I have been having this problem, even after being healed with AVG and running spybot and adaware it just keeps coming back. I downloaded hijackthis and here is the log file. Appreaciate any help.. I put in all in here, first time posting not sure which one top post.
Logfile of HijackThis v1.99.1
Scan saved at 11:26:22 AM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\retadpu11.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {AB0C9B89-DCE0-4C60-94CA-53472D2E6FB4} - c:\windows\system32\ekoaeko.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AutoTBar] C:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.22.17/ttinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ylpbarro - C:\WINDOWS\SYSTEM32\ekoaeko.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Full Version: Trojan Horse Generic4.oaw problems
Please download
VundoFix.exe
to your desktop.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button."
when VundoFix appears at reboot.
VundoFix.exe
to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button."
when VundoFix appears at reboot.
QUOTE (LoPhatPhuud @ May 27 2007, 09:45 PM) 
Please download
VundoFix.exe
to your desktop.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button."
when VundoFix appears at reboot.
VundoFix.exe
to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button."
when VundoFix appears at reboot.
here are the results from log files
VundoFix V6.4.1
Checking Java version...
Scan started at 10:41:55 PM 5/27/2007
Listing files found while scanning....
No infected files were found.
Logfile of HijackThis v1.99.1
Scan saved at 10:55:51 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\retadpu11.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Chikka V4\ChikkaLauncher.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\Khaleq\Desktop\VundoFix.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {AB0C9B89-DCE0-4C60-94CA-53472D2E6FB4} - c:\windows\system32\ekoaeko.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AutoTBar] C:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IEFilter] C:\Documents and Settings\Khaleq\Local Settings\Application Data\Microsoft\Internet Explorer\Filters\IExpl32d.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.22.17/ttinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ylpbarro - C:\WINDOWS\SYSTEM32\ekoaeko.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
after running vundofix it did not ask for or it did not reboot.
and the generic4.oaw still pops up with AVG and i continue to heal it but it comes back
First:
1. Please download [url=1. Please download The Avenger by Swandog46 to your Desktop.
2. Copy all the text (including the words 'Files to delete:') contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
[b]Second:
Run HiJackThis and press the Scan' button
When the scan is finished:
Check the following items in HijackThis.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: (no name) - {AB0C9B89-DCE0-4C60-94CA-53472D2E6FB4} - c:\windows\system32\ekoaeko.dll
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A
O20 - Winlogon Notify: ylpbarro - C:\WINDOWS\SYSTEM32\ekoaeko.dll
Close all windows except HijackThis and click Fix checked.
Reboot in normal mode
Run HiJackThis again and post a new log in this thread.
1. Please download [url=1. Please download The Avenger by Swandog46 to your Desktop.
- Click on Avenger.zip to open the file
- Extract avenger.exe to your desktop
2. Copy all the text (including the words 'Files to delete:') contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
QUOTE
Files to delete:
C:\WINDOWS\retadpu11.exe
C:\windows\system32\ekoaeko.dll
C:\WINDOWS\retadpu11.exe
C:\windows\system32\ekoaeko.dll
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
- Under "Script file to execute" choose "Input Script Manually".
- Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
- Paste the text copied to clipboard into this window by pressing (Ctrl+V).
- Click Done
- Now click on the Green Light to begin execution of the script
- Answer "Yes" twice when prompted.
- It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
- On reboot, it will briefly open a black command window on your desktop, this is normal.
- After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
- The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
[b]Second:
Run HiJackThis and press the Scan' button
When the scan is finished:
Check the following items in HijackThis.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: (no name) - {AB0C9B89-DCE0-4C60-94CA-53472D2E6FB4} - c:\windows\system32\ekoaeko.dll
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A
O20 - Winlogon Notify: ylpbarro - C:\WINDOWS\SYSTEM32\ekoaeko.dll
Close all windows except HijackThis and click Fix checked.
Reboot in normal mode
Run HiJackThis again and post a new log in this thread.
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xccbnjpw
*******************
Script file located at: \??\C:\Documents and Settings\d^yffnwx.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\retadpu11.exe deleted successfully.
Could not open file C:\windows\system32\ekoaeko.dll for deletion
Deletion of file C:\windows\system32\ekoaeko.dll failed!
Could not process line:
C:\windows\system32\ekoaeko.dll
Status: 0xc0000022
Completed script processing.
*******************
Finished! Terminate.
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xccbnjpw
*******************
Script file located at: \??\C:\Documents and Settings\d^yffnwx.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\retadpu11.exe deleted successfully.
Could not open file C:\windows\system32\ekoaeko.dll for deletion
Deletion of file C:\windows\system32\ekoaeko.dll failed!
Could not process line:
C:\windows\system32\ekoaeko.dll
Status: 0xc0000022
Completed script processing.
*******************
Finished! Terminate.
here is the logfile from hijack sorry for the delay, been busy tnks again for helping
I did as instructed
Logfile of HijackThis v1.99.1
Scan saved at 10:16:51 PM, on 6/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {AB0C9B89-DCE0-4C60-94CA-53472D2E6FB4} - c:\windows\system32\ekoaeko.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AutoTBar] C:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.22.17/ttinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ylpbarro - C:\WINDOWS\SYSTEM32\ekoaeko.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
I did as instructed
Logfile of HijackThis v1.99.1
Scan saved at 10:16:51 PM, on 6/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {AB0C9B89-DCE0-4C60-94CA-53472D2E6FB4} - c:\windows\system32\ekoaeko.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AutoTBar] C:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.22.17/ttinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ylpbarro - C:\WINDOWS\SYSTEM32\ekoaeko.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Lets try to delete that file with Killbox.
Download KILLBOX, extract it to your desktop.
Open killbox.exe.
Check the following boxes:
Delete on Reboot
Highlight all the entries in the quote box below and then Copy them.
Then in killbox click File>>Paste from Clipboard
At this point the "All Files" button should be enabled so you can click it.
Click the "All Files" button.
Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes
A second message will ask to Reboot now? you will need to click Yes to allow the reboot.
Note: Killbox will let you know if a file does not exist.
If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click yes to allow the reboot
There will be a folder C:\!Killbox\ -- please post the log from that folder
Download KILLBOX, extract it to your desktop.
Open killbox.exe.
Check the following boxes:
Delete on Reboot
Highlight all the entries in the quote box below and then Copy them.
QUOTE
C:\windows\system32\ekoaeko.dll
Then in killbox click File>>Paste from Clipboard
At this point the "All Files" button should be enabled so you can click it.
Click the "All Files" button.
Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes
A second message will ask to Reboot now? you will need to click Yes to allow the reboot.
Note: Killbox will let you know if a file does not exist.
If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click yes to allow the reboot
There will be a folder C:\!Killbox\ -- please post the log from that folder
This window message is popping up from the killbox
Pending File rename operation Registry data has been removedby external process
not sure what it means but it prevents me from deleting the file.
Pending File rename operation Registry data has been removedby external process
not sure what it means but it prevents me from deleting the file.
OK, there is a way to circumvent that message, but in looking over the Avenger log from before, I have a question about why the file was not deleted so I want to try once more.
1. Please download [url=1. Please download The Avenger by Swandog46 to your Desktop.
2. Copy all the text (including the words 'Files to delete:') contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
1. Please download [url=1. Please download The Avenger by Swandog46 to your Desktop.
- Click on Avenger.zip to open the file
- Extract avenger.exe to your desktop
2. Copy all the text (including the words 'Files to delete:') contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
QUOTE
Files to delete:
C:\windows\system32\ekoaeko.dll
C:\windows\system32\ekoaeko.dll
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
- Under "Script file to execute" choose "Input Script Manually".
- Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
- Paste the text copied to clipboard into this window by pressing (Ctrl+V).
- Click Done
- Now click on the Green Light to begin execution of the script
- Answer "Yes" twice when prompted.
- It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
- On reboot, it will briefly open a black command window on your desktop, this is normal.
- After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
- The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jvmfrwln
*******************
Script file located at: \??\C:\cifoopsv.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Could not open file C:\windows\system32\ekoaeko.dll for deletion
Deletion of file C:\windows\system32\ekoaeko.dll failed!
Could not process line:
C:\windows\system32\ekoaeko.dll
Status: 0xc0000022
Completed script processing.
*******************
Finished! Terminate.
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jvmfrwln
*******************
Script file located at: \??\C:\cifoopsv.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Could not open file C:\windows\system32\ekoaeko.dll for deletion
Deletion of file C:\windows\system32\ekoaeko.dll failed!
Could not process line:
C:\windows\system32\ekoaeko.dll
Status: 0xc0000022
Completed script processing.
*******************
Finished! Terminate.
Logfile of HijackThis v1.99.1
Scan saved at 9:29:49 PM, on 6/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {AB0C9B89-DCE0-4C60-94CA-53472D2E6FB4} - c:\windows\system32\ekoaeko.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AutoTBar] C:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.22.17/ttinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ylpbarro - C:\WINDOWS\SYSTEM32\ekoaeko.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Scan saved at 9:29:49 PM, on 6/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {AB0C9B89-DCE0-4C60-94CA-53472D2E6FB4} - c:\windows\system32\ekoaeko.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AutoTBar] C:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.22.17/ttinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ylpbarro - C:\WINDOWS\SYSTEM32\ekoaeko.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Does the logon you are using have Administrator rights?
yes it does. I'm the only user and I have admin rights
I don't understand why Avenger is failing when you have Admin rights, but let's try Killbox in another way.
Start Killbox
In the File to Delete box, enter C:\windows\system32\ekoaeko.dll (copy and paste)
Select Standard File Kill, End Explorer Shell, and Unregister dll before Killing
Then press the Red X
Quit Killbox
Post back and let me know the result
Start Killbox
In the File to Delete box, enter C:\windows\system32\ekoaeko.dll (copy and paste)
Select Standard File Kill, End Explorer Shell, and Unregister dll before Killing
Then press the Red X
Quit Killbox
Post back and let me know the result
when i try to delet it says it cannot delet the file? why is it doing this?
THere is probably a permissions issue. Right Click on the file, select 'Properties' and let me know if there is a Security tab.
Its a permissions issue. Try the following:
There is a problem deleting one file. Apparently the Vundo folks have changed the way one file is installed to alter the security permissions to make removal more difficult. Lets see if we can fix that.
First:
Download the following file:
http://www.xs4all.nl/~fstaal01/downloads/swxcacls.exe
Copy it to C:\Windows\System32\swxcacls.exe
Open a Command Prompt window (Start -> Run -> cmd)
Copy and paste the follownig command line to the prompt
swxcacls c:\Windows\System32\ekoaeko.dll /OA /GA:F
Second:
1. Please download [url=1. Please download The Avenger by Swandog46 to your Desktop.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
There is a problem deleting one file. Apparently the Vundo folks have changed the way one file is installed to alter the security permissions to make removal more difficult. Lets see if we can fix that.
First:
Download the following file:
http://www.xs4all.nl/~fstaal01/downloads/swxcacls.exe
Copy it to C:\Windows\System32\swxcacls.exe
Open a Command Prompt window (Start -> Run -> cmd)
Copy and paste the follownig command line to the prompt
swxcacls c:\Windows\System32\ekoaeko.dll /OA /GA:F
Second:
1. Please download [url=1. Please download The Avenger by Swandog46 to your Desktop.
- Click on Avenger.zip to open the file
- Extract avenger.exe to your desktop
QUOTE
Files to delete:
c:\Windows\System32\ekoaeko.dll
c:\Windows\System32\ekoaeko.dll
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
- Under "Script file to execute" choose "Input Script Manually".
- Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
- Paste the text copied to clipboard into this window by pressing (Ctrl+V).
- Click Done
- Now click on the Green Light to begin execution of the script
- Answer "Yes" twice when prompted.
- It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
- On reboot, it will briefly open a black command window on your desktop, this is normal.
- After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
- The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
after downloading the file swxclads . I cant copy it to the C:\Windows\System32\swxcacls.exe
folder because i cannot find the specified folder inside the system32, am i doing something wrong or what.
folder because i cannot find the specified folder inside the system32, am i doing something wrong or what.
You copy the file to the C:\Windows\System32 folder.
But before you proceed further, there is a new version of VundoFix that may take care of this file. Delete your current version, download the new one and as pre previous instructions with one exception. Boot into Safe Mode before you run VundoFix.
But before you proceed further, there is a new version of VundoFix that may take care of this file. Delete your current version, download the new one and as pre previous instructions with one exception. Boot into Safe Mode before you run VundoFix.
QUOTE (LoPhatPhuud @ Jun 7 2007, 09:07 PM)
Its a permissions issue. Try the following:
There is a problem deleting one file. Apparently the Vundo folks have changed the way one file is installed to alter the security permissions to make removal more difficult. Lets see if we can fix that.
First:
Download the following file:
http://www.xs4all.nl/~fstaal01/downloads/swxcacls.exe
Copy it to C:\Windows\System32\swxcacls.exe
Open a Command Prompt window (Start -> Run -> cmd)
Copy and paste the follownig command line to the prompt
swxcacls c:\Windows\System32\ekoaeko.dll /OA /GA:F
Second:
1. Please download [url=1. Please download The Avenger by Swandog46 to your Desktop.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
There is a problem deleting one file. Apparently the Vundo folks have changed the way one file is installed to alter the security permissions to make removal more difficult. Lets see if we can fix that.
First:
Download the following file:
http://www.xs4all.nl/~fstaal01/downloads/swxcacls.exe
Copy it to C:\Windows\System32\swxcacls.exe
Open a Command Prompt window (Start -> Run -> cmd)
Copy and paste the follownig command line to the prompt
swxcacls c:\Windows\System32\ekoaeko.dll /OA /GA:F
Second:
1. Please download [url=1. Please download The Avenger by Swandog46 to your Desktop.
- Click on Avenger.zip to open the file
- Extract avenger.exe to your desktop
QUOTE
Files to delete:
c:\Windows\System32\ekoaeko.dll
c:\Windows\System32\ekoaeko.dll
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
- Under "Script file to execute" choose "Input Script Manually".
- Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
- Paste the text copied to clipboard into this window by pressing (Ctrl+V).
- Click Done
- Now click on the Green Light to begin execution of the script
- Answer "Yes" twice when prompted.
- It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
- On reboot, it will briefly open a black command window on your desktop, this is normal.
- After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
- The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
here are the results
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\eswfrhgj
*******************
Script file located at: \??\C:\Program Files\cbajffje.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Could not open file c:\Windows\System32\ekoaeko.dll for deletion
Deletion of file c:\Windows\System32\ekoaeko.dll failed!
Could not process line:
c:\Windows\System32\ekoaeko.dll
Status: 0xc0000022
Completed script processing.
*******************
Finished! Terminate.
And here is a fresh HJT log
Logfile of HijackThis v1.99.1
Scan saved at 10:31:06 PM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {AB0C9B89-DCE0-4C60-94CA-53472D2E6FB4} - c:\windows\system32\ekoaeko.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AutoTBar] C:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://a.download.toontown.com/sv1.0.22.17/ttinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ylpbarro - C:\WINDOWS\SYSTEM32\ekoaeko.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
There is a newer version of VundoFix that should catch this so lets see if its working.
Delete any copy of VundoFix on your system and then follow the instructions below. Be sure to run the fix in Safe Mode!!!
Please download
VundoFix.exe
to your desktop.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button."
when VundoFix appears at reboot.
Delete any copy of VundoFix on your system and then follow the instructions below. Be sure to run the fix in Safe Mode!!!
Please download
VundoFix.exe
to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button."
when VundoFix appears at reboot.
it wont delete the file
it says something like this
75 path/ file access error
it says something like this
75 path/ file access error
We need to try and find the file that is blocking the removal. So far the standard attempts have not worked.
When you are reporting error messages, please include the actual wording.
First:
Please download RootKitRevealer from here:
http://www.sysinternals.com/files/rootkitrevealer.zip
Unzip it to the desktop, run it, and click Scan. This will generate a log file; please post the entire contents of the log file here for me to see.
Second:
Would you please use HiJackThis to produce a startup list and post it here:
1. From HJT main screen, click 'Config' button
2. Click 'Misc Tools' button
3. Check both boxes to the right of 'Generate StartupList Log' button
4. Click 'Generate StartupList Log' button
5. Click 'Yes' in the next dialog
6. Save the log and post a copy in this thread.
When you are reporting error messages, please include the actual wording.
First:
Please download RootKitRevealer from here:
http://www.sysinternals.com/files/rootkitrevealer.zip
Unzip it to the desktop, run it, and click Scan. This will generate a log file; please post the entire contents of the log file here for me to see.
Second:
Would you please use HiJackThis to produce a startup list and post it here:
1. From HJT main screen, click 'Config' button
2. Click 'Misc Tools' button
3. Check both boxes to the right of 'Generate StartupList Log' button
4. Click 'Generate StartupList Log' button
5. Click 'Yes' in the next dialog
6. Save the log and post a copy in this thread.
here is the result from rootkit
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Filter 6/4/2007 7:15 PM 0 bytes Hidden from Windows API.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Internet Explorer\Toolbar\ID 5/12/2007 10:12 PM 50 bytes Hidden from Windows API.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\MRUListEx 6/14/2007 8:27 AM 600 bytes Windows API length not consistent with raw hive data.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\17 6/14/2007 8:27 AM 108 bytes Windows API length not consistent with raw hive data.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\97 6/14/2007 8:27 AM 128 bytes Hidden from Windows API.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\133 6/14/2007 8:27 AM 116 bytes Hidden from Windows API.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt\MRUListEx 6/13/2007 10:51 PM 44 bytes Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt\1 6/13/2007 10:51 PM 128 bytes Windows API length not consistent with raw hive data.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder\MRUListEx 6/13/2007 10:51 PM 44 bytes Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder\9 6/13/2007 10:51 PM 116 bytes Windows API length not consistent with raw hive data.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU 6/14/2007 8:28 AM 16 bytes Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\ABGRCNQ.RKR 6/14/2007 8:28 AM 16 bytes Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:uggc://jjj.purncsyvtugf.pbz/tbgb.nfc?l=s&ov=965&qv=0&yv=0&pv=0&s=42019&q=1372&e=0&c 6/14/2007 8:28 AM 16 bytes Hidden from Windows API.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:uggc://jjj.pneeragnyf.pbz/nPyvpx.wfc?nq=5-jjj.uregm.pbz&qrny=uggc%3N%2S%2Sep10.bire 6/14/2007 8:28 AM 16 bytes Hidden from Windows API.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:uggc://jjj.ovmengr.pbz/eq?uggc://jjj.tbbtyr.pbz/hey?fn=Y&nv=OtwvXz7csEqTaVcFLLXFzaB 6/14/2007 8:28 AM 16 bytes Hidden from Windows API.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:Zvpuvtna - HFN Fgngr Jbeyq Uvfgbel bs Vaqvn, Zvpuvtna - HFN Fgngr, Zvpuvtna obeqrer 6/14/2007 8:28 AM 16 bytes Hidden from Windows API.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:uggc://tvsgsbeuhfonaq.vasb/frnepu.cuc?q=tvsgsbeuhfonaq.vasb&pnpurxrl=03h3uf9lbnHJ1B 6/14/2007 8:28 AM 16 bytes Hidden from Windows API.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Run\IEFilter 6/12/2007 1:42 PM 228 bytes Hidden from Windows API.
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 6/14/2007 8:28 AM 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\runtime2.sys 5/14/2007 8:23 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Network\runtime2.sys 5/14/2007 8:23 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet003\Services\hflt_ipf 6/14/2007 8:21 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet003\Services\RFCOMM 10/19/2006 8:33 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet003\Services\runtime2 6/14/2007 8:21 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet004\Control\SafeBoot\Minimal\runtime2.sys 5/14/2007 8:23 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet004\Control\SafeBoot\Network\runtime2.sys 5/14/2007 8:23 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet004\Services\runtime2 6/14/2007 8:21 AM 0 bytes Hidden from Windows API.
C:\$VAULT$.AVG\00632859.FIL 6/14/2007 8:32 AM 78.34 KB Hidden from Windows API.
C:\$VAULT$.AVG\00998656.FIL 6/14/2007 8:38 AM 78.34 KB Hidden from Windows API.
C:\$VAULT$.AVG\01262828.FIL 6/14/2007 8:42 AM 78.34 KB Hidden from Windows API.
C:\$VAULT$.AVG\01929375.FIL 6/14/2007 8:53 AM 4.09 KB Hidden from Windows API.
C:\$VAULT$.AVG\01939109.FIL 6/14/2007 8:53 AM 7.72 KB Hidden from Windows API.
C:\$VAULT$.AVG\01942140.FIL 6/14/2007 8:53 AM 7.72 KB Hidden from Windows API.
C:\$VAULT$.AVG\02098421.FIL 6/14/2007 8:56 AM 7.72 KB Hidden from Windows API.
C:\$VAULT$.AVG\02107140.FIL 6/14/2007 8:56 AM 4.09 KB Hidden from Windows API.
C:\$VAULT$.AVG\02267609.FIL 6/14/2007 8:59 AM 78.34 KB Hidden from Windows API.
C:\$VAULT$.AVG\02405531.FIL 6/14/2007 9:01 AM 25.33 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7upd\$history\2007-06-14--08-54-33 6/14/2007 8:54 AM 397 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\upd7bin\u7avi1040u10248h.bin 6/14/2007 8:54 AM 86.13 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\upd7bin\u7iavi859u8588h.bin 6/14/2007 8:54 AM 9.14 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Cookies\khaleq@ad.yieldmanager[1].txt 6/14/2007 8:39 AM 2.18 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Cookies\khaleq@ad.yieldmanager[2].txt 6/14/2007 8:27 AM 2.16 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Cookies\khaleq@ads.adbrite[1].txt 6/14/2007 8:49 AM 379 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Cookies\khaleq@ads.adbrite[2].txt 6/12/2007 11:32 AM 631 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Cookies\khaleq@e-2dj6wfloeodzmlp.stats.esomniture[1].txt 6/14/2007 9:00 AM 348 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Cookies\khaleq@e-2dj6wfloeodzmlp.stats.esomniture[2].txt 5/2/2007 8:08 AM 347 bytes Visible in Windows API, directory index, but not in MFT.
C:\Documents and Settings\Khaleq\Cookies\khaleq@gpsmagazine[2].txt 6/14/2007 8:57 AM 480 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Cookies\khaleq@justechn[1].txt 6/14/2007 8:49 AM 378 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Cookies\khaleq@mail[2].txt 6/14/2007 8:41 AM 481 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Cookies\khaleq@mail[3].txt 6/13/2007 10:22 PM 394 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Cookies\khaleq@news4jax[1].txt 6/14/2007 8:38 AM 108 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Cookies\khaleq@statse.webtrendslive[1].txt 6/14/2007 8:39 AM 302 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Cookies\khaleq@statse.webtrendslive[2].txt 6/5/2007 6:26 PM 270 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Cookies\khaleq@tacoda[1].txt 6/14/2007 8:39 AM 617 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Cookies\khaleq@tacoda[2].txt 6/12/2007 10:16 AM 590 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Cookies\khaleq@www.news4jax[2].txt 6/14/2007 8:40 AM 297 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Application Data\Microsoft\Internet Explorer\Filters 5/31/2007 4:10 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Application Data\Microsoft\Internet Explorer\Filters\filter.drv 6/3/2007 4:36 PM 24 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Application Data\Microsoft\Internet Explorer\Filters\IExpl32d.exe 5/12/2007 4:37 PM 16.00 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Application Data\Microsoft\Internet Explorer\Filters\MSIEHelper.dll 5/12/2007 4:37 PM 38.90 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Application Data\Microsoft\Internet Explorer\Filters\prx475a.dll 5/17/2007 3:42 PM 168.00 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Application Data\Microsoft\Internet Explorer\Filters\prx475c.dll 5/12/2007 10:12 PM 168.00 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Application Data\Microsoft\Internet Explorer\Filters\prx482b.dll 5/31/2007 4:10 PM 172.00 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temp\$38741FF6.t$m 6/14/2007 9:02 AM 0 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\060107[1].gif 6/14/2007 8:42 AM 3.33 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\11215058_80X60[1].jpg 6/14/2007 8:38 AM 1.36 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\1201318197328080_1[1].jpg 6/14/2007 8:44 AM 2.47 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\1201318492968080_1[1].jpg 6/14/2007 8:44 AM 1.13 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\1201319236138080_1[1].jpg 6/14/2007 8:44 AM 2.42 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\1201319236318080_1[1].jpg 6/14/2007 8:46 AM 1.28 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\1201319300008080_1[1].jpg 6/14/2007 8:46 AM 1.26 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\1201319750718080_1[1].jpg 6/14/2007 8:59 AM 1.58 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\120131976943[1].jpg 6/14/2007 8:47 AM 2.58 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\13502450_240X180[1].jpg 6/14/2007 8:38 AM 10.76 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\2201029904836464_1[1].jpg 6/11/2007 10:43 PM 1.33 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\2201083504626464_1[1].jpg 6/11/2007 10:43 PM 1.33 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\2201084517256464_1[1].jpg 6/14/2007 8:44 AM 1.33 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\2201204778238080_1[1].jpg 6/14/2007 9:00 AM 3.01 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\2201204796388080_1[1].jpg 6/14/2007 9:00 AM 2.54 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\2201204826058080_1[1].jpg 6/14/2007 9:00 AM 2.62 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\2201204828078080_1[1].jpg 6/14/2007 9:00 AM 2.57 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\2210062_80X60[1].jpg 6/14/2007 8:38 AM 2.12 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\betr=rsi=[+]C05503_10396[1440][1].gif 6/14/2007 8:39 AM 49 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\btn_signup_gy[1].gif 6/14/2007 8:42 AM 610 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\button_enlarge[1].gif 6/14/2007 8:38 AM 273 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\buyer;dcopt=ist;!cat=statichp;sz=275x300;tile=1;ord=1181828568765;[1].htm 6/14/2007 8:42 AM 2.25 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\CA6FOXY5.htm 6/14/2007 8:40 AM 7.67 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\CAC5Q91Y.swf 6/14/2007 8:43 AM 116.52 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\CAIXCRK7.htm 6/14/2007 8:56 AM 8.70 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\card_br_new[1].gif 6/14/2007 8:41 AM 198 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\card_button_s[1].gif 6/14/2007 8:41 AM 76 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\cls[1].js 6/14/2007 8:49 AM 672 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\common[1].js 6/14/2007 9:00 AM 3.65 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\ebay[2].htm 6/13/2007 10:34 PM 61.49 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\ebayfooter_v4_e5133us[1].js 6/14/2007 8:47 AM 16.10 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\eBayISAPI[1].htm 6/14/2007 9:00 AM 8.46 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\eBayISAPI[2] 6/14/2007 9:01 AM 2.83 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\eBayISAPI[3].htm 6/14/2007 8:46 AM 13.69 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\EC.GMN.ETREX[1].jpg 6/14/2007 8:42 AM 2.10 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\EC.PIO.AVICD3[1].jpg 6/14/2007 8:42 AM 2.52 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\ej2global_e5172us[2].js 6/14/2007 8:44 AM 294 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\eminimall.v3[2].js 6/14/2007 8:49 AM 15.80 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\ewtrack[1].gif 6/14/2007 8:39 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\ewtrack_9[1].gif 6/14/2007 8:39 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\ewtrack_wesupport[1].gif 6/14/2007 8:39 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\flashgallery[1].xml 6/14/2007 9:01 AM 3.68 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\gw[1].js 6/14/2007 8:38 AM 1012 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\header_bg[1].gif 6/14/2007 9:00 AM 137 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\header_bottom_left[1].gif 6/14/2007 8:42 AM 636 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\ibs_bug_color[1].gif 6/14/2007 8:38 AM 829 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\iconLtArrow_20x20[1].gif 6/14/2007 8:46 AM 260 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\IMG_3321[1].jpg 6/14/2007 8:55 AM 16.63 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\IMG_3322[1].jpg 6/14/2007 8:55 AM 16.58 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\instore[1].gif 6/14/2007 8:41 AM 1.23 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\left[1].jpg 6/14/2007 8:49 AM 7.62 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\local;kw=bdsponsors+google+C05503_10396;comp=false;ad=true;tile=3;pgtype=detail;sluser=false;sz=301x251;ord=1181828346906[1].htm 6/14/2007 8:39 AM 708 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\logoPayPal_58x16[1].gif 6/14/2007 9:01 AM 1.10 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\Magellan-RoadMate-2000-Portable-Navigation-System_W0QQitemZ120131973649QQihZ002QQcategoryZ73332QQcmdZViewItem[1].htm 6/14/2007 8:47 AM 91.21 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\mail[2] 6/14/2007 8:41 AM 5.46 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\mail[9] 6/14/2007 8:41 AM 655 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\milonic_src[1].js 6/14/2007 8:41 AM 6.38 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\Music,VHS,DVD,Video,VideoGames,Electronics,PCHardware,OfficeProducts,Software,Electronics,Wireless,Photo,Toys,VideoGames,SportingGoods,MusicalInstruments,Automot 6/14/2007 8:49 AM 850 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\mystores_e5172us[2].js 6/14/2007 8:44 AM 10.49 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\national;kw=bdsponsors+google;comp=false;ad=true;tile=3;pgtype=detail;sluser=false;sz=301x251;ord=1181828286703[1].htm 6/14/2007 8:38 AM 708 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\nav_advertising_ro[1].jpg 6/14/2007 8:55 AM 1.32 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\nav_contact[1].gif 6/14/2007 8:54 AM 307 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\newsticker_ver_5[1].swf 6/14/2007 8:42 AM 3.65 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\notebook_468x60[1].swf 6/14/2007 8:49 AM 14.12 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\picture[1].jpg 6/14/2007 9:02 AM 2.85 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\previewManager[1].js 6/14/2007 8:49 AM 22.32 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\prototype[1].js 6/14/2007 8:49 AM 46.49 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\proxy[1].jpg 6/14/2007 8:43 AM 10.48 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\Returns-Central__Apple-iPod-MP3-Players_W0QQcatrefZC12QQfclZ3QQfsooZ1QQfsopZ1QQftsZ1QQsacatZ15057QQsaselZ146930250QQsspagenameZstrkQ3amewaQ3amesstQQsuZretur[1].h 6/14/2007 8:45 AM 45.54 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\Returns-Central__Home-Garden_W0QQcatrefZC12QQfclZ3QQfsooZ1QQfsopZ1QQftsZ1QQsacatZ11700QQsaselZ146930250QQsspagenameZstrkQ3amewaQ3amesstQQsuZreturnscentral[1].htm 6/14/2007 8:44 AM 35.77 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\Returns-Central__Portable-Audio-Video_W0QQcatrefZC12QQfclZ3QQfsooZ1QQfsopZ1QQftsZ1QQsacatZ15052QQsaselZ146930250QQsspagenameZstrkQ3amewaQ3amesstQQsuZreturns[1].h 6/14/2007 8:46 AM 45.28 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\rtm[1] 6/14/2007 8:44 AM 436 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\script[1].js 6/14/2007 8:38 AM 10.25 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\space[1].gif 6/14/2007 8:42 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\spacer[1].gif 6/14/2007 8:38 AM 67 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\title[1].jpg 6/14/2007 8:49 AM 8.90 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\toolbox[1].js 6/14/2007 8:41 AM 10.85 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\viewitembody_e5133us[2].js 6/14/2007 8:47 AM 53.51 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\wtid[1].js 6/14/2007 8:38 AM 64 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\4PMRS9UZ\1201319236118080_1[1].jpg 6/14/2007 8:59 AM 1.54 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\4PMRS9UZ\2201204764138080_1[1].jpg 6/14/2007 9:00 AM 2.99 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\4PMRS9UZ\2201204816018080_1[1].jpg 6/14/2007 9:00 AM 2.58 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\4PMRS9UZ\2201204819028080_1[1].jpg 6/14/2007 9:00 AM 2.93 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\4PMRS9UZ\about[1].gif 6/14/2007 9:01 AM 964 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\4PMRS9UZ\calc_tl[1].gif 6/14/2007 9:01 AM 52 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\4PMRS9UZ\checkout[1].jpg 6/14/2007 9:01 AM 2.22 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\4PMRS9UZ\contact[1].gif 6/14/2007 9:01 AM 908 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\4PMRS9UZ\hightechtoys_marquee[1].gif 6/14/2007 9:00 AM 11.61 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\4PMRS9UZ\imgStrsWidgtLftCnr_11x11[1].gif 6/14/2007 9:00 AM 861 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\4PMRS9UZ\picture[1].jpg 6/14/2007 9:02 AM 2.59 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\4PMRS9UZ\rovercounter[1].gif 6/14/2007 8:58 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\7Z9J3H4W\2201204765898080_1[1].jpg 6/14/2007 9:00 AM 2.00 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\7Z9J3H4W\2201204776018080_1[1].jpg 6/14/2007 9:00 AM 2.94 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\7Z9J3H4W\220120480063[1].jpg 6/14/2007 9:02 AM 2.62 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\7Z9J3H4W\2201204822948080_1[1].jpg 6/14/2007 9:00 AM 1.91 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\7Z9J3H4W\220121695413[1].jpg 6/14/2007 9:02 AM 2.62 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\7Z9J3H4W\nav_bg[1].gif 6/14/2007 9:00 AM 83 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\7Z9J3H4W\picture[1].jpg 6/14/2007 9:02 AM 2.41 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\7Z9J3H4W\viewitem[1].js 6/14/2007 9:01 AM 1.70 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\10014161[1].jpg 6/14/2007 9:01 AM 14.31 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\11n++iz1xQL._SL110_[1].jpg 6/14/2007 8:56 AM 3.37 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1201107254486464_1[1].jpg 6/11/2007 10:43 PM 1.33 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1201318121678080_1[1].jpg 6/14/2007 8:44 AM 1.66 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1201318298908080_1[1].jpg 6/14/2007 8:44 AM 1.13 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\120131849296[1].jpg 6/14/2007 8:58 AM 1.39 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1201318509848080_1[1].jpg 6/14/2007 8:44 AM 1.15 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1201318693518080_1[1].jpg 6/14/2007 8:44 AM 1.95 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1201318847828080_1[1].jpg 6/14/2007 8:46 AM 1.20 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1201319236008080_1[1].jpg 6/14/2007 8:46 AM 1015 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1201319236028080_1[1].jpg 6/14/2007 8:47 AM 2.07 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1201319236108080_1[1].jpg 6/14/2007 8:47 AM 1.48 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1201319236328080_1[1].jpg 6/14/2007 8:45 AM 1.57 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1201319251718080_1[1].jpg 6/14/2007 8:46 AM 1.19 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\120131933271[1].jpg 6/14/2007 8:58 AM 1.33 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1201319452068080_1[1].jpg 6/14/2007 8:46 AM 1.11 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\13499604_240X180[1].jpg 6/14/2007 8:39 AM 10.35 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1501177911866464_1[1].jpg 6/11/2007 10:43 PM 1.33 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1501181439986464_1[1].jpg 6/14/2007 8:44 AM 1.33 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\2201080823096464_1[1].jpg 6/14/2007 8:44 AM 1.33 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\2201204786638080_1[1].jpg 6/14/2007 9:00 AM 2.95 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\2201204804378080_1[1].jpg 6/14/2007 9:00 AM 2.25 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\220120545185[1].jpg 6/14/2007 9:02 AM 2.66 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\220121091737[1].jpg 6/14/2007 9:02 AM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\2[1].jpg 6/14/2007 8:49 AM 2.86 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\aboutme-small[1].gif 6/14/2007 8:44 AM 226 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\arrow_gy[1].gif 6/14/2007 8:42 AM 268 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\back[1].jpg 6/14/2007 8:49 AM 7.59 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\BPRO-Transformers_Q207-TransformYourWorld-150x36[1].gif 6/14/2007 8:44 AM 3.93 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\buyer;dcopt=ist;slot=it;sz=275x75;tile=2;ord=1181828568765;[1].htm 6/14/2007 8:42 AM 426 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\buyer;tn=2;to=h;tr=2;!cat=statichp;tw=275;ta=center;tcp=0;tcs=20;tva=top;seg=US_RTM_F3F_101706_Aud1;szs=100x100,100x100;ord=1181828568765;[1].htm 6/14/2007 8:42 AM 1.71 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\c[2].gif 6/14/2007 8:41 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\CAAEIRMP.htm 6/14/2007 8:56 AM 2.84 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\CAHW2PHR.gif 6/14/2007 8:39 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\calc_rl[1].gif 6/14/2007 9:01 AM 52 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\caraudio_marquee[1].gif 6/14/2007 9:01 AM 13.03 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\card_left2_new[1].gif 6/14/2007 8:41 AM 73 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\cat_audio_video[1].gif 6/14/2007 8:47 AM 1.72 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\clogo[1].gif 6/14/2007 8:49 AM 371 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\cmdatatagutils[1].js 6/14/2007 8:42 AM 20.95 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\conversion[3].js 6/13/2007 9:44 PM 5.35 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\CrossPromotion_e5171us[2].css 6/14/2007 8:47 AM 529 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\detail[1].htm 6/14/2007 8:40 AM 64.33 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\digg[1].jpg 6/14/2007 8:49 AM 996 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\ebay-nodefault_e5131us[2].css 6/14/2007 8:47 AM 1.06 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\eBayISAPI[5].htm 6/14/2007 8:43 AM 15.95 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\effects[1].js 6/14/2007 8:49 AM 31.22 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\EWTRACK_TIME[1] 6/14/2007 8:39 AM 3 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\header_bottom_right[1].gif 6/14/2007 8:42 AM 150 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\IBS_ClubMom_160x600Prevacid_Banner_Ads_-_Symptoms_Branded[1].swf 6/14/2007 8:38 AM 11.38 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\ifr[1].htm 6/13/2007 10:42 PM 4.37 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\iframefooter_tracking_e5172us[2].js 6/14/2007 8:44 AM 24.98 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\IMG_3301[1].jpg 6/14/2007 8:55 AM 14.24 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\IMG_3303[1].jpg 6/14/2007 8:55 AM 17.35 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\left_open[1].jpg 6/14/2007 8:49 AM 8.04 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\lendingtree_100x34[1].png 6/14/2007 8:39 AM 4.60 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\ListingGallery[1].swf 6/14/2007 9:01 AM 75.90 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\logo2[1].gif 6/14/2007 8:42 AM 3.47 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\logoEbay_x45[1].gif 6/14/2007 8:43 AM 1.21 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\mail[5] 6/14/2007 8:41 AM 8.74 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\mail[6] 6/14/2007 8:41 AM 19 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\menu_BG[1].gif 6/14/2007 8:41 AM 1.58 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\menus_top[1].jpg 6/14/2007 8:49 AM 3.28 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\mp3_marquee[1].gif 6/14/2007 9:00 AM 11.19 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\mt-site[1].js 6/14/2007 8:54 AM 4.10 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\national;kw=news+banner1+C05503_10396;comp=false;ad=true;tile=1;pgtype=detail;sluser=false;sz=728x90;ord=1181828440515[2] 6/14/2007 8:40 AM 427 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\national;kw=news+sky1;comp=false;ad=true;dcopt=ist;tile=4;pgtype=detail;sluser=false;sz=120x300;ord=1181828286703[1] 6/14/2007 8:38 AM 746 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\nav_home_ro[1].jpg 6/14/2007 8:55 AM 899 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\nav_links_ro[1].jpg 6/14/2007 8:55 AM 840 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\PC.GMN.SPC340.CN[1].jpg 6/14/2007 8:42 AM 2.39 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\picture[1].jpg 6/14/2007 9:02 AM 2.76 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\print_icon[1].gif 6/14/2007 8:41 AM 94 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\proxy[1].jpg 6/12/2007 1:59 PM 10.48 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\r[1].js 6/14/2007 8:38 AM 679 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\reply_all[1].gif 6/14/2007 8:41 AM 111 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\Returns-Central_W0QQssPageNameZstrkQ3amewaQ3amesstQQtZkm[1].htm 6/11/2007 10:44 PM 68.97 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\rtm_show_e5172us[2].js 6/14/2007 8:45 AM 33.17 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\sbrWrite[1].js 6/14/2007 9:00 AM 265 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\script[1].js 6/14/2007 8:38 AM 1.89 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\script[2].js 6/14/2007 8:39 AM 2.05 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\script[3].js 6/14/2007 8:39 AM 300 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\space[1].gif 6/14/2007 8:42 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\spell_zip[1].jpg 6/14/2007 8:49 AM 8.06 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\styles-site[2].css 6/14/2007 8:54 AM 13.93 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\t=000000&color_link=394D94&color_url=394D94&color_border=FFFFFF&ad_type=text_image&flash=9&u_h=720&u_w=1280&u_ah=686&u_aw=1280&u_cd=32&u_tz=-300&u_his=4&u_java=t 6/14/2007 8:38 AM 2.82 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\take_it_heart_120x45[1].gif 6/14/2007 8:38 AM 1.92 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\TickerBanner-InTheNews_v3[2].swf 6/14/2007 8:42 AM 366 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\ToolboxData[1].htm 6/14/2007 8:41 AM 836 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\transparent[1].gif 6/14/2007 8:49 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\VFP_120x45_blue[1].jpg 6/14/2007 8:38 AM 12.11 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\05730146000[1].jpg 6/14/2007 8:47 AM 22.49 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\05730185000[1].jpg 6/14/2007 8:58 AM 17.40 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\05730206000[1].jpg 6/14/2007 8:59 AM 11.73 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\05791187000[1].jpg 6/14/2007 8:45 AM 11.61 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\0[1].gif 6/14/2007 8:49 AM 49 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\1201107254486464_1[1].jpg 6/14/2007 8:44 AM 1.33 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\1201317963018080_1[1].jpg 6/14/2007 8:44 AM 1.15 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\1201318121838080_1[1].jpg 6/14/2007 8:44 AM 2.01 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\1201318413408080_1[1].jpg 6/14/2007 8:44 AM 2.01 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\1201319190618080_1[1].jpg 6/14/2007 8:46 AM 1.20 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\1201319236038080_1[1].jpg 6/14/2007 8:46 AM 2.27 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\1201319236128080_1[1].jpg 6/14/2007 8:44 AM 2.29 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\1201319236208080_1[1].jpg 6/14/2007 8:46 AM 1.17 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\1201319251738080_1[1].jpg 6/14/2007 8:46 AM 1.15 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\1201319316658080_1[1].jpg 6/14/2007 8:44 AM 2.26 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\1201319654828080_1[1].jpg 6/14/2007 8:46 AM 1.53 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\1201319736498080_1[1].jpg 6/14/2007 8:47 AM 2.30 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\130123490560_1[1].jpg 6/14/2007 8:44 AM 2.39 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\2201204771658080_1[1].jpg 6/14/2007 9:00 AM 2.56 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\2201204773438080_1[1].jpg 6/14/2007 9:00 AM 3.04 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\9397070_80X60[1].jpg 6/14/2007 8:38 AM 1.70 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\9585233[1].gif 6/14/2007 8:39 AM 3.74 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\9661460_80X60[1].jpg 6/14/2007 8:38 AM 1.09 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\banner_gpsmagazine[1].jpg 6/14/2007 8:54 AM 20.16 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\base_objs_e5172us[2].js 6/14/2007 8:44 AM 1.01 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\Bundle-NEW-2-GE-SmartHome-Security-Night-Light_W0QQitemZ220120478896QQihZ012QQcategoryZ115940QQcmdZViewItem[1] 6/14/2007 9:01 AM 27.01 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\Bundle-NEW-2-GE-SmartHome-Security-Night-Light_W0QQitemZ220120478896QQihZ012QQcategoryZ115940QQcmdZViewItem[1].htm 6/14/2007 9:01 AM 152.86 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\CAGP6VOL.swf 6/14/2007 8:40 AM 80.61 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\CAI23FX0.htm 6/14/2007 8:55 AM 2.33 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\CAJA6HV7.swf 6/14/2007 8:38 AM 75.89 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\CAKTY3WX.htm 6/14/2007 8:49 AM 5.17 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\calc_get_rate_btn[1].gif 6/14/2007 9:01 AM 468 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\card_bl_new[1].gif 6/14/2007 8:41 AM 192 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\configuration[1].jpg 6/14/2007 8:49 AM 7.95 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\DartRichMedia_1_03[1].js 6/14/2007 8:38 AM 799 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\delicious[1].jpg 6/14/2007 8:49 AM 18.44 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\detect[1].js 6/14/2007 8:41 AM 970 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\ebayfooter_v4_e5171us[2].js 6/14/2007 8:44 AM 16.10 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\eBayISAPI[1].htm 6/13/2007 9:17 PM 95.50 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\eBayISAPI[2].htm 6/14/2007 8:43 AM 16.16 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\EWTRACK_TIME[1] 6/14/2007 8:39 AM 3 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\exitPoll[1].js 6/14/2007 8:41 AM 6.02 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\FathersDay_GPS_sub[1].jpg 6/14/2007 8:42 AM 19.23 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\footer_bg[1].gif 6/14/2007 8:42 AM 3.07 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\GlobalNav_Ebay_e5134658494_en_US_MAIN[2].css 6/14/2007 8:47 AM 7.66 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\GlobalNav_SignInEbay_e5174782215_1_en_US_MAIN[2].js 6/13/2007 9:16 PM 8.88 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\google_custom_search_watermark[1].gif 6/14/2007 8:49 AM 1.33 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\header_account[1].gif 6/14/2007 8:42 AM 1.07 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\iconlightbulb_16x16[1].gif 6/14/2007 8:43 AM 173 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\IMG_3326[1].jpg 6/14/2007 8:55 AM 19.71 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\IMG_3327[1].jpg 6/14/2007 8:55 AM 27.23 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\imgAvaBadge100[1].gif 6/14/2007 9:00 AM 211 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\imgCrnrO3[1].gif 6/13/2007 9:16 PM 59 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\imgStrsWidgtRtCnr_11x11[1].gif 6/14/2007 9:00 AM 174 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\ja_300X250_Q1_07_v2[1].swf 6/14/2007 8:39 AM 28.28 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\lastListWrite[1].js 6/14/2007 9:00 AM 518 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\logo[2].gif 6/14/2007 9:01 AM 1.36 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\magellan_2000[1].htm 6/14/2007 8:49 AM 68.68 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\mail[1].htm 6/14/2007 8:41 AM 16.98 KB Hidden from Windows API.
C:\D
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Filter 6/4/2007 7:15 PM 0 bytes Hidden from Windows API.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Internet Explorer\Toolbar\ID 5/12/2007 10:12 PM 50 bytes Hidden from Windows API.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\MRUListEx 6/14/2007 8:27 AM 600 bytes Windows API length not consistent with raw hive data.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\17 6/14/2007 8:27 AM 108 bytes Windows API length not consistent with raw hive data.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\97 6/14/2007 8:27 AM 128 bytes Hidden from Windows API.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\133 6/14/2007 8:27 AM 116 bytes Hidden from Windows API.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt\MRUListEx 6/13/2007 10:51 PM 44 bytes Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt\1 6/13/2007 10:51 PM 128 bytes Windows API length not consistent with raw hive data.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder\MRUListEx 6/13/2007 10:51 PM 44 bytes Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder\9 6/13/2007 10:51 PM 116 bytes Windows API length not consistent with raw hive data.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU 6/14/2007 8:28 AM 16 bytes Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\ABGRCNQ.RKR 6/14/2007 8:28 AM 16 bytes Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:uggc://jjj.purncsyvtugf.pbz/tbgb.nfc?l=s&ov=965&qv=0&yv=0&pv=0&s=42019&q=1372&e=0&c 6/14/2007 8:28 AM 16 bytes Hidden from Windows API.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:uggc://jjj.pneeragnyf.pbz/nPyvpx.wfc?nq=5-jjj.uregm.pbz&qrny=uggc%3N%2S%2Sep10.bire 6/14/2007 8:28 AM 16 bytes Hidden from Windows API.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:uggc://jjj.ovmengr.pbz/eq?uggc://jjj.tbbtyr.pbz/hey?fn=Y&nv=OtwvXz7csEqTaVcFLLXFzaB 6/14/2007 8:28 AM 16 bytes Hidden from Windows API.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:Zvpuvtna - HFN Fgngr Jbeyq Uvfgbel bs Vaqvn, Zvpuvtna - HFN Fgngr, Zvpuvtna obeqrer 6/14/2007 8:28 AM 16 bytes Hidden from Windows API.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:uggc://tvsgsbeuhfonaq.vasb/frnepu.cuc?q=tvsgsbeuhfonaq.vasb&pnpurxrl=03h3uf9lbnHJ1B 6/14/2007 8:28 AM 16 bytes Hidden from Windows API.
HKLM\S-1-5-21-3128996693-3865859050-2014800685-1006\Software\Microsoft\Windows\CurrentVersion\Run\IEFilter 6/12/2007 1:42 PM 228 bytes Hidden from Windows API.
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 6/14/2007 8:28 AM 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\runtime2.sys 5/14/2007 8:23 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Network\runtime2.sys 5/14/2007 8:23 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet003\Services\hflt_ipf 6/14/2007 8:21 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet003\Services\RFCOMM 10/19/2006 8:33 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet003\Services\runtime2 6/14/2007 8:21 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet004\Control\SafeBoot\Minimal\runtime2.sys 5/14/2007 8:23 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet004\Control\SafeBoot\Network\runtime2.sys 5/14/2007 8:23 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet004\Services\runtime2 6/14/2007 8:21 AM 0 bytes Hidden from Windows API.
C:\$VAULT$.AVG\00632859.FIL 6/14/2007 8:32 AM 78.34 KB Hidden from Windows API.
C:\$VAULT$.AVG\00998656.FIL 6/14/2007 8:38 AM 78.34 KB Hidden from Windows API.
C:\$VAULT$.AVG\01262828.FIL 6/14/2007 8:42 AM 78.34 KB Hidden from Windows API.
C:\$VAULT$.AVG\01929375.FIL 6/14/2007 8:53 AM 4.09 KB Hidden from Windows API.
C:\$VAULT$.AVG\01939109.FIL 6/14/2007 8:53 AM 7.72 KB Hidden from Windows API.
C:\$VAULT$.AVG\01942140.FIL 6/14/2007 8:53 AM 7.72 KB Hidden from Windows API.
C:\$VAULT$.AVG\02098421.FIL 6/14/2007 8:56 AM 7.72 KB Hidden from Windows API.
C:\$VAULT$.AVG\02107140.FIL 6/14/2007 8:56 AM 4.09 KB Hidden from Windows API.
C:\$VAULT$.AVG\02267609.FIL 6/14/2007 8:59 AM 78.34 KB Hidden from Windows API.
C:\$VAULT$.AVG\02405531.FIL 6/14/2007 9:01 AM 25.33 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7upd\$history\2007-06-14--08-54-33 6/14/2007 8:54 AM 397 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\upd7bin\u7avi1040u10248h.bin 6/14/2007 8:54 AM 86.13 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\upd7bin\u7iavi859u8588h.bin 6/14/2007 8:54 AM 9.14 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Cookies\khaleq@ad.yieldmanager[1].txt 6/14/2007 8:39 AM 2.18 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Cookies\khaleq@ad.yieldmanager[2].txt 6/14/2007 8:27 AM 2.16 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Cookies\khaleq@ads.adbrite[1].txt 6/14/2007 8:49 AM 379 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Cookies\khaleq@ads.adbrite[2].txt 6/12/2007 11:32 AM 631 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Cookies\khaleq@e-2dj6wfloeodzmlp.stats.esomniture[1].txt 6/14/2007 9:00 AM 348 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Cookies\khaleq@e-2dj6wfloeodzmlp.stats.esomniture[2].txt 5/2/2007 8:08 AM 347 bytes Visible in Windows API, directory index, but not in MFT.
C:\Documents and Settings\Khaleq\Cookies\khaleq@gpsmagazine[2].txt 6/14/2007 8:57 AM 480 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Cookies\khaleq@justechn[1].txt 6/14/2007 8:49 AM 378 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Cookies\khaleq@mail[2].txt 6/14/2007 8:41 AM 481 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Cookies\khaleq@mail[3].txt 6/13/2007 10:22 PM 394 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Cookies\khaleq@news4jax[1].txt 6/14/2007 8:38 AM 108 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Cookies\khaleq@statse.webtrendslive[1].txt 6/14/2007 8:39 AM 302 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Cookies\khaleq@statse.webtrendslive[2].txt 6/5/2007 6:26 PM 270 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Cookies\khaleq@tacoda[1].txt 6/14/2007 8:39 AM 617 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Cookies\khaleq@tacoda[2].txt 6/12/2007 10:16 AM 590 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Cookies\khaleq@www.news4jax[2].txt 6/14/2007 8:40 AM 297 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Application Data\Microsoft\Internet Explorer\Filters 5/31/2007 4:10 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Application Data\Microsoft\Internet Explorer\Filters\filter.drv 6/3/2007 4:36 PM 24 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Application Data\Microsoft\Internet Explorer\Filters\IExpl32d.exe 5/12/2007 4:37 PM 16.00 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Application Data\Microsoft\Internet Explorer\Filters\MSIEHelper.dll 5/12/2007 4:37 PM 38.90 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Application Data\Microsoft\Internet Explorer\Filters\prx475a.dll 5/17/2007 3:42 PM 168.00 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Application Data\Microsoft\Internet Explorer\Filters\prx475c.dll 5/12/2007 10:12 PM 168.00 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Application Data\Microsoft\Internet Explorer\Filters\prx482b.dll 5/31/2007 4:10 PM 172.00 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temp\$38741FF6.t$m 6/14/2007 9:02 AM 0 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\060107[1].gif 6/14/2007 8:42 AM 3.33 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\11215058_80X60[1].jpg 6/14/2007 8:38 AM 1.36 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\1201318197328080_1[1].jpg 6/14/2007 8:44 AM 2.47 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\1201318492968080_1[1].jpg 6/14/2007 8:44 AM 1.13 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\1201319236138080_1[1].jpg 6/14/2007 8:44 AM 2.42 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\1201319236318080_1[1].jpg 6/14/2007 8:46 AM 1.28 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\1201319300008080_1[1].jpg 6/14/2007 8:46 AM 1.26 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\1201319750718080_1[1].jpg 6/14/2007 8:59 AM 1.58 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\120131976943[1].jpg 6/14/2007 8:47 AM 2.58 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\13502450_240X180[1].jpg 6/14/2007 8:38 AM 10.76 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\2201029904836464_1[1].jpg 6/11/2007 10:43 PM 1.33 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\2201083504626464_1[1].jpg 6/11/2007 10:43 PM 1.33 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\2201084517256464_1[1].jpg 6/14/2007 8:44 AM 1.33 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\2201204778238080_1[1].jpg 6/14/2007 9:00 AM 3.01 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\2201204796388080_1[1].jpg 6/14/2007 9:00 AM 2.54 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\2201204826058080_1[1].jpg 6/14/2007 9:00 AM 2.62 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\2201204828078080_1[1].jpg 6/14/2007 9:00 AM 2.57 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\2210062_80X60[1].jpg 6/14/2007 8:38 AM 2.12 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\betr=rsi=[+]C05503_10396[1440][1].gif 6/14/2007 8:39 AM 49 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\btn_signup_gy[1].gif 6/14/2007 8:42 AM 610 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\button_enlarge[1].gif 6/14/2007 8:38 AM 273 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\buyer;dcopt=ist;!cat=statichp;sz=275x300;tile=1;ord=1181828568765;[1].htm 6/14/2007 8:42 AM 2.25 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\CA6FOXY5.htm 6/14/2007 8:40 AM 7.67 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\CAC5Q91Y.swf 6/14/2007 8:43 AM 116.52 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\CAIXCRK7.htm 6/14/2007 8:56 AM 8.70 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\card_br_new[1].gif 6/14/2007 8:41 AM 198 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\card_button_s[1].gif 6/14/2007 8:41 AM 76 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\cls[1].js 6/14/2007 8:49 AM 672 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\common[1].js 6/14/2007 9:00 AM 3.65 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\ebay[2].htm 6/13/2007 10:34 PM 61.49 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\ebayfooter_v4_e5133us[1].js 6/14/2007 8:47 AM 16.10 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\eBayISAPI[1].htm 6/14/2007 9:00 AM 8.46 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\eBayISAPI[2] 6/14/2007 9:01 AM 2.83 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\eBayISAPI[3].htm 6/14/2007 8:46 AM 13.69 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\EC.GMN.ETREX[1].jpg 6/14/2007 8:42 AM 2.10 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\EC.PIO.AVICD3[1].jpg 6/14/2007 8:42 AM 2.52 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\ej2global_e5172us[2].js 6/14/2007 8:44 AM 294 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\eminimall.v3[2].js 6/14/2007 8:49 AM 15.80 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\ewtrack[1].gif 6/14/2007 8:39 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\ewtrack_9[1].gif 6/14/2007 8:39 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\ewtrack_wesupport[1].gif 6/14/2007 8:39 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\flashgallery[1].xml 6/14/2007 9:01 AM 3.68 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\gw[1].js 6/14/2007 8:38 AM 1012 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\header_bg[1].gif 6/14/2007 9:00 AM 137 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\header_bottom_left[1].gif 6/14/2007 8:42 AM 636 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\ibs_bug_color[1].gif 6/14/2007 8:38 AM 829 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\iconLtArrow_20x20[1].gif 6/14/2007 8:46 AM 260 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\IMG_3321[1].jpg 6/14/2007 8:55 AM 16.63 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\IMG_3322[1].jpg 6/14/2007 8:55 AM 16.58 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\instore[1].gif 6/14/2007 8:41 AM 1.23 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\left[1].jpg 6/14/2007 8:49 AM 7.62 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\local;kw=bdsponsors+google+C05503_10396;comp=false;ad=true;tile=3;pgtype=detail;sluser=false;sz=301x251;ord=1181828346906[1].htm 6/14/2007 8:39 AM 708 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\logoPayPal_58x16[1].gif 6/14/2007 9:01 AM 1.10 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\Magellan-RoadMate-2000-Portable-Navigation-System_W0QQitemZ120131973649QQihZ002QQcategoryZ73332QQcmdZViewItem[1].htm 6/14/2007 8:47 AM 91.21 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\mail[2] 6/14/2007 8:41 AM 5.46 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\mail[9] 6/14/2007 8:41 AM 655 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\milonic_src[1].js 6/14/2007 8:41 AM 6.38 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\Music,VHS,DVD,Video,VideoGames,Electronics,PCHardware,OfficeProducts,Software,Electronics,Wireless,Photo,Toys,VideoGames,SportingGoods,MusicalInstruments,Automot 6/14/2007 8:49 AM 850 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\mystores_e5172us[2].js 6/14/2007 8:44 AM 10.49 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\national;kw=bdsponsors+google;comp=false;ad=true;tile=3;pgtype=detail;sluser=false;sz=301x251;ord=1181828286703[1].htm 6/14/2007 8:38 AM 708 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\nav_advertising_ro[1].jpg 6/14/2007 8:55 AM 1.32 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\nav_contact[1].gif 6/14/2007 8:54 AM 307 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\newsticker_ver_5[1].swf 6/14/2007 8:42 AM 3.65 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\notebook_468x60[1].swf 6/14/2007 8:49 AM 14.12 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\picture[1].jpg 6/14/2007 9:02 AM 2.85 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\previewManager[1].js 6/14/2007 8:49 AM 22.32 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\prototype[1].js 6/14/2007 8:49 AM 46.49 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\proxy[1].jpg 6/14/2007 8:43 AM 10.48 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\Returns-Central__Apple-iPod-MP3-Players_W0QQcatrefZC12QQfclZ3QQfsooZ1QQfsopZ1QQftsZ1QQsacatZ15057QQsaselZ146930250QQsspagenameZstrkQ3amewaQ3amesstQQsuZretur[1].h 6/14/2007 8:45 AM 45.54 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\Returns-Central__Home-Garden_W0QQcatrefZC12QQfclZ3QQfsooZ1QQfsopZ1QQftsZ1QQsacatZ11700QQsaselZ146930250QQsspagenameZstrkQ3amewaQ3amesstQQsuZreturnscentral[1].htm 6/14/2007 8:44 AM 35.77 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\Returns-Central__Portable-Audio-Video_W0QQcatrefZC12QQfclZ3QQfsooZ1QQfsopZ1QQftsZ1QQsacatZ15052QQsaselZ146930250QQsspagenameZstrkQ3amewaQ3amesstQQsuZreturns[1].h 6/14/2007 8:46 AM 45.28 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\rtm[1] 6/14/2007 8:44 AM 436 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\script[1].js 6/14/2007 8:38 AM 10.25 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\space[1].gif 6/14/2007 8:42 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\spacer[1].gif 6/14/2007 8:38 AM 67 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\title[1].jpg 6/14/2007 8:49 AM 8.90 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\toolbox[1].js 6/14/2007 8:41 AM 10.85 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\viewitembody_e5133us[2].js 6/14/2007 8:47 AM 53.51 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\05Q34XYZ\wtid[1].js 6/14/2007 8:38 AM 64 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\4PMRS9UZ\1201319236118080_1[1].jpg 6/14/2007 8:59 AM 1.54 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\4PMRS9UZ\2201204764138080_1[1].jpg 6/14/2007 9:00 AM 2.99 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\4PMRS9UZ\2201204816018080_1[1].jpg 6/14/2007 9:00 AM 2.58 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\4PMRS9UZ\2201204819028080_1[1].jpg 6/14/2007 9:00 AM 2.93 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\4PMRS9UZ\about[1].gif 6/14/2007 9:01 AM 964 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\4PMRS9UZ\calc_tl[1].gif 6/14/2007 9:01 AM 52 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\4PMRS9UZ\checkout[1].jpg 6/14/2007 9:01 AM 2.22 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\4PMRS9UZ\contact[1].gif 6/14/2007 9:01 AM 908 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\4PMRS9UZ\hightechtoys_marquee[1].gif 6/14/2007 9:00 AM 11.61 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\4PMRS9UZ\imgStrsWidgtLftCnr_11x11[1].gif 6/14/2007 9:00 AM 861 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\4PMRS9UZ\picture[1].jpg 6/14/2007 9:02 AM 2.59 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\4PMRS9UZ\rovercounter[1].gif 6/14/2007 8:58 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\7Z9J3H4W\2201204765898080_1[1].jpg 6/14/2007 9:00 AM 2.00 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\7Z9J3H4W\2201204776018080_1[1].jpg 6/14/2007 9:00 AM 2.94 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\7Z9J3H4W\220120480063[1].jpg 6/14/2007 9:02 AM 2.62 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\7Z9J3H4W\2201204822948080_1[1].jpg 6/14/2007 9:00 AM 1.91 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\7Z9J3H4W\220121695413[1].jpg 6/14/2007 9:02 AM 2.62 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\7Z9J3H4W\nav_bg[1].gif 6/14/2007 9:00 AM 83 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\7Z9J3H4W\picture[1].jpg 6/14/2007 9:02 AM 2.41 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\7Z9J3H4W\viewitem[1].js 6/14/2007 9:01 AM 1.70 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\10014161[1].jpg 6/14/2007 9:01 AM 14.31 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\11n++iz1xQL._SL110_[1].jpg 6/14/2007 8:56 AM 3.37 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1201107254486464_1[1].jpg 6/11/2007 10:43 PM 1.33 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1201318121678080_1[1].jpg 6/14/2007 8:44 AM 1.66 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1201318298908080_1[1].jpg 6/14/2007 8:44 AM 1.13 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\120131849296[1].jpg 6/14/2007 8:58 AM 1.39 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1201318509848080_1[1].jpg 6/14/2007 8:44 AM 1.15 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1201318693518080_1[1].jpg 6/14/2007 8:44 AM 1.95 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1201318847828080_1[1].jpg 6/14/2007 8:46 AM 1.20 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1201319236008080_1[1].jpg 6/14/2007 8:46 AM 1015 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1201319236028080_1[1].jpg 6/14/2007 8:47 AM 2.07 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1201319236108080_1[1].jpg 6/14/2007 8:47 AM 1.48 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1201319236328080_1[1].jpg 6/14/2007 8:45 AM 1.57 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1201319251718080_1[1].jpg 6/14/2007 8:46 AM 1.19 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\120131933271[1].jpg 6/14/2007 8:58 AM 1.33 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1201319452068080_1[1].jpg 6/14/2007 8:46 AM 1.11 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\13499604_240X180[1].jpg 6/14/2007 8:39 AM 10.35 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1501177911866464_1[1].jpg 6/11/2007 10:43 PM 1.33 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\1501181439986464_1[1].jpg 6/14/2007 8:44 AM 1.33 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\2201080823096464_1[1].jpg 6/14/2007 8:44 AM 1.33 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\2201204786638080_1[1].jpg 6/14/2007 9:00 AM 2.95 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\2201204804378080_1[1].jpg 6/14/2007 9:00 AM 2.25 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\220120545185[1].jpg 6/14/2007 9:02 AM 2.66 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\220121091737[1].jpg 6/14/2007 9:02 AM 3.00 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\2[1].jpg 6/14/2007 8:49 AM 2.86 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\aboutme-small[1].gif 6/14/2007 8:44 AM 226 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\arrow_gy[1].gif 6/14/2007 8:42 AM 268 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\back[1].jpg 6/14/2007 8:49 AM 7.59 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\BPRO-Transformers_Q207-TransformYourWorld-150x36[1].gif 6/14/2007 8:44 AM 3.93 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\buyer;dcopt=ist;slot=it;sz=275x75;tile=2;ord=1181828568765;[1].htm 6/14/2007 8:42 AM 426 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\buyer;tn=2;to=h;tr=2;!cat=statichp;tw=275;ta=center;tcp=0;tcs=20;tva=top;seg=US_RTM_F3F_101706_Aud1;szs=100x100,100x100;ord=1181828568765;[1].htm 6/14/2007 8:42 AM 1.71 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\c[2].gif 6/14/2007 8:41 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\CAAEIRMP.htm 6/14/2007 8:56 AM 2.84 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\CAHW2PHR.gif 6/14/2007 8:39 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\calc_rl[1].gif 6/14/2007 9:01 AM 52 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\caraudio_marquee[1].gif 6/14/2007 9:01 AM 13.03 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\card_left2_new[1].gif 6/14/2007 8:41 AM 73 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\cat_audio_video[1].gif 6/14/2007 8:47 AM 1.72 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\clogo[1].gif 6/14/2007 8:49 AM 371 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\cmdatatagutils[1].js 6/14/2007 8:42 AM 20.95 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\conversion[3].js 6/13/2007 9:44 PM 5.35 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\CrossPromotion_e5171us[2].css 6/14/2007 8:47 AM 529 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\detail[1].htm 6/14/2007 8:40 AM 64.33 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\digg[1].jpg 6/14/2007 8:49 AM 996 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\ebay-nodefault_e5131us[2].css 6/14/2007 8:47 AM 1.06 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\eBayISAPI[5].htm 6/14/2007 8:43 AM 15.95 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\effects[1].js 6/14/2007 8:49 AM 31.22 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\EWTRACK_TIME[1] 6/14/2007 8:39 AM 3 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\header_bottom_right[1].gif 6/14/2007 8:42 AM 150 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\IBS_ClubMom_160x600Prevacid_Banner_Ads_-_Symptoms_Branded[1].swf 6/14/2007 8:38 AM 11.38 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\ifr[1].htm 6/13/2007 10:42 PM 4.37 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\iframefooter_tracking_e5172us[2].js 6/14/2007 8:44 AM 24.98 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\IMG_3301[1].jpg 6/14/2007 8:55 AM 14.24 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\IMG_3303[1].jpg 6/14/2007 8:55 AM 17.35 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\left_open[1].jpg 6/14/2007 8:49 AM 8.04 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\lendingtree_100x34[1].png 6/14/2007 8:39 AM 4.60 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\ListingGallery[1].swf 6/14/2007 9:01 AM 75.90 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\logo2[1].gif 6/14/2007 8:42 AM 3.47 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\logoEbay_x45[1].gif 6/14/2007 8:43 AM 1.21 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\mail[5] 6/14/2007 8:41 AM 8.74 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\mail[6] 6/14/2007 8:41 AM 19 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\menu_BG[1].gif 6/14/2007 8:41 AM 1.58 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\menus_top[1].jpg 6/14/2007 8:49 AM 3.28 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\mp3_marquee[1].gif 6/14/2007 9:00 AM 11.19 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\mt-site[1].js 6/14/2007 8:54 AM 4.10 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\national;kw=news+banner1+C05503_10396;comp=false;ad=true;tile=1;pgtype=detail;sluser=false;sz=728x90;ord=1181828440515[2] 6/14/2007 8:40 AM 427 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\national;kw=news+sky1;comp=false;ad=true;dcopt=ist;tile=4;pgtype=detail;sluser=false;sz=120x300;ord=1181828286703[1] 6/14/2007 8:38 AM 746 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\nav_home_ro[1].jpg 6/14/2007 8:55 AM 899 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\nav_links_ro[1].jpg 6/14/2007 8:55 AM 840 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\PC.GMN.SPC340.CN[1].jpg 6/14/2007 8:42 AM 2.39 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\picture[1].jpg 6/14/2007 9:02 AM 2.76 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\print_icon[1].gif 6/14/2007 8:41 AM 94 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\proxy[1].jpg 6/12/2007 1:59 PM 10.48 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\r[1].js 6/14/2007 8:38 AM 679 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\reply_all[1].gif 6/14/2007 8:41 AM 111 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\Returns-Central_W0QQssPageNameZstrkQ3amewaQ3amesstQQtZkm[1].htm 6/11/2007 10:44 PM 68.97 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\rtm_show_e5172us[2].js 6/14/2007 8:45 AM 33.17 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\sbrWrite[1].js 6/14/2007 9:00 AM 265 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\script[1].js 6/14/2007 8:38 AM 1.89 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\script[2].js 6/14/2007 8:39 AM 2.05 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\script[3].js 6/14/2007 8:39 AM 300 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\space[1].gif 6/14/2007 8:42 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\spell_zip[1].jpg 6/14/2007 8:49 AM 8.06 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\styles-site[2].css 6/14/2007 8:54 AM 13.93 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\t=000000&color_link=394D94&color_url=394D94&color_border=FFFFFF&ad_type=text_image&flash=9&u_h=720&u_w=1280&u_ah=686&u_aw=1280&u_cd=32&u_tz=-300&u_his=4&u_java=t 6/14/2007 8:38 AM 2.82 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\take_it_heart_120x45[1].gif 6/14/2007 8:38 AM 1.92 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\TickerBanner-InTheNews_v3[2].swf 6/14/2007 8:42 AM 366 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\ToolboxData[1].htm 6/14/2007 8:41 AM 836 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\transparent[1].gif 6/14/2007 8:49 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CDYJW56N\VFP_120x45_blue[1].jpg 6/14/2007 8:38 AM 12.11 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\05730146000[1].jpg 6/14/2007 8:47 AM 22.49 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\05730185000[1].jpg 6/14/2007 8:58 AM 17.40 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\05730206000[1].jpg 6/14/2007 8:59 AM 11.73 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\05791187000[1].jpg 6/14/2007 8:45 AM 11.61 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\0[1].gif 6/14/2007 8:49 AM 49 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\1201107254486464_1[1].jpg 6/14/2007 8:44 AM 1.33 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\1201317963018080_1[1].jpg 6/14/2007 8:44 AM 1.15 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\1201318121838080_1[1].jpg 6/14/2007 8:44 AM 2.01 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\1201318413408080_1[1].jpg 6/14/2007 8:44 AM 2.01 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\1201319190618080_1[1].jpg 6/14/2007 8:46 AM 1.20 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\1201319236038080_1[1].jpg 6/14/2007 8:46 AM 2.27 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\1201319236128080_1[1].jpg 6/14/2007 8:44 AM 2.29 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\1201319236208080_1[1].jpg 6/14/2007 8:46 AM 1.17 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\1201319251738080_1[1].jpg 6/14/2007 8:46 AM 1.15 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\1201319316658080_1[1].jpg 6/14/2007 8:44 AM 2.26 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\1201319654828080_1[1].jpg 6/14/2007 8:46 AM 1.53 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\1201319736498080_1[1].jpg 6/14/2007 8:47 AM 2.30 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\130123490560_1[1].jpg 6/14/2007 8:44 AM 2.39 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\2201204771658080_1[1].jpg 6/14/2007 9:00 AM 2.56 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\2201204773438080_1[1].jpg 6/14/2007 9:00 AM 3.04 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\9397070_80X60[1].jpg 6/14/2007 8:38 AM 1.70 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\9585233[1].gif 6/14/2007 8:39 AM 3.74 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\9661460_80X60[1].jpg 6/14/2007 8:38 AM 1.09 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\banner_gpsmagazine[1].jpg 6/14/2007 8:54 AM 20.16 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\base_objs_e5172us[2].js 6/14/2007 8:44 AM 1.01 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\Bundle-NEW-2-GE-SmartHome-Security-Night-Light_W0QQitemZ220120478896QQihZ012QQcategoryZ115940QQcmdZViewItem[1] 6/14/2007 9:01 AM 27.01 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\Bundle-NEW-2-GE-SmartHome-Security-Night-Light_W0QQitemZ220120478896QQihZ012QQcategoryZ115940QQcmdZViewItem[1].htm 6/14/2007 9:01 AM 152.86 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\CAGP6VOL.swf 6/14/2007 8:40 AM 80.61 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\CAI23FX0.htm 6/14/2007 8:55 AM 2.33 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\CAJA6HV7.swf 6/14/2007 8:38 AM 75.89 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\CAKTY3WX.htm 6/14/2007 8:49 AM 5.17 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\calc_get_rate_btn[1].gif 6/14/2007 9:01 AM 468 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\card_bl_new[1].gif 6/14/2007 8:41 AM 192 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\configuration[1].jpg 6/14/2007 8:49 AM 7.95 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\DartRichMedia_1_03[1].js 6/14/2007 8:38 AM 799 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\delicious[1].jpg 6/14/2007 8:49 AM 18.44 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\detect[1].js 6/14/2007 8:41 AM 970 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\ebayfooter_v4_e5171us[2].js 6/14/2007 8:44 AM 16.10 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\eBayISAPI[1].htm 6/13/2007 9:17 PM 95.50 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\eBayISAPI[2].htm 6/14/2007 8:43 AM 16.16 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\EWTRACK_TIME[1] 6/14/2007 8:39 AM 3 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\exitPoll[1].js 6/14/2007 8:41 AM 6.02 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\FathersDay_GPS_sub[1].jpg 6/14/2007 8:42 AM 19.23 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\footer_bg[1].gif 6/14/2007 8:42 AM 3.07 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\GlobalNav_Ebay_e5134658494_en_US_MAIN[2].css 6/14/2007 8:47 AM 7.66 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\GlobalNav_SignInEbay_e5174782215_1_en_US_MAIN[2].js 6/13/2007 9:16 PM 8.88 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\google_custom_search_watermark[1].gif 6/14/2007 8:49 AM 1.33 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\header_account[1].gif 6/14/2007 8:42 AM 1.07 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\iconlightbulb_16x16[1].gif 6/14/2007 8:43 AM 173 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\IMG_3326[1].jpg 6/14/2007 8:55 AM 19.71 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\IMG_3327[1].jpg 6/14/2007 8:55 AM 27.23 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\imgAvaBadge100[1].gif 6/14/2007 9:00 AM 211 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\imgCrnrO3[1].gif 6/13/2007 9:16 PM 59 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\imgStrsWidgtRtCnr_11x11[1].gif 6/14/2007 9:00 AM 174 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\ja_300X250_Q1_07_v2[1].swf 6/14/2007 8:39 AM 28.28 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\lastListWrite[1].js 6/14/2007 9:00 AM 518 bytes Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\logo[2].gif 6/14/2007 9:01 AM 1.36 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\magellan_2000[1].htm 6/14/2007 8:49 AM 68.68 KB Hidden from Windows API.
C:\Documents and Settings\Khaleq\Local Settings\Temporary Internet Files\Content.IE5\CRWBLCR1\mail[1].htm 6/14/2007 8:41 AM 16.98 KB Hidden from Windows API.
C:\D
You definitely have rootkit issues. Based on the RKR log, I recommend that you reformat and re-install. Be sure to save all important data first.
If you would like to try and salvage the computer first, then do the following. Understand before we begin that it may stil lbe necessary to reformat at a later time. It is extremely difficult, at best, to be certain that the sytem will be stable after removing the rootkits.
Download gmer rootkit detector from http://gmer.net/
unzip it & double click the gmer.exe file
select rootkit tab & press scan
when it has finished press save & post back the log it makes
also select the autostarts tab & do the same there
Info and instructions are available on the GMER site.
If you would like to try and salvage the computer first, then do the following. Understand before we begin that it may stil lbe necessary to reformat at a later time. It is extremely difficult, at best, to be certain that the sytem will be stable after removing the rootkits.
Download gmer rootkit detector from http://gmer.net/
unzip it & double click the gmer.exe file
select rootkit tab & press scan
when it has finished press save & post back the log it makes
also select the autostarts tab & do the same there
Info and instructions are available on the GMER site.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.