - 03:11 PM

Hello Onemanmosh, sorry for the delay in getting back to you; I went away for the weekend.

======

Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible, especially whilst in Safe Mode (you can't use the Internet)

======

Make sure that you can see hidden files.
  • Click Start.
  • Click My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Uncheck the Hide file extensions for known file types.
  • Click OK.
======

We need to temporarily disable the Real-time Protection on Windows Defender as it may interfere with the HijackThis fixes we make.
  • Open Windows Defender
  • Click Tools => General Settings
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • Click Save
  • Close Windows Defender
After all of the fixes are complete it is very important that you enable Real-time Protection again.


======

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

O2 - BHO: SDWin32 Class - {091C22F2-FAD5-4FC7-866F-F56490104B7E} - C:\WINDOWS\system32\wsvmd.dll (file missing)
O2 - BHO: (no name) - {31766E6D-4D8C-51E4-626D-A45B42FF663A} - C:\WINDOWS\system32\otiaivbb\foxyxwvg.dll (file missing)
O2 - BHO: (no name) - {5062FAF2-85FF-8417-C1F4-9A18066421EB} - C:\WINDOWS\system32\jvnvktwy\kgjiliax.dll (file missing)
O2 - BHO: (no name) - {6E527CF7-F606-A1D2-DEFE-7836B168B9AD} - C:\WINDOWS\system32\iuczvvhc.dll (file missing)
O2 - BHO: (no name) - {71A011F6-0C2C-4671-B48E-7584A2371C7C} - C:\WINDOWS\system32\vtuts.dll (file missing)
O2 - BHO: (no name) - {77312BA7-3D82-B06C-FC0B-6F619C1E4A0C} - C:\WINDOWS\system32\saboxiyy\hdoyxlrp.dll
O2 - BHO: (no name) - {7B5C66D6-4395-E7DA-DF6C-14FE50531771} - C:\WINDOWS\system32\snaqftoi\qmlknjge.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\iaceejxi.dll (file missing)
O2 - BHO: (no name) - {BC8147CD-B382-4E84-B24E-80CA1359998A} - C:\WINDOWS\system32\vtuts.dll (file missing)
O2 - BHO: (no name) - {CCDED787-9975-45C4-9111-37217C68F09D} - C:\WINDOWS\system32\vtuts.dll (file missing)
O2 - BHO: (no name) - {DF5005AE-826E-7E56-8C24-EE974259BAD3} - C:\WINDOWS\system32\nmehryrv\ddamqbmx.dll
O2 - BHO: (no name) - {E2816395-D6D3-C649-B46A-7C7D490B4969} - C:\WINDOWS\system32\cinuspug\vhtmsxtw.dll
O2 - BHO: (no name) - {E4AA5E19-BA88-E171-A4AE-E1CB249B0FC3} - C:\WINDOWS\system32\hjmowvod.dll (file missing)
O2 - BHO: (no name) - {E67DC663-7806-FDCA-C1AB-2D666AA7D8F5} - C:\WINDOWS\system32\bdsuydlx\sutijosk.dll (file missing)
O2 - BHO: (no name) - {F43572A0-D8B4-DA16-9A70-15D76232C376} - C:\WINDOWS\system32\jurgokmh\ligxdifi.dll
O2 - BHO: (no name) - {FCF233C0-7C14-DCAF-2020-307CECA9959E} - C:\WINDOWS\system32\bkhdptht\ltyyxxct.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://locator1.cdn.imageservr.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/heavyweap...aploader_v6.cab
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\wwvdmoe2.dll (file missing)


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

======

Now, please reboot your computer into Safe Mode. This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list.

======

Next, please find and delete the following files/folders (if present):

C:\WINDOWS\system32\saboxiyy <--Folder
C:\WINDOWS\system32\snaqftoi <--Folder
C:\WINDOWS\system32\jvnvktwy <--Folder
C:\WINDOWS\system32\otiaivbb <--Folder
C:\WINDOWS\system32\nmehryrv <--Folder
C:\WINDOWS\system32\cinuspug <--Folder
C:\WINDOWS\system32\bdsuydlx <--Folder
C:\WINDOWS\system32\jurgokmh <--Folder
C:\WINDOWS\system32\bkhdptht <--Folder
C:\WINDOWS\system32\wwvdmoe2.dll <--File

======

Reboot into Normal Mode

======

Open Notepad and copy and paste the contents of the following code box in it:

dir C:\WINDOWS\System32 /ad > C:\info.txt
start C:\info.txt

Save this as folders.bat, choose to save it as all files and place it on your desktop.

Double-click on
folders.bat
Post the content of the text file you get in your next reply..

======

Once you have done all this, please post another HJT log, and the text file created by the batch.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#10 onemanmosh

onemanmosh
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 04 October 2006 - 02:37 PM

heres the batch file:

Volume in drive C has no label.
Volume Serial Number is CC56-8248

Directory of C:\WINDOWS\System32

10/04/2006 03:26 PM <DIR> .
10/04/2006 03:26 PM <DIR> ..
05/29/2003 06:39 PM <DIR> 1025
05/29/2003 06:39 PM <DIR> 1028
05/29/2003 06:39 PM <DIR> 1031
05/29/2003 06:39 PM <DIR> 1033
05/29/2003 06:39 PM <DIR> 1037
05/29/2003 06:39 PM <DIR> 1041
05/29/2003 06:39 PM <DIR> 1042
05/29/2003 06:39 PM <DIR> 1054
05/29/2003 06:39 PM <DIR> 2052
05/29/2003 06:39 PM <DIR> 3076
05/29/2003 06:39 PM <DIR> 3COM_DMI
08/11/2006 05:55 PM <DIR> aaap
10/21/2005 03:06 PM <DIR> aaolg
10/23/2005 08:08 AM <DIR> ablmho
03/07/2006 05:48 AM <DIR> adbjy
10/15/2005 08:03 AM <DIR> aenlbdcy
08/11/2006 05:56 PM <DIR> aeqawsus
08/11/2006 05:55 PM <DIR> afykkf
08/11/2006 05:55 PM <DIR> aign
08/11/2006 05:56 PM <DIR> aklc
12/12/2005 10:23 AM <DIR> akqnhyxo
08/11/2006 05:56 PM <DIR> amgq
01/14/2006 09:39 AM <DIR> aptts
02/27/2006 09:02 AM <DIR> apyvw
12/11/2005 09:07 AM <DIR> asjfjgsy
08/11/2006 05:55 PM <DIR> astu
03/02/2006 10:49 AM <DIR> auggyxx
03/07/2006 05:48 AM <DIR> aumhye
08/11/2006 05:56 PM <DIR> awal
08/11/2006 05:56 PM <DIR> bbfvpbt
08/11/2006 05:56 PM <DIR> bcwqgcoj
08/11/2006 05:56 PM <DIR> bdxbowi
08/11/2006 05:55 PM <DIR> bephdlgf
01/22/2006 12:58 PM <DIR> bgbiybi
08/11/2006 05:55 PM <DIR> bitfll
07/14/2004 06:37 PM <DIR> bits
02/28/2006 09:26 AM <DIR> bjslkvy
10/18/2005 05:39 PM <DIR> bjyq
08/11/2006 05:56 PM <DIR> bnnvg
10/21/2005 03:06 PM <DIR> bvsyh
08/11/2006 05:56 PM <DIR> bxjbi
08/11/2006 05:55 PM <DIR> bxsblpf
08/11/2006 05:56 PM <DIR> byhbkk
08/11/2006 05:56 PM <DIR> cache
09/12/2006 05:32 AM <DIR> CatRoot
09/30/2006 09:41 AM <DIR> CatRoot2
11/06/2005 06:05 PM <DIR> ccoionqb
08/11/2006 05:55 PM <DIR> ccqdb
10/29/2005 06:27 AM <DIR> ccynr
08/11/2006 05:56 PM <DIR> ceosq
08/11/2006 05:55 PM <DIR> cfukuyl
08/11/2006 05:55 PM <DIR> chetqwp
12/10/2005 10:55 AM <DIR> chhgik
03/07/2006 05:49 AM <DIR> clfepxde
08/11/2006 05:55 PM <DIR> cmumek
08/11/2006 05:55 PM <DIR> cnrh
03/07/2006 05:48 AM <DIR> cnvc
08/11/2006 05:55 PM <DIR> cnxyqroj
10/23/2005 03:03 AM <DIR> Com
09/23/2006 08:18 AM <DIR> components
08/14/2006 04:38 PM <DIR> CONFIG
08/11/2006 05:56 PM <DIR> cqeibqi
08/11/2006 05:56 PM <DIR> cssvx
03/07/2006 05:47 AM <DIR> ctst
10/18/2005 07:04 PM <DIR> cudsnjgp
08/11/2006 05:55 PM <DIR> cvladesa
08/11/2006 05:55 PM <DIR> cwibci
02/28/2006 09:26 AM <DIR> cwsrl
08/11/2006 05:55 PM <DIR> cwysu
08/11/2006 05:55 PM <DIR> dayjelt
02/27/2006 09:01 AM <DIR> dbdojxee
03/07/2006 05:49 AM <DIR> ddlvijx
08/11/2006 05:55 PM <DIR> dfyl
05/29/2003 06:39 PM <DIR> DHCP
12/11/2005 09:07 AM <DIR> dhwhx
09/30/2006 08:18 PM <DIR> DirectX
08/11/2006 05:55 PM <DIR> djthoc
09/27/2006 03:02 AM <DIR> DLLCACHE
08/11/2006 05:56 PM <DIR> dqhyyhh
08/11/2006 05:55 PM <DIR> dqibiadj
09/23/2006 08:05 AM <DIR> DRIVERS
12/14/2005 09:00 PM <DIR> dwirlqqv
01/24/2006 12:46 PM <DIR> ecxstope
08/11/2006 05:55 PM <DIR> edqqybe
08/11/2006 05:55 PM <DIR> efqtge
03/07/2006 05:49 AM <DIR> egoqyaoe
08/11/2006 05:55 PM <DIR> eplu
08/11/2006 05:56 PM <DIR> ertpxqs
08/11/2006 05:55 PM <DIR> ewkmeod
05/29/2003 06:39 PM <DIR> EXPORT
08/11/2006 05:56 PM <DIR> faxijs
08/11/2006 05:55 PM <DIR> fbclmg
08/11/2006 05:55 PM <DIR> fbyg
08/11/2006 05:56 PM <DIR> ffhl
08/11/2006 05:55 PM <DIR> ffhrslaf
02/23/2006 07:31 PM <DIR> ffmflipc
10/18/2005 04:04 PM <DIR> fgledax
08/11/2006 05:55 PM <DIR> fkisyunv
08/29/2004 07:47 PM <DIR> FLEOK
03/07/2006 05:47 AM <DIR> fofoxmpe
02/27/2006 09:05 AM <DIR> ftpxmvy
08/11/2006 05:56 PM <DIR> fudxapae
12/10/2005 09:49 PM <DIR> fvipu
08/11/2006 05:56 PM <DIR> fwfyqu
02/27/2006 09:01 AM <DIR> gark
08/11/2006 05:55 PM <DIR> gcrfaqog
03/07/2006 05:49 AM <DIR> gdbsuh
01/14/2006 10:05 AM <DIR> gfttaol
08/11/2006 05:56 PM <DIR> ggkb
01/14/2006 10:05 AM <DIR> gjdab
08/11/2006 05:56 PM <DIR> gmcb
12/11/2005 09:07 AM <DIR> gmnvj
08/11/2006 05:55 PM <DIR> gnhnif
08/11/2006 05:55 PM <DIR> gnxwgtch
10/17/2005 02:47 AM <DIR> grgkfdp
08/11/2006 05:56 PM <DIR> gsygxoj
08/11/2006 05:55 PM <DIR> gtawfj
08/11/2006 05:55 PM <DIR> gtsh
02/27/2006 09:04 AM <DIR> gwybcool
08/11/2006 05:56 PM <DIR> gxnxltag
08/11/2006 05:55 PM <DIR> haadscl
08/11/2006 05:56 PM <DIR> hbhdsu
08/11/2006 05:56 PM <DIR> hcebyhuw
08/11/2006 05:56 PM <DIR> hcfkgqwx
12/24/2005 09:45 PM <DIR> hdcxe
10/20/2005 04:30 PM <DIR> hdddpr
01/10/2006 07:08 PM <DIR> hhmutvmb
08/11/2006 05:56 PM <DIR> hjnwrfjd
01/14/2006 10:05 AM <DIR> hjwejh
08/11/2006 05:55 PM <DIR> hjyveg
08/11/2006 05:55 PM <DIR> hmrrig
08/11/2006 05:56 PM <DIR> hocndd
02/27/2006 09:03 AM <DIR> hoipgecw
08/11/2006 05:56 PM <DIR> hqdsj
11/08/2005 05:39 PM <DIR> hskyavhl
08/11/2006 05:55 PM <DIR> hsqxwfkg
08/11/2006 05:55 PM <DIR> hstlwl
08/11/2006 05:56 PM <DIR> hvppx
05/29/2003 06:39 PM <DIR> IAS
05/29/2003 06:39 PM <DIR> ICSXML
08/11/2006 05:55 PM <DIR> ieest
08/11/2006 05:55 PM <DIR> igjl
08/11/2006 05:56 PM <DIR> ihilm
03/07/2006 05:47 AM <DIR> ihjyb
02/13/2006 06:29 PM <DIR> ihmgb
08/11/2006 05:56 PM <DIR> iixxbxi
05/29/2003 06:39 PM <DIR> IME
05/29/2003 06:39 PM <DIR> INETSRV
08/11/2006 05:56 PM <DIR> iodbyj
08/11/2006 05:56 PM <DIR> ionb
08/11/2006 05:55 PM <DIR> ipcrkvek
12/11/2005 09:06 AM <DIR> irmtm
08/11/2006 05:55 PM <DIR> irpyat
08/11/2006 05:55 PM <DIR> islpphuk
01/24/2006 08:08 PM <DIR> isrkajew
10/18/2005 07:04 PM <DIR> isyxxkaw
01/10/2006 08:44 PM <DIR> itvpfmdx
08/11/2006 05:55 PM <DIR> iuescw
12/11/2005 09:07 AM <DIR> iwkwhaw
08/11/2006 05:55 PM <DIR> ixww
08/11/2006 05:55 PM <DIR> jbnag
03/07/2006 05:47 AM <DIR> jbywrcj
08/11/2006 05:56 PM <DIR> jflkk
08/11/2006 05:55 PM <DIR> jjucmvku
08/11/2006 05:55 PM <DIR> jkawrx
08/11/2006 05:55 PM <DIR> jkoosvrr
12/15/2005 04:49 PM <DIR> jkqbaqxs
08/11/2006 05:55 PM <DIR> jpamblcq
03/06/2006 03:48 PM <DIR> jpaxx
02/28/2006 09:26 AM <DIR> jqkuwv
08/11/2006 05:55 PM <DIR> jqxpj
08/11/2006 05:56 PM <DIR> jvhle
10/21/2005 03:06 PM <DIR> jvmihdqr
08/11/2006 05:55 PM <DIR> keck
12/26/2005 08:33 AM <DIR> keslqo
08/11/2006 05:55 PM <DIR> kevki
08/11/2006 05:55 PM <DIR> kguvswn
11/20/2005 09:51 AM <DIR> khoxv
08/11/2006 05:55 PM <DIR> khyvjdk
01/14/2006 09:38 AM <DIR> khyvta
08/11/2006 05:55 PM <DIR> kkfpiir
02/24/2006 06:19 AM <DIR> klas
08/11/2006 05:55 PM <DIR> klmk
08/11/2006 05:56 PM <DIR> klrp
03/07/2006 05:47 AM <DIR> kmfk
03/07/2006 05:46 AM <DIR> knnkd
08/11/2006 05:55 PM <DIR> kofqjr
12/12/2005 08:06 PM <DIR> kqlkbvj
02/27/2006 09:02 AM <DIR> kuebqkc
08/11/2006 05:55 PM <DIR> ldobw
12/11/2005 09:08 AM <DIR> lfywmb
08/11/2006 05:56 PM <DIR> lgsewicr
08/11/2006 05:56 PM <DIR> lhllx
08/11/2006 05:55 PM <DIR> lknp
02/27/2006 09:05 AM <DIR> lneabh
08/17/2006 11:09 AM <DIR> LogFiles
08/11/2006 05:55 PM <DIR> lqecvb
01/14/2006 04:27 PM <DIR> lrvc
08/11/2006 05:55 PM <DIR> ltqms
08/11/2006 05:56 PM <DIR> ltwco
08/11/2006 05:56 PM <DIR> lxvtijm
01/14/2006 04:27 PM <DIR> lyndqmgd
03/07/2006 05:49 AM <DIR> mabcdf
08/30/2004 08:26 AM <DIR> Macromed
01/14/2006 10:05 AM <DIR> mamorfkv
08/11/2006 05:55 PM <DIR> mfddkoae
03/05/2006 09:08 AM <DIR> mgnvogak
05/29/2003 06:40 PM <DIR> Microsoft
08/11/2006 05:55 PM <DIR> mnldl
02/27/2006 09:01 AM <DIR> mrcdla
05/29/2003 06:40 PM <DIR> MsDtc
12/12/2005 07:51 PM <DIR> msdy
01/02/2005 11:16 AM <DIR> MUI
08/11/2006 05:55 PM <DIR> murt
02/27/2006 09:06 AM <DIR> mvbywd
02/27/2006 09:06 AM <DIR> mxkuyk
08/11/2006 05:56 PM <DIR> mxpvjnix
02/27/2006 09:01 AM <DIR> nchodi
12/11/2005 09:06 AM <DIR> ngvemf
08/11/2006 05:56 PM <DIR> nhdx
08/11/2006 05:55 PM <DIR> nichxfc
02/13/2006 06:29 PM <DIR> nnofig
08/11/2006 05:55 PM <DIR> nofpmytl
11/05/2005 09:43 AM <DIR> npksp
10/24/2004 06:10 PM <DIR> NPP
01/22/2006 01:45 PM <DIR> nrrtbb
11/03/2005 09:57 PM <DIR> nuppg
08/11/2006 05:55 PM <DIR> nwxao
02/23/2006 07:51 PM <DIR> nxmild
01/28/2006 10:33 AM <DIR> obamx
08/11/2006 05:55 PM <DIR> ojyaepv
10/24/2004 06:19 PM <DIR> OOBE
08/11/2006 05:55 PM <DIR> opfobgi
11/20/2005 09:50 AM <DIR> opoaknxm
02/11/2006 10:42 AM <DIR> oppbmemj
08/11/2006 05:55 PM <DIR> opyiuii
01/17/2006 08:58 PM <DIR> oqilohly
01/15/2006 05:28 PM <DIR> orhsunl
08/11/2006 05:55 PM <DIR> osgkvnqx
03/05/2006 03:15 PM <DIR> ouym
11/09/2005 04:04 PM <DIR> ovqhsjoh
03/07/2006 05:47 AM <DIR> oxbem
08/11/2006 05:55 PM <DIR> oxkq
03/01/2006 10:59 AM <DIR> oynb
08/11/2006 05:55 PM <DIR> pasn
08/11/2006 05:55 PM <DIR> pdnnp
01/01/2006 08:11 PM <DIR> pfli
08/11/2006 05:55 PM <DIR> piqgl
08/11/2006 05:55 PM <DIR> pjeqj
08/11/2006 05:55 PM <DIR> pkexact
03/07/2006 05:47 AM <DIR> pliwg
11/03/2005 09:58 PM <DIR> pnhkrmnj
10/21/2005 03:06 PM <DIR> ppkcgor
08/11/2006 05:55 PM <DIR> ppkghut
08/11/2006 05:55 PM <DIR> pqisur
06/30/2005 04:57 AM <DIR> PreInstall
08/11/2006 05:55 PM <DIR> prpducy
12/23/2005 07:24 PM <DIR> ptitha
08/11/2006 05:56 PM <DIR> puipatqs
08/11/2006 05:56 PM <DIR> pwtedbq
03/07/2006 05:46 AM <DIR> pyderpe
08/11/2006 05:56 PM <DIR> qaieifyx
08/11/2006 05:56 PM <DIR> qajgfof
03/07/2006 05:46 AM <DIR> qcjip
01/12/2006 01:53 AM <DIR> qcnkewge
08/11/2006 05:56 PM <DIR> qcssjn
08/11/2006 05:56 PM <DIR> qeweafnw
08/11/2006 05:56 PM <DIR> qfitwqq
12/11/2005 09:08 AM <DIR> qfjxeu
08/11/2006 05:56 PM <DIR> qgixtsn
12/08/2005 05:15 PM <DIR> qhnkjelh
08/11/2006 05:56 PM <DIR> qhwflb
08/11/2006 05:56 PM <DIR> qjkns
12/23/2005 07:37 PM <DIR> qmih
02/12/2006 09:57 AM <DIR> qohyajfd
10/20/2005 03:46 PM <DIR> qomsanp
12/24/2005 10:42 PM <DIR> qsxqtm
08/11/2006 05:56 PM <DIR> qtulcrf
01/11/2004 03:02 PM <DIR> QuickTime
08/11/2006 05:56 PM <DIR> quxd
12/11/2005 09:07 AM <DIR> qvmdtljk
12/08/2005 05:15 PM <DIR> qwchcftq
03/07/2006 05:32 AM <DIR> qxlt
08/11/2006 05:56 PM <DIR> qxmb
10/15/2005 08:50 AM <DIR> qxrh
08/11/2006 05:56 PM <DIR> qydklqg
08/11/2006 05:56 PM <DIR> raaglo
08/11/2006 05:56 PM <DIR> rajng
05/29/2003 06:39 PM <DIR> RAS
01/14/2006 09:38 AM <DIR> rbjdaqt
08/11/2006 05:56 PM <DIR> rbouqj
12/12/2005 10:23 AM <DIR> rbskgask
08/11/2006 05:56 PM <DIR> rcoawrt
02/27/2006 09:06 AM <DIR> rcyhjiid
08/11/2006 05:56 PM <DIR> rdvjbwlq
09/12/2006 05:26 AM <DIR> ReinstallBackups
09/05/2006 06:19 PM <DIR> Restore
01/10/2006 06:11 PM <DIR> rhhwbivb
08/11/2006 05:56 PM <DIR> rmro
08/11/2006 05:56 PM <DIR> rnqrhsx
12/12/2005 10:23 AM <DIR> rowbopsr
10/19/2005 04:45 PM <DIR> rqylrj
03/01/2006 10:25 AM <DIR> ruqhocs
08/11/2006 05:56 PM <DIR> ruxvl
12/01/2005 07:13 PM <DIR> rvclxj
08/11/2006 05:56 PM <DIR> saeyl
10/24/2004 06:19 PM <DIR> Setup
05/29/2003 06:40 PM <DIR> ShellExt
12/24/2005 10:25 PM <DIR> sjimp
01/13/2006 08:11 PM <DIR> smrhccum
06/26/2005 07:55 AM <DIR> SoftwareDistribution
08/11/2006 05:56 PM <DIR> soqa
08/11/2006 05:56 PM <DIR> spdsqhi
08/11/2006 05:56 PM <DIR> spfmbcuj
05/29/2003 06:39 PM <DIR> SPOOL
10/18/2005 07:04 PM <DIR> sqdhmksp
08/11/2006 05:56 PM <DIR> squa
08/11/2006 05:56 PM <DIR> srbfqf
03/07/2006 05:47 AM <DIR> srof
03/07/2006 05:48 AM <DIR> sssrfxk
01/11/2006 09:28 PM <DIR> suiuqfkj
03/07/2006 05:49 AM <DIR> svbeh
02/27/2006 09:05 AM <DIR> swjan
08/11/2006 05:56 PM <DIR> swuytvd
08/11/2006 05:56 PM <DIR> sxpvomca
08/11/2006 05:56 PM <DIR> tciqpk
03/07/2006 05:49 AM <DIR> tedmgvew
08/11/2006 05:56 PM <DIR> tehx
08/11/2006 05:56 PM <DIR> teiae
11/03/2003 05:13 PM <DIR> temp
08/11/2006 05:56 PM <DIR> tfscjfk
02/27/2006 09:06 AM <DIR> tjfnss
08/11/2006 05:56 PM <DIR> tmrfwyh
03/07/2006 05:46 AM <DIR> tmsjp
01/10/2006 06:19 PM <DIR> toereqph
08/11/2006 05:56 PM <DIR> trjgha
12/11/2005 09:07 AM <DIR> trshudo
10/21/2005 03:06 PM <DIR> truhkthy
12/28/2005 07:10 PM <DIR> tsno
08/11/2006 05:56 PM <DIR> ttvix
02/27/2006 09:06 AM <DIR> ttvjdva
08/11/2006 05:56 PM <DIR> tucm
08/11/2006 05:56 PM <DIR> txdko
03/07/2006 05:46 AM <DIR> uajpqn
10/21/2005 03:06 PM <DIR> uaworw
08/11/2006 05:56 PM <DIR> ubflbl
08/11/2006 05:56 PM <DIR> ucrcooyg
08/11/2006 05:56 PM <DIR> ujrxmw
08/11/2006 05:56 PM <DIR> ukcuds
08/11/2006 05:56 PM <DIR> ukmrseh
01/10/2006 02:01 AM <DIR> uoxrfe
03/01/2006 10:25 AM <DIR> uphav
08/11/2006 05:56 PM <DIR> uptam
02/12/2006 11:42 AM <DIR> urjvj
08/11/2006 05:56 PM <DIR> urmmqn
02/12/2006 09:57 AM <DIR> urtgyu
01/02/2005 11:17 AM <DIR> URTTemp
11/07/2005 08:22 PM <DIR> ushq
10/24/2004 06:08 PM <DIR> USMT
08/11/2006 05:56 PM <DIR> utryvq
11/03/2005 10:55 PM <DIR> uupu
08/11/2006 05:56 PM <DIR> uwohujj
10/21/2005 03:06 PM <DIR> uwvxrbf
03/07/2006 05:47 AM <DIR> vbwtvd
08/11/2006 05:56 PM <DIR> vejcx
11/02/2005 04:32 PM <DIR> vfdxawee
12/01/2005 04:01 PM <DIR> vholuvhk
08/11/2006 05:56 PM <DIR> vjnm
08/11/2006 05:56 PM <DIR> vkkikype
03/07/2006 05:49 AM <DIR> vnak
02/24/2006 07:19 PM <DIR> vnosmn
03/07/2006 05:49 AM <DIR> vokosg
12/08/2005 10:21 PM <DIR> vqbfelxu
08/11/2006 05:56 PM <DIR> vqocc
08/11/2006 05:56 PM <DIR> vqvi
08/11/2006 05:56 PM <DIR> vskblto
02/27/2006 09:02 AM <DIR> vuuvmgqi
08/11/2006 05:56 PM <DIR> vvwkyr
03/07/2006 05:46 AM <DIR> vxmradxh
11/09/2005 08:37 PM <DIR> vxumxd
01/23/2006 01:07 PM <DIR> vygbydkm
12/11/2005 06:34 PM <DIR> wajj
08/14/2006 04:38 PM <DIR> WBEM
10/17/2005 04:10 PM <DIR> wfcjwryv
12/11/2005 09:08 AM <DIR> whrgnru
08/11/2006 05:56 PM <DIR> wiinly
05/29/2003 06:39 PM <DIR> WINS
08/11/2006 05:56 PM <DIR> wlkrxo
03/07/2006 05:47 AM <DIR> wmpelir
01/12/2006 01:53 AM <DIR> wphverbk
01/17/2006 08:58 PM <DIR> wssrsvyn
01/11/2006 09:11 PM <DIR> wutmxxos
03/06/2006 03:38 PM <DIR> wwhajgbu
02/20/2006 03:34 PM <DIR> wwkyjmde
01/10/2006 06:11 PM <DIR> wxthuldt
08/11/2006 05:56 PM <DIR> wypp
08/11/2006 05:56 PM <DIR> xdna
08/11/2006 05:56 PM <DIR> xdvvynia
10/20/2005 03:49 PM <DIR> xenggxek
08/11/2006 05:56 PM <DIR> xfmubp
08/11/2006 05:56 PM <DIR> xfrpa
08/11/2006 05:56 PM <DIR> xggtwd
03/07/2006 05:49 AM <DIR> xhnumte
05/29/2003 06:40 PM <DIR> XIRCOM
02/27/2006 09:00 AM <DIR> xlkcs
03/07/2006 05:48 AM <DIR> xmdqve
12/11/2005 09:06 AM <DIR> xmhlofqu
08/11/2006 05:56 PM <DIR> xmii
08/11/2006 05:56 PM <DIR> xprqptfx
02/20/2006 11:13 AM <DIR> xqsmulw
08/11/2006 05:56 PM <DIR> xsilxdad
08/11/2006 05:56 PM <DIR> xsvo
08/11/2006 05:56 PM <DIR> xtqwwtk
08/11/2006 05:56 PM <DIR> xwkcuqrf
11/17/2005 08:45 PM <DIR> yapa
03/07/2006 05:47 AM <DIR> yfou
10/20/2005 03:46 PM <DIR> yknimb
08/11/2006 05:56 PM <DIR> ylvu
08/11/2006 05:56 PM <DIR> yqmnho
03/07/2006 05:49 AM <DIR> yrnsaul
03/07/2006 05:47 AM <DIR> yueemwtu
10/15/2005 07:59 AM <DIR> yvoxiyv
08/11/2006 05:56 PM <DIR> yxepq
01/15/2006 10:19 AM <DIR> yxmx
08/11/2006 05:56 PM <DIR> yyxj
10/24/2004 08:18 PM <DIR> ZoneLabs
05/01/2006 04:47 PM <DIR> ?icrosoft.NET
06/13/2006 05:27 PM <DIR> ??mantec
03/09/2006 06:28 PM <DIR> ??stem
03/11/2006 10:20 AM <DIR> ?racle
0 File(s) 0 bytes
432 Dir(s) 11,786,592,256 bytes free

and heres the HJT log

Logfile of HijackThis v1.99.1
Scan saved at 3:35:37 PM, on 10/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\fluffybunny.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomestart.com/misfits/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://awesomestart.com/misfits/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomestart.com/misfits/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {5062FAF2-85FF-8417-C1F4-9A18066421EB} - C:\WINDOWS\system32\jvnvktwy\kgjiliax.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {77312BA7-3D82-B06C-FC0B-6F619C1E4A0C} - C:\WINDOWS\system32\saboxiyy\hdoyxlrp.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct2_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/ht...ALStreaming.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098651608343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137194252906
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe



#11 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 06 October 2006 - 10:49 AM

Hello onemanmosh, sorry for the delay in getting back to you.

======

I see you already have Ewido installed on your computer, but it has recently been taken over by AVG, and they have enhanced some of it's features, so please remove the old version and download AVG Anti-Spyware using the following instructions.

=======

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

======

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
======

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

======

Please download F-Secure Blacklight :thumbsup: from here: https://europe.f-secure.com/blacklight/try.shtml

Save the program to a folder, for example c:\black

Click blbetac.exe. A DOS Window will open. Follow the instructions on the screen.

When you get the message: "Do you accept the End User License Agreement (Y/N):" press Y if you accept the agreement.

Open the c:\black folder and you will find a log. Please post the content of that log.

======

Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, copy and paste next in the field:

C:\WINDOWS\system32\saboxiyy\hdoyxlrp.dll
C:\WINDOWS\system32\snaqftoi\qmlknjge.dll


Then click the Send File button below.
Please let me know when you have submitted the file.

======

Post back with the following:
-Ewido log
-Blacklight log
-Have you submitted the file?

Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#12 onemanmosh

onemanmosh
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 11 October 2006 - 02:06 PM

Sorry, for the delay. I was busy with family all weekend.
~~~~~~~~~~~~~~~~~~~~~~~~
Here is the Ewido (AVG) scan log. Most of the items would not switch to quarantine and could only be deleted.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:31:54 PM 10/10/2006

+ Scan result:



C:\Program Files\Microsoft AntiSpyware\Quarantine\929BF4D7-28A8-4E9E-AE80-E79D82\EFAD968F-00D7-433F-B6B3-56EDEB -> Adware.EZula : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\63D0B888-E572-4BCF-84C7-17A11D\411CF337-BD58-4711-A424-88FD2B -> Adware.MegaSearch : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\995DB831-B137-47A1-A55D-08C74F\300273A5-D9B5-47AC-8310-3F2F21 -> Adware.SearchFast : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\995DB831-B137-47A1-A55D-08C74F\AD49AB56-B5FD-4D48-A271-A0A60F -> Adware.SearchFast : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\B6909272-D4D4-4B21-B091-4D726B\078C51E2-F9A2-454D-99D5-569BE0 -> Adware.SearchFast : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\0129A908-5F67-4E2F-87E6-1AAD76\B20D3CD2-3AF7-47ED-AD9A-C9F9B6 -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\20C3E934-5416-4E8A-9A27-539CA4\9DAC2050-65D6-4932-9A80-600DCC -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\26DBB06E-C65C-4DD3-A907-E01DB6\88620406-01A0-41F3-9AA8-B67084 -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\2F724D95-FB57-4865-807E-A8693B\12CA7D0A-AD99-4CEA-B669-BEFBE5 -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\438BDDB3-FDC4-4791-8521-82CE49\09A53734-6CCD-4181-BAEA-657A66 -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\438BDDB3-FDC4-4791-8521-82CE49\F3F831E8-B52C-45E8-A664-161C6D -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\47A7C2CF-B3B6-4394-B5BC-4D0BF0\0BA93F58-AE07-458F-A36E-F52C31 -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\47A7C2CF-B3B6-4394-B5BC-4D0BF0\FF4960FE-6FFF-4947-91F1-D30D8F -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\4DAEDE32-9F16-41FC-8901-00D8C2\DAB7DAEB-EC55-44DC-A5C3-3A17C6 -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\4DAEDE32-9F16-41FC-8901-00D8C2\F5C3AB35-26A3-4D7A-B33C-796D78 -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\53468050-478D-4E8B-AD77-28786C\94623BF0-0990-4EC5-BE1A-5973DA -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\9230A323-55E8-4D71-8C90-60B545\4F884E56-534F-4599-B544-621E52 -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\9230A323-55E8-4D71-8C90-60B545\7529B43A-8A72-4032-AAFA-CA1EE2 -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\C8408A4E-5E3C-45C1-AD66-FA10FF\275637B5-908A-4D13-9FB8-7842C1 -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\DDA30B81-364A-40E7-8E22-6CDAF8\D6A14A4A-D357-4CE2-9FD8-9AEB10 -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\JT\Local Settings\Temp\temp.cab/toolbar.dll -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Kellie\Local Settings\Temp\10D.tmp -> Downloader.Agent.lg : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.10:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.188:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.478:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.83:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.84:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.85:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.86:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.87:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Diane\Cookies\diane@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.100:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.101:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.99:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.112:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.105:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.101:C:\Documents and Settings\JT\Application Data\Mozilla\Profiles\default\ynvscxrf.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.110:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.111:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.743:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.744:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.745:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.746:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.143:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.144:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.145:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.146:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.147:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.711:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.712:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.713:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.924:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.925:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.717:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.791:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.176:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.47:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.48:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.718:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Shannon\Cookies\shannon@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.174:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.176:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.177:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.178:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.179:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.180:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.216:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.217:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.192:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.251:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.30:C:\Documents and Settings\JT\Application Data\Mozilla\Profiles\default\ynvscxrf.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.31:C:\Documents and Settings\JT\Application Data\Mozilla\Profiles\default\ynvscxrf.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\JT\Cookies\jt@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Jim\Cookies\jim@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Shannon\Cookies\shannon@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.43:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.208:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.106:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.107:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.108:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.109:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.146:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.147:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.148:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.24:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.25:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.26:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.27:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.28:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.29:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.167:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.168:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.169:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.818:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.819:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.820:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.122:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.123:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.124:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.104:C:\Documents and Settings\JT\Application Data\Mozilla\Profiles\default\ynvscxrf.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.105:C:\Documents and Settings\JT\Application Data\Mozilla\Profiles\default\ynvscxrf.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.761:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.762:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.763:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.937:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.938:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.939:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.940:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.941:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.942:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.213:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.819:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.767:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.768:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.189:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.190:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.443:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.113:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.114:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.115:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.116:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.16:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.17:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.18:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.19:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.48:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.49:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.50:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.51:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.52:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.458:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.459:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.341:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.342:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.343:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.344:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.42:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.44:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.45:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.505:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.506:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\JT\Cookies\jt@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.535:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.249:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.250:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.251:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.252:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.53:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.54:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.55:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.561:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.562:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.563:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.564:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.565:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.56:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.57:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.58:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.61:C:\Documents and Settings\JT\Application Data\Mozilla\Profiles\default\ynvscxrf.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.202:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.203:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.204:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.205:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.206:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.207:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.208:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.209:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.210:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.211:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.212:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.213:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.214:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.215:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.153:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.154:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.155:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.156:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.157:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.296:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.297:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.298:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.774:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.577:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.578:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.579:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.580:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.581:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.582:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.583:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.584:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.585:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.68:C:\Documents and Settings\JT\Application Data\Mozilla\Profiles\default\ynvscxrf.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.100:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.101:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.102:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.104:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.470:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.471:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.472:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.473:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.474:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.597:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.598:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.599:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.707:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.708:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.71:C:\Documents and Settings\JT\Application Data\Mozilla\Profiles\default\ynvscxrf.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Shannon\Cookies\shannon@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.496:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.497:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.498:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.499:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.500:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.501:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.502:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.503:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.163:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.164:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.504:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.505:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.506:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.507:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.623:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.78:C:\Documents and Settings\JT\Application Data\Mozilla\Profiles\default\ynvscxrf.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.221:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.225:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.159:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.160:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.162:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.47:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.48:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.49:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.50:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.51:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.52:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.53:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.54:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.55:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.56:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.57:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.58:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.704:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.99:C:\Documents and Settings\JT\Application Data\Mozilla\Profiles\default\ynvscxrf.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\JT\Cookies\jt@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jim\Cookies\jim@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.181:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.182:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.183:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\6hkp8qfo.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.63:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.64:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.65:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.66:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.67:C:\Documents and Settings\JT\Application Data\Mozilla\Firefox\Profiles\jlmsb2tj.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.699:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.700:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.701:C:\Documents and Settings\Shannon\Application Data\Mozilla\Firefox\Profiles\elyxey2h.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.97:C:\Documents and Settings\JT\Application Data\Mozilla\Profiles\default\ynvscxrf.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\JT\Temporary Internet Files\Content.IE5\G0DG1EZT\srvlms[1].exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\Documents and Settings\JT\Temporary Internet Files\Content.IE5\G0DG1EZT\srvnun[1].exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\Documents and Settings\JT\Temporary Internet Files\Content.IE5\GHUV5T04\srvgos[1].exe -> Trojan.Pakes : Cleaned with backup (quarantined).


::Report end

and here is the blacklight log.

10/10/06 17:07:38 [Info]: BlackLight Engine 1.0.47 initialized
10/10/06 17:07:38 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/10/06 17:07:38 [Note]: 7019 4
10/10/06 17:07:38 [Note]: 7005 0
10/10/06 17:07:38 [Note]: 7006 0
10/10/06 17:07:38 [Note]: 7011 596
10/10/06 17:07:39 [Note]: 7026 0
10/10/06 17:07:39 [Note]: 7026 0
10/10/06 17:08:00 [Note]: FSRAW library version 1.7.1020
10/10/06 18:44:12 [Note]: 7007 0



#13 onemanmosh

onemanmosh
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 11 October 2006 - 02:07 PM

i just sent the files.

#14 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 16 October 2006 - 01:34 AM

Hello onemanmosh, sorry for the delay.

======

Please download Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
Save it to your desktop.

======

Now, please reboot your computer into Safe Mode. This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list.

======

Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
======

Start Killbox.exe

Put a tick by Delete on Reboot.
Click on the "All Files" button (!important!),which will then flash green.
Copy the following list of folders to clipboard, CTRL+C to copy
C:\WINDOWS\System32\aaap
C:\WINDOWS\System32\aaolg
C:\WINDOWS\System32\ablmho
C:\WINDOWS\System32\adbjy
C:\WINDOWS\System32\aenlbdcy
C:\WINDOWS\System32\aeqawsus
C:\WINDOWS\System32\afykkf
C:\WINDOWS\System32\aign
C:\WINDOWS\System32\aklc
C:\WINDOWS\System32\akqnhyxo
C:\WINDOWS\System32\amgq
C:\WINDOWS\System32\aptts
C:\WINDOWS\System32\apyvw
C:\WINDOWS\System32\asjfjgsy
C:\WINDOWS\System32\astu
C:\WINDOWS\System32\auggyxx
C:\WINDOWS\System32\aumhye
C:\WINDOWS\System32\awal
C:\WINDOWS\System32\bbfvpbt
C:\WINDOWS\System32\bcwqgcoj
C:\WINDOWS\System32\bdxbowi
C:\WINDOWS\System32\bephdlgf
C:\WINDOWS\System32\bgbiybi
C:\WINDOWS\System32\bitfll
C:\WINDOWS\System32\bjslkvy
C:\WINDOWS\System32\bjyq
C:\WINDOWS\System32\bnnvg
C:\WINDOWS\System32\bvsyh
C:\WINDOWS\System32\bxjbi
C:\WINDOWS\System32\bxsblpf
C:\WINDOWS\System32\byhbkk
C:\WINDOWS\System32\ccoionqb
C:\WINDOWS\System32\ccqdb
C:\WINDOWS\System32\ccynr
C:\WINDOWS\System32\ceosq
C:\WINDOWS\System32\cfukuyl
C:\WINDOWS\System32\chetqwp
C:\WINDOWS\System32\chhgik
C:\WINDOWS\System32\clfepxde
C:\WINDOWS\System32\cmumek
C:\WINDOWS\System32\cnrh
C:\WINDOWS\System32\cnvc
C:\WINDOWS\System32\cnxyqroj
C:\WINDOWS\System32\cqeibqi
C:\WINDOWS\System32\cssvx
C:\WINDOWS\System32\ctst
C:\WINDOWS\System32\cudsnjgp
C:\WINDOWS\System32\cvladesa
C:\WINDOWS\System32\cwibci
C:\WINDOWS\System32\cwsrl
C:\WINDOWS\System32\cwysu
C:\WINDOWS\System32\dayjelt
C:\WINDOWS\System32\dbdojxee
C:\WINDOWS\System32\ddlvijx
C:\WINDOWS\System32\dfyl
C:\WINDOWS\System32\dhwhx
C:\WINDOWS\System32\djthoc
C:\WINDOWS\System32\dqhyyhh
C:\WINDOWS\System32\dqibiadj
C:\WINDOWS\System32\dwirlqqv
C:\WINDOWS\System32\ecxstope
C:\WINDOWS\System32\edqqybe
C:\WINDOWS\System32\efqtge
C:\WINDOWS\System32\egoqyaoe
C:\WINDOWS\System32\eplu
C:\WINDOWS\System32\ertpxqs
C:\WINDOWS\System32\ewkmeod
C:\WINDOWS\System32\faxijs
C:\WINDOWS\System32\fbclmg
C:\WINDOWS\System32\fbyg
C:\WINDOWS\System32\ffhl
C:\WINDOWS\System32\ffhrslaf
C:\WINDOWS\System32\ffmflipc
C:\WINDOWS\System32\fgledax
C:\WINDOWS\System32\fkisyunv
C:\WINDOWS\System32\FLEOK
C:\WINDOWS\System32\fofoxmpe
C:\WINDOWS\System32\ftpxmvy
C:\WINDOWS\System32\fudxapae
C:\WINDOWS\System32\fvipu
C:\WINDOWS\System32\fwfyqu
C:\WINDOWS\System32\gark
C:\WINDOWS\System32\gcrfaqog
C:\WINDOWS\System32\gdbsuh
C:\WINDOWS\System32\gfttaol
C:\WINDOWS\System32\ggkb
C:\WINDOWS\System32\gjdab
C:\WINDOWS\System32\gmcb
C:\WINDOWS\System32\gmnvj
C:\WINDOWS\System32\gnhnif
C:\WINDOWS\System32\gnxwgtch
C:\WINDOWS\System32\grgkfdp
C:\WINDOWS\System32\gsygxoj
C:\WINDOWS\System32\gtawfj
C:\WINDOWS\System32\gtsh
C:\WINDOWS\System32\gwybcool
C:\WINDOWS\System32\gxnxltag
C:\WINDOWS\System32\haadscl
C:\WINDOWS\System32\hbhdsu
C:\WINDOWS\System32\hcebyhuw
C:\WINDOWS\System32\hcfkgqwx
C:\WINDOWS\System32\hdcxe
C:\WINDOWS\System32\hdddpr
C:\WINDOWS\System32\hhmutvmb
C:\WINDOWS\System32\hjnwrfjd
C:\WINDOWS\System32\hjwejh
C:\WINDOWS\System32\hjyveg
C:\WINDOWS\System32\hmrrig
C:\WINDOWS\System32\hocndd
C:\WINDOWS\System32\hoipgecw
C:\WINDOWS\System32\hqdsj
C:\WINDOWS\System32\hskyavhl
C:\WINDOWS\System32\hsqxwfkg
C:\WINDOWS\System32\hstlwl
C:\WINDOWS\System32\hvppx
C:\WINDOWS\System32\ieest
C:\WINDOWS\System32\igjl
C:\WINDOWS\System32\ihilm
C:\WINDOWS\System32\ihjyb
C:\WINDOWS\System32\ihmgb
C:\WINDOWS\System32\iixxbxi
C:\WINDOWS\System32\iodbyj
C:\WINDOWS\System32\ionb
C:\WINDOWS\System32\ipcrkvek
C:\WINDOWS\System32\irmtm
C:\WINDOWS\System32\irpyat
C:\WINDOWS\System32\islpphuk
C:\WINDOWS\System32\isrkajew
C:\WINDOWS\System32\isyxxkaw
C:\WINDOWS\System32\itvpfmdx
C:\WINDOWS\System32\iuescw
C:\WINDOWS\System32\iwkwhaw
C:\WINDOWS\System32\ixww
C:\WINDOWS\System32\jbnag
C:\WINDOWS\System32\jbywrcj
C:\WINDOWS\System32\jflkk
C:\WINDOWS\System32\jjucmvku
C:\WINDOWS\System32\jkawrx
C:\WINDOWS\System32\jkoosvrr
C:\WINDOWS\System32\jkqbaqxs
C:\WINDOWS\System32\jpamblcq
C:\WINDOWS\System32\jpaxx
C:\WINDOWS\System32\jqkuwv
C:\WINDOWS\System32\jqxpj
C:\WINDOWS\System32\jvhle
C:\WINDOWS\System32\jvmihdqr
C:\WINDOWS\System32\keck
C:\WINDOWS\System32\keslqo
C:\WINDOWS\System32\kevki
C:\WINDOWS\System32\kguvswn
C:\WINDOWS\System32\khoxv
C:\WINDOWS\System32\khyvjdk
C:\WINDOWS\System32\khyvta
C:\WINDOWS\System32\kkfpiir
C:\WINDOWS\System32\klas
C:\WINDOWS\System32\klmk
C:\WINDOWS\System32\klrp
C:\WINDOWS\System32\kmfk
C:\WINDOWS\System32\knnkd
C:\WINDOWS\System32\kofqjr
C:\WINDOWS\System32\kqlkbvj
C:\WINDOWS\System32\kuebqkc
C:\WINDOWS\System32\ldobw
C:\WINDOWS\System32\lfywmb
C:\WINDOWS\System32\lgsewicr
C:\WINDOWS\System32\lhllx
C:\WINDOWS\System32\lknp
C:\WINDOWS\System32\lneabh
C:\WINDOWS\System32\lqecvb
C:\WINDOWS\System32\lrvc
C:\WINDOWS\System32\ltqms
C:\WINDOWS\System32\ltwco
C:\WINDOWS\System32\lxvtijm
C:\WINDOWS\System32\lyndqmgd
C:\WINDOWS\System32\mabcdf
C:\WINDOWS\System32\mamorfkv
C:\WINDOWS\System32\mfddkoae
C:\WINDOWS\System32\mgnvogak
C:\WINDOWS\System32\mnldl
C:\WINDOWS\System32\mrcdla
C:\WINDOWS\System32\msdy
C:\WINDOWS\System32\murt
C:\WINDOWS\System32\mvbywd
C:\WINDOWS\System32\mxkuyk
C:\WINDOWS\System32\mxpvjnix
C:\WINDOWS\System32\nchodi
C:\WINDOWS\System32\ngvemf
C:\WINDOWS\System32\nhdx
C:\WINDOWS\System32\nichxfc
C:\WINDOWS\System32\nnofig
C:\WINDOWS\System32\nofpmytl
C:\WINDOWS\System32\npksp
C:\WINDOWS\System32\nrrtbb
C:\WINDOWS\System32\nuppg
C:\WINDOWS\System32\nwxao
C:\WINDOWS\System32\nxmild
C:\WINDOWS\System32\obamx
C:\WINDOWS\System32\ojyaepv
C:\WINDOWS\System32\opfobgi
C:\WINDOWS\System32\opoaknxm
C:\WINDOWS\System32\oppbmemj
C:\WINDOWS\System32\opyiuii
C:\WINDOWS\System32\oqilohly
C:\WINDOWS\System32\orhsunl
C:\WINDOWS\System32\osgkvnqx
C:\WINDOWS\System32\ouym
C:\WINDOWS\System32\ovqhsjoh
C:\WINDOWS\System32\oxbem
C:\WINDOWS\System32\oxkq
C:\WINDOWS\System32\oynb
C:\WINDOWS\System32\pasn
C:\WINDOWS\System32\pdnnp
C:\WINDOWS\System32\pfli
C:\WINDOWS\System32\piqgl
C:\WINDOWS\System32\pjeqj
C:\WINDOWS\System32\pkexact
C:\WINDOWS\System32\pliwg
C:\WINDOWS\System32\pnhkrmnj
C:\WINDOWS\System32\ppkcgor
C:\WINDOWS\System32\ppkghut
C:\WINDOWS\System32\pqisur
C:\WINDOWS\System32\prpducy
C:\WINDOWS\System32\ptitha
C:\WINDOWS\System32\puipatqs
C:\WINDOWS\System32\pwtedbq
C:\WINDOWS\System32\pyderpe
C:\WINDOWS\System32\qaieifyx
C:\WINDOWS\System32\qajgfof
C:\WINDOWS\System32\qcjip
C:\WINDOWS\System32\qcnkewge
C:\WINDOWS\System32\qcssjn
C:\WINDOWS\System32\qeweafnw
C:\WINDOWS\System32\qfitwqq
C:\WINDOWS\System32\qfjxeu
C:\WINDOWS\System32\qgixtsn
C:\WINDOWS\System32\qhnkjelh
C:\WINDOWS\System32\qhwflb
C:\WINDOWS\System32\qjkns
C:\WINDOWS\System32\qmih
C:\WINDOWS\System32\qohyajfd
C:\WINDOWS\System32\qomsanp
C:\WINDOWS\System32\qsxqtm
C:\WINDOWS\System32\qtulcrf
C:\WINDOWS\System32\quxd
C:\WINDOWS\System32\qvmdtljk
C:\WINDOWS\System32\qwchcftq
C:\WINDOWS\System32\qxlt
C:\WINDOWS\System32\qxmb
C:\WINDOWS\System32\qxrh
C:\WINDOWS\System32\qydklqg
C:\WINDOWS\System32\raaglo
C:\WINDOWS\System32\rajng
C:\WINDOWS\System32\rbjdaqt
C:\WINDOWS\System32\rbouqj
C:\WINDOWS\System32\rbskgask
C:\WINDOWS\System32\rcoawrt
C:\WINDOWS\System32\rcyhjiid
C:\WINDOWS\System32\rdvjbwlq
C:\WINDOWS\System32\rhhwbivb
C:\WINDOWS\System32\rmro
C:\WINDOWS\System32\rnqrhsx
C:\WINDOWS\System32\rowbopsr
C:\WINDOWS\System32\rqylrj
C:\WINDOWS\System32\ruqhocs
C:\WINDOWS\System32\ruxvl
C:\WINDOWS\System32\rvclxj
C:\WINDOWS\System32\saeyl
C:\WINDOWS\System32\sjimp
C:\WINDOWS\System32\smrhccum
C:\WINDOWS\System32\soqa
C:\WINDOWS\System32\spdsqhi
C:\WINDOWS\System32\spfmbcuj
C:\WINDOWS\System32\sqdhmksp
C:\WINDOWS\System32\squa
C:\WINDOWS\System32\srbfqf
C:\WINDOWS\System32\srof
C:\WINDOWS\System32\sssrfxk
C:\WINDOWS\System32\suiuqfkj
C:\WINDOWS\System32\svbeh
C:\WINDOWS\System32\swjan
C:\WINDOWS\System32\swuytvd
C:\WINDOWS\System32\sxpvomca
C:\WINDOWS\System32\tciqpk
C:\WINDOWS\System32\tedmgvew
C:\WINDOWS\System32\tehx
C:\WINDOWS\System32\teiae
C:\WINDOWS\System32\tfscjfk
C:\WINDOWS\System32\tjfnss
C:\WINDOWS\System32\tmrfwyh
C:\WINDOWS\System32\tmsjp
C:\WINDOWS\System32\toereqph
C:\WINDOWS\System32\trjgha
C:\WINDOWS\System32\trshudo
C:\WINDOWS\System32\truhkthy
C:\WINDOWS\System32\tsno
C:\WINDOWS\System32\ttvix
C:\WINDOWS\System32\ttvjdva
C:\WINDOWS\System32\tucm
C:\WINDOWS\System32\txdko
C:\WINDOWS\System32\uajpqn
C:\WINDOWS\System32\uaworw
C:\WINDOWS\System32\ubflbl
C:\WINDOWS\System32\ucrcooyg
C:\WINDOWS\System32\ujrxmw
C:\WINDOWS\System32\ukcuds
C:\WINDOWS\System32\ukmrseh
C:\WINDOWS\System32\uoxrfe
C:\WINDOWS\System32\uphav
C:\WINDOWS\System32\uptam
C:\WINDOWS\System32\urjvj
C:\WINDOWS\System32\urmmqn
C:\WINDOWS\System32\urtgyu
C:\WINDOWS\System32\ushq
C:\WINDOWS\System32\utryvq
C:\WINDOWS\System32\uupu
C:\WINDOWS\System32\uwohujj
C:\WINDOWS\System32\uwvxrbf
C:\WINDOWS\System32\vbwtvd
C:\WINDOWS\System32\vejcx
C:\WINDOWS\System32\vfdxawee
C:\WINDOWS\System32\vholuvhk
C:\WINDOWS\System32\vjnm
C:\WINDOWS\System32\vkkikype
C:\WINDOWS\System32\vnak
C:\WINDOWS\System32\vnosmn
C:\WINDOWS\System32\vokosg
C:\WINDOWS\System32\vqbfelxu
C:\WINDOWS\System32\vqocc
C:\WINDOWS\System32\vqvi
C:\WINDOWS\System32\vskblto
C:\WINDOWS\System32\vuuvmgqi
C:\WINDOWS\System32\vvwkyr
C:\WINDOWS\System32\vxmradxh
C:\WINDOWS\System32\vxumxd
C:\WINDOWS\System32\vygbydkm
C:\WINDOWS\System32\wajj
C:\WINDOWS\System32\wfcjwryv
C:\WINDOWS\System32\whrgnru
C:\WINDOWS\System32\wiinly
C:\WINDOWS\System32\wlkrxo
C:\WINDOWS\System32\wmpelir
C:\WINDOWS\System32\wphverbk
C:\WINDOWS\System32\wssrsvyn
C:\WINDOWS\System32\wutmxxos
C:\WINDOWS\System32\wwhajgbu
C:\WINDOWS\System32\wwkyjmde
C:\WINDOWS\System32\wxthuldt
C:\WINDOWS\System32\wypp
C:\WINDOWS\System32\xdna
C:\WINDOWS\System32\xdvvynia
C:\WINDOWS\System32\xenggxek
C:\WINDOWS\System32\xfmubp
C:\WINDOWS\System32\xfrpa
C:\WINDOWS\System32\xggtwd
C:\WINDOWS\System32\xhnumte
C:\WINDOWS\System32\xlkcs
C:\WINDOWS\System32\xmdqve
C:\WINDOWS\System32\xmhlofqu
C:\WINDOWS\System32\xmii
C:\WINDOWS\System32\xprqptfx
C:\WINDOWS\System32\xqsmulw
C:\WINDOWS\System32\xsilxdad
C:\WINDOWS\System32\xsvo
C:\WINDOWS\System32\xtqwwtk
C:\WINDOWS\System32\xwkcuqrf
C:\WINDOWS\System32\yapa
C:\WINDOWS\System32\yfou
C:\WINDOWS\System32\yknimb
C:\WINDOWS\System32\ylvu
C:\WINDOWS\System32\yqmnho
C:\WINDOWS\System32\yrnsaul
C:\WINDOWS\System32\yueemwtu
C:\WINDOWS\System32\yvoxiyv
C:\WINDOWS\System32\yxepq
C:\WINDOWS\System32\yxmx
C:\WINDOWS\System32\yyxj
C:\WINDOWS\System32\?icrosoft.NET
C:\WINDOWS\System32\??mantec
C:\WINDOWS\System32\??stem
C:\WINDOWS\System32\?racle

- Now in Killbox go to File, Paste from clipboard.
- Click the Options.
- Select Remove Directories.
- Click on the button that has the red circle with the X in the middle.
- It will ask for confimation to delete the folders, click Yes.
- It will ask if you want to reboot now, click Yes again.

======

Let it reboot your PC into Normal Mode again.

======

Please download Combofix to your desktop.
  • Doubleclick combo.exe
  • Follow the prompts.
  • Don't click on the window while the fix is running, because that will cause your system to hang.
  • When finished, it should produce a log, combofix.txt.
======

Please post back with the log created by ComboFix,
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#15 onemanmosh

onemanmosh
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 18 October 2006 - 02:22 PM

ok, when i try to delete the folders with killbox, i receive this message:
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users