Jump to content


Photo

popups, trojans annoying stuff...


  • Please log in to reply
30 replies to this topic

#1 Silly

Silly

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 31 May 2007 - 06:45 PM

Hi guys, I've been reading other topics and I appreciate what you guys do here. So I have a big problem with my computer (windows xp). My outdated virus scan wouldn't detect a program as malware. I opened it and the program seemed to have opened cmd and did something crazy to my computer. Popups began appearing everywhere - Firefox, and even Internet Explorer which I don't use. Also, there was a fake windows security icon where the time is which kept notifying me that I had to download a program to clean my registry. (I fell for it the first time). I looked at my task manager and noticed something called "ipmon.exe" and I ended process. Sure enough, the icon disappeared but another ipmon.exe came up and replaced that one. Then I decided to download a new Anti Virus program (AVG) and spyware removal program (arovax). Together with both programs, I've managed to get rid of the ipmon.exe (I think) but the popups still occur. I've used both programs to scan my computer many times and although, threats have been detected and deleted, the same ones keep reoccuring and new ones pop out. The one that reoccurs the most is called trojan.downloader or something. Spyware also reoccurs on my anti spyware program. Next, I downloaded and used Security Task Manager which is supposed to detect malware hidden and running in the background. With it, I found 3 which supposedly keylogs my computer and send popups. I thought I had fixed the problem but it turns out the next day (I kept my computer on overnight to let my antivirus scanner finish) there were still popups. So now I'm pissed but glad I've found this site. So I've downloaded HijackThis and here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 5:30:44 PM, on 5/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\gersktia.dll",realset
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [MSys32] "C:\Program Files\Morfit\Secret Mission ep1\morfitwebentrance.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor XE.lnk = C:\Program Files\XEROX_XE\engss.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joey\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptoda...pdatePortal.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay10...ex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A149B051-99A6-4ECD-8F6E-79E00EFBACB2}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

So here is the summary of my problems:
-Popups
-Downloaded AVG, Hijackthis, Security Task Manager, Arovax Anti Spyware
-Reoccuring Trojans and Spyware
-Sad me

Thanks :D

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,520 posts

Posted 03 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 04 June 2007 - 11:35 PM

Hi Silly,

Welcome to SpywareInfo! :wave:

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

First of all, please rename HijackThis.exe to HJT1991.exe. This is because I suspect that your system may have a Vundo infection that is hiding some entries from HijackThis.


NEXT:

Please download ComboFix by sUBs:

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.
  • Save it to your desktop.
  • Double-click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running.


NEXT:

Please reboot your computer normally into Windows, and then please post the ComboFix log and a new HijackThis log.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#4 Silly

Silly

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 05 June 2007 - 07:00 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:59:41 PM, on 6/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HJT1991.exe.exe
C:\WINDOWS\system32\cmd.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [MSys32] "C:\Program Files\Morfit\Secret Mission ep1\morfitwebentrance.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor XE.lnk = C:\Program Files\XEROX_XE\engss.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joey\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptoda...pdatePortal.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay10...ex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A149B051-99A6-4ECD-8F6E-79E00EFBACB2}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify:  -  (file missing)
O20 - Winlogon Notify: (  - (  (file missing)
O20 - Winlogon Notify: cbxwuuv - C:\WINDOWS\
O20 - Winlogon Notify: WB - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

:) :) :) :) :) :) :) :) :) :) :) :) :) :)

"Joey" - 2007-06-05 16:52:27 Service Pack 2 NTFS
ComboFix 07-06-3B - Running from: "C:\Documents and Settings\Joey\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\dkcdmmfv.dll
C:\WINDOWS\system32\dswdwuog.dll
C:\WINDOWS\system32\gersktia.dll
C:\WINDOWS\system32\hoeremun.dll
C:\WINDOWS\system32\uaquvnen.dll
C:\WINDOWS\system32\uhgdbmkw.dll
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.bak2
C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.ini2
C:\WINDOWS\system32\sstwa.tmp
C:\WINDOWS\system32\gouwdwsd.ini
C:\WINDOWS\system32\aitksreg.ini
C:\WINDOWS\system32\numereoh.ini
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.bak2
C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.ini2
C:\WINDOWS\system32\sstwa.tmp
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.bak2
C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.ini2
C:\WINDOWS\system32\sstwa.tmp
C:\WINDOWS\system32\awtss.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\instcat.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\system
C:\WINDOWS\system32\system\mcafeepf.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\xpdx.sys


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NPF
-------\NPF
-------\xpdx


((((((((((((((((((((((((( Files Created from 2007-05-05 to 2007-06-05 )))))))))))))))))))))))))))))))


2007-06-05 17:28 <DIR> d-------- C:\Avenger
2007-06-05 16:38 131,124 --a------ C:\WINDOWS\system32\boactann.dll
2007-06-05 16:18 14,868 --a------ C:\WINDOWS\system32\tnuscdnr.exe
2007-05-31 17:29 <DIR> d-------- C:\HJT
2007-05-31 00:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
2007-05-31 00:02 <DIR> d-------- C:\Program Files\Security Task Manager
2007-05-28 22:50 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-05-28 22:49 <DIR> d-------- C:\DOCUME~1\Joey\.housecall6.6
2007-05-28 19:55 <DIR> d-------- C:\Program Files\Arovax AntiSpyware
2007-05-28 19:49 <DIR> d-------- C:\DOCUME~1\Joey\APPLIC~1\True Sword
2007-05-28 19:47 <DIR> d-------- C:\Program Files\True Sword 4
2007-05-28 19:35 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-28 19:34 <DIR> d-------- C:\Program Files\CleanMyPC
2007-05-28 19:22 557,741 --a------ C:\WINDOWS\system32\RegistryCleanerSetup.exe
2007-05-28 18:47 <DIR> d-------- C:\DOCUME~1\Joey\APPLIC~1\Lavasoft
2007-05-28 18:45 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-28 18:03 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2007-05-28 18:03 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2007-05-28 18:02 <DIR> d-------- C:\Program Files\Replay Converter


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-03 04:47:23 -------- d-----w C:\Program Files\Starcraft
2007-06-01 15:24:30 -------- d-----w C:\DOCUME~1\Joey\APPLIC~1\Azureus
2007-05-29 19:28:23 -------- d-----w C:\Program Files\McAfee
2007-05-29 18:37:15 -------- d-----w C:\Program Files\XBC
2007-05-29 07:51:34 -------- d---a-w C:\Program Files\Diablo II
2007-05-29 01:33:28 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-29 00:41:36 77,602 ---ha-w C:\DOCUME~1\Joey\APPLIC~1\ptads.bin
2007-05-29 00:02:15 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-05-20 01:58:52 15,667 -c--a-w C:\WINDOWS\mozver.dat
2007-05-20 01:58:41 -------- d-----w C:\Program Files\DivX
2007-04-21 06:48:34 -------- d-----w C:\Program Files\Xilisoft
2007-04-21 06:36:16 -------- d-----w C:\DOCUME~1\Joey\APPLIC~1\Softplicity
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-07 08:30:24 -------- d-----w C:\Program Files\eRightSoft
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-09 07:12:32 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-06 09:13:09 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2005-05-14 00:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 18:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-06-26 22:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 05:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2006-05-03 09:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2004-01-25 07:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2007-02-21 10:47:16 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2005-02-28 20:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 07:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTPreset"="VTPreset.exe" [2004-02-24 20:17 C:\WINDOWS\system32\VTPreset.exe]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-04-07 02:16]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 08:57]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Arovax AntiSpyware"="C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe" [2007-05-27 08:24]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-29 02:27]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-04-22 12:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"MSys32"="C:\Program Files\Morfit\Secret Mission ep1\morfitwebentrance.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"COM Service"=C:\WINDOWS\msagent\mswmwm.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"COM Service"=C:\WINDOWS\msagent\mswmwm.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8D5849C4-93F3-429D-FF34-260A2068897C}"="C:\WINDOWS\system32\jseufr73hb.dll" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwuuv]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor XE.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor XE.lnk
backup=C:\WINDOWS\pss\Status Monitor XE.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Window Hider.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Window Hider.lnk
backup=C:\WINDOWS\pss\Window Hider.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Joey^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Joey\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Joey^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\Joey\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alogserv]
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BPK]
C:\WINDOWS\System32\bpk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
"C:\Program Files\Common Files\CMEII\CMESys.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DateMakerIntl]
c:\program files\dialers\datemakerintl\datemakerintl.exe /noconnect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadWare]
"C:\Program Files\DownloadWare\dw.exe" /H

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\Kazaa\kazaa.exe /SYSTRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LM Status]
LMSTATUS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Guardian]
"C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee.InstantUpdate.Monitor]
"C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLoads Installer]
"C:\Program Files\DownloadWare\dw.exe" /H

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus2]
"C:\Program Files\Messenger Plus! 2\MsgPlus.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnkc]
C:\Program Files\Msn Kc\msnkc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~4.DLL,NewDotNetStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PromulGate]
"C:\Program Files\DelFin\PromulGate\PgMonitr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBHC]
C:\Program Files\SuperBar\sbhc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Splinter Cell Uplink]
"C:\Program Files\Tom Clancy's Splinter Cell Uplink\SplinterCellUplink.exe" -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Valve\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\win32clf]
C:\Documents and Settings\Joey\win32clf\win32clf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"iPodService"=3 (0x3)
"McShield"=3 (0x3)
"McAfee Firewall"=3 (0x3)
"GuardDogEXE"=2 (0x2)
"usnjsvc"=3 (0x3)
"rpcapd"=3 (0x3)
"ose"=3 (0x3)
"Macromedia Licensing Service"=3 (0x3)
"IDriverT"=3 (0x3)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-05 17:39:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\TEMP
C:\WINDOWS\system32\drivers\MFX.sys

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BTHPORT\Parameters\Services\{00001101-0000-1000-8000-00805f9b34fb}]


[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


Completion time: 2007-06-05 17:49:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-05 17:49

--- E O F ---

Edited by Silly, 05 June 2007 - 07:02 PM.


#5 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 06 June 2007 - 03:30 AM

Hi Silly, :wave:

OK, heres what we do next.

BEFORE BEGINNING, Please read completely through the instructions below. Please also print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you wont be able to access the Internet to view these instructions.

Please download the Suspicious File Packer from Safer-Networking.Org and unzip (extract) it to your desktop.

Then please reboot your computer into Safe Mode by doing the following:
  • Reboot your computer.
  • After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, reboot the computer and try again.
  • Instead of Windows loading as normal, a menu should appear.
  • Using the arrow keys on the keyboard, scroll to and select the "Safe Mode" menu item, and then press "Enter".
Please run the Suspicious File Packer:
  • Double-click on SFP.exe to run it.
  • Please copy the following lines into the "Step 1: Paste Text" window:

    C:\WINDOWS\system32\boactann.dll
    C:\WINDOWS\system32\tnuscdnr.exe


  • Then click "Continue".
  • When SFP has finished packing the file, please reboot normally into Windows.
  • Please sned the created .cab file on your desktop (named "requested-files[Date/Time].cab") to:

    http://www.bleepingcomputer.com/submit-malware.php?channel=4

  • Please include a link to your thread at SWI in your message.
  • You can then delete the requested-files.cab file from your desktop once you have sent it to the above recipient.

NEXT:

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O4 - HKLM\..\RunServices: [MSys32] "C:\Program Files\Morfit\Secret Mission ep1\morfitwebentrance.exe"
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - Winlogon Notify: - (file missing)
O20 - Winlogon Notify: ( - ( (file missing)
O20 - Winlogon Notify: cbxwuuv - C:\WINDOWS\
O20 - Winlogon Notify: WB - C:\WINDOWS\



Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.


NEXT:

Go to Start -> Control Panel -> Add/Remove Programs and remove any of the following that are listed:

DelFin
Kazaa
Messenger Plus! 2
Morfit
Msn Kc
New.Net
NewDotNet
SuperBar
WildTangent


NOTE: Please remove as many of the programs as possible BEFORE rebooting your computer. Even if you are prompted to reboot by any particular program that you are trying to uninstall, DEFER rebooting until you have uninstalled the entire list first.

You might have to do a second or third run at uninstalling the entire list. If you encounter any problems while uninstalling, please do update me.



NEXT:

For this next step, please ensure that ComboFix.exe is on your desktop:
  • Then, please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    (start copying from "File::")

    File::
    C:\WINDOWS\system32\boactann.dll
    C:\WINDOWS\system32\tnuscdnr.exe
    C:\WINDOWS\iun6002.exe
    C:\Program Files\Morfit\Secret Mission ep1\morfitwebentrance.exe
    C:\WINDOWS\msagent\mswmwm.com
    C:\WINDOWS\system32\jseufr73hb.dll
    C:\WINDOWS\System32\bpk.exe
    C:\Program Files\DownloadWare\dw.exe
    
    Folder::
    C:\Program Files\Common Files\CMEII
    C:\Program Files\Kazaa
    C:\Program Files\Messenger Plus! 2
    C:\Program Files\Msn Kc
    C:\PROGRA~1\NEWDOT~1
    C:\WINDOWS\System32\P2P Networking
    C:\Program Files\DelFin
    C:\Program Files\SuperBar
    C:\WINDOWS\wt
    C:\Program Files\Morfit
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "MSys32"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
    "COM Service"=-
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
    "COM Service"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{8D5849C4-93F3-429D-FF34-260A2068897C}"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwuuv]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BPK]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadWare]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLoads Installer]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus2]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnkc]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PromulGate]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBHC]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
    

  • Save this as ComboFix-Do.txt and change the "Save as type" to "All Files" and place it on your desktop.


    Posted Image


  • Referring to the screenshot above, drag ComboFix-Do.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running.


NEXT:

Please download CCleaner (freeware) and save it to your desktop:
  • Run the CCleaner installer.
  • During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  • Once installed, run CCleaner and click the "Windows" tab.
  • Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.
  • Then, click the "Applications" tab:
    • CHECK everything there.
  • Next, click the "Options" button in the left pane, then click the "Advanced" button:
    • UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".
  • Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.
  • When done, please exit CCleaner.
CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you dont know how to use it, you may cause irreparable damage to your system.


NEXT:

Let's run an online scan to make sure we're not leaving anything behind.

Please do an online scan with Kaspersky Online Scanner using Internet Explorer (this online scanner only works with IE):
  • Click on "Kaspersky Online Scanner".
  • You will be prompted to install an ActiveX component from Kaspersky, click "Yes".
  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on "Next".
  • Now click on "Scan Settings".
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click "OK".
  • Now under select a target to scan:
    • Select "My Computer".
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the "Save Report As" button.
    • In the "File name:" field, type kavscan.
    • In the "Save as type:" field, select "Text file (*.txt)".
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  • The log from the ComboFix scan located at C:\ComboFix.txt.
  • The log from the Kaspersky scan.
  • A new HijackThis log.
(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#6 Silly

Silly

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 06 June 2007 - 06:23 PM

I've done everything up to the uninstalling part. I can't find any of the programs listed in add or remove programs.

#7 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 07 June 2007 - 12:21 AM

Hi Silly, :wave:

No worries if you can't any of the programs to uninstall. :)

Just continue with the rest of the fix.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#8 Silly

Silly

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 07 June 2007 - 06:00 PM

"Joey" - 2007-06-07 16:03:19 Service Pack 2 NTFS
Command switches used :: ""C:\Documents and Settings\Joey\Desktop\ComboFix-Do.txt""


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\boactann.dll
C:\WINDOWS\system32\tnuscdnr.exe


((((((((((((((((((((((((( Files Created from 2007-05-07 to 2007-06-07 )))))))))))))))))))))))))))))))


2007-06-07 12:41 <DIR> d-------- C:\WINDOWS\LastGood
2007-06-05 17:49 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-05 17:28 <DIR> d-------- C:\Avenger
2007-05-31 17:29 <DIR> d-------- C:\HJT
2007-05-31 00:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
2007-05-31 00:02 <DIR> d-------- C:\Program Files\Security Task Manager
2007-05-28 22:50 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-05-28 22:49 <DIR> d-------- C:\DOCUME~1\Joey\.housecall6.6
2007-05-28 19:55 <DIR> d-------- C:\Program Files\Arovax AntiSpyware
2007-05-28 19:49 <DIR> d-------- C:\DOCUME~1\Joey\APPLIC~1\True Sword
2007-05-28 19:47 <DIR> d-------- C:\Program Files\True Sword 4
2007-05-28 19:35 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-28 19:34 <DIR> d-------- C:\Program Files\CleanMyPC
2007-05-28 19:22 557,741 --a------ C:\WINDOWS\system32\RegistryCleanerSetup.exe
2007-05-28 18:47 <DIR> d-------- C:\DOCUME~1\Joey\APPLIC~1\Lavasoft
2007-05-28 18:45 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-28 18:03 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2007-05-28 18:03 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2007-05-28 18:02 <DIR> d-------- C:\Program Files\Replay Converter


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-03 04:47:23 -------- d-----w C:\Program Files\Starcraft
2007-06-01 15:24:30 -------- d-----w C:\DOCUME~1\Joey\APPLIC~1\Azureus
2007-05-29 19:28:23 -------- d-----w C:\Program Files\McAfee
2007-05-29 18:37:15 -------- d-----w C:\Program Files\XBC
2007-05-29 07:51:34 -------- d---a-w C:\Program Files\Diablo II
2007-05-29 01:33:28 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-29 00:41:36 77,602 ---ha-w C:\DOCUME~1\Joey\APPLIC~1\ptads.bin
2007-05-20 01:58:52 15,667 -c--a-w C:\WINDOWS\mozver.dat
2007-05-20 01:58:41 -------- d-----w C:\Program Files\DivX
2007-04-21 06:48:34 -------- d-----w C:\Program Files\Xilisoft
2007-04-21 06:36:16 -------- d-----w C:\DOCUME~1\Joey\APPLIC~1\Softplicity
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 04:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 04:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 04:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 04:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 04:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 04:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-07 08:30:24 -------- d-----w C:\Program Files\eRightSoft
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-09 07:12:32 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2005-05-14 00:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 18:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-06-26 22:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 05:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2006-05-03 09:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2004-01-25 07:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2007-02-21 10:47:16 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2005-02-28 20:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 07:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTPreset"="VTPreset.exe" [2004-02-24 20:17 C:\WINDOWS\system32\VTPreset.exe]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-04-07 02:16]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 08:57]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Arovax AntiSpyware"="C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe" [2007-05-27 08:24]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-29 02:27]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-04-22 12:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor XE.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor XE.lnk
backup=C:\WINDOWS\pss\Status Monitor XE.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Window Hider.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Window Hider.lnk
backup=C:\WINDOWS\pss\Window Hider.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Joey^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Joey\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Joey^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\Joey\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alogserv]
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DateMakerIntl]
c:\program files\dialers\datemakerintl\datemakerintl.exe /noconnect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LM Status]
LMSTATUS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Guardian]
"C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee.InstantUpdate.Monitor]
"C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Splinter Cell Uplink]
"C:\Program Files\Tom Clancy's Splinter Cell Uplink\SplinterCellUplink.exe" -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Valve\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\win32clf]
C:\Documents and Settings\Joey\win32clf\win32clf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"iPodService"=3 (0x3)
"McShield"=3 (0x3)
"McAfee Firewall"=3 (0x3)
"GuardDogEXE"=2 (0x2)
"usnjsvc"=3 (0x3)
"rpcapd"=3 (0x3)
"ose"=3 (0x3)
"Macromedia Licensing Service"=3 (0x3)
"IDriverT"=3 (0x3)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-07 16:24:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\drivers\MFX.sys

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BTHPORT\Parameters\Services\{00001101-0000-1000-8000-00805f9b34fb}]


[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


Completion time: 2007-06-07 16:29:44
C:\ComboFix-quarantined-files.txt ... 2007-06-07 16:29
C:\ComboFix2.txt ... 2007-06-05 17:49

--- E O F ---
:):):):):):):):):):):)

#9 Silly

Silly

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 07 June 2007 - 11:42 PM

Logfile of HijackThis v1.99.1
Scan saved at 10:41:57 PM, on 6/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\HJT\HJT1991.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor XE.lnk = C:\Program Files\XEROX_XE\engss.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joey\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptoda...pdatePortal.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay10...ex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A149B051-99A6-4ECD-8F6E-79E00EFBACB2}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

#10 Silly

Silly

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 07 June 2007 - 11:44 PM

Multiple viruses warnings popped up on AVG prompting me to either ignore or heal. I click heal.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, June 07, 2007 9:26:58 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 8/06/2007
Kaspersky Anti-Virus database records: 341491
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 151380
Number of viruses found: 52
Number of infected objects: 114
Number of suspicious objects: 2
Duration of the scan process: 03:09:50

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SecTaskMan\ckdaenaf.dll.q_804EA15_q Suspicious: Packed.Win32.Morphine.a skipped
C:\Documents and Settings\All Users\Application Data\SecTaskMan\gshkvgsy.dll.q_80436_q Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\Bruce\.jpi_cache\file\1.0\1.jpg-2cc532bb-6f9189bd.idx Object is locked skipped
C:\Documents and Settings\Bruce\.jpi_cache\file\1.0\1.jpg-2cc532bb-6f9189bd.jpg Object is locked skipped
C:\Documents and Settings\Bruce\.jpi_cache\jar\1.0\AcuteScroller.jar-26d43342-2d55e3b1.idx Object is locked skipped
C:\Documents and Settings\Bruce\.jpi_cache\jar\1.0\AcuteScroller.jar-26d43342-2d55e3b1.zip Object is locked skipped
C:\Documents and Settings\Bruce\.plugin141_02.trace Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Adobe\Acrobat\Whapi\CreatePDFWinColor.ico Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Adobe\Acrobat\Whapi\CreatePDFWinGray.ico Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Adobe\Acrobat\Whapi\SearchPDFWinColor.ico Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Adobe\Acrobat\Whapi\SearchPDFWinGray.ico Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Adobe\Acrobat\Whapi\WHAppList.xml Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\balloon_center.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\balloon_left.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\balloon_ll.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\balloon_lower.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\balloon_lr.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\balloon_right.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\balloon_ul.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\balloon_upper.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\balloon_ur.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\balloon_x.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\compassTop.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\crosshair.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\dbCache.dat Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\dbCache.dat.index Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_1_v5.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_2_v5.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_3_v5.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_512_v5_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_513_v5_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_514_v5_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_518_v5_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_519_v5_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_543_v5_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_769_v5_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_770_v5_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_771_v5_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_773_v5.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_774_v5_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_795_v5_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_borders_v5_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_building_v5_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_church_v5_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_flyover_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_geographic_features_v5_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_golf_v5_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_grocery_v5_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_highway_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_lodging_v5.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_lodging_v5_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_movie_v5_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_ngm_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_ngm_32.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_pharmacy_v5_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_places2_v5_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_rail_v5_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_school_v5_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_shopping_v5_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_ss_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_webcam_v5_16.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\khCom.png Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\myplaces.backup.kml Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\myplaces.kml Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\myplaces.kml.tmp Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Google\GoogleEarth\myplaces.old Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Help\WinHlp32.BMK Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\Address Book\Bruce.wab Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\Address Book\Bruce.wa~ Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\CD Player\DeluxeCD.mdb Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1161744426-568730901-2704639424-1005\62a6506eb3db75e28b37931771dea987_ce56fa4f-13cd-41a4-bd51-6c4cfa6c5971 Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1161744426-568730901-2704639424-1005\d81c2813a58bc737d9a2189f8732dea7_ce56fa4f-13cd-41a4-bd51-6c4cfa6c5971 Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 7.0.lnk Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\CompuServe 7.0.lnk Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\UltimatePatch.lnk Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\WINAMP.LNK Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\Media Player\0BDF2EE2.wpl Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\Movie Maker\Windows Movie Maker.COL Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\Proof\CUSTOM.DIC Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\Protect\S-1-5-21-1161744426-568730901-2704639424-1005\2191ff56-ac6e-47e4-beeb-f262aa7bdb0c Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\Protect\S-1-5-21-1161744426-568730901-2704639424-1005\2dba633d-17f3-489b-be0e-fbda4b87870a Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\Protect\S-1-5-21-1161744426-568730901-2704639424-1005\66048ea1-79d7-4b30-a48f-7b77f0d217cb Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\Protect\S-1-5-21-1161744426-568730901-2704639424-1005\f5b559a4-e4f1-48e9-a444-67d101f108bb Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\Protect\S-1-5-21-1161744426-568730901-2704639424-1005\Preferred Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\ptads.bin Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Real\Msg\20_1076614657\zuma1.smi Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Real\Msg\20_1076614657\zuma_IPMt1.swf Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Real\Msg\5_1076616151\r1p_MCBGv1.swf Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Real\Msg\5_1076616151\start.smi Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Real\Msg\Category.dat Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Real\Msg\Messages.dat Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Real\Msg\SCategory.dat Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Real\rnadmin\rnsystem.dat Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\STOPzilla!\Bruce.cfx Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\STOPzilla!\Bruce.pdb Object is locked skipped
C:\Documents and Settings\Bruce\Application Data\Template\Normal.wpt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@0[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@216.216.246[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@395[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@64.62.232[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@90634006[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@atdmt[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@atwola[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@bfast[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@blizzard[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@blue1.bncnt[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@calgaryplanet[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@casalemedia[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@cnnaudience[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@cnn[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@doubleclick[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@ebay[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@ebay[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@els.fimc[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@encarta.msn[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@eps.new.search.new[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@euniverseads[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@gator[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@geocities[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@google[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@google[3].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@hc2.humanclick[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@interactualdvd[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@interactual[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@maxserving[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@mediaplex[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@microsoft[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@msn[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@msn[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@myway[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@network.realtechnetwork[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@network54[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@nnselect[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@passport[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@passport[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@perfectnav[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@pers[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@questionmarket[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@rightmedia[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@rn11[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@search.sympatico.msn[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@smni[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@statcounter[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@tdcanadatrust[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@tmpad[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@trafficmp[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@tvb[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@valueclick[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@windowsmedia[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@www.am770chqr[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@www.ancestry[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@www.brinkster[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@www.cnn[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@www.memorymeter[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@www.mongolrally[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@www.paypal[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@www.perfectnav[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@www.qksrv[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@www.qr77[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@yahoo[1].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\bruce@zedo[2].txt Object is locked skipped
C:\Documents and Settings\Bruce\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Bruce\Desktop\Outlook Express.lnk Object is locked skipped
C:\Documents and Settings\Bruce\Favorites\Desktop.ini Object is locked skipped
C:\Documents and Settings\Bruce\Favorites\eMachines Sites\eMachines Home Page.url Object is locked skipped
C:\Documents and Settings\Bruce\Favorites\eMachines Sites\eMachines Start Page.url Object is locked skipped
C:\Documents and Settings\Bruce\Favorites\eMachines Sites\eMachines Support Page.url Object is locked skipped
C:\Documents and Settings\Bruce\Favorites\eMachines Sites\eMachines Support Request.url Object is locked skipped
C:\Documents and Settings\Bruce\Favorites\Financial Links\MSN CarPoint.url Object is locked skipped
C:\Documents and Settings\Bruce\Favorites\Financial Links\MSN Home.url Object is locked skipped
C:\Documents and Settings\Bruce\Favorites\Financial Links\MSN HomeAdvisor.url Object is locked skipped
C:\Documents and Settings\Bruce\Favorites\Financial Links\MSN Hotmail.url Object is locked skipped
C:\Documents and Settings\Bruce\Favorites\Financial Links\MSN Money.url Object is locked skipped
C:\Documents and Settings\Bruce\Favorites\Financial Links\MSN People & Chat.url Object is locked skipped
C:\Documents and Settings\Bruce\Favorites\Financial Links\MSN Shopping.url Object is locked skipped
C:\Documents and Settings\Bruce\Favorites\Financial Links\MSN Web Search.url Object is locked skipped
C:\Documents and Settings\Bruce\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Bruce\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\Bruce\Favorites\Links\Windows Marketplace.url Object is locked skipped
C:\Documents and Settings\Bruce\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\Bruce\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\Bruce\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\Bruce\Favorites\Puma Avanti Women Leather Shoes Sneakers 7.url Object is locked skipped
C:\Documents and Settings\Bruce\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Application Data\GDIPFONTCACHEV1.DAT Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Application Data\Identities\{B0912E72-DF5C-4430-A580-6DC86969EA3D}\Microsoft\Outlook Express\cleanup.log Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Application Data\Identities\{B0912E72-DF5C-4430-A580-6DC86969EA3D}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Application Data\Identities\{B0912E72-DF5C-4430-A580-6DC86969EA3D}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Application Data\Identities\{B0912E72-DF5C-4430-A580-6DC86969EA3D}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Application Data\Microsoft\Money\10.0\urlmap.db Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Application Data\Wildtangent\Cdacache\cdacache.odds Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\History\History.IE5\MSHist012002010720020108\index.dat Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\History\History.IE5\MSHist012005031420050321\index.dat Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\History\History.IE5\MSHist012005032120050328\index.dat Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\History\History.IE5\MSHist012005032920050330\index.dat Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\History\History.IE5\MSHist012005033020050331\index.dat Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\1621B7.tmp Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\873101.tmp Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\Acr4.tmp Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\binkw32.dll Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\d2l_Install.exe Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\jusched.log Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\kmdb.html Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\manifest.cfg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\MPC18.tmp Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\np10.tmp Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\np11.tmp Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\np12.tmp Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\np13.tmp Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\np14.tmp Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\npB.tmp Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\npC.tmp Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\npD.tmp Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\npE.tmp Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\npF.tmp Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\PerfectNavBHOLog.tmp Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\Perflib_Perfdata_169c.dat Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\Perflib_Perfdata_920.dat Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\upd1.tmp Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\upd2.tmp Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\upd28.tmp Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\upd2B4.tmp Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\upd3.tmp Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\equalizer\window-elements.png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\equalizer-winshade\window-elements.png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\player\numfont.png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\player\window-elements.png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\player-winshade\background.png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\player-winshade\window-elements.png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\playlist\window-elements.png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\screenshot.png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\scripts\center.m Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\scripts\center.maki Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\scripts\firststart.m Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\scripts\firststart.maki Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\scripts\hide.m Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\scripts\hide.maki Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\scripts\main.m Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\scripts\main.maki Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\skin.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\video\logo.png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\color-presets.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\eq-advanced-group.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\eq-advanced.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\eq-elements.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\eq-normal-group.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\eq-normal.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\eq-shade-group.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\eq-shade.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\eq.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\player-elements.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\player-normal-group.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\player-normal.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\player-shade-group.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\player-shade.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\player.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\pledit-elements.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\pledit-normal-group.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\pledit-normal.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\pledit-shade-group.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\pledit-shade.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\pledit.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\studio.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\thinger.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\tooltip.xml Object is locked skipped

#11 Silly

Silly

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 07 June 2007 - 11:46 PM

C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\video-elements.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\video-normal-group.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\video-normal.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\video-shade-group.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\video-shade.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\xml\video.xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temp\_wa3sktmp\Default\_wa3chksum Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\14[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\14[2].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\200503_3[1].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\4[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\728x90_realtechnetwork[1].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\7[1].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\9[1].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\adimage[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\adjs[1].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\adjs[2].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\adjs[3].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\adjs[4].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\adjs[5].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\adjs[6].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\adjs[7].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\adjs[8].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\avatar[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\banner_hall_of_fame[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\beta2_newtop_03[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\beta2_newtop_06[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\beta2_newtop_18[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\beta2_newtop_22[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\beta2_newtop_28[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\bullet2[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\bullet9[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\b_ani_01_eng[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\calgary_skyline2[1].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\cal_child_foundation[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\chqram_header[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\corusNews[1].css Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\corusNews[2].css Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\cpauth[1].js Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\default_12_01[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\desktop.ini Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\dynamic_id[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\element_spacer[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\elimination[1].swf Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\elsheader[1].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\entertainment_news[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\find_ID[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\flatfile[1].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\flatfile[2].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\flatfile[3].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\flatfile[4].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\flatfile[5].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\flatfile[6].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\flatfile[7].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\flatfile[8].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\flatfile[9].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\form_bg[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\form_bg[2].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\form_button_join2[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\hall_of_fame_banner[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\hitmen[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\hm_1[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\hm_but_photo1[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\hm_hd_news[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\home[1].css Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\icon_arrow[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\icon_backarrow[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\icon_forwardarrow[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\img_5384_s[1].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\index(left_01)_01[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\index(main)_01[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\index(main_notice)_03[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\index(main_notice)_25[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\index(top_menu-beta2)10_06_[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\index(top_menu-beta2)9_03[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\kiss_120x600[1].swf Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\line[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\link_brazil[1].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\link_title[1].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\login_7[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\login_8[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\logo[1].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\main_top_bar_003[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\market_reports_120_60[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\monster_bkgd[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\monster_bkgd[2].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\monster_trump[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\myphoto[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\myphoto[1].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\myphoto[2].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\nav_but_contact2[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\nav_but_games1[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\nav_but_games2[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\nav_but_go1[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\nav_but_help1[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\nav_but_home1[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\nav_page[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\nav_pc2[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\nav_pc6[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\newsheader_chqram[1].swf Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\no_hockey[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\pg_next_on[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\prevent_hacking_banner[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\programs[1].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\roughnecks[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\rutherford_default[1].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\search[1].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\shop_menu[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\ski_report[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\ski_report[2].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\spacer[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\spotlight[1].css Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\stampeders[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\Stanmore-Logo[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\text[1].swf Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\Thai%20Gunbound[1].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\title_02[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\title_04[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\9RR9KD42\topmenu_02[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\031805_Maxonline_468x60[1].swf Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\2[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\2[2].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\43132[1].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\43132[2].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\71877[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\adjs[10].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\adjs[1].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\adjs[2].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\adjs[3].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\adjs[4].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\adjs[5].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\adjs[6].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\adjs[7].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\adjs[8].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\adjs[9].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\ae3[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\beta2_newtop_01_42[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\beta2_newtop_14[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\beta2_newtop_20[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\beta2_newtop_26[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\bullet10[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\Calgarygasbuddy[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\calgary_flames[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\cb2[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\circle-arrow[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\contact[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\cpbanner[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\cpim[1].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\crnwnt_the_world_tonight[1].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\crnwnt_the_world_tonight[2].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\default_01[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\desktop.ini Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\dynamic_multi_asx[1].asx Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\email_light[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\email_light[2].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\flatfile[1].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\flatfile[2].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\flatfile[3].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\flatfile[4].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\flatfile[5].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\flatfile[6].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\flatfile[7].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\flatfile[8].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\flatfile[9].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\form_button_join2[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\Friday[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\Friday[2].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\google[1].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\gunbound[1].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\header600x115[1].swf Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\help_menu[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\hitmen[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\hm_3[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\hm_but_editor[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\hm_but_forum1[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\hm_hd_moth[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\icon_news_arrow[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\icon_speaker_orange[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\icon_speaker_orange[2].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\img_2222_s[1].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\imp[1] Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\index(main_notice)_01[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\index(main_notice)_02[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\index(main_notice)_05[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\index(main_notice)_06[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\index(top_menu-beta2)10_04[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\index(top_menu-beta2)10_07_[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\index(top_menu-beta2)9_01[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\index(top_menu-beta2)9_06_0[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\index2[1].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\index[1].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\info[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\links[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\link_indonesia[1].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\link_vietnam[1].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\login_3[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\login_5[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\mongolrally[1].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\mongols[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\monster_header[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\monster_vote[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\moth[1].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\myphoto[1].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\nav_but_community1[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\nav_but_contact1[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\nav_but_find2[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\nav_but_go2[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\nav_but_myplanet2[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\nav_first[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\nav_pc3[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\nav_pc5[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\new_login_07[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\new_login_10[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\periodically_ani[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\pg_last_on[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\player_help[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\rightheading_scores[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\roughnecks[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\rule_backgroundcolor2[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\selloff[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\service_banner[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\show_links[1].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\show_links[2].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\show_rutherford[1].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\spacer[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\spacer[2].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\Thursday[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\title_01[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\title_03[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\toolbar_promo[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\topmenu_01[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\DYWAVM72\trans[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\43132[1].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\4910-25508-1819-0[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\4[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\adjs[1].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\adjs[2].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\adjs[3].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\adjs[4].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\adjs[5].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\adjs[6].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\adjs[7].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\adjs[8].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\adx[1].js Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\beta2_newtop_01_01[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\beta2_newtop_01_03[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\beta2_newtop_01_04_03[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\beta2_newtop_04[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\beta2_newtop_27[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\board_button_series_eng[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\bottom_02[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\calgary_flames[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\calgary_oval_xtreme[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\calgary_skyline2[1].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\cb1[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\chqram[1].xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\CHQRAM_2005_2_14_17-53-40[1].wma Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\chqram_header[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\chqram_UnityInvestments_120x90_v2[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\city_talk[1].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\corus_hockey[1].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\corus_hockey[2].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\cpim[1].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\cpstyle[1].css Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\cp[1].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\default_02[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\default_12[1].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\desktop.ini Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\events[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\flatfile[1].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\flatfile[2].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\flatfile[3].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\flatfile[4].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\flatfile[5].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\flatfile[6].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\flatfile[7].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\flatfile[8].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\flatfile[9].png Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\form_button_login2[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\form_button_login2[2].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\gen[1].js Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\gen[2].js Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\hd_moth[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\header[1].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\heading_onair[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\hm_4[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\hm_but_chat1[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\hm_hd_spotl[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\hm_hd_updated[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\icon_arrow[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\icon_email[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\icon_linkto[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\img_282_s[1].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\index(left_01)_04[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\index(main_notice)_04[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\index(main_press)_01[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\index(main_press)_02[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\index(top_menu-beta2)10_01[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\index(top_menu-beta2)10_05[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\index(top_menu-beta2)9_04[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\index(top_menu-beta2)9_07_s[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\index[1].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\jo_left[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\kmslogo[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\link_korea[1].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\login_4[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\login_but_join1[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\logo[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\main_top_bar_001[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\market_reports_120_60[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\monster_vote[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\myphoto[1].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\myphoto[2].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\nav_but_community2[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\nav_but_find1[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\nav_but_help2[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\nav_but_logout1[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\nav_but_logout2[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\nav_but_upg1[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\nav_current[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\nav_pc4[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\new_login_01[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\new_login_08[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\pageid=76561590[1].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\pbeAd_top[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\power_user_banner[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\prem_button[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\programs[1].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\ranking_menu[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\recruiting_banner[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\rss_feeds[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\Saturday[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\search[1].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\show_links[1].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\show_links[2].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\show_midday[1].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\show_rutherford[1].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\show_the_world_tonight[1].htm Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\spacer[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\stampeders[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\style[1].css Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\style[2].css Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\version_en_win_ax[1].xml Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\LTBGCQJ5\world_news[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\YCDBE8BM\16[1].jpg Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\YCDBE8BM\adimage[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\YCDBE8BM\adjs[10].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\YCDBE8BM\adjs[11].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\YCDBE8BM\adjs[12].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\YCDBE8BM\adjs[13].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\YCDBE8BM\adjs[1].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\YCDBE8BM\adjs[2].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\YCDBE8BM\adjs[3].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\YCDBE8BM\adjs[4].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\YCDBE8BM\adjs[5].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\YCDBE8BM\adjs[6].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\YCDBE8BM\adjs[7].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\YCDBE8BM\adjs[8].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\YCDBE8BM\adjs[9].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\YCDBE8BM\adserve_rot[1].php Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\YCDBE8BM\allpages[2].css Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\YCDBE8BM\beta2_newtop_01[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\YCDBE8BM\beta2_newtop_10[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\YCDBE8BM\beta2_newtop_19[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\YCDBE8BM\beta2_newtop_25[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\YCDBE8BM\beta2_newtop_point[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\YCDBE8BM\bullet8[1].gif Object is locked skipped
C:\Documents and Settings\Bruce\Local Settings\Temporary Internet Files\Content.IE5\YCDBE8BM\b_ani_02[1].gif Object is locked skipped

#12 Silly

Silly

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 07 June 2007 - 11:48 PM

You know what? Can I upload the notepad somewhere? This is going to take my hours to copy and paste manually. Plus, it might have some personal information =\

#13 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 09 June 2007 - 12:39 AM

Yes, you can do this to attach the log, or upload it.

Normally when you hit the Posted Image button you type in text or copy/paste in the white box. Scroll down below this box and look for "File Attachments" and click "Browse" and locate the file and then select "Add this Attachment" When you are done click "Add Reply".

Posted Image


If you can't attach the file, go to savefile.com and you can upload the log files there. There is no need to register, just click the "UPLOAD MY FILE" button. After you upload the file, please post the link to the file in your topic. That way, anyone on the board can see the log almost as easily as if it were posted here.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#14 Silly

Silly

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 09 June 2007 - 03:40 PM

Yay --->

:lol: http://www.savefile.com/files/795128

#15 Silly

Silly

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 10 June 2007 - 07:59 PM

Is it safe to leave my computer as it is now? I have not encountered any more popup/spyware problems. Do I really need my PC 100% free of infections? If you yourself think not so, then you should close this topic and help someone else because I think I'm fine myself. Thank you for your help.

#16 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 10 June 2007 - 11:30 PM

Hi Silly, :wave:

Youre most welcome, Silly. :)

Im sorry for my late reply. It took awhile to download and look over your kavscan log. :)

OK, lets pick up the leftovers. Once this is done, we could probably let you go home. :)

For this next step, please ensure that ComboFix.exe is on your desktop:
  • Then, please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    (start copying from "File::")


    File::
    C:\Documents and Settings\All Users\Application Data\SecTaskMan\ckdaenaf.dll.q_804EA15_q
    C:\Documents and Settings\All Users\Application Data\SecTaskMan\gshkvgsy.dll.q_80436_q
    C:\Documents and Settings\Joey\Application Data\rncr.exe
    C:\Program Files\etea\rpen.exe
    C:\Program Files\True Sword 4\backuped\1\gebyv.dll
    C:\WINDOWS\Downloaded Program Files\WinAdServX.dll
    C:\WINDOWS\system32\zsfiles\00001.rps
    C:\WINDOWS\system32\zsfiles\00002.rps
    C:\WINDOWS\system32\zsfiles\00003.rps
    C:\WINDOWS\system32\zsfiles\00004.rps
    C:\WINDOWS\system32\zsfiles\00005.rps
    C:\WINDOWS\system32\zsfiles\00006.rps
    C:\WINDOWS\system32\zsfiles\00007.rps
    C:\WINDOWS\system32\zsfiles\00008.rps
    C:\WINDOWS\system32\zsfiles\00011.rps
    C:\WINDOWS\system32\zsfiles\00022.rps
    C:\WINDOWS\system32\zsfiles\00023.rps
    C:\WINDOWS\system32\zsfiles\00024.rps
    C:\WINDOWS\system32\zsfiles\00025.rps
    C:\WINDOWS\system32\zsfiles\00026.rps
    C:\WINDOWS\system32\zsfiles\00027.rps
    C:\WINDOWS\system32\zsfiles\00028.rps
    C:\WINDOWS\system32\zsfiles\00029.rps
    C:\WINDOWS\system32\zsfiles\00030.rps
    C:\WINDOWS\system32\zsfiles\00032.rps
    C:\WINDOWS\system32\zsfiles\00033.rps
    C:\WINDOWS\system32\zsfiles\00034.rps
    C:\WINDOWS\system32\zsfiles\00035.rps
    C:\WINDOWS\system32\zsfiles\00039.rps
    C:\WINDOWS\system32\zsfiles\00040.rps
    C:\WINDOWS\system32\zsfiles\00041.rps
    C:\WINDOWS\system32\zsfiles\00141.rps
    C:\WINDOWS\system32\zsfiles\00146.rps
    C:\WINDOWS\system32\zsfiles\00148.rps
    C:\WINDOWS\system32\zsfiles\00151.rps
    C:\WINDOWS\system32\zsfiles\00152.rps
    C:\WINDOWS\system32\zsfiles\00165.rps
    C:\WINDOWS\system32\zsfiles\00166.rps
    C:\WINDOWS\system32\zsfiles\00167.rps
    C:\WINDOWS\system32\zsfiles\00198.rps
    C:\WINDOWS\system32\zsfiles\00208.rps
    C:\WINDOWS\system32\zsfiles\00252.rps
    C:\WINDOWS\system32\zsfiles\00253.rps
    C:\WINDOWS\system32\zsfiles\00257.rps
    C:\WINDOWS\system32\zsfiles\00355.rps
    C:\WINDOWS\system32\zsfiles\00392.rps
    C:\WINDOWS\system32\zsfiles\00393.rps
    C:\WINDOWS\system32\zsfiles\00397.rps
    C:\WINDOWS\system32\zsfiles\00401.rps
    C:\WINDOWS\system32\zsfiles\00405.rps
    C:\WINDOWS\system32\zsfiles\00410.rps
    C:\WINDOWS\system32\zsfiles\00411.rps
    C:\WINDOWS\system32\zsfiles\00412.rps
    C:\WINDOWS\system32\zsfiles\00414.rps
    C:\WINDOWS\system32\zsfiles\00415.rps
    C:\WINDOWS\system32\zsfiles\00416.rps
    C:\WINDOWS\system32\zsfiles\00417.rps
    C:\WINDOWS\system32\zsfiles\00418.rps
    C:\WINDOWS\system32\zsfiles\00419.rps
    C:\WINDOWS\system32\zsfiles\00422.rps
    C:\WINDOWS\system32\zsfiles\00423.rps
    C:\WINDOWS\system32\zsfiles\00424.rps
    C:\WINDOWS\system32\zsfiles\00435.rps
    C:\WINDOWS\system32\zsfiles\00436.rps
    C:\WINDOWS\system32\zsfiles\00437.rps
    C:\WINDOWS\system32\zsfiles\00438.rps
    C:\WINDOWS\system32\zsfiles\00442.rps
    C:\WINDOWS\system32\zsfiles\00443.rps
    C:\WINDOWS\system32\zsfiles\00444.rps
    C:\WINDOWS\system32\zsfiles\00447.rps
    

  • Save this as ComboFix-Do.txt and change the "Save as type" to "All Files" and place it on your desktop.


    Posted Image


  • Referring to the screenshot above, drag ComboFix-Do.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  • The log from the ComboFix scan located at C:\ComboFix.txt.
  • A new HijackThis log.
If things turn out fine in these last logs, we can call it day then. :)
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#17 Silly

Silly

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 11 June 2007 - 09:45 PM

"Joey" - 2007-06-11 20:12:23 Service Pack 2 NTFS
Command switches used :: ""C:\Documents and Settings\Joey\Desktop\ComboFix-Do.txt""


((((((((((((((((((((((((( Files Created from 2007-05-12 to 2007-06-12 )))))))))))))))))))))))))))))))


2007-06-07 17:04 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-07 17:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-06-07 16:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-06-07 16:45 <DIR> d-------- C:\Program Files\CCleaner
2007-06-07 16:41 <DIR> d-------- C:\Program Files\Yahoo!
2007-06-05 17:49 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-05 17:28 <DIR> d-------- C:\Avenger
2007-05-31 17:29 <DIR> d-------- C:\HJT
2007-05-31 00:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
2007-05-31 00:02 <DIR> d-------- C:\Program Files\Security Task Manager
2007-05-28 22:50 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-05-28 22:49 <DIR> d-------- C:\DOCUME~1\Joey\.housecall6.6
2007-05-28 19:55 <DIR> d-------- C:\Program Files\Arovax AntiSpyware
2007-05-28 19:49 <DIR> d-------- C:\DOCUME~1\Joey\APPLIC~1\True Sword
2007-05-28 19:47 <DIR> d-------- C:\Program Files\True Sword 4
2007-05-28 19:35 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-28 19:34 <DIR> d-------- C:\Program Files\CleanMyPC
2007-05-28 19:22 557,741 --a------ C:\WINDOWS\system32\RegistryCleanerSetup.exe
2007-05-28 18:47 <DIR> d-------- C:\DOCUME~1\Joey\APPLIC~1\Lavasoft
2007-05-28 18:45 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-28 18:03 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2007-05-28 18:03 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2007-05-28 18:02 <DIR> d-------- C:\Program Files\Replay Converter


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-10 16:39:04 -------- d-----w C:\Program Files\Starcraft
2007-06-08 06:14:09 -------- d-----w C:\DOCUME~1\Joey\APPLIC~1\Azureus
2007-05-29 19:28:23 -------- d-----w C:\Program Files\McAfee
2007-05-29 18:37:15 -------- d-----w C:\Program Files\XBC
2007-05-29 07:51:34 -------- d---a-w C:\Program Files\Diablo II
2007-05-29 01:33:28 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-29 00:41:36 77,602 ---ha-w C:\DOCUME~1\Joey\APPLIC~1\ptads.bin
2007-05-20 01:58:52 15,667 -c--a-w C:\WINDOWS\mozver.dat
2007-05-20 01:58:41 -------- d-----w C:\Program Files\DivX
2007-04-21 06:48:34 -------- d-----w C:\Program Files\Xilisoft
2007-04-21 06:36:16 -------- d-----w C:\DOCUME~1\Joey\APPLIC~1\Softplicity
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 04:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 04:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 04:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 04:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 04:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 04:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 04:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 04:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2005-05-14 00:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 18:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2007-03-09 07:12:32 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 22:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 05:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2006-05-03 09:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2004-01-25 07:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2007-02-21 10:47:16 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2005-02-28 20:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 07:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTPreset"="VTPreset.exe" [2004-02-24 20:17 C:\WINDOWS\system32\VTPreset.exe]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-04-07 02:16]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 08:57]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Arovax AntiSpyware"="C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe" [2007-05-27 08:24]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-29 02:27]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-04-22 12:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor XE.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor XE.lnk
backup=C:\WINDOWS\pss\Status Monitor XE.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Window Hider.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Window Hider.lnk
backup=C:\WINDOWS\pss\Window Hider.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Joey^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Joey\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Joey^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\Joey\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alogserv]
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DateMakerIntl]
c:\program files\dialers\datemakerintl\datemakerintl.exe /noconnect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LM Status]
LMSTATUS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Guardian]
"C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee.InstantUpdate.Monitor]
"C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Splinter Cell Uplink]
"C:\Program Files\Tom Clancy's Splinter Cell Uplink\SplinterCellUplink.exe" -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Valve\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\win32clf]
C:\Documents and Settings\Joey\win32clf\win32clf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"iPodService"=3 (0x3)
"McShield"=3 (0x3)
"McAfee Firewall"=3 (0x3)
"GuardDogEXE"=2 (0x2)
"usnjsvc"=3 (0x3)
"rpcapd"=3 (0x3)
"ose"=3 (0x3)
"Macromedia Licensing Service"=3 (0x3)
"IDriverT"=3 (0x3)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-11 20:28:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\drivers\MFX.sys

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BTHPORT\Parameters\Services\{00001101-0000-1000-8000-00805f9b34fb}]


[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


Completion time: 2007-06-11 20:39:15
C:\ComboFix-quarantined-files.txt ... 2007-06-11 20:39
C:\ComboFix2.txt ... 2007-06-07 16:29
C:\ComboFix3.txt ... 2007-06-05 17:49

--- E O F ---

#18 Silly

Silly

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 11 June 2007 - 09:59 PM

Logfile of HijackThis v1.99.1
Scan saved at 8:56:24 PM, on 6/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\explorer.exe
C:\HJT\HJT1991.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor XE.lnk = C:\Program Files\XEROX_XE\engss.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joey\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptoda...pdatePortal.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay10...ex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A149B051-99A6-4ECD-8F6E-79E00EFBACB2}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

#19 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 12 June 2007 - 04:26 AM

Hi Silly, :wave:

OK, lets pick up the leftovers.

First of all, please go to Start -> Control Panel -> Add/Remove Programs and remove the following, if listed:

CleanMyPC
True Sword 4
Arovax AntiSpyware


These are dubious applications, and I strongly recommend that you remove them. You can replace them with more reputable products that we could recommend for you.


NEXT:

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s



Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.


NEXT:

For this next step, please delete your current copy of ComboFix-Do.txt as we shall be creating a new one:
  • Then, please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    (start copying from "File::")


    File::
    C:\WINDOWS\system32\RegistryCleanerSetup.exe
    C:\Documents and Settings\Joey\win32clf\win32clf.exe
    
    Folder::
    C:\Program Files\Arovax AntiSpyware
    C:\DOCUME~1\Joey\APPLIC~1\True Sword
    C:\Program Files\True Sword 4
    C:\Program Files\CleanMyPC
    c:\program files\dialers
    
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DateMakerIntl]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\win32clf]
    

  • Save this as ComboFix-Do.txt and change the "Save as type" to "All Files" and place it on your desktop.


    Posted Image


  • Referring to the screenshot above, drag ComboFix-Do.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  • The log from the ComboFix scan located at C:\ComboFix.txt.
  • A new HijackThis log.
How are things running now?
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#20 Silly

Silly

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 30 June 2007 - 10:14 PM

HI! I'm back lol. Sorry, exams.
Here's my hijack this log!
Logfile of HijackThis v1.99.1
Scan saved at 9:10 PM, on 2007-06-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\XE88LMS.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HJT1991.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XE88LMS] XE88LMS.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor XE.lnk = C:\Program Files\XEROX_XE\engss.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joey\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptoda...pdatePortal.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay10...ex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A149B051-99A6-4ECD-8F6E-79E00EFBACB2}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe


Can you recommend me some better programs for protecting my computer? TY

#21 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 01 July 2007 - 07:05 AM

Hi Silly, :wave:

No worries, real life can overtake all of us. :)

Well, you could do with a better anti-virus proggie and a good firewall, but the security firms are always behind the malware. Always. :(

We'll recommend some good and FREE security software for you once your system is clean, OK?

Do you have the ComboFix log?
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#22 Silly

Silly

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 03 July 2007 - 11:39 AM

Umm.... >.> Im pretty sure I did it a long time ago before exams but I didn't save the log.

#23 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 03 July 2007 - 02:01 PM

No worries, Silly. :)

Could you run the ComboFix directions in post #19 and post the log that it generates? Thanks. :thumbsup:
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#24 Silly

Silly

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 05 July 2007 - 03:34 PM

"Joey" - 2007-07-05 11:18:42 - ComboFix 07-07-04.4 - Service Pack 2
Command switches used :: C:\Documents and Settings\Joey\Desktop\combofix-do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\TEMP


((((((((((((((((((((((((( Files Created from 2007-06-05 to 2007-07-05 )))))))))))))))))))))))))))))))


2007-06-24 21:18 <DIR> d-------- C:\XE88XPE
2007-06-19 18:45 <DIR> d-------- C:\DOCUME~1\Joey\APPLIC~1\uTorrent
2007-06-19 18:44 <DIR> d-------- C:\Program Files\uTorrent
2007-06-07 17:04 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-07 17:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-06-07 16:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-06-07 16:45 <DIR> d-------- C:\Program Files\CCleaner
2007-06-07 16:41 <DIR> d-------- C:\Program Files\Yahoo!
2007-06-05 17:49 51,200 --a------ C:\WINDOWS\nircmd.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-02 05:02:55 -------- d-----w C:\Program Files\Starcraft
2007-06-26 00:38:04 -------- d-----w C:\DOCUME~1\Joey\APPLIC~1\AdobeUM
2007-06-14 16:07:33 -------- d-----w C:\DOCUME~1\Joey\APPLIC~1\Azureus
2007-05-31 06:25:21 -------- d-----w C:\Program Files\Security Task Manager
2007-05-29 19:28:23 -------- d-----w C:\Program Files\McAfee
2007-05-29 18:37:15 -------- d-----w C:\Program Files\XBC
2007-05-29 07:51:34 -------- d---a-w C:\Program Files\Diablo II
2007-05-29 04:49:54 76,560 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-05-29 01:33:28 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-29 00:47:56 -------- d-----w C:\DOCUME~1\Joey\APPLIC~1\Lavasoft
2007-05-29 00:45:42 -------- d-----w C:\Program Files\Lavasoft
2007-05-29 00:41:36 77,602 ---ha-w C:\DOCUME~1\Joey\APPLIC~1\ptads.bin
2007-05-29 00:15:14 -------- d-----w C:\Program Files\Replay Converter
2007-05-20 01:58:52 15,667 -c--a-w C:\WINDOWS\mozver.dat
2007-05-20 01:58:41 -------- d-----w C:\Program Files\DivX
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 04:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 04:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 04:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 04:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 04:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 04:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 04:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 04:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2005-05-14 00:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 18:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2007-03-09 07:12:32 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 22:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 05:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2006-05-03 09:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2004-01-25 07:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2007-02-21 10:47:16 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2005-02-28 20:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 07:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-10-26 10:28 440384 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTPreset"="VTPreset.exe" [2004-02-24 20:17 C:\WINDOWS\system32\VTPreset.exe]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-04-07 02:16]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 08:57]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-29 02:27]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-04-22 12:56]
"XE88LMS"="XE88LMS.exe" [1999-06-29 20:48 C:\WINDOWS\system32\XE88LMS.EXE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor XE.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor XE.lnk
backup=C:\WINDOWS\pss\Status Monitor XE.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Window Hider.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Window Hider.lnk
backup=C:\WINDOWS\pss\Window Hider.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Joey^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Joey\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Joey^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\Joey\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alogserv]
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LM Status]
LMSTATUS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Guardian]
"C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee.InstantUpdate.Monitor]
"C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Splinter Cell Uplink]
"C:\Program Files\Tom Clancy's Splinter Cell Uplink\SplinterCellUplink.exe" -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Valve\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"iPodService"=3 (0x3)
"McShield"=3 (0x3)
"McAfee Firewall"=3 (0x3)
"GuardDogEXE"=2 (0x2)
"rpcapd"=3 (0x3)
"ose"=3 (0x3)
"Macromedia Licensing Service"=3 (0x3)
"IDriverT"=3 (0x3)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44CC0112-AB51-22EF-BA32-20AA12E6115C}
C:\WINDOWS\system32\msgmnb.com

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-05 11:38:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\drivers\MFX.sys

scan completed successfully
hidden files: 1

**************************************************************************

Completion time: 2007-07-05 11:52:01
C:\ComboFix-quarantined-files.txt ... 2007-07-05 11:51
C:\ComboFix2.txt ... 2007-06-11 20:39
C:\ComboFix3.txt ... 2007-06-07 16:29

--- E O F ---

#25 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 05 July 2007 - 10:13 PM

Hi Silly, :wave:

Things appear to have cleaned up nicely. :)

How are things running now? Any persistent problem or suspicious behavior on your machine that I should know about?
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#26 Silly

Silly

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 07 July 2007 - 03:11 PM

no theres nothing wrong...... but my PC does seem to run really slowly though

#27 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 08 July 2007 - 12:43 AM

Hi Silly, :wave:

Let’s see if we can speed things up a bit.

Please download CCleaner (freeware) and save it to your desktop:
  • Run the CCleaner installer.
  • During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  • Once installed, run CCleaner and click the "Windows" tab.
  • Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.
  • Then, click the "Applications" tab:
    • CHECK everything there.
  • Next, click the "Options" button in the left pane, then click the "Advanced" button:
    • UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".
  • Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.
  • When done, please exit CCleaner.
CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.


NEXT:

Please go to Start -> Run and type (or copy and paste):

devmgmt.msc

Click "OK".


Your system’s Device Manager will now open:
  • Double-click "IDE ATA/ATAPI controllers".
  • Right-click "Primary IDE Channel", select "Properties", then click on the "Advanced Settings" tab.
  • In the "Transfer Mode" dropdown list, please ensure that you have "DMA if available" for "Device 0" and "Device 1".
  • If the drop-down box already shows "DMA if available" but the "Current Transfer Mode" is PIO, then you must toggle the settings. That is:
    • Change the selection from "DMA if available" to "PIO Only", then click "OK".
    • Then repeat the steps above to change the selection to "DMA if available".
  • Once you have completed the steps above for the Primary IDE Channel, then do the same for the "Secondary IDE Channel".
  • Please reboot your computer for the change to take effect.
NOTE: After reboot, please go back into the Device Manager and see whether the "Current Transfer Mode" has been reset to DMA. If the current transfer mode remains PIO, then please right-click the relevant device (either Primary IDE or Secondary IDE channel), and select "Uninstall". Reboot again, and let me know if the problem persists.


NEXT:

Please register (it's free, don't worry) with PC Pitstop and run the full tests here:
http://www.pcpitstop.com/pcpitstop/default.asp

When the tests are complete, a results page will pop up. Click "Share Results with TechExpress" on the top right-hand side. Then copy the URL provided and post it here for me.

Edited by Sempurna, 08 July 2007 - 12:45 AM.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#28 Silly

Silly

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 21 July 2007 - 02:22 PM

http://www.pcpitstop...WQ6HWVC18VSV4VW

I don't really think the picture test worked. It wasn't loading then I clicked show picture and when it loaded it took me to the next page.

#29 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 22 July 2007 - 03:57 AM

At the PC Pitstop results page for your system, you'll find a Customized Tune-up Tips section just for your computer. Go through the tips, and let me know whether performance improves.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#30 Silly

Silly

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 28 July 2007 - 12:11 AM

I've erased some useless junk from my computer to maintain at least 25% of the hard drive available and I used a defrag program but I haven't had any noticeable change. I'm a photoshop user and lately, I've been editing large manga images and having firefox and other programs on and I just can't do any work.

#31 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 28 July 2007 - 07:57 AM

That could be explained by your low RAM available. You only have 224 MB of RAM on this machine. Windows XP works best with at least 512 MB of RAM, and since you use Photoshop, it should be at least 1 GB of RAM.

Upgrade your RAM, and you should notice a huge improvement in performance.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button