Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

Your browser is under the threat of infection.

This is a discussion on Your browser is under the threat of infection. within the Resolved HJT Threads forums, part of the Tech Support Forum category. This problem is similar to http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/resolved-hjt-threads/389504 . Google searches have been redirected to undesired sites. Pop-ups occur even though not


 
 
Thread Tools Search this Thread
Old 07-13-2009, 09:12 PM   #1
Registered Member
 
Join Date: Jul 2009
Posts: 9
OS: xp



This problem is similar to http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/resolved-hjt-threads/389504. Google searches have been redirected to undesired sites. Pop-ups occur even though not asked for.
And every so often the following image appears in the browser (firefox). I have already removed the redirects, a browser help object using HiJackThis.

But the image below still appears every so often and the unwanted popups persist. Below the image is the DDS




Here is the DDS. Attached are the other two.


DDS (Ver_09-06-26.01) - NTFSx86
Run by wjosephson at 22:36:02.84 on Mon 07/13/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1268 [GMT -4:00]

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS2\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS2\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\progra~1\scansoft\paperp~2\pptd40nt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
svchost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Matlab\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS2\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS2\system32\ZoneLabs\vsmon.exe
C:\WINDOWS2\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS2\system32\wuauclt.exe
C:\WINDOWS2\system32\wscntfy.exe
C:\Documents and Settings\wjosephson\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [ctfmon.exe] c:\windows2\system32\ctfmon.exe
uRun: [Windows Live Sync] "c:\program files\windows live\sync\WindowsLiveSync.exe" /background
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe"
mRun: [PaperPort PTD] c:\progra~1\scansoft\paperp~2\pptd40nt.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\wjosep~3\startm~1\programs\startup\starof~1.lnk - c:\program files\sun\staroffice 8\program\quickstart.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: cengage.com\access
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://access.cengage.com/vdesk/terminal/urxvpn.cab#version=6030,2009,514,2217
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://access.cengage.com/vdesk/terminal/f5tunsrv.cab#version=6030,2009,514,2213
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://access.cengage.com/vdesk/terminal/InstallerControl.cab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://access.cengage.com/vdesk/terminal/f5InspectionHost.cab#version=6030,2009,0514,2204
DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - hxxps://access.cengage.com/vdesk/terminal/urTermProxy.cab#version=6020,2008,0717,1602
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://access.cengage.com/vdesk/terminal/urxshost.cab#version=6030,2009,514,2210
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://access.cengage.com/vdesk/terminal/urxhost.cab#version=6030,2009,514,2205
DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - hxxps://access.cengage.com/policy/download_binary.php/win32/f5syschk.cab#Version=6030,2009,0514,2213
TCP: NameServer = 85.255.112.106,85.255.112.128
TCP: {217A86B1-EEA0-4074-8222-AE54CF23D96A} = 85.255.112.106,85.255.112.128
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows2\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\wjosep~3\applic~1\mozilla\firefox\profiles\j3v4sal9.default\
FF - prefs.js: browser.startup.homepage - hxxp://baseball.realgm.com/|http://www.bowl4fun.com/ron/roncarch...ball/universe/
FF - plugin: c:\documents and settings\wjosephson\application data\mozilla\firefox\profiles\j3v4sal9.default\extensions\{dbbb3167-6e81-400f-bbfd-bd8921726f52}\plugins\NPuroamHost.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 vsdatant;vsdatant;c:\windows2\system32\vsdatant.sys [2008-12-9 353672]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-12-2 600944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-12-2 600944]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-25 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090713.024\NAVENG.SYS [2009-7-13 87888]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090713.024\NAVEX15.SYS [2009-7-13 875728]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-12-8 1245064]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows2\system32\drivers\covpndrv.sys [2009-5-14 33920]
R3 vsmon;TrueVector Internet Monitor;c:\windows2\system32\zonelabs\vsmon.exe -service --> c:\windows2\system32\zonelabs\vsmon.exe -service [?]
S3 COH_Mon;COH_Mon;c:\windows2\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows2\system32\drivers\urfltw2k.sys [2008-12-9 10752]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-07-13 22:31 <DIR> --d-h--- c:\windows2\PIF
2009-07-13 17:29 <DIR> --d----- c:\program files\F5
2009-07-12 00:09 <DIR> --d----- c:\program files\common files\Scanner
2009-07-12 00:09 <DIR> --d----- c:\program files\CA Yahoo! Anti-Spy
2009-07-12 00:08 <DIR> --d----- c:\program files\Yahoo!
2009-07-11 14:47 <DIR> --d----- c:\program files\Trend Micro
2009-07-11 14:37 <DIR> --d----- c:\windows2\pss

==================== Find3M ====================

2009-06-16 18:29 4,212 a---h--- c:\windows2\system32\zllictbl.dat
2009-05-29 15:40 940,896 a------- c:\windows2\system32\Incinerator.dll
2009-05-23 22:45 410,984 a------- c:\windows2\system32\deploytk.dll
2009-05-07 11:32 345,600 a------- c:\windows2\system32\localspl.dll
2009-04-29 00:56 827,392 a------- c:\windows2\system32\wininet.dll
2009-04-29 00:55 78,336 a------- c:\windows2\system32\ieencode.dll
2009-04-19 15:05 2,678 a------- c:\windows2\java\packages\data\WRF133DV.DAT
2009-04-19 15:05 2,678 a------- c:\windows2\java\packages\data\FB7F5N7H.DAT
2009-04-19 15:05 2,678 a------- c:\windows2\java\packages\data\UZJTFHVZ.DAT
2009-04-19 15:05 2,678 a------- c:\windows2\java\packages\data\IOH3DR9V.DAT
2009-04-19 15:05 2,678 a------- c:\windows2\java\packages\data\UER935BT.DAT
2009-04-17 08:26 1,847,168 a------- c:\windows2\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows2\system32\rpcrt4.dll
2007-04-21 23:47 4,402,436 a------- c:\program files\everesthome220-1.zip
2008-12-18 21:52 80 ---shr-- c:\windows2\system32\1BF4CDB2DD.dll

============= FINISH: 22:36:20.84 ===============
Attached Thumbnails
Click image for larger version

Name:	Your browser is under the threat of infection.jpg
Views:	277
Size:	61.5 KB
ID:	52953  
Attached Files
File Type: zip ark.zip (5.4 KB, 12 views)

__________________
bill.josephson is offline  
Old 07-14-2009, 08:39 AM   #2
TSF Enthusiast
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Manila, PH
Posts: 1,477
OS: Vista, Linux Mint



hi.

Welcome to TSF.

You have already two installed Software Firewall. Norton Antivirus has a Firewall bundled with it. Having Zone Alarm would greatly affect your computer performance. I recommend to uninstall Zone Alarm before we start the fix.

Please uninstall the following. Using windows ADD/REMOVE program at the control panel.

Zone Alarm

--------------------------------------------------------------------------
I am sorry to inform you that one or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?


--------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

--------------------------------------------------------------------------
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------------------

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 2






  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. You can find instructions HERE.

  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Mark

__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Old 07-14-2009, 07:20 PM   #3
Registered Member
 
Join Date: Jul 2009
Posts: 9
OS: xp



Hi Mark,

I greatly appreciate this. Below is the combo log.

I will do something about Zone Alarm if you insist. With respect to NAV and Zone Alarm, I did not purchase the firewall option from Norton. When I go to the Norton Control panel I see no options for the firewall but Norton is monitoring the on-off status of Zone Alarm When I turn off Zone Alarm, Norton firewall status turns to red.

I will turn off Zone Alarm (put it in Manual mode and have it shut off ) if you want me to. Currently I have both on.

Also normally I have my machine turned off during the day (US Eastern Time). Let me know if you need the machine left on and connected.

ComboFix 09-07-14.07 - wjosephson 07/14/2009 20:39.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1636 [GMT -4:00]
Running from: c:\documents and settings\wjosephson\Desktop\ComFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\William Josephson\Favorites\Online Security Test.url
c:\program files\outlook
c:\program files\outlook\media\cagcat\1033\CAGCAT.MML
c:\program files\outlook\media\cagcat\CAGCAT.MMW
c:\program files\outlook\media\cagcat10\1033\CAGCAT10.MML
c:\program files\outlook\media\cagcat10\CAGCAT10.DLL
c:\program files\outlook\media\cagcat10\CAGCAT10.MMW
c:\program files\outlook\media\cagcat10\ELPHRG01.WAV
c:\program files\outlook\media\cagcat10\J0088542.WMF
c:\program files\outlook\media\cagcat10\J0090070.WMF
c:\program files\outlook\media\cagcat10\J0090386.WMF
c:\program files\outlook\media\cagcat10\J0149407.WMF
c:\program files\outlook\media\cagcat10\J0149481.WMF
c:\program files\outlook\media\cagcat10\J0149627.WMF
c:\program files\outlook\media\cagcat10\J0149887.WMF
c:\program files\outlook\media\cagcat10\J0157763.WMF
c:\program files\outlook\media\cagcat10\J0157995.WMF
c:\program files\outlook\media\cagcat10\J0158007.WMF
c:\program files\outlook\media\cagcat10\J0183168.WMF
c:\program files\outlook\media\cagcat10\J0183290.WMF
c:\program files\outlook\media\cagcat10\J0183328.WMF
c:\program files\outlook\media\cagcat10\J0185604.WMF
c:\program files\outlook\media\cagcat10\J0186002.WMF
c:\program files\outlook\media\cagcat10\J0186348.WMF
c:\program files\outlook\media\cagcat10\J0187423.WMF
c:\program files\outlook\media\cagcat10\J0195384.WMF
c:\program files\outlook\media\cagcat10\J0195534.WMF
c:\program files\outlook\media\cagcat10\J0195812.WMF
c:\program files\outlook\media\cagcat10\J0196164.WMF
c:\program files\outlook\media\cagcat10\J0196374.WMF
c:\program files\outlook\media\cagcat10\J0196400.WMF
c:\program files\outlook\media\cagcat10\J0199036.WMF
c:\program files\outlook\media\cagcat10\J0199283.WMF
c:\program files\outlook\media\cagcat10\J0199549.WMF
c:\program files\outlook\media\cagcat10\J0199661.WMF
c:\program files\outlook\media\cagcat10\J0199727.WMF
c:\program files\outlook\media\cagcat10\J0199755.WMF
c:\program files\outlook\media\cagcat10\J0199805.WMF
c:\program files\outlook\media\cagcat10\J0205462.WMF
c:\program files\outlook\media\cagcat10\J0205466.WMF
c:\program files\outlook\media\cagcat10\J0205582.WMF
c:\program files\outlook\media\cagcat10\J0211949.WMF
c:\program files\outlook\media\cagcat10\J0212219.WMF
c:\program files\outlook\media\cagcat10\J0212661.WMF
c:\program files\outlook\media\cagcat10\J0212701.WMF
c:\program files\outlook\media\cagcat10\J0212957.WMF
c:\program files\outlook\media\cagcat10\J0214098.WAV
c:\program files\outlook\media\cagcat10\J0215086.WMF
c:\program files\outlook\media\cagcat10\J0216516.WMF
c:\program files\outlook\media\cagcat10\J0216588.WMF
c:\program files\outlook\media\cagcat10\J0216724.WMF
c:\program files\outlook\media\cagcat10\J0216858.WMF
c:\program files\outlook\media\cagcat10\J0217698.WMF
c:\program files\outlook\media\cagcat10\J0221903.WMF
c:\program files\outlook\media\cagcat10\J0222015.WMF
c:\program files\outlook\media\cagcat10\J0222017.WMF
c:\program files\outlook\media\cagcat10\J0222019.WMF
c:\program files\outlook\media\cagcat10\J0222021.WMF
c:\program files\outlook\media\cagcat10\J0229385.WMF
c:\program files\outlook\media\cagcat10\J0229389.WMF
c:\program files\outlook\media\cagcat10\J0230876.WMF
c:\program files\outlook\media\cagcat10\J0233018.WMF
c:\program files\outlook\media\cagcat10\J0233070.WMF
c:\program files\outlook\media\cagcat10\J0233312.WMF
c:\program files\outlook\media\cagcat10\J0234131.WMF
c:\program files\outlook\media\cagcat10\J0234266.WMF
c:\program files\outlook\media\cagcat10\J0234657.WMF
c:\program files\outlook\media\cagcat10\J0234687.GIF
c:\program files\outlook\media\cagcat10\J0235241.WMF
c:\program files\outlook\media\cagcat10\J0235319.WMF
c:\program files\outlook\media\cagcat10\J0240695.WMF
c:\program files\outlook\media\cagcat10\J0240719.WMF
c:\program files\outlook\media\cagcat10\J0251301.WMF
c:\program files\outlook\media\cagcat10\J0251871.WMF
c:\program files\outlook\media\cagcat10\J0251925.WMF
c:\program files\outlook\media\cagcat10\J0252349.WMF
c:\program files\outlook\media\cagcat10\J0278882.WMF
c:\program files\outlook\media\cagcat10\J0281904.WMF
c:\program files\outlook\media\cagcat10\J0283209.GIF
c:\program files\outlook\media\cagcat10\J0284916.JPG
c:\program files\outlook\media\cagcat10\J0285360.WMF
c:\program files\outlook\media\cagcat10\J0285410.WMF
c:\program files\outlook\media\cagcat10\J0285444.WMF
c:\program files\outlook\media\cagcat10\J0285698.WMF
c:\program files\outlook\media\cagcat10\J0285750.WMF
c:\program files\outlook\media\cagcat10\J0285926.WMF
c:\program files\outlook\media\cagcat10\J0286034.WMF
c:\program files\outlook\media\cagcat10\J0286068.WMF
c:\program files\outlook\media\cagcat10\J0287005.WMF
c:\program files\outlook\media\cagcat10\J0291984.WMF
c:\program files\outlook\media\cagcat10\J0292020.WMF
c:\program files\outlook\media\cagcat10\J0292152.WMF
c:\program files\outlook\media\cagcat10\J0292982.WMF
c:\program files\outlook\media\cagcat10\J0293234.WMF
c:\program files\outlook\media\cagcat10\J0293236.WMF
c:\program files\outlook\media\cagcat10\J0293238.WMF
c:\program files\outlook\media\cagcat10\J0293240.WMF
c:\program files\outlook\media\cagcat10\J0293570.WMF
c:\program files\outlook\media\cagcat10\J0293828.WMF
c:\program files\outlook\media\cagcat10\J0293844.WMF
c:\program files\outlook\media\cagcat10\J0295241.GIF
c:\program files\outlook\media\cagcat10\J0297185.WMF
c:\program files\outlook\media\cagcat10\J0297551.WMF
c:\program files\outlook\media\cagcat10\J0297707.WMF
c:\program files\outlook\media\cagcat10\J0297749.WMF
c:\program files\outlook\media\cagcat10\J0298653.WMF
c:\program files\outlook\media\cagcat10\J0298897.WMF
c:\program files\outlook\media\cagcat10\J0299125.WMF
c:\program files\outlook\media\cagcat10\J0299171.WMF
c:\program files\outlook\media\cagcat10\J0299587.WMF
c:\program files\outlook\media\cagcat10\J0299611.WMF
c:\program files\outlook\media\cagcat10\J0299763.WMF
c:\program files\outlook\media\cagcat10\J0300520.GIF
c:\program files\outlook\media\cagcat10\J0300840.WMF
c:\program files\outlook\media\cagcat10\J0300912.WMF
c:\program files\outlook\media\cagcat10\J0301050.WMF
c:\program files\outlook\media\cagcat10\J0301076.WMF
c:\program files\outlook\media\cagcat10\J0301252.WMF
c:\program files\outlook\media\cagcat10\J0301480.WMF
c:\program files\outlook\media\cagcat10\J0302827.JPG
c:\program files\outlook\media\cagcat10\J0302953.JPG
c:\program files\outlook\media\cagcat10\J0304933.WMF
c:\program files\outlook\media\cagcat10\J0305257.WMF
c:\program files\outlook\media\cagcat10\J0305493.WMF
c:\program files\outlook\media\cagcat10\J0315447.JPG
c:\program files\outlook\media\cagcat10\J0332268.WMF
c:\program files\outlook\media\cagcat10\J0332364.WMF
c:\program files\outlook\media\cagcat10\J0335112.WMF
c:\program files\outlook\media\cagcat10\J0336075.WMF
c:\program files\outlook\media\office10\1033\OFFICE10.MML
c:\program files\outlook\media\office10\autoshap\AUTOSHAP.DLL
c:\program files\outlook\media\office10\autoshap\BD18180_.WMF
c:\program files\outlook\media\office10\autoshap\BD18181_.WMF
c:\program files\outlook\media\office10\autoshap\BD18182_.WMF
c:\program files\outlook\media\office10\autoshap\BD18184_.WMF
c:\program files\outlook\media\office10\autoshap\BD18185_.WMF
c:\program files\outlook\media\office10\autoshap\BD18187_.WMF
c:\program files\outlook\media\office10\autoshap\BD18189_.WMF
c:\program files\outlook\media\office10\autoshap\BD18190_.WMF
c:\program files\outlook\media\office10\autoshap\BD18191_.WMF
c:\program files\outlook\media\office10\autoshap\BD18192_.WMF
c:\program files\outlook\media\office10\autoshap\BD18193_.WMF
c:\program files\outlook\media\office10\autoshap\BD18194_.WMF
c:\program files\outlook\media\office10\autoshap\BD18196_.WMF
c:\program files\outlook\media\office10\autoshap\BD18197_.WMF
c:\program files\outlook\media\office10\autoshap\BD18198_.WMF
c:\program files\outlook\media\office10\autoshap\BD18199_.WMF
c:\program files\outlook\media\office10\autoshap\BD18200_.WMF
c:\program files\outlook\media\office10\autoshap\BD18201_.WMF
c:\program files\outlook\media\office10\autoshap\BD18202_.WMF
c:\program files\outlook\media\office10\autoshap\BD18203_.WMF
c:\program files\outlook\media\office10\autoshap\BD18204_.WMF
c:\program files\outlook\media\office10\autoshap\BD18205_.WMF
c:\program files\outlook\media\office10\autoshap\BD18206_.WMF
c:\program files\outlook\media\office10\autoshap\BD18207_.WMF
c:\program files\outlook\media\office10\autoshap\BD18208_.WMF
c:\program files\outlook\media\office10\autoshap\BD18209_.WMF
c:\program files\outlook\media\office10\autoshap\BD18210_.WMF
c:\program files\outlook\media\office10\autoshap\BD18211_.WMF
c:\program files\outlook\media\office10\autoshap\BD18212_.WMF
c:\program files\outlook\media\office10\autoshap\BD18213_.WMF
c:\program files\outlook\media\office10\autoshap\BD18214_.WMF
c:\program files\outlook\media\office10\autoshap\BD18215_.WMF
c:\program files\outlook\media\office10\autoshap\BD18216_.WMF
c:\program files\outlook\media\office10\autoshap\BD18217_.WMF
c:\program files\outlook\media\office10\autoshap\BD18218_.WMF
c:\program files\outlook\media\office10\autoshap\BD18219_.WMF
c:\program files\outlook\media\office10\autoshap\BD18220_.WMF
c:\program files\outlook\media\office10\autoshap\BD18221_.WMF
c:\program files\outlook\media\office10\autoshap\BD18222_.WMF
c:\program files\outlook\media\office10\autoshap\BD18223_.WMF
c:\program files\outlook\media\office10\autoshap\BD18224_.WMF
c:\program files\outlook\media\office10\autoshap\BD18225_.WMF
c:\program files\outlook\media\office10\autoshap\BD18226_.WMF
c:\program files\outlook\media\office10\autoshap\BD18227_.WMF
c:\program files\outlook\media\office10\autoshap\BD18228_.WMF
c:\program files\outlook\media\office10\autoshap\BD18229_.WMF
c:\program files\outlook\media\office10\autoshap\BD18230_.WMF
c:\program files\outlook\media\office10\autoshap\BD18231_.WMF
c:\program files\outlook\media\office10\autoshap\BD18232_.WMF
c:\program files\outlook\media\office10\autoshap\BD18233_.WMF
c:\program files\outlook\media\office10\autoshap\BD18234_.WMF
c:\program files\outlook\media\office10\autoshap\BD18235_.WMF
c:\program files\outlook\media\office10\autoshap\BD18236_.WMF
c:\program files\outlook\media\office10\autoshap\BD18237_.WMF
c:\program files\outlook\media\office10\autoshap\BD18238_.WMF
c:\program files\outlook\media\office10\autoshap\BD18239_.WMF
c:\program files\outlook\media\office10\autoshap\BD18241_.WMF
c:\program files\outlook\media\office10\autoshap\BD18242_.WMF
c:\program files\outlook\media\office10\autoshap\BD18243_.WMF
c:\program files\outlook\media\office10\autoshap\BD18244_.WMF
c:\program files\outlook\media\office10\autoshap\BD18245_.WMF
c:\program files\outlook\media\office10\autoshap\BD18246_.WMF
c:\program files\outlook\media\office10\autoshap\BD18247_.WMF
c:\program files\outlook\media\office10\autoshap\BD18248_.WMF
c:\program files\outlook\media\office10\autoshap\BD18249_.WMF
c:\program files\outlook\media\office10\autoshap\BD18250_.WMF
c:\program files\outlook\media\office10\autoshap\BD18251_.WMF
c:\program files\outlook\media\office10\autoshap\BD18252_.WMF
c:\program files\outlook\media\office10\autoshap\BD18253_.WMF
c:\program files\outlook\media\office10\autoshap\BD18254_.WMF
c:\program files\outlook\media\office10\autoshap\BD18255_.WMF
c:\program files\outlook\media\office10\autoshap\BD18256_.WMF
c:\program files\outlook\media\office10\autoshap\BD18257_.WMF
c:\program files\outlook\media\office10\bullets\BD10253_.GIF
c:\program files\outlook\media\office10\bullets\BD10254_.GIF
c:\program files\outlook\media\office10\bullets\BD10255_.GIF
c:\program files\outlook\media\office10\bullets\BD10263_.GIF
c:\program files\outlook\media\office10\bullets\BD10264_.GIF
c:\program files\outlook\media\office10\bullets\BD10265_.GIF
c:\program files\outlook\media\office10\bullets\BD10266_.GIF
c:\program files\outlook\media\office10\bullets\BD10267_.GIF
c:\program files\outlook\media\office10\bullets\BD10268_.GIF
c:\program files\outlook\media\office10\bullets\BD10297_.GIF
c:\program files\outlook\media\office10\bullets\BD10298_.GIF
c:\program files\outlook\media\office10\bullets\BD10299_.GIF
c:\program files\outlook\media\office10\bullets\BD10300_.GIF
c:\program files\outlook\media\office10\bullets\BD10301_.GIF
c:\program files\outlook\media\office10\bullets\BD10302_.GIF
c:\program files\outlook\media\office10\bullets\BD10335_.GIF
c:\program files\outlook\media\office10\bullets\BD10336_.GIF
c:\program files\outlook\media\office10\bullets\BD10337_.GIF
c:\program files\outlook\media\office10\bullets\BD14513_.GIF
c:\program files\outlook\media\office10\bullets\BD14514_.GIF
c:\program files\outlook\media\office10\bullets\BD14515_.GIF
c:\program files\outlook\media\office10\bullets\BD14528_.GIF
c:\program files\outlook\media\office10\bullets\BD14529_.GIF
c:\program files\outlook\media\office10\bullets\BD14530_.GIF
c:\program files\outlook\media\office10\bullets\BD14531_.GIF
c:\program files\outlook\media\office10\bullets\BD14532_.GIF
c:\program files\outlook\media\office10\bullets\BD14533_.GIF
c:\program files\outlook\media\office10\bullets\BD14565_.GIF
c:\program files\outlook\media\office10\bullets\BD14578_.GIF
c:\program files\outlook\media\office10\bullets\BD14579_.GIF
c:\program files\outlook\media\office10\bullets\BD14580_.GIF
c:\program files\outlook\media\office10\bullets\BD14581_.GIF
c:\program files\outlook\media\office10\bullets\BD14582_.GIF
c:\program files\outlook\media\office10\bullets\BD14583_.GIF
c:\program files\outlook\media\office10\bullets\BD14654_.GIF
c:\program files\outlook\media\office10\bullets\BD14655_.GIF
c:\program files\outlook\media\office10\bullets\BD14656_.GIF
c:\program files\outlook\media\office10\bullets\BD14691_.GIF
c:\program files\outlook\media\office10\bullets\BD14692_.GIF
c:\program files\outlook\media\office10\bullets\BD14693_.GIF
c:\program files\outlook\media\office10\bullets\BD14752_.GIF
c:\program files\outlook\media\office10\bullets\BD14753_.GIF
c:\program files\outlook\media\office10\bullets\BD14754_.GIF
c:\program files\outlook\media\office10\bullets\BD14755_.GIF
c:\program files\outlook\media\office10\bullets\BD14756_.GIF
c:\program files\outlook\media\office10\bullets\BD14757_.GIF
c:\program files\outlook\media\office10\bullets\BD14790_.GIF
c:\program files\outlook\media\office10\bullets\BD14791_.GIF
c:\program files\outlook\media\office10\bullets\BD14792_.GIF
c:\program files\outlook\media\office10\bullets\BD14793_.GIF
c:\program files\outlook\media\office10\bullets\BD14794_.GIF
c:\program files\outlook\media\office10\bullets\BD14795_.GIF
c:\program files\outlook\media\office10\bullets\BD14828_.GIF
c:\program files\outlook\media\office10\bullets\BD14829_.GIF
c:\program files\outlook\media\office10\bullets\BD14830_.GIF
c:\program files\outlook\media\office10\bullets\BD14831_.GIF
c:\program files\outlook\media\office10\bullets\BD14832_.GIF
c:\program files\outlook\media\office10\bullets\BD14833_.GIF
c:\program files\outlook\media\office10\bullets\BD14866_.GIF
c:\program files\outlook\media\office10\bullets\BD14867_.GIF
c:\program files\outlook\media\office10\bullets\BD14868_.GIF
c:\program files\outlook\media\office10\bullets\BD14869_.GIF
c:\program files\outlook\media\office10\bullets\BD14870_.GIF
c:\program files\outlook\media\office10\bullets\BD14871_.GIF
c:\program files\outlook\media\office10\bullets\BD14980_.GIF
c:\program files\outlook\media\office10\bullets\BD14981_.GIF
c:\program files\outlook\media\office10\bullets\BD14982_.GIF
c:\program files\outlook\media\office10\bullets\BD14983_.GIF
c:\program files\outlook\media\office10\bullets\BD14984_.GIF
c:\program files\outlook\media\office10\bullets\BD14985_.GIF
c:\program files\outlook\media\office10\bullets\BD15018_.GIF
c:\program files\outlook\media\office10\bullets\BD15019_.GIF
c:\program files\outlook\media\office10\bullets\BD15020_.GIF
c:\program files\outlook\media\office10\bullets\BD15021_.GIF
c:\program files\outlook\media\office10\bullets\BD15022_.GIF
c:\program files\outlook\media\office10\bullets\BD15023_.GIF
c:\program files\outlook\media\office10\bullets\BD15056_.GIF
c:\program files\outlook\media\office10\bullets\BD15057_.GIF
c:\program files\outlook\media\office10\bullets\BD15058_.GIF
c:\program files\outlook\media\office10\bullets\BD15059_.GIF
c:\program files\outlook\media\office10\bullets\BD15060_.GIF
c:\program files\outlook\media\office10\bullets\BD15061_.GIF
c:\program files\outlook\media\office10\bullets\BD15132_.GIF
c:\program files\outlook\media\office10\bullets\BD15133_.GIF
c:\program files\outlook\media\office10\bullets\BD15134_.GIF
c:\program files\outlook\media\office10\bullets\BD15135_.GIF
c:\program files\outlook\media\office10\bullets\BD15136_.GIF
c:\program files\outlook\media\office10\bullets\BD15168_.GIF
c:\program files\outlook\media\office10\bullets\BD15169_.GIF
c:\program files\outlook\media\office10\bullets\BD15170_.GIF
c:\program files\outlook\media\office10\bullets\BD15171_.GIF
c:\program files\outlook\media\office10\bullets\BD15172_.GIF
c:\program files\outlook\media\office10\bullets\BD15173_.GIF
c:\program files\outlook\media\office10\bullets\BD15272_.GIF
c:\program files\outlook\media\office10\bullets\BD15273_.GIF
c:\program files\outlook\media\office10\bullets\BD15274_.GIF
c:\program files\outlook\media\office10\bullets\BD15275_.GIF
c:\program files\outlook\media\office10\bullets\BD15276_.GIF
c:\program files\outlook\media\office10\bullets\BD15277_.GIF
c:\program files\outlook\media\office10\bullets\BD21294_.GIF
c:\program files\outlook\media\office10\bullets\BD21295_.GIF
c:\program files\outlook\media\office10\bullets\BD21296_.GIF
c:\program files\outlook\media\office10\bullets\BD21297_.GIF
c:\program files\outlook\media\office10\bullets\BD21298_.GIF
c:\program files\outlook\media\office10\bullets\BD21299_.GIF
c:\program files\outlook\media\office10\bullets\BD21300_.GIF
c:\program files\outlook\media\office10\bullets\BD21301_.GIF
c:\program files\outlook\media\office10\bullets\BD21302_.GIF
c:\program files\outlook\media\office10\bullets\BD21304_.GIF
c:\program files\outlook\media\office10\bullets\BD21306_.GIF
c:\program files\outlook\media\office10\bullets\BD21308_.GIF
c:\program files\outlook\media\office10\bullets\BD21310_.GIF
c:\program files\outlook\media\office10\bullets\BD21312_.GIF
c:\program files\outlook\media\office10\bullets\BD21314_.GIF
c:\program files\outlook\media\office10\bullets\BD21316_.GIF
c:\program files\outlook\media\office10\bullets\BD21327_.GIF
c:\program files\outlook\media\office10\bullets\BD21329_.GIF
c:\program files\outlook\media\office10\bullets\BD21331_.GIF
c:\program files\outlook\media\office10\bullets\BD21333_.GIF
c:\program files\outlook\media\office10\bullets\BD21335_.GIF
c:\program files\outlook\media\office10\bullets\BD21337_.GIF
c:\program files\outlook\media\office10\bullets\BD21339_.GIF
c:\program files\outlook\media\office10\bullets\BD21342_.GIF
c:\program files\outlook\media\office10\bullets\BD21343_.GIF
c:\program files\outlook\media\office10\bullets\BD21344_.GIF
c:\program files\outlook\media\office10\bullets\BD21364_.GIF
c:\program files\outlook\media\office10\bullets\BD21365_.GIF
c:\program files\outlook\media\office10\bullets\BD21366_.GIF
c:\program files\outlook\media\office10\bullets\BD21375_.GIF
c:\program files\outlook\media\office10\bullets\BD21376_.GIF
c:\program files\outlook\media\office10\bullets\BD21377_.GIF
c:\program files\outlook\media\office10\bullets\BD21398_.GIF
c:\program files\outlook\media\office10\bullets\BD21399_.GIF
c:\program files\outlook\media\office10\bullets\BD21400_.GIF
c:\program files\outlook\media\office10\bullets\BD21421_.GIF
c:\program files\outlook\media\office10\bullets\BD21422_.GIF
c:\program files\outlook\media\office10\bullets\BD21423_.GIF
c:\program files\outlook\media\office10\bullets\BD21433_.GIF
c:\program files\outlook\media\office10\bullets\BD21434_.GIF
c:\program files\outlook\media\office10\bullets\BD21435_.GIF
c:\program files\outlook\media\office10\bullets\BD21480_.GIF
c:\program files\outlook\media\office10\bullets\BD21481_.GIF
c:\program files\outlook\media\office10\bullets\BD21482_.GIF
c:\program files\outlook\media\office10\bullets\BD21503_.GIF
c:\program files\outlook\media\office10\bullets\BD21504_.GIF
c:\program files\outlook\media\office10\bullets\BD21505_.GIF
c:\program files\outlook\media\office10\bullets\BD21518_.GIF
c:\program files\outlook\media\office10\bullets\BD21519_.GIF
c:\program files\outlook\media\office10\bullets\BD21520_.GIF
c:\program files\outlook\media\office10\bullets\BD21533_.GIF
c:\program files\outlook\media\office10\bullets\BD21534_.GIF
c:\program files\outlook\media\office10\bullets\BD21535_.GIF
c:\program files\outlook\media\office10\bullets\BULLETS.DLL
c:\program files\outlook\media\office10\bullets\J0115834.GIF
c:\program files\outlook\media\office10\bullets\J0115835.GIF
c:\program files\outlook\media\office10\bullets\J0115836.GIF
c:\program files\outlook\media\office10\bullets\J0115839.GIF
c:\program files\outlook\media\office10\bullets\J0115840.GIF
c:\program files\outlook\media\office10\bullets\J0115841.GIF
c:\program files\outlook\media\office10\bullets\J0115842.GIF
c:\program files\outlook\media\office10\bullets\J0115843.GIF
c:\program files\outlook\media\office10\bullets\J0115844.GIF
c:\program files\outlook\media\office10\bullets\J0115863.GIF
c:\program files\outlook\media\office10\bullets\J0115864.GIF
c:\program files\outlook\media\office10\bullets\J0115865.GIF
c:\program files\outlook\media\office10\bullets\J0115866.GIF
c:\program files\outlook\media\office10\bullets\J0115867.GIF
c:\program files\outlook\media\office10\bullets\J0115868.GIF
c:\program files\outlook\media\office10\lines\BD10219_.GIF
c:\program files\outlook\media\office10\lines\BD10256_.GIF
c:\program files\outlook\media\office10\lines\BD10289_.GIF
c:\program files\outlook\media\office10\lines\BD10290_.GIF
c:\program files\outlook\media\office10\lines\BD10307_.GIF
c:\program files\outlook\media\office10\lines\BD10308_.GIF
c:\program files\outlook\media\office10\lines\BD10358_.GIF
c:\program files\outlook\media\office10\lines\BD14516_.GIF
c:\program files\outlook\media\office10\lines\BD14538_.GIF
c:\program files\outlook\media\office10\lines\BD14539_.GIF
c:\program files\outlook\media\office10\lines\BD14594_.GIF
c:\program files\outlook\media\office10\lines\BD14595_.GIF
c:\program files\outlook\media\office10\lines\BD14677_.GIF
c:\program files\outlook\media\office10\lines\BD14710_.GIF
c:\program files\outlook\media\office10\lines\BD14711_.GIF
c:\program files\outlook\media\office10\lines\BD14768_.GIF
c:\program files\outlook\media\office10\lines\BD14769_.GIF
c:\program files\outlook\media\office10\lines\BD14800_.GIF
c:\program files\outlook\media\office10\lines\BD14801_.GIF
c:\program files\outlook\media\office10\lines\BD14844_.GIF
c:\program files\outlook\media\office10\lines\BD14845_.GIF
c:\program files\outlook\media\office10\lines\BD14882_.GIF
c:\program files\outlook\media\office10\lines\BD14883_.GIF
c:\program files\outlook\media\office10\lines\BD14996_.GIF
c:\program files\outlook\media\office10\lines\BD14997_.GIF
c:\program files\outlook\media\office10\lines\BD15034_.GIF
c:\program files\outlook\media\office10\lines\BD15035_.GIF
c:\program files\outlook\media\office10\lines\BD15072_.GIF
c:\program files\outlook\media\office10\lines\BD15073_.GIF
c:\program files\outlook\media\office10\lines\BD15155_.GIF
c:\program files\outlook\media\office10\lines\BD15156_.GIF
c:\program files\outlook\media\office10\lines\BD15184_.GIF
c:\program files\outlook\media\office10\lines\BD15185_.GIF
c:\program files\outlook\media\office10\lines\BD15301_.GIF
c:\program files\outlook\media\office10\lines\BD15302_.GIF
c:\program files\outlook\media\office10\lines\BD21303_.GIF
c:\program files\outlook\media\office10\lines\BD21305_.GIF
c:\program files\outlook\media\office10\lines\BD21307_.GIF
c:\program files\outlook\media\office10\lines\BD21309_.GIF
c:\program files\outlook\media\office10\lines\BD21311_.GIF
c:\program files\outlook\media\office10\lines\BD21313_.GIF
c:\program files\outlook\media\office10\lines\BD21315_.GIF
c:\program files\outlook\media\office10\lines\BD21318_.GIF
c:\program files\outlook\media\office10\lines\BD21319_.GIF
c:\program files\outlook\media\office10\lines\BD21320_.GIF
c:\program files\outlook\media\office10\lines\BD21321_.GIF
c:\program files\outlook\media\office10\lines\BD21322_.GIF
c:\program files\outlook\media\office10\lines\BD21323_.GIF
c:\program files\outlook\media\office10\lines\BD21324_.GIF
c:\program files\outlook\media\office10\lines\BD21325_.GIF
c:\program files\outlook\media\office10\lines\BD21326_.GIF
c:\program files\outlook\media\office10\lines\BD21328_.GIF
c:\program files\outlook\media\office10\lines\BD21330_.GIF
c:\program files\outlook\media\office10\lines\BD21332_.GIF
c:\program files\outlook\media\office10\lines\BD21334_.GIF
c:\program files\outlook\media\office10\lines\BD21336_.GIF
c:\program files\outlook\media\office10\lines\BD21338_.GIF
c:\program files\outlook\media\office10\lines\BD21340_.GIF
c:\program files\outlook\media\office10\lines\BD21348_.GIF
c:\program files\outlook\media\office10\lines\BD21370_.GIF
c:\program files\outlook\media\office10\lines\BD21390_.GIF
c:\program files\outlook\media\office10\lines\BD21413_.GIF
c:\program files\outlook\media\office10\lines\BD21427_.GIF
c:\program files\outlook\media\office10\lines\BD21448_.GIF
c:\program files\outlook\media\office10\lines\BD21495_.GIF
c:\program files\outlook\media\office10\lines\BD21512_.GIF
c:\program files\outlook\media\office10\lines\BD21527_.GIF
c:\program files\outlook\media\office10\lines\BD21548_.GIF
c:\program files\outlook\media\office10\lines\J0115855.GIF
c:\program files\outlook\media\office10\lines\J0115856.GIF
c:\program files\outlook\media\office10\lines\J0115875.GIF
c:\program files\outlook\media\office10\lines\J0115876.GIF
c:\program files\outlook\media\office10\lines\LINES.DLL
c:\program files\outlook\media\office10\OFFICE10.DLL
c:\program files\outlook\media\office10\OFFICE10.MMW
c:\program files\outlook\Office10\1033\ADO210.AW
c:\program files\outlook\Office10\1033\AV41206.FMT
c:\program files\outlook\Office10\1033\AV41256.FMT
c:\program files\outlook\Office10\1033\AV41307.FMT
c:\program files\outlook\Office10\1033\AV41357.FMT
c:\program files\outlook\Office10\1033\AVL7901.FMT
c:\program files\outlook\Office10\1033\AVL7902.FMT
c:\program files\outlook\Office10\1033\CSDEBUG.CHM
c:\program files\outlook\Office10\1033\CSENVIR.CHM
c:\program files\outlook\Office10\1033\CUSTOMER.DBF
c:\program files\outlook\Office10\1033\DAO360.AW
c:\program files\outlook\Office10\1033\DataServices\+Connect to New Data Source.odc
c:\program files\outlook\Office10\1033\DataServices\+New SQL Server Connection.odc
c:\program files\outlook\Office10\1033\DataServices\DATACONN.HTC
c:\program files\outlook\Office10\1033\DataServices\DESKTOP.INI
c:\program files\outlook\Office10\1033\DataServices\FOLDER.ICO
c:\program files\outlook\Office10\1033\DAY1.PRT
c:\program files\outlook\Office10\1033\DAY2.PRT
c:\program files\outlook\Office10\1033\DYNO106.FMT
c:\program files\outlook\Office10\1033\EMPLOYEE.DBF
c:\program files\outlook\Office10\1033\ENVELOPR.DLL
c:\program files\outlook\Office10\1033\EULA10R.CHM
c:\program files\outlook\Office10\1033\EXPTOOWS.XLA
c:\program files\outlook\Office10\1033\FEEDBACK.HTM
c:\program files\outlook\Office10\1033\FILTERS.TXT
c:\program files\outlook\Office10\1033\FM20.AW
c:\program files\outlook\Office10\1033\GR8GALRY.GRA
c:\program files\outlook\Office10\1033\GRAPH10.AW
c:\program files\outlook\Office10\1033\GRAPH10.CHM
c:\program files\outlook\Office10\1033\GRINTL32.DLL
c:\program files\outlook\Office10\1033\GRTIP10.HLP
c:\program files\outlook\Office10\1033\HTMLREF.CHM
c:\program files\outlook\Office10\1033\ID_01A.DHS
c:\program files\outlook\Office10\1033\ID_01A.DPC
c:\program files\outlook\Office10\1033\JSCRIPT5.CHM
c:\program files\outlook\Office10\1033\MCE.CHM
c:\program files\outlook\Office10\1033\MODHLPUI.DLL
c:\program files\outlook\Office10\1033\MONTH1.PRT
c:\program files\outlook\Office10\1033\MONTH2.PRT
c:\program files\outlook\Office10\1033\MSCAL32.DLL
c:\program files\outlook\Office10\1033\MSE10.AW
c:\program files\outlook\Office10\1033\MSE10.CHM
c:\program files\outlook\Office10\1033\MSEINTL.DLL
c:\program files\outlook\Office10\1033\MSO.ACL
c:\program files\outlook\Office10\1033\MSOADICT.DLL
c:\program files\outlook\Office10\1033\MSOAUTUI.DLL
c:\program files\outlook\Office10\1033\MSOHELP.EXE
c:\program files\outlook\Office10\1033\MSOHLP10.CHM
c:\program files\outlook\Office10\1033\MSOLANG.DLL
c:\program files\outlook\Office10\1033\MSOW10.AW
c:\program files\outlook\Office10\1033\MSOWCWI.DLL
c:\program files\outlook\Office10\1033\MSPAW.AW
c:\program files\outlook\Office10\1033\MSPHELP.CHM
c:\program files\outlook\Office10\1033\MSQRY32.AW
c:\program files\outlook\Office10\1033\MSQRY32.CHM
c:\program files\outlook\Office10\1033\MSQRY32.HLP
c:\program files\outlook\Office10\1033\MSSCD32.DLL
c:\program files\outlook\Office10\1033\MSSPC32.DLL
c:\program files\outlook\Office10\1033\MSTINTL.DLL
c:\program files\outlook\Office10\1033\MSTIP10.HLP
c:\program files\outlook\Office10\1033\MSTORE10.AW
c:\program files\outlook\Office10\1033\MSTORE10.CHM
c:\program files\outlook\Office10\1033\MSTRE32.DLL
c:\program files\outlook\Office10\1033\MSUSPINT.DLL
c:\program files\outlook\Office10\1033\NORMAL.FMT
c:\program files\outlook\Office10\1033\OBALLOON.DLL
c:\program files\outlook\Office10\1033\OCLTINT.DLL
c:\program files\outlook\Office10\1033\OFFTEXT.TXT
c:\program files\outlook\Office10\1033\OFMAIN10.CHM
c:\program files\outlook\Office10\1033\OFREAD10.HTM
c:\program files\outlook\Office10\1033\OFTIP10.HLP
c:\program files\outlook\Office10\1033\OLFM10.CHM
c:\program files\outlook\Office10\1033\OLMAIN10.AW
c:\program files\outlook\Office10\1033\OLMAIN10.CHM
c:\program files\outlook\Office10\1033\OLOW10.AW
c:\program files\outlook\Office10\1033\OLREAD10.HTM
c:\program files\outlook\Office10\1033\OLTIP10.HLP
c:\program files\outlook\Office10\1033\OLTOC10.CHM
c:\program files\outlook\Office10\1033\ORDERS.DBF
c:\program files\outlook\Office10\1033\OSBINTL.DLL
c:\program files\outlook\Office10\1033\OUTFORM.DAT
c:\program files\outlook\Office10\1033\OUTLBAR.INF
c:\program files\outlook\Office10\1033\OUTLCMR.DLL
c:\program files\outlook\Office10\1033\OUTLLIBR.DLL
c:\program files\outlook\Office10\1033\OUTLOOK.HOL
c:\program files\outlook\Office10\1033\OUTLWVW.DLL
c:\program files\outlook\Office10\1033\OWSHLP10.CHM
c:\program files\outlook\Office10\1033\PSS10O.CHM
c:\program files\outlook\Office10\1033\PSS10R.CHM
c:\program files\outlook\Office10\1033\QRYINT32.DLL
c:\program files\outlook\Office10\1033\SCHDPL32.EXE
c:\program files\outlook\Office10\1033\SETUP.HLP
c:\program files\outlook\Office10\1033\SLINTL.DLL
c:\program files\outlook\Office10\1033\SRINTL.DLL
c:\program files\outlook\Office10\1033\THANKYOU.HTM
c:\program files\outlook\Office10\1033\TRIFOLD3.PRT
c:\program files\outlook\Office10\1033\USPANNTN.XML
c:\program files\outlook\Office10\1033\USPMETA.XML
c:\program files\outlook\Office10\1033\VBAGR10.CHM
c:\program files\outlook\Office10\1033\VBAOF10.AW
c:\program files\outlook\Office10\1033\VBAOF10.CHM
c:\program files\outlook\Office10\1033\VBAOL10.AW
c:\program files\outlook\Office10\1033\VBAOL10.CHM
c:\program files\outlook\Office10\1033\VBAOWS10.CHM
c:\program files\outlook\Office10\1033\VBOLOW10.AW
c:\program files\outlook\Office10\1033\VBSCRIP5.CHM
c:\program files\outlook\Office10\1033\VEEN3.AW
c:\program files\outlook\Office10\1033\VIDEO.MHT
c:\program files\outlook\Office10\1033\WEEK1.PRT
c:\program files\outlook\Office10\1033\WEEK2.PRT
c:\program files\outlook\Office10\1033\WEEK3.PRT
c:\program files\outlook\Office10\1036\MSO.ACL
c:\program files\outlook\Office10\1036\WWASUM.DLL
c:\program files\outlook\Office10\3082\MSO.ACL
c:\program files\outlook\Office10\3082\WWASUM.DLL
c:\program files\outlook\Office10\Addins\AWFEXT.ECF
c:\program files\outlook\Office10\Addins\DLGSETP.ECF
c:\program files\outlook\Office10\Addins\DUMPSTER.ECF
c:\program files\outlook\Office10\Addins\FAXEXT.ECF
c:\program files\outlook\Office10\Addins\FRMRDRCT.DLL
c:\program files\outlook\Office10\Addins\FRMRDRCT.ECF
c:\program files\outlook\Office10\Addins\MAIL3.ECF
c:\program files\outlook\Office10\Addins\MSFSMENU.ECF
c:\program files\outlook\Office10\Addins\MSFSPROP.ECF
c:\program files\outlook\Office10\Addins\MSSPC.ECF
c:\program files\outlook\Office10\Addins\OLMENU.ECF
c:\program files\outlook\Office10\Addins\OUTEX.ECF
c:\program files\outlook\Office10\Addins\OUTEX2.ECF
c:\program files\outlook\Office10\Addins\OUTLVBA.DLL
c:\program files\outlook\Office10\Addins\PMAILEXT.ECF
c:\program files\outlook\Office10\Addins\RWIZ1.ECF
c:\program files\outlook\Office10\Addins\SCRPTXTN.ECF
c:\program files\outlook\Office10\AW.DLL
c:\program files\outlook\Office10\BIDI32.DLL
c:\program files\outlook\Office10\BLNMGR.DLL
c:\program files\outlook\Office10\BLNMGRPS.DLL
c:\program files\outlook\Office10\CDOOFF.DLL
c:\program files\outlook\Office10\CGMIMP32.HLP
c:\program files\outlook\Office10\CLIPPIT.ACG
c:\program files\outlook\Office10\CLIPPIT.ACS
c:\program files\outlook\Office10\Convert\1033\ACT3R.SAM
c:\program files\outlook\Office10\Convert\1033\ACTR.SAM
c:\program files\outlook\Office10\Convert\1033\DELIMR.FAE
c:\program files\outlook\Office10\Convert\1033\ECCOR.SAM
c:\program files\outlook\Office10\Convert\1033\LOCALDV.DLL
c:\program files\outlook\Office10\Convert\1033\ODBCR.SAM
c:\program files\outlook\Office10\Convert\1033\OLADDR.FAE
c:\program files\outlook\Office10\Convert\1033\OLAPPTR.FAE
c:\program files\outlook\Office10\Convert\1033\OLJRNLR.FAE
c:\program files\outlook\Office10\Convert\1033\OLMAILR.FAE
c:\program files\outlook\Office10\Convert\1033\OLNOTER.FAE
c:\program files\outlook\Office10\Convert\1033\OLR.SAM
c:\program files\outlook\Office10\Convert\1033\OLTASKR.FAE
c:\program files\outlook\Office10\Convert\1033\ORG97R.SAM
c:\program files\outlook\Office10\Convert\1033\PABR.SAM
c:\program files\outlook\Office10\Convert\1033\SC2R.SAM
c:\program files\outlook\Office10\Convert\1033\SCHPLUSR.SAM
c:\program files\outlook\Office10\Convert\1033\TRANSMRR.DLL
c:\program files\outlook\Office10\Convert\ACT.SAM
c:\program files\outlook\Office10\Convert\ACT3.SAM
c:\program files\outlook\Office10\Convert\DELIMDOS.FAE
c:\program files\outlook\Office10\Convert\DELIMWIN.FAE
c:\program files\outlook\Office10\Convert\DESKSAM.SAM
c:\program files\outlook\Office10\Convert\ECCO.SAM
c:\program files\outlook\Office10\Convert\ODBC.SAM
c:\program files\outlook\Office10\Convert\OL.SAM
c:\program files\outlook\Office10\Convert\OLADD.FAE
c:\program files\outlook\Office10\Convert\OLAPPT.FAE
c:\program files\outlook\Office10\Convert\OLJRNL.FAE
c:\program files\outlook\Office10\Convert\OLMAIL.FAE
c:\program files\outlook\Office10\Convert\OLNOTE.FAE
c:\program files\outlook\Office10\Convert\OLTASK.FAE
c:\program files\outlook\Office10\Convert\ORG97.SAM
c:\program files\outlook\Office10\Convert\PAB.SAM
c:\program files\outlook\Office10\Convert\RM.DLL
c:\program files\outlook\Office10\Convert\SC2.SAM
c:\program files\outlook\Office10\Convert\SCHPLUS.SAM
c:\program files\outlook\Office10\Convert\TRANSMGR.DLL
c:\program files\outlook\Office10\DESIGNER.XML
c:\program files\outlook\Office10\DLGSETP.DLL
c:\program files\outlook\Office10\DOT.ACG
c:\program files\outlook\Office10\DOT.ACS
c:\program files\outlook\Office10\ENVELOPE.DLL
c:\program files\outlook\Office10\EXCHCSP.DLL
c:\program files\outlook\Office10\EXSEC32.DLL
c:\program files\outlook\Office10\F1.ACG
c:\program files\outlook\Office10\F1.ACS
c:\program files\outlook\Office10\FINDER.EXE
c:\program files\outlook\Office10\forms\1033\ACTIVITL.ICO
c:\program files\outlook\Office10\forms\1033\ACTIVITS.ICO
c:\program files\outlook\Office10\forms\1033\ACTIVITY.CFG
c:\program files\outlook\Office10\forms\1033\APPT.CFG
c:\program files\outlook\Office10\forms\1033\APPTL.ICO
c:\program files\outlook\Office10\forms\1033\APPTS.ICO
c:\program files\outlook\Office10\forms\1033\CNFNOT.CFG
c:\program files\outlook\Office10\forms\1033\CNFNOT.ICO
c:\program files\outlook\Office10\forms\1033\CNFRES.CFG
c:\program files\outlook\Office10\forms\1033\CONFLICT.ICO
c:\program files\outlook\Office10\forms\1033\CONTACT.CFG
c:\program files\outlook\Office10\forms\1033\CONTACTL.ICO
c:\program files\outlook\Office10\forms\1033\CONTACTS.ICO
c:\program files\outlook\Office10\forms\1033\DISTLIST.CFG
c:\program files\outlook\Office10\forms\1033\DISTLSTL.ICO
c:\program files\outlook\Office10\forms\1033\DISTLSTS.ICO
c:\program files\outlook\Office10\forms\1033\DOC.CFG
c:\program files\outlook\Office10\forms\1033\DOCL.ICO
c:\program files\outlook\Office10\forms\1033\DOCS.ICO
c:\program files\outlook\Office10\forms\1033\EXITEM.CFG
c:\program files\outlook\Office10\forms\1033\EXITEML.ICO
c:\program files\outlook\Office10\forms\1033\EXITEMS.ICO
c:\program files\outlook\Office10\forms\1033\IPM.CFG
c:\program files\outlook\Office10\forms\1033\IPML.ICO
c:\program files\outlook\Office10\forms\1033\IPMS.ICO
c:\program files\outlook\Office10\forms\1033\NOTE.CFG
c:\program files\outlook\Office10\forms\1033\NOTEL.ICO
c:\program files\outlook\Office10\forms\1033\NOTES.ICO
c:\program files\outlook\Office10\forms\1033\OOFL.ICO
c:\program files\outlook\Office10\forms\1033\OOFS.ICO
c:\program files\outlook\Office10\forms\1033\OOFTMPL.CFG
c:\program files\outlook\Office10\forms\1033\POST.CFG
c:\program files\outlook\Office10\forms\1033\POSTIT.CFG
c:\program files\outlook\Office10\forms\1033\POSTITL.ICO
c:\program files\outlook\Office10\forms\1033\POSTITS.ICO
c:\program files\outlook\Office10\forms\1033\POSTL.ICO
c:\program files\outlook\Office10\forms\1033\POSTS.ICO
c:\program files\outlook\Office10\forms\1033\RCLRPT.CFG
c:\program files\outlook\Office10\forms\1033\REC.CFG
c:\program files\outlook\Office10\forms\1033\RECL.ICO
c:\program files\outlook\Office10\forms\1033\RECS.ICO
c:\program files\outlook\Office10\forms\1033\REMOTE.CFG
c:\program files\outlook\Office10\forms\1033\REMOTEL.ICO
c:\program files\outlook\Office10\forms\1033\REMOTES.ICO
c:\program files\outlook\Office10\forms\1033\REPLTMPL.CFG
c:\program files\outlook\Office10\forms\1033\REPORT.CFG
c:\program files\outlook\Office10\forms\1033\REPORTL.ICO
c:\program files\outlook\Office10\forms\1033\REPORTS.ICO
c:\program files\outlook\Office10\forms\1033\RESEND.CFG
c:\program files\outlook\Office10\forms\1033\RESENDL.ICO
c:\program files\outlook\Office10\forms\1033\RESENDS.ICO
c:\program files\outlook\Office10\forms\1033\SCDCNCLL.ICO
c:\program files\outlook\Office10\forms\1033\SCDCNCLS.ICO
c:\program files\outlook\Office10\forms\1033\SCDREQL.ICO
c:\program files\outlook\Office10\forms\1033\SCDREQS.ICO
c:\program files\outlook\Office10\forms\1033\SCDRESNL.ICO
c:\program files\outlook\Office10\forms\1033\SCDRESNS.ICO
c:\program files\outlook\Office10\forms\1033\SCDRESPL.ICO
c:\program files\outlook\Office10\forms\1033\SCDRESPS.ICO
c:\program files\outlook\Office10\forms\1033\SCDRESTL.ICO
c:\program files\outlook\Office10\forms\1033\SCDRESTS.ICO
c:\program files\outlook\Office10\forms\1033\SCHDCNCL.CFG
c:\program files\outlook\Office10\forms\1033\SCHDREQ.CFG
c:\program files\outlook\Office10\forms\1033\SCHDRESN.CFG
c:\program files\outlook\Office10\forms\1033\SCHDRESP.CFG
c:\program files\outlook\Office10\forms\1033\SCHDREST.CFG
c:\program files\outlook\Office10\forms\1033\SECREC.CFG
c:\program files\outlook\Office10\forms\1033\SECRECL.ICO
c:\program files\outlook\Office10\forms\1033\SECRECS.ICO
c:\program files\outlook\Office10\forms\1033\SECURE.CFG
c:\program files\outlook\Office10\forms\1033\SECURL.ICO
c:\program files\outlook\Office10\forms\1033\SECURS.ICO
c:\program files\outlook\Office10\forms\1033\SIGN.CFG
c:\program files\outlook\Office10\forms\1033\SIGNL.ICO
c:\program files\outlook\Office10\forms\1033\SIGNS.ICO
c:\program files\outlook\Office10\forms\1033\SMIMEE.CFG
c:\program files\outlook\Office10\forms\1033\SMIMES.CFG
c:\program files\outlook\Office10\forms\1033\TASK.CFG
c:\program files\outlook\Office10\forms\1033\TASKACC.CFG
c:\program files\outlook\Office10\forms\1033\TASKACCL.ICO
c:\program files\outlook\Office10\forms\1033\TASKACCS.ICO
c:\program files\outlook\Office10\forms\1033\TASKDEC.CFG
c:\program files\outlook\Office10\forms\1033\TASKDECL.ICO
c:\program files\outlook\Office10\forms\1033\TASKDECS.ICO
c:\program files\outlook\Office10\forms\1033\TASKL.ICO
c:\program files\outlook\Office10\forms\1033\TASKREQ.CFG
c:\program files\outlook\Office10\forms\1033\TASKREQL.ICO
c:\program files\outlook\Office10\forms\1033\TASKREQS.ICO
c:\program files\outlook\Office10\forms\1033\TASKS.ICO
c:\program files\outlook\Office10\forms\1033\TASKUPD.CFG
c:\program files\outlook\Office10\GRAPH.EXE
c:\program files\outlook\Office10\HLP95EN.DLL
c:\program files\outlook\Office10\HTML\context.html
c:\program files\outlook\Office10\HTML\ctxhelp_cls.gif
c:\program files\outlook\Office10\HTML\ctxhelp_opn.gif
c:\program files\outlook\Office10\HTML\ctxmsc_cls.gif
c:\program files\outlook\Office10\HTML\ctxmsc_opn.gif
c:\program files\outlook\Office10\HTML\ctxtrain_cls.gif
c:\program files\outlook\Office10\HTML\ctxtrain_opn.gif
c:\program files\outlook\Office10\HTML\ctxwiz_cls.gif
c:\program files\outlook\Office10\HTML\ctxwiz_opn.gif
c:\program files\outlook\Office10\HTML\XMLLinks\1033\context.xml
c:\program files\outlook\Office10\HTML\XMLLinks\1033\CSDEBUG.XML
c:\program files\outlook\Office10\HTML\XMLLinks\1033\CSENVIR.XML
c:\program files\outlook\Office10\HTML\XMLLinks\1033\msdntrn.xml
c:\program files\outlook\Office10\HTML\XMLLinks\1033\OFFICE.XML
c:\program files\outlook\Office10\HTML\XMLLinks\def_ctx.xml
c:\program files\outlook\Office10\IMPMAIL.DLL
c:\program files\outlook\Office10\INTLBAND.HTM
c:\program files\outlook\Office10\INTLDATE.DLL
c:\program files\outlook\Office10\LOGO.ACG
c:\program files\outlook\Office10\LOGO.ACS
c:\program files\outlook\Office10\MAKECERT.EXE
c:\program files\outlook\Office10\MCANSI.DLL
c:\program files\outlook\Office10\MCDLC.EXE
c:\program files\outlook\Office10\MCDLCAN.DLL
c:\program files\outlook\Office10\MCPS.DLL
c:\program files\outlook\Office10\Migration\MIGRATE.DLL
c:\program files\outlook\Office10\MIMEDIR.DLL
c:\program files\outlook\Office10\MLSHEXT.DLL
c:\program files\outlook\Office10\MNATURE.ACG
c:\program files\outlook\Office10\MNATURE.ACS
c:\program files\outlook\Office10\MODHELP.DLL
c:\program files\outlook\Office10\MSE7.EXE
c:\program files\outlook\Office10\MSN.ICO
c:\program files\outlook\Office10\MSOAUTH.DLL
c:\program files\outlook\Office10\MSOFFICE.EXE
c:\program files\outlook\Office10\MSOHEV.DLL
c:\program files\outlook\Office10\MSOHTMED.EXE
c:\program files\outlook\Office10\MSOMSE.DLL
c:\program files\outlook\Office10\MSOSTYLE.DLL
c:\program files\outlook\Office10\MSOSVABW.DLL
c:\program files\outlook\Office10\MSOSVFBR.DLL
c:\program files\outlook\Office10\MSOUTL.OLB
c:\program files\outlook\Office10\MSOUTLO.PIP
c:\program files\outlook\Office10\MSQRY32.EXE
c:\program files\outlook\Office10\MSTORDB.EXE
c:\program files\outlook\Office10\MSTORE.EXE
c:\program files\outlook\Office10\MSTORES.DLL
c:\program files\outlook\Office10\MSUSP.DLL
c:\program files\outlook\Office10\MULTIQ.DLL
c:\program files\outlook\Office10\NOISECHS.TXT
c:\program files\outlook\Office10\NOISECHT.TXT
c:\program files\outlook\Office10\NOISEDEU.TXT
c:\program files\outlook\Office10\NOISEENG.TXT
c:\program files\outlook\Office10\NOISEENU.TXT
c:\program files\outlook\Office10\NOISEESN.TXT
c:\program files\outlook\Office10\NOISEFRA.TXT
c:\program files\outlook\Office10\NOISEITA.TXT
c:\program files\outlook\Office10\NOISEJPN.TXT
c:\program files\outlook\Office10\NOISEKOR.TXT
c:\program files\outlook\Office10\NOISENEU.TXT
c:\program files\outlook\Office10\NOISENLD.TXT
c:\program files\outlook\Office10\NOISESVE.TXT
c:\program files\outlook\Office10\NOISETHA.TXT
c:\program files\outlook\Office10\OFFCAT.ACG
c:\program files\outlook\Office10\OFFCAT.ACS
c:\program files\outlook\Office10\OLKFSTUB.DLL
c:\program files\outlook\Office10\OPW10USR.INI
c:\program files\outlook\Office10\OSA.EXE
c:\program files\outlook\Office10\OUTLACCT.DLL
c:\program files\outlook\Office10\OUTLAS.DLL
c:\program files\outlook\Office10\OUTLCM.DLL
c:\program files\outlook\Office10\OUTLCTL.DLL
c:\program files\outlook\Office10\OUTLLIB.DLL
c:\program files\outlook\Office10\OUTLMIME.DLL
c:\program files\outlook\Office10\OUTLOOK.EXE
c:\program files\outlook\Office10\OUTLPH.DLL
c:\program files\outlook\Office10\OUTLRPC.DLL
c:\program files\outlook\Office10\OUTLVBS.DLL
c:\program files\outlook\Office10\OUTLWAB.DLL
c:\program files\outlook\Office10\OWSCLT.DLL
c:\program files\outlook\Office10\OWSSUPP.DLL
c:\program files\outlook\Office10\PROFLWIZ.EXE
c:\program files\outlook\Office10\PROFLWIZ.HLP
c:\program files\outlook\Office10\RECALL.DLL
c:\program files\outlook\Office10\REFEDIT.DLL
c:\program files\outlook\Office10\REMINDER.WAV
c:\program files\outlook\Office10\RESETO10.OPS
c:\program files\outlook\Office10\ROCKY.ACG
c:\program files\outlook\Office10\ROCKY.ACS
c:\program files\outlook\Office10\RTFHTML.DLL
c:\program files\outlook\Office10\SAEXT.DLL
c:\program files\outlook\Office10\SELFCERT.EXE
c:\program files\outlook\Office10\SENDTO.DLL
c:\program files\outlook\Office10\SEQCHK10.DLL
c:\program files\outlook\Office10\SETLANG.EXE
c:\program files\outlook\Office10\Shortcut Bar\Office\Microsoft Outlook.lnk
c:\program files\outlook\Office10\Shortcut Bar\Office\New Appointment.lnk
c:\program files\outlook\Office10\Shortcut Bar\Office\New Contact.lnk
c:\program files\outlook\Office10\Shortcut Bar\Office\New Journal Entry.lnk
c:\program files\outlook\Office10\Shortcut Bar\Office\New Message.lnk
c:\program files\outlook\Office10\Shortcut Bar\Office\New Note.lnk
c:\program files\outlook\Office10\Shortcut Bar\Office\New Office Document.lnk
c:\program files\outlook\Office10\Shortcut Bar\Office\New Task.lnk
c:\program files\outlook\Office10\Shortcut Bar\Office\Open Office Document.lnk
c:\program files\outlook\Office10\Shortcut Bar\Office\Screen Saver.lnk
c:\program files\outlook\Office10\SIGNER.DLL
c:\program files\outlook\Office10\THDIC.LEX
c:\program files\outlook\Office10\TRIGRAM.LEX
c:\program files\outlook\Office10\UCSCRIBE.DLL
c:\program files\outlook\Office10\USPDAT10.XML
c:\program files\outlook\Office10\USPMAP.XML
c:\program files\outlook\Office10\USPTYPES.XML
c:\program files\outlook\Office10\VIEWSSPT.XML
c:\program files\outlook\Office10\VIEWSSRC.XML
c:\program files\outlook\Office10\Visualui.TTF
c:\program files\outlook\Office10\VS Runtime\1033\cmddefui.dll
c:\program files\outlook\Office10\VS Runtime\1033\compsvcspkgui.dll
c:\program files\outlook\Office10\VS Runtime\1033\CSSMetaData.xml
c:\program files\outlook\Office10\VS Runtime\1033\csspkgui.dll
c:\program files\outlook\Office10\VS Runtime\1033\disco.xsl
c:\program files\outlook\Office10\VS Runtime\1033\Empty.htm
c:\program files\outlook\Office10\VS Runtime\1033\HelpWatermark.htm
c:\program files\outlook\Office10\VS Runtime\1033\htmdlgsUI.dll
c:\program files\outlook\Office10\VS Runtime\1033\htmedui.dll
c:\program files\outlook\Office10\VS Runtime\1033\msdbgui.dll
c:\program files\outlook\Office10\VS Runtime\1033\msenvui.dll
c:\program files\outlook\Office10\VS Runtime\1033\VisualStudioTeamCoreUI.dll
c:\program files\outlook\Office10\VS Runtime\1033\vsbrowseUI.dll
c:\program files\outlook\Office10\VS Runtime\1033\vsdebugui.dll
c:\program files\outlook\Office10\VS Runtime\atl70.dll
c:\program files\outlook\Office10\VS Runtime\cmddef.dll
c:\program files\outlook\Office10\VS Runtime\Compsvcspkg.dll
c:\program files\outlook\Office10\VS Runtime\CSSMetaDataSchema.xml
c:\program files\outlook\Office10\VS Runtime\csspkg.dll
c:\program files\outlook\Office10\VS Runtime\disco.gif
c:\program files\outlook\Office10\VS Runtime\htmdlgs.dll
c:\program files\outlook\Office10\VS Runtime\htmed.dll
c:\program files\outlook\Office10\VS Runtime\msenv.dll
c:\program files\outlook\Office10\VS Runtime\msvcp70.dll
c:\program files\outlook\Office10\VS Runtime\msvcr70.dll
c:\program files\outlook\Office10\VS Runtime\schema.gif
c:\program files\outlook\Office10\VS Runtime\schemas\html\htm32dom.tlb
c:\program files\outlook\Office10\VS Runtime\schemas\html\htm40dom.tlb
c:\program files\outlook\Office10\VS Runtime\schemas\html\html32.xsd
c:\program files\outlook\Office10\VS Runtime\schemas\html\html40.xsd
c:\program files\outlook\Office10\VS Runtime\schemas\html\nsc40dom.tlb
c:\program files\outlook\Office10\VS Runtime\schemas\html\nscp40.xsd
c:\program files\outlook\Office10\VS Runtime\schemas\xml\adrotator.xsd
c:\program files\outlook\Office10\VS Runtime\schemas\xml\asp.xsd
c:\program files\outlook\Office10\VS Runtime\schemas\xml\wshmeta.xsd
c:\program files\outlook\Office10\VS Runtime\schemas\xml\xsdschema.xsd
c:\program files\outlook\Office10\VS Runtime\scriptle2.dll
c:\program files\outlook\Office10\VS Runtime\sdm2.dll
c:\program files\outlook\Office10\VS Runtime\service.gif
c:\program files\outlook\Office10\VS Runtime\tridsn.dll
c:\program files\outlook\Office10\VS Runtime\VisualStudioTeamCore.dll
c:\program files\outlook\Office10\VS Runtime\vsansi.dll
c:\program files\outlook\Office10\VS Runtime\vsbrowse.dll
c:\program files\outlook\Office10\VS Runtime\vsdebug.dll
c:\program files\outlook\Office10\VS Runtime\vstlbinf.dll
c:\program files\outlook\Office10\WDBIMP.DLL
c:\program files\outlook\Stationery\1033\CURRENCY.GIF
c:\program files\outlook\Stationery\1033\CURRENCY.HTM
c:\program files\outlook\Stationery\1033\DADSHIRT.GIF
c:\program files\outlook\Stationery\1033\DADSHIRT.HTM
c:\program files\outlook\Stationery\1033\JUDGESCH.GIF
c:\program files\outlook\Stationery\1033\JUDGESCH.HTM
c:\program files\outlook\Stationery\1033\JUNGLE.GIF
c:\program files\outlook\Stationery\1033\JUNGLE.HTM
c:\program files\outlook\Stationery\1033\NOTEBOOK.HTM
c:\program files\outlook\Stationery\1033\NOTEBOOK.JPG
c:\program files\outlook\Stationery\1033\OFFISUPP.GIF
c:\program files\outlook\Stationery\1033\OFFISUPP.HTM
c:\program files\outlook\Stationery\1033\PAWPRINT.GIF
c:\program files\outlook\Stationery\1033\PAWPRINT.HTM
c:\program files\outlook\Stationery\1033\PINELUMB.HTM
c:\program files\outlook\Stationery\1033\PINELUMB.JPG
c:\program files\outlook\Stationery\1033\SEAMARBL.HTM
c:\program files\outlook\Stationery\1033\SEAMARBL.JPG
c:\program files\outlook\Stationery\1033\TECHTOOL.GIF
c:\program files\outlook\Stationery\1033\TECHTOOL.HTM
c:\program files\outlook\Templates\1033\MAIL.OFT
c:\program files\outlook\Templates\MseNewFileItems\HTMLPAGE.HTM
c:\program files\outlook\Templates\MseNewFileItems\NewFileItems.vsdir
c:\program files\outlook\Templates\MseNewFileItems\TEXTFILE.TXT
c:\recycler\S-1-5-21-1078081533-920026266-839522115-1004
c:\recycler\S-1-5-21-1390067357-725345543-839522115-1004
c:\recycler\S-1-5-21-1417001333-630328440-725345543-1004
c:\recycler\S-1-5-21-3739593037-3020167966-3359300020-1006
c:\recycler\S-1-5-21-3739593037-3020167966-3359300020-1007
c:\recycler\S-1-5-21-4270378395-1777772622-1075996183-1003
c:\windows2\system32\drivers\MSIVXxnrwoptnqqhhpxurtlwbdqonemovpwes.sys
c:\windows2\system32\mfc45.dll
c:\windows2\system32\MSIVXasbfoowyjclsbxoucvkakimjvqxorjad.dll
c:\windows2\system32\MSIVXcount
c:\windows2\system32\MSIVXdjnthkwkexyydlrplcvdkfxfubvmexyl.dll
c:\windows2\system32\uninstall.exe
c:\windows2\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.

2009-07-14 02:31 . 2009-07-14 02:31 -------- d--h--w- c:\windows2\PIF
2009-07-13 21:29 . 2009-07-13 21:29 -------- d-----w- c:\program files\F5
2009-07-12 04:09 . 2009-07-12 04:09 -------- d-----w- c:\program files\Common Files\Scanner
2009-07-12 04:09 . 2009-07-12 04:11 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2009-07-12 04:08 . 2009-07-12 04:08 -------- d-----w- c:\documents and settings\wjosephson\Application Data\Yahoo!
2009-07-12 04:08 . 2009-07-12 14:12 -------- d-----w- c:\program files\Yahoo!
2009-07-11 19:15 . 2009-07-12 14:11 -------- d---a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\TEMP
2009-07-11 18:47 . 2009-07-11 18:47 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 00:38 . 2008-12-07 22:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-15 00:37 . 2008-06-19 02:07 -------- d-----w- c:\documents and settings\wjosephson\Application Data\StarOffice8
2009-07-15 00:28 . 2008-12-21 14:35 664 ----a-w- c:\windows2\system32\d3d9caps.dat
2009-07-11 16:30 . 2008-12-18 03:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\iolo
2009-06-16 22:29 . 2008-12-10 00:42 4212 ---ha-w- c:\windows2\system32\zllictbl.dat
2009-05-29 19:40 . 2008-12-18 03:30 940896 ----a-w- c:\windows2\system32\Incinerator.dll
2009-05-24 04:21 . 2008-07-13 04:25 1606 ----a-w- c:\documents and settings\wjosephson\Application Data\iolo\restore.bat
2009-05-24 02:45 . 2009-05-24 02:45 410984 ----a-w- c:\windows2\system32\deploytk.dll
2009-05-24 02:45 . 2007-04-20 02:48 -------- d-----w- c:\program files\Java
2009-05-24 02:45 . 2009-05-24 02:45 152576 ----a-w- c:\documents and settings\wjosephson\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-22 02:40 . 2009-05-22 02:39 -------- d-----w- c:\program files\QuickTime
2009-05-22 02:39 . 2009-05-22 02:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\Apple Computer
2009-05-22 02:38 . 2009-05-22 02:38 -------- d-----w- c:\program files\Apple Software Update
2009-05-22 02:38 . 2009-05-22 02:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\Apple
2009-05-14 22:19 . 2009-05-14 22:19 33920 ----a-w- c:\windows2\system32\drivers\covpndrv.sys
2009-05-14 22:19 . 2008-12-09 22:17 10752 ----a-w- c:\windows2\system32\drivers\urfltw2k.sys
2009-05-14 19:05 . 2009-06-13 15:24 173696 ----a-w- c:\documents and settings\wjosephson\Application Data\Mozilla\Firefox\Profiles\j3v4sal9.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}\Plugins\NPuroamHost.dll
2009-05-07 15:32 . 2006-02-28 12:00 345600 ----a-w- c:\windows2\system32\localspl.dll
2009-04-29 04:56 . 2006-02-28 12:00 827392 ----a-w- c:\windows2\system32\wininet.dll
2009-04-29 04:55 . 2006-02-28 12:00 78336 ----a-w- c:\windows2\system32\ieencode.dll
2009-04-19 19:05 . 2009-04-19 19:05 2678 ----a-w- c:\windows2\java\Packages\Data\WRF133DV.DAT
2009-04-19 19:05 . 2009-04-19 19:05 2678 ----a-w- c:\windows2\java\Packages\Data\FB7F5N7H.DAT
2009-04-19 19:05 . 2009-04-19 19:05 2678 ----a-w- c:\windows2\java\Packages\Data\UZJTFHVZ.DAT
2009-04-19 19:05 . 2009-04-19 19:05 2678 ----a-w- c:\windows2\java\Packages\Data\IOH3DR9V.DAT
2009-04-19 19:05 . 2009-04-19 19:05 2678 ----a-w- c:\windows2\java\Packages\Data\UER935BT.DAT
2009-04-17 12:26 . 2006-02-28 12:00 1847168 ----a-w- c:\windows2\system32\win32k.sys
2007-04-22 03:47 . 2007-04-22 03:53 4402436 ----a-w- c:\program files\everesthome220-1.zip
2009-06-13 14:19 . 2008-08-27 23:03 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-12-19 01:52 . 2008-12-19 01:50 80 --sh--r- c:\windows2\system32\1BF4CDB2DD.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows2\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2008-02-07 718704]
"PaperPort PTD"="c:\progra~1\scansoft\paperp~2\pptd40nt.exe" [2000-08-29 26624]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

c:\documents and settings\Mark\Start Menu\Programs\Startup\
Monitor My eRooms (V7).lnk - c:\program files\eRoom 7\ERClient7.exe [2007-4-16 147456]

c:\documents and settings\wjosephson\Start Menu\Programs\Startup\
StarOffice 8.lnk - c:\program files\Sun\StarOffice 8\program\quickstart.exe [2006-11-27 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\wjosephson\\Local Settings\\Application Data\\FolderShare\\FolderShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [12/2/2008 11:21 PM 600944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [12/2/2008 11:21 PM 600944]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [1/25/2008 9:47 PM 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/25/2009 11:33 PM 101936]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows2\system32\drivers\covpndrv.sys [5/14/2009 6:19 PM 33920]
S3 COH_Mon;COH_Mon;c:\windows2\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows2\system32\drivers\urfltw2k.sys [12/9/2008 6:17 PM 10752]
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 c:\windows2\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-07-14 c:\windows2\Tasks\Norton AntiVirus - Run Full System Scan - wjosephson.job
- c:\program files\Norton AntiVirus\Navw32.exe [2008-02-07 14:05]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
Trusted Zone: cengage.com\access
FF - ProfilePath - c:\documents and settings\wjosephson\Application Data\Mozilla\Firefox\Profiles\j3v4sal9.default\
FF - prefs.js: browser.startup.homepage - hxxp://baseball.realgm.com/|http://www.bowl4fun.com/ron/roncarch...ball/universe/
FF - plugin: c:\documents and settings\wjosephson\Application Data\Mozilla\Firefox\Profiles\j3v4sal9.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}\plugins\NPuroamHost.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-14 20:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\WJOSEP~3\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-746137067-1060284298-839522115-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-07-15 21:04
ComboFix-quarantined-files.txt 2009-07-15 01:04

Pre-Run: 61,919,739,904 bytes free
Post-Run: 65,029,378,048 bytes free

1069 --- E O F --- 2009-06-12 02:44
__________________
bill.josephson is offline  
Old 07-14-2009, 08:32 PM   #4
TSF Enthusiast
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Manila, PH
Posts: 1,477
OS: Vista, Linux Mint



hi.

Quote:
I will do something about Zone Alarm if you insist. With respect to NAV and Zone Alarm, I did not purchase the firewall option from Norton. When I go to the Norton Control panel I see no options for the firewall but Norton is monitoring the on-off status of Zone Alarm When I turn off Zone Alarm, Norton firewall status turns to red.
Thanks for letting me know. I think the firewall I am seeing is the one included in Norton Protection Center which is only inbound. I think they are luring the customer to upgrade to Internet Security which has Outbound-Inbound protection. Can you confirm what version you have? Is it only Norton Antivirus? Thanks If that's the case, you can keep your Zone Alarm.

Quote:
Also normally I have my machine turned off during the day (US Eastern Time). Let me know if you need the machine left on and connected.
Yes. You can turn it off.

------------------------------------------------------------------------

Please uninstall the following. Using windows ADD/REMOVE program at the control panel.

Outdated java runtimes: (Older versions have vulnerabilities that malicious sites can use to exploit and infect your system)


J2SE Runtime Environment 5.0 Update 18
J2SE Runtime Environment 5.0 Update 7


Your Java is out of date.

Java(TM) 6 Update 13 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

--------------------------------------------------------------------------

Kaspersky scan

*Close any open programs
*Turn off the real time scanner of any existing antivirus program while performing the online scan. You can find the instructions You can find instructions HERE.


Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

------------------------------------------------------------------------

How's your computer now?


In your reply, please post


Kaspersky scan result
Answer to my questions


Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Old 07-14-2009, 09:25 PM   #5
TSF Enthusiast
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Manila, PH
Posts: 1,477
OS: Vista, Linux Mint



hi joseph.

Please also answer these in your next reply.

Did you custom install your Outlook Express? Directory wise. Also for your Windows Office?
Can you confirm if your outlook is still working? Your MS office too?

Thanks.

Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Old 07-15-2009, 06:43 AM   #6
Registered Member
 
Join Date: Jul 2009
Posts: 9
OS: xp



I have Norton Antivirus Version 15.5.0.23.

I had not upgraded the JRE and JDK because of my work ( the webservice I helped maintain a year or so ago did not support version 6). Now that is not an issue so I will remove old versions and upgrade if necessary.

I use Outlook 2002 and IT WAS NOT working after the Combo-Fix scan. I had to insert the 2002 CD to get it to run. My .pst data seems to be intact, outlook content works as before though the calendar no longer saw my required notices. .No use of Express

I do not have MSOFFICE. I have StarOffice 8 which I have not upgraded since purchase probably in 2005.

I will now do the Kaspersky Online Scan.

Thanks again
__________________
bill.josephson is offline  
Old 07-15-2009, 06:50 AM   #7
TSF Enthusiast
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Manila, PH
Posts: 1,477
OS: Vista, Linux Mint



hi.

I asked you about your outlook because of the custom installation which also the same directory with infection of the past. Well, our cat got so hungry and ate the outlook.

Seems you already fix your outlook.

Quote:
though the calendar no longer saw my required notices
It is very important?

Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Old 07-16-2009, 06:45 AM   #8
Registered Member
 
Join Date: Jul 2009
Posts: 9
OS: xp



Hi Mark

I started the Kaspersky scan of the C:\ drive around 6:30 pm EST yesterday using Firefox. This morning at 7:00 am it was sitting at 19% complete and Firefox was using 98% of the CPU. No apparent progress.

So I restarted the scan in Internet Explorer, I have experienced very compute-intensive firefox runs in the past. IE has not bogged down for me. Also I have turned off the antivirus protection of Norton and the ZoneAlarm firewall.

Thanks
__________________
bill.josephson is offline  
Old 07-16-2009, 07:32 AM   #9
TSF Enthusiast
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Manila, PH
Posts: 1,477
OS: Vista, Linux Mint



hi.

You can try ESET scanner.


Note: After it started scanning, you may disconnect you pc from the internet and ESET will still continue scanning.


Run ESET Online Scan

*Close any open programs
*Turn off the real time scanner of any existing antivirus program while performing the online scan. You can find the instructions You can find instructions HERE.


Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.

Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Old 07-17-2009, 04:32 PM   #10
Registered Member
 
Join Date: Jul 2009
Posts: 9
OS: xp



Hi Mark,

So I tried ESET on internet explorer (with the settings as instructed) twice. The first ESET run I observed after 4 hours and it had scanned 34% without finding an infection. I left it scanning overnight and found the machine turned off in the morning. So I restarted the scan and when I came back from work, the machine was again turned off. This is a portable/laptop however it is plugged in and the power-settings are such that the harddrive will not shutdown.

The second time I looked for the log.txt, but it was too late, I think I overwrote the file by starting up ESET a third time. I am going let ESET scan again and try to get to that log.txt file first thing after the scan is complete or the machine shuts down.

Also I have run Kaperskey twice (once on firefox and once on ie) scanning about 15-16% of the C drive with no infected files found. Each time I quit the scan because it had stop making progress. This was after many hours of scanning.

Thanks
__________________
bill.josephson is offline  
Old 07-18-2009, 05:12 AM   #11
Registered Member
 
Join Date: Jul 2009
Posts: 9
OS: xp



I deleted a large amount of data that I had not used in over a year,


This time the ESET Scan completed.

Here is the log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=7.00.6000.16850 (vista_gdr.090423-0018)
# OnlineScanner.ocx=1.0.0.5886
# api_version=3.0.2
# EOSSerial=0c95d4cbb0b1b84d82527b851fa057dc
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-07-17 10:12:52
# local_time=2009-07-17 06:12:52 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3586 63 60 12 190103565937500
# compatibility_mode=7425 63 25 0 0
# scanned=146
# found=0
# cleaned=0
# scan_time=8
esets_scanner_update returned -1 esets_gle=53251
# version=6
# iexplore.exe=7.00.6000.16850 (vista_gdr.090423-0018)
# OnlineScanner.ocx=1.0.0.5886
# api_version=3.0.2
# EOSSerial=0c95d4cbb0b1b84d82527b851fa057dc
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-07-17 11:45:33
# local_time=2009-07-17 07:45:33 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3586 63 60 12 190159175468750
# compatibility_mode=7425 63 25 0 0
# scanned=20788
# found=0
# cleaned=0
# scan_time=4136
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=53251
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.5886
# api_version=3.0.2
# EOSSerial=0c95d4cbb0b1b84d82527b851fa057dc
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-07-18 0207
# local_time=2009-07-17 1007 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3586 63 60 12 190243517968750
# compatibility_mode=7425 63 25 0 0
# scanned=55621
# found=0
# cleaned=0
# scan_time=6842
esets_scanner_update returned -1 esets_gle=53251
# version=6
# iexplore.exe=7.00.6000.16850 (vista_gdr.090423-0018)
# OnlineScanner.ocx=1.0.0.5886
# api_version=3.0.2
# EOSSerial=0c95d4cbb0b1b84d82527b851fa057dc
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-07-18 09:07:38
# local_time=2009-07-18 05:07:38 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3586 63 60 12 190496431093750
# compatibility_mode=7425 63 25 0 0
# scanned=308030
# found=5
# cleaned=0
# scan_time=25003
C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL Win32/Toolbar.AskSBar application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS2\system32\MSIVXasbfoowyjclsbxoucvkakimjvqxorjad.dll.vir Win32/TrojanClicker.Agent.NHI trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS2\system32\MSIVXdjnthkwkexyydlrplcvdkfxfubvmexyl.dll.vir Win32/Olmarik.JI trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{ED90CE3F-4C60-412D-B1DC-38BFD7BF0E4B}\RP0\A0000001.dll Win32/Olmarik.JI trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{ED90CE3F-4C60-412D-B1DC-38BFD7BF0E4B}\RP0\A0000002.dll Win32/TrojanClicker.Agent.NHI trojan 00000000000000000000000000000000 I
__________________
bill.josephson is offline  
Old 07-18-2009, 05:21 AM   #12
TSF Enthusiast
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Manila, PH
Posts: 1,477
OS: Vista, Linux Mint



hi.

Quick update:

How's your computer now?

Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Old 07-18-2009, 08:16 AM   #13
Registered Member
 
Join Date: Jul 2009
Posts: 9
OS: xp



The computer seems normal, no unwanted popups, no slowness (not that there was any during the infection)

What I am concerned about is from the scan, especially the A0000001and 2.dll Should I delete the restores?:

"C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL Win32/Toolbar.AskSBar application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS2\system32\MSIVXasbfoowyjclsbxoucvkakimjvqxorjad.dll.vir Win32/TrojanClicker.Agent.NHI trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS2\system32\MSIVXdjnthkwkexyydlrplcvdkfxfubvmexyl.dll.vir Win32/Olmarik.JI trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{ED90CE3F-4C60-412D-B1DC-38BFD7BF0E4B}\RP0\A0000001.dll Win32/Olmarik.JI trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{ED90CE3F-4C60-412D-B1DC-38BFD7BF0E4B}\RP0\A0000002.dll Win32/TrojanClicker.Agent.NHI trojan 00000000000000000000000000000000 I"
__________________
bill.josephson is offline  
Old 07-18-2009, 12:52 PM   #14
TSF Enthusiast
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Manila, PH
Posts: 1,477
OS: Vista, Linux Mint



hi.

ESET flagged some files in your system restore. They don't pose a problem unless we will manually restore them. We will extinguished them soon. Qoobox is our quarantine folder so those in there are inactive. It will be all gone when we uninstall Combofix.

ESET flagged Askbar too. To be in the safe side let uninstall it.

C:\Program Files\AskPBar

*note - if its no longer showing in the uninstall list. Using windows explorer, delete that folder.


Congratulations! You now appear clean!

We Need to Clean Up Our Mess
  1. Uninstall ComboFix
    Remove Combofix now that we're done with it.
    • Click on your Start Menu, then Run....
    • Now copy and paste this one in the runbox. Then HIT enter.

      Code:
      ComboFix /u


    Uninstalling ComboFix will do the following:
    1. Delete ComboFix and its components from your computer.
    2. Delete other tools commonly used during the malware removal process.
    3. Resets clock settings to standard format.
    4. Re-hides file extensions and hidden/system files.
    5. Clears System Restore cache and creates new restore point.

  2. Please also delete the DDS.scr located at your desktop.
-----------------------------------------------
Recommendations
Below are some recommendations to lower your chances of (re)infection.
  1. Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.

  2. Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file

  3. Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.

  4. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

  5. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.

  6. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

Please respond to this thread one more time so we can mark this thread as resolved.

Maraming salamat.

Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Old 07-18-2009, 10:20 PM   #15
Registered Member
 
Join Date: Jul 2009
Posts: 9
OS: xp



Mark,

Thank you so much! Your help has been superb.
Techsupportforum is a great site.

All Set

Thanks Bill
__________________
bill.josephson is offline  
Old 07-18-2009, 10:26 PM   #16
TSF Enthusiast
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Manila, PH
Posts: 1,477
OS: Vista, Linux Mint



hi.

Thank you.

It is my pleasure to help you.

Surf safely.

Since the problem appears to be resolved, it will now be archived.



Mark

__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 06:21 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts