Internet Explorer Pop-ups

Disko_Stu · 06-29-2007, 01:14 AM

Hi all, as the title says I have been inundated with Internet Explorer pop-up's. At first there were just pop-up's as usual during my web browsing but they have started popping up even when I'm not using the internet. Weather I'm just listening to music or playing a game, the pop-ups still come through which makes me think that its something worse. I have run Norton and it has come up clean yet the ads keep popping up. Aside from that, my other troubles are that the computer has started running increasingly slow. Internet Explorer has also started randomly crashing, sometimes within the first minute, other times it takes 5-10 minutes. It crashes so frequently that I even had to download and use firefox to post here because IE wouldn't stay up for long enough to post. It was surprising that I was even able to download firefox.
As per your instructions here i downloaded and ran DSS (Deckard) but it got to about 16% and said "Cleaning Temporary Files" and then crashed also. I ran it again and it crashed even sooner. So the best that I could do was to download Hijackthis and run that so I've posted that. If anyone can help it would be greatly appreciated. Thanks in advance!

_________________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 5

19 PM, on 29/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANYCOM\Blue USB-120-240\bin\btwdins.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\umadsnti.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\?ystem\?srss.exe
C:\WINDOWS\SCURIT~1\regsvr32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\labfsna\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\labfsna\csrss.exe
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize313.exe"
O4 - HKLM\..\Run: [Muahwzyt] C:\Program Files\Zxlmgww\Yzagfp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [k6t09] C:\WINDOWS\fdfywdeg.exe
O4 - HKLM\..\Run: [fppcbmfb] C:\WINDOWS\system32\fppcbmfb.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\fdfywdeg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\hfhjxefc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DriveSMART] C:\PROGRA~1\COMPUA~1\smartapp.exe STARTUP
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [WinMsg] C:\WINDOWS\winmsgr.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SDR6_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcsdr.exe"
O4 - HKLM\..\Run: [PAS_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcpas.exe"
O4 - HKLM\..\Run: [ctqbgngx.exe] C:\Documents and Settings\All Users\Application Data\ctqbgngx.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E2C2832210359926033AAC
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\hqenbiqm.dll",forkonce
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Ttah] "C:\WINDOWS\SCURIT~1\regsvr32.exe" -vt yazb
O4 - HKCU\..\Run: [Blixzhi] "C:\Program Files\?ystem\?srss.exe"
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - Startup: csrss.lnk = ?
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ANYCOM\Blue USB-120-240\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-120-240\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-120-240\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Mu...ridge-c106.cab
O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} (VacPro.int_ver40v) - http://advnt01.com/dialer/intES_ver40v.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: secuload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\ANYCOM\Blue USB-120-240\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\umadsnti.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

sUBs · 06-29-2007, 02:57 AM

1. Download & save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Disko_Stu · 06-29-2007, 10:53 PM

Hey sUBs, thanks for the help.

I downloaded and ran ComboFix and it went through the first stage fine and then restarted, when I logged back in it continued and it just never ended :( I put it on before bed and it ran for over 10 hours and just never produced a log file.It was just stalled on the 'FIND3M' stage. To make note I never clicked or ran any other programs or files or folders whilst it was going! The best I could do was find the log file INSIDE the ComboFix directory which I believe is incomplete. I've also got a text file of all the quarentined files that I can post if you need. To finish up I ran HiJack This and produced a log file for you to look at, if you will. Hopefully you can assist, thanks.

_____________________

ComboFix Log (Imcomplete I believe)

"Jacqui Hampton" - 2007-06-30 2:46:13 - ComboFix 07-06-29.3 - Service Pack 2

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\geebb.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-29 )))))))))))))))))))))))))))))))

2007-06-29 21:46 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-29 16:51 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-29 16:11 <DIR> d-------- C:\Deckard
2007-06-28 20:48 1,048,576 --ah----- C:\DOCUME~1\LOCALS~1.NTA\NTUSER.DAT
2007-06-28 20:48 <DIR> d---s---- C:\DOCUME~1\LOCALS~1.NTA\UserData
2007-06-28 20:47 <DIR> d--hs---- C:\FOUND.000
2007-06-24 00:27 4,672 --a------ C:\WINDOWS\system32\dxjbgfji.exe
2007-06-23 23:35 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-06-22 11:37 <DIR> d-------- C:\DOCUME~1\JACQUI~1\APPLIC~1\Atari
2007-06-22 11:14 197,120 --a------ C:\WINDOWS\patchw32.dll
2007-06-22 11:14 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2007-06-22 11:14 <DIR> d-------- C:\DOCUME~1\JACQUI~1\APPLIC~1\Leadertech
2007-06-22 11:09 <DIR> d-------- C:\Program Files\Atari
2007-06-21 16:12 <DIR> d-------- C:\DOCUME~1\JACQUI~1\APPLIC~1\FileMaker
2007-06-21 12:12 125,504 --a------ C:\WINDOWS\system32\ubtcpwlp.dll
2007-06-21 11:37 <DIR> d-------- C:\WINDOWS\system32\qkchukoe
2007-06-21 11:04 60,928 --a------ C:\WINDOWS\system32\lcmrvx.dll
2007-06-13 22:02 <DIR> d-------- C:\DOCUME~1\JACQUI~1\APPLIC~1\Tenebril
2007-06-13 21:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tenebril
2007-06-13 21:52 40,960 --a-s---- C:\WINDOWS\system32\ProcessKiller.dll
2007-06-13 21:52 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-06-13 21:52 169,544 --a-s---- C:\WINDOWS\system32\SecuLoad.dll
2007-06-13 21:52 1,103,944 --a-s---- C:\WINDOWS\system32\Protector.dll
2007-06-13 21:52 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2007-06-13 21:52 <DIR> d-------- C:\Program Files\SpyCatcher
2007-06-13 21:47 56,832 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\ctqbgngx.exe
2007-06-13 17:57 754,808 --a------ C:\WINDOWS\system32\LiveProtectSetup.exe
2007-06-13 17:42 24,643 --a------ C:\WINDOWS\system32\ssqoonn.dll
2007-06-12 17:20 <DIR> d-------- C:\Program Files\Yahoo! Games
2007-06-11 16:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
2007-06-11 16:12 <DIR> d-------- C:\DOCUME~1\JACQUI~1\APPLIC~1\Sandlot Games
2007-05-01 18:49 167,936 --a------ C:\WINDOWS\system32\mm4095oo.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-29 17:51:06 12 ----a-w C:\WINDOWS\bthservsdp.dat
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-01 08:49:06 16 ----a-w C:\WINDOWS\system32\a99vi88f.dat
2007-05-01 08:49:02 573,944 ----a-w C:\WINDOWS\system32\nc5vfm94.dat
2007-05-01 08:48:58 2,256 ----a-w C:\WINDOWS\system32\rl5ba39o.dat
2007-04-26 06

10 690,757 ----a-w C:\WINDOWS\system32\fppcbmfb.exe
2007-04-25 14:21:16 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-20 02:46:26 45,056 ----a-w C:\WINDOWS\system32\qbb5o8jg.exe
2007-04-18 16:12:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-18 06:08:36 107,520 ----a-w C:\WINDOWS\63ffj9lp.exe
2007-04-16 12:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 12:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 12:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 12:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 12:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 12:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 12:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 12:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-05 00:34:12 16,384 ----a-w C:\WINDOWS\hfhjxefc.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{00000010-6F7D-442C-93E3-4A4827C2E4C8}=C:\WINDOWS\nem220.dll [2005-03-06 16:37]
{02478D38-C3F9-4efb-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [2004-09-29 11:02]
{0A87E45F-537A-40B4-B812-E2544C21A09F}=C:\Program Files\SpyCatcher\SCActiveBlock.dll [2005-08-22 21:57]
{6A3D18F9-DB38-80C8-1A64-FE8DB02185EF}=C:\WINDOWS\system32\lcmrvx.dll [2007-06-21 00:49]
{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}=C:\WINDOWS\system32\ssqoonn.dll [2007-06-13 17:42]
{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}=C:\WINDOWS\wsem303.dll [2005-03-10 19:54]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}=C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 16:42]
{9E8125C9-9511-4E77-97DC-522439AB8F68}=C:\WINDOWS\system32\ubtcpwlp.dll [2007-06-21 12:12]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-19 23:55]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-28 23:40]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll [2006-01-17 16:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-06-20 14:55 C:\WINDOWS\system32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [2004-08-04 18:56 C:\WINDOWS\system32\regsvr32.exe]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06]
"SoundMan"="SOUNDMAN.EXE" [2003-12-19 19:53 C:\WINDOWS\soundman.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 11:52]
"nwiz"="nwiz.exe" [2004-04-23 14:24 C:\WINDOWS\system32\nwiz.exe]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-24 06:59]
"IST Service"="C:\Program Files\ISTsvc\istsvc.exe" []
"Internet Optimizer"="C:\Program Files\Internet Optimizer\optimize313.exe" []
"Muahwzyt"="C:\Program Files\Zxlmgww\Yzagfp.exe" []
"Media Access"="C:\Program Files\Media Access\MediaAccK.exe" []
"Media Pass"="C:\Program Files\Media Pass\MediaPassK.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 17:14]
"Nokia Tray Application"="C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe" [2003-02-10 14:30]
"DataLayer"="C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe" [2003-10-07 06:44]
"csrss"="" []
"SurfAccuracy"="C:\Program Files\SurfAccuracy\SAcc.exe" [2007-04-05 10:31]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-11 14:52]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 20:54]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 18:56 C:\WINDOWS\system32\bthprops.cpl]
"DriveSMART"="C:\PROGRA~1\COMPUA~1\smartapp.exe" []
"F5D9050"="C:\Program Files\Belkin\F5D9050\Belkinwcui.exe" [2006-03-14 15:52]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24]
"ctqbgngx.exe"="C:\Documents and Settings\All Users\Application Data\ctqbgngx.exe" [2007-06-13 21:47]
"SpyCatcher Reminder"="C:\Program Files\SpyCatcher\SpyCatcher.exe" [2007-05-07 11:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 23:40]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 12:06]
"Ttah"="C:\WINDOWS\SCURIT~1\regsvr32.exe" []
"Blixzhi"="C:\Program Files\?ystem\?srss.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"="C:\WINDOWS\system32\ssqoonn.dll" [2007-06-13 17:42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljge]
C:\WINDOWS\system32\mljge.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SOFTWARE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoonn]
ssqoonn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=secuload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
NtmlSvc

*Newly Created Service* - GTNDIS5

________________________________

Hijack This log completed after ComboFix

Logfile of HijackThis v1.99.1
Scan saved at 02:45, on 2007-06-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANYCOM\Blue USB-120-240\bin\btwdins.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\ComboFix\catchme.cfexe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Documents and Settings\All Users\Application Data\ctqbgngx.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ANYCOM\Blue USB-120-240\BTTray.exe
C:\Program Files\SpyCatcher\Protector.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize313.exe"
O4 - HKLM\..\Run: [Muahwzyt] C:\Program Files\Zxlmgww\Yzagfp.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DriveSMART] C:\PROGRA~1\COMPUA~1\smartapp.exe STARTUP
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ctqbgngx.exe] C:\Documents and Settings\All Users\Application Data\ctqbgngx.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Ttah] "C:\WINDOWS\SCURIT~1\regsvr32.exe" -vt yazb
O4 - HKCU\..\Run: [Blixzhi] "C:\Program Files\?ystem\?srss.exe"
O4 - Startup: csrss.lnk = ?
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ANYCOM\Blue USB-120-240\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-120-240\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-120-240\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Mu...ridge-c106.cab
O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} (VacPro.int_ver40v) - http://advnt01.com/dialer/intES_ver40v.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: secuload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\ANYCOM\Blue USB-120-240\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

sUBs · 06-30-2007, 02:30 AM

Before fixing anything, open notepad and Copy/Paste the text in the box below into it:

Code:

@echo off
For %%g in (
C:\WINDOWS\system32\dxjbgfji.exe
C:\WINDOWS\system32\ubtcpwlp.dll
C:\WINDOWS\system32\lcmrvx.dll
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ctqbgngx.exe
C:\WINDOWS\system32\ssqoonn.dll
C:\WINDOWS\system32\mm4095oo.dll
C:\WINDOWS\system32\qbb5o8jg.exe
C:\WINDOWS\63ffj9lp.exe
C:\WINDOWS\hfhjxefc.exe
C:\WINDOWS\nem220.dll
C:\WINDOWS\system32\mljge.dll
) do catchme -l nul -k %%g >nul
echo.Please submit the file, catchme.zip located on Desktop
pause
exit

Save this as Submit.bat Choose to "Save type as - All Files". It should look like this:

Double click on Submit.bat & allow it to generate a zipped file on your Desktop called catchme.zip
Please submit catchme.zip to this site → http://www.bleepingcomputer.com/subm....php?channel=4

The file must be uploaded before proceeding to the next step.

---------------

Do a HijackThis scan & place a check next to these items and select "Fix checked":

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize313.exe"
O4 - HKLM\..\Run: [Muahwzyt] C:\Program Files\Zxlmgww\Yzagfp.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKCU\..\Run: [Ttah] "C:\WINDOWS\SCURIT~1\regsvr32.exe" -vt yazb
O4 - HKCU\..\Run: [Blixzhi] "C:\Program Files\?ystem\?srss.exe"
O4 - Startup: csrss.lnk = ?
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Mu...ridge-c106.cab
O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} (VacPro.int_ver40v) - http://advnt01.com/dialer/intES_ver40v.CAB

---------------

Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
C:\WINDOWS\system32\dxjbgfji.exe
C:\WINDOWS\system32\ubtcpwlp.dll
C:\WINDOWS\system32\lcmrvx.dll
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ctqbgngx.exe
C:\WINDOWS\system32\ssqoonn.dll
C:\WINDOWS\system32\mm4095oo.dll
C:\WINDOWS\system32\qbb5o8jg.exe
C:\WINDOWS\63ffj9lp.exe
C:\WINDOWS\hfhjxefc.exe
C:\WINDOWS\nem220.dll
C:\WINDOWS\system32\mljge.dll
Folder::
C:\WINDOWS\system32\qkchukoe
Registry::
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{6A3D18F9-DB38-80C8-1A64-FE8DB02185EF}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{9E8125C9-9511-4E77-97DC-522439AB8F68}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IST Service"=-
"Internet Optimizer"=-
"Muahwzyt"=-
"Media Access"=-
"Media Pass"=-
"csrss"=-
"SurfAccuracy"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ttah"=-
"Blixzhi"="-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljge]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SOFTWARE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoonn]

Save this as ComboFix-Do.txt

Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe
Then post the resultant log

---------------

Please perform an online scan using Internet Explorer at http://www.kaspersky.com/virusscanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. We only require a report from it.
It does not provide an option to clean/disinfect.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------

In your next post, please include fresh logs from:

Fresh Hijackthis log taken just before replying

Online scan

ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

sUBs · 06-30-2007, 02:31 AM

This is to be performed after you have posted the required logs.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6u1 - http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.

Disko_Stu · 06-30-2007, 03:12 AM

Hi sUBs, I have tried to complete the first step that you set and I have created the batch file but when I run it, all goes well except the zip file is never created. I have not completed the next steps as you said to do this first. Thanks

sUBs · 06-30-2007, 03:23 AM

That's okay. I overlooked the fact that your machine is a FAT32 machine.

Please download the Suspicious File Packer → http://www.safer-networking.org/files/sfp.zip
Unzip it to the desktop and run it.
Paste the following list of filepaths into the Suspicious File Packer window:

C:\WINDOWS\system32\dxjbgfji.exe
C:\WINDOWS\system32\ubtcpwlp.dll
C:\WINDOWS\system32\lcmrvx.dll
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ctqbgngx.exe
C:\WINDOWS\system32\ssqoonn.dll
C:\WINDOWS\system32\mm4095oo.dll
C:\WINDOWS\system32\qbb5o8jg.exe
C:\WINDOWS\63ffj9lp.exe
C:\WINDOWS\hfhjxefc.exe
C:\WINDOWS\nem220.dll
C:\WINDOWS\system32\mljge.dll

Allow SFP to pack the files. This will generate a CAB archive on your desktop.
Please submit it to this site → http://www.bleepingcomputer.com/subm....php?channel=4
Please include a link to this topic in the message.

--------------

Then continue with the rest of the steps

Disko_Stu · 06-30-2007, 09:14 AM

Hi sUBs, sorry to have taken so long to reply, combofix again took hours to run.

I successfully generated the .CAB file and uploaded it to the website given.

O4 - Startup: csrss.lnk = ? <-- this item was unable to be fixed with hijack this, it said to close the program with the task manager, when i did this the system was unable to close it because it is a critical system process.

I did as you requested as per combofix but after restarting it again never produced the log file. I let it run for about 3 hours yet no log file was produced. I have attached the (incomplete) log file that was generated inside the combofix directory.

Kaspersky ran completely and i have attached the log file created.

Should I try running DSS again as the system is a bit more stable at the moment?

Thanks sUBs

______________________________

HiJack This Log

Logfile of HijackThis v1.99.1
Scan saved at 01:11, on 2007-07-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANYCOM\Blue USB-120-240\bin\btwdins.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\ComboFix\catchme.cfexe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ANYCOM\Blue USB-120-240\BTTray.exe
C:\Program Files\SpyCatcher\Protector.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DriveSMART] C:\PROGRA~1\COMPUA~1\smartapp.exe STARTUP
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ctqbgngx.exe] C:\Documents and Settings\All Users\Application Data\ctqbgngx.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: csrss.lnk = ?
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ANYCOM\Blue USB-120-240\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-120-240\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-120-240\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\ANYCOM\Blue USB-120-240\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

________________________

Kaspersky Log

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2007-07-01 00:57
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 30/06/2007
Kaspersky Anti-Virus database records: 355843
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: false

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 232720
Number of viruses found: 74
Number of infected objects: 351 / 0
Number of suspicious objects: 3
Duration of the scan process: 01:26:49

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\drivers\etc\hosts.msn Infected: Trojan.Win32.Qhost skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\fppcbmfb.exe Infected: not-a-virus:AdWare.Win32.Sahat.au skipped
C:\WINDOWS\system32\63ffj9lp.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\USDR6_7777_BHLP0611NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.q skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\WinAntiSpyware2007FreeInstall.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\wsem303.dll Infected: Trojan-Downloader.Win32.Dyfuca.dt skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\b129.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\WINDOWS\b129.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\WINDOWS\b129.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\WINDOWS\b129.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\WINDOWS\b129.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\WINDOWS\b129.exe NSIS: infected - 5 skipped
C:\WINDOWS\b128.exe/stream/data0002/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\WINDOWS\b128.exe/stream/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\WINDOWS\b128.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\WINDOWS\b128.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\WINDOWS\b128.exe NSIS: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08140000.VBN Infected: Trojan-Downloader.Win32.VB.ft skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08140001.VBN Infected: Trojan-Downloader.Win32.VB.ft skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04180000.VBN Infected: Trojan-Downloader.Win32.IstBar.lo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04180001.VBN Infected: Trojan-Downloader.Win32.IstBar.lo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04180002.VBN Infected: Trojan-Downloader.Win32.IstBar.ie skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04180003.VBN Infected: Trojan-Downloader.Win32.IstBar.ie skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F80000.VBN Infected: Trojan-Downloader.Win32.IstBar.ij skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01B40000.VBN Infected: Trojan-Downloader.Win32.IstBar.ij skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01B40001.VBN Infected: Trojan-Downloader.Win32.IstBar.ij skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04FC0000.VBN Infected: Trojan-Downloader.Win32.IstBar.lq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\12CC0000.VBN Infected: Backdoor.Win32.Virkel.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\13EC0000.VBN Infected: Backdoor.Win32.Virkel.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\11500000.VBN Infected: Backdoor.Win32.Virkel.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C180000.VBN Infected: Backdoor.Win32.Virkel.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06A00000.VBN Infected: Backdoor.Win32.Virkel.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01EC0000.VBN Infected: Backdoor.Win32.Virkel.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E780000.VBN Infected: Backdoor.Win32.Virkel.b skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01480000.VBN Infected: Backdoor.Win32.Virkel.b skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08040000.VBN Infected: Trojan-Downloader.Win32.VB.ft skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08040001.VBN Infected: Trojan-Downloader.Win32.VB.ft skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BEC0000.VBN Infected: Trojan-Downloader.VBS.Small.co skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BEC0001.VBN Infected: Trojan-Downloader.VBS.Small.co skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E800000.VBN Infected: Backdoor.Win32.Virkel.b skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E800001.VBN Infected: Backdoor.Win32.Virkel.b skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D900000.VBN Infected: Trojan-Downloader.Win32.VB.fi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A900000.VBN Infected: Trojan-Downloader.Win32.VB.fi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DFC0000.VBN Infected: Trojan-Downloader.Win32.VB.fi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02540000.VBN Infected: Trojan-Downloader.Win32.VB.fi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240000.VBN Infected: Trojan-Downloader.Win32.VB.fi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06900000.VBN Infected: Trojan-Downloader.Win32.VB.fi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E40000.VBN Infected: Trojan-Downloader.Win32.Agent.brf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05EC0000.VBN Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E00000.VBN Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E00001.VBN Infected: Trojan-Clicker.Win32.Costrat.ax skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F00000.VBN Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D00000.VBN Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E00002.VBN Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E40001.VBN Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E00003.VBN Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D00001.VBN Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E40002.VBN Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D00002.VBN Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05CC0000.VBN Infected: Trojan.Win32.Agent.ama skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D80000.VBN Infected: Trojan.Win32.Agent.ama skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05CC0001.VBN Infected: Trojan.Win32.Agent.ama skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05DC0000.VBN Infected: Trojan.Win32.Agent.ama skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05DC0001.VBN Infected: Trojan.Win32.Agent.ama skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E80000.VBN Infected: Trojan.Win32.Agent.ama skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E00004.VBN Infected: Trojan.Win32.Agent.ama skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05CC0002.VBN Infected: Trojan.Win32.Agent.ama skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D40001.VBN Infected: Trojan.Win32.Agent.ama skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E00005.VBN Infected: Trojan.Win32.Agent.ama skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D40002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09FC0000.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A180000.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09480000.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09600000.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09440000.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09580000.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09540001.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80003.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80004.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80005.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80006.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80007.VBN Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80008.VBN Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80009.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F8000A.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F8000B.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F8000C.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09500000.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09680000.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\095C0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D940000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D940001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D940002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\055C0000.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\017C0000.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06B00000.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01FC0001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01FC0002.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01FC0003.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02540001.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02280000.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\020C0000.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02780000.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02780001.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02080000.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07980000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07980001.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07980002.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\037C0000.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07900000.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07900001.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07940000.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\078C0000.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04080000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07940001.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06980000.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\064C0000.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06940000.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\068C0001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06480000.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08600000.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08480000.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\085C0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\085C0001.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08640001.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08580000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08480001.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05100000.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05140000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D40003.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06CC0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06C80000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06C80001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06D00000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06D40000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05BC0000.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05BC0002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05BC0004.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05BC0006.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05BC0008.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05BC0009.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05BC000A.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05BC000B.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06C80002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09600001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09580001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\078C0001.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Tenebril\GhostSurf\3.0\upd-fin.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temp\fnm310.tmp Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temp\fnm311.tmp Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temp\DL2Log4 Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temp\~DFA38A.tmp Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temp\fnm5F.tmp Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temp\fnm60.tmp Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\History\History.IE5\MSHist012007063020070701\index.dat Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\tob_snd_20070616[1] Infected: Trojan.Win32.Agent.aoy skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Application Data\Mozilla\Firefox\Profiles\ch5tntem.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Application Data\Mozilla\Firefox\Profiles\ch5tntem.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Application Data\Mozilla\Firefox\Profiles\ch5tntem.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Application Data\Mozilla\Firefox\Profiles\ch5tntem.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Desktop\requested-files[2007-06-30_19_59].cab/C:/WINDOWS/system32/ubtcpwlp.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\Documents and Settings\Jacqui Hampton\Desktop\requested-files[2007-06-30_19_59].cab/C:/WINDOWS/system32/ssqoonn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\Jacqui Hampton\Desktop\requested-files[2007-06-30_19_59].cab/C:/WINDOWS/hfhjxefc.exe Infected: not-a-virus:AdWare.Win32.SurfAccuracy.q skipped
C:\Documents and Settings\Jacqui Hampton\Desktop\requested-files[2007-06-30_19_59].cab/C:/WINDOWS/nem220.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen skipped
C:\Documents and Settings\Jacqui Hampton\Desktop\requested-files[2007-06-30_19_59].cab CAB: infected - 3, suspicious - 1 skipped
C:\Documents and Settings\Jacqui Hampton\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Application Data\Mozilla\Firefox\Profiles\ch5tntem.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Application Data\Mozilla\Firefox\Profiles\ch5tntem.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Application Data\Mozilla\Firefox\Profiles\ch5tntem.default\key3.db Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Application Data\Mozilla\Firefox\Profiles\ch5tntem.default\history.dat Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Application Data\Mozilla\Firefox\Profiles\ch5tntem.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Application Data\Mozilla\Firefox\Profiles\ch5tntem.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Program Files\Media Pass\MediaPassC.dll Infected: not-a-virus:AdWare.Win32.WinAD.af skipped
C:\Program Files\Media Pass\MediaPassK.exe~ Infected: not-a-virus:AdWare.Win32.WinAD.af skipped
C:\Program Files\Media Pass\MediaPass.exe Infected: not-a-virus:AdWare.Win32.WinAD.af skipped
C:\Program Files\Morpheus\morpheustoolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Morpheus\mymorpheusToolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\SurfAccuracy\SAcc.exe Infected: not-a-virus:AdWare.Win32.SurfAccuracy.t skipped
C:\Program Files\SurfAccuracy\SAccU.exe Infected: not-a-virus:AdWare.Win32.SurfAccuracy.n skipped
C:\Program Files\Zxlmgww\Yzagfp.exe~ Infected: Trojan.Win32.Small.cy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000004.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000006.exe Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000008.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000009.dll Infected: Trojan-PSW.Win32.Sinowal.m skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000010.dll Infected: Trojan-PSW.Win32.Sinowal.m skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000012.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000013.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000014.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000015.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000016.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000017.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000018.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000019.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000020.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000021.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000022.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000023.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000024.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000025.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000026.exe Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000027.exe Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000028.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000028.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000028.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000028.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000028.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000032.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000033.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000034.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000035.exe Infected: not-a-virus:AdWare.Win32.Rond.a skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000036.exe Infected: Trojan.Win32.Small.oa skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000037.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000038.exe Infected: Trojan-Downloader.Win32.PurityScan.ej skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000040.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000040.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000040.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000051.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000052.dll Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000058.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0002210.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0002211.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0002217.exe Infected: not-a-virus:AdWare.Win32.SurfAccuracy.q skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0002218.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0002219.DLL Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP3\change.log Object is locked skipped
C:\Deckard\System Scanner\20070629163344\backup\DOCUME~1\JACQUI~1\LOCALS~1\Temp\WinAntiSpyware2007Setup.exe/file05/file2 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Deckard\System Scanner\20070629163344\backup\DOCUME~1\JACQUI~1\LOCALS~1\Temp\WinAntiSpyware2007Setup.exe/file05 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Deckard\System Scanner\20070629163344\backup\DOCUME~1\JACQUI~1\LOCALS~1\Temp\WinAntiSpyware2007Setup.exe/file26 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Deckard\System Scanner\20070629163344\backup\DOCUME~1\JACQUI~1\LOCALS~1\Temp\WinAntiSpyware2007Setup.exe/file39 Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\Deckard\System Scanner\20070629163344\backup\DOCUME~1\JACQUI~1\LOCALS~1\Temp\WinAntiSpyware2007Setup.exe Inno: infected - 4 skipped
C:\Deckard\System Scanner\20070629163344\backup\DOCUME~1\JACQUI~1\LOCALS~1\Temp\!update.exe Infected: Trojan-Downloader.Win32.PurityScan.dx skipped
C:\Deckard\System Scanner\20070629163344\backup\DOCUME~1\JACQUI~1\LOCALS~1\Temp\gos4F00.tmp Infected: Trojan.Win32.Dialer.qn skipped
C:\Deckard\System Scanner\20070629163344\backup\DOCUME~1\JACQUI~1\LOCALS~1\Temp\win4F11.tmp/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\Deckard\System Scanner\20070629163344\backup\DOCUME~1\JACQUI~1\LOCALS~1\Temp\win4F11.tmp NSIS: infected - 1 skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\dmfiles.cab/AltnetUninstall.exe Infected: not-a-virus:AdWare.Win32.Altnet.g skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\dmfiles.cab CAB: infected - 1 skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\mysearch.cab/mySetp.exe Infected: not-a-virus:AdWare.Win32.MyWay.g skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\mysearch.cab CAB: infected - 1 skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\pmexe.cab/Points Manager.exe Infected: not-a-virus:AdWare.Win32.Altnet.h skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\pmexe.cab CAB: infected - 1 skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\pmfiles.cab/sysdetect.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\pmfiles.cab CAB: infected - 1 skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\Setup.exe Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\adm4.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\adm25.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\adm.exe Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\admdloader.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\admfdi.dll Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\admprog.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\WinAntiSpyware2007FreeInstall.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1162OinAdmin.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1122OinAdmin.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll.vir Infected: Trojan-PSW.Win32.Sinowal.m skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll.vir Infected: Trojan-PSW.Win32.Sinowal.m skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\DriveCleaner Free.vir\udcsdr.exe~ Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\DriveCleaner Free.vir\udcpas.exe~ Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\QooBox\Quarantine\C\Program Files\webHancer\whAgent_update.exe.vir/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\QooBox\Quarantine\C\Program Files\webHancer\whAgent_update.exe.vir/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\QooBox\Quarantine\C\Program Files\webHancer\whAgent_update.exe.vir/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\QooBox\Quarantine\C\Program Files\webHancer\whAgent_update.exe.vir/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\QooBox\Quarantine\C\Program Files\webHancer\whAgent_update.exe.vir RarSFX: infected - 4 skipped
C:\QooBox\Quarantine\C\Program Files\webHancer\Programs\whiehlpr.dll.vir Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\QooBox\Quarantine\C\Program Files\webHancer\Programs\webhdll.dll.vir Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\QooBox\Quarantine\C\Program Files\webHancer\Programs\whinstaller.exe.vir Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\QooBox\Quarantine\C\Program Files\WinAntiSpyware 2007\RTMonitor.dat\296c61ce47f249561fb22299\a11d21868c8f4130b750b7a0\c1cf0658ba3a48d6c0edb18f\#data.vir Infected: Trojan.Win32.Qhost skipped
C:\QooBox\Quarantine\C\Program Files\WinPop\winpop.exe.vir Infected: not-a-virus:AdWare.Win32.Rond.a skipped
C:\QooBox\Quarantine\C\Program Files\WinPop\UnInstall.exe.vir Infected: Trojan.Win32.Small.oa skipped
C:\QooBox\Quarantine\C\Program Files\YSTEM~1\сsrss.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\QooBox\Quarantine\C\Program Files\Internet Optimizer.vir\optimize.exe Infected: Trojan-Downloader.Win32.Dyfuca.du skipped
C:\QooBox\Quarantine\C\Program Files\Internet Optimizer.vir\update\actalert.exe Infected: Trojan-Downloader.Win32.Dyfuca.dp skipped
C:\QooBox\Quarantine\C\Program Files\Internet Optimizer.vir\update\rogue.exe Infected: Trojan.Win32.Small.cy skipped
C:\QooBox\Quarantine\C\Program Files\Internet Optimizer.vir\actalert.exe Infected: Trojan-Downloader.Win32.Dyfuca.dp skipped
C:\QooBox\Quarantine\C\WINDOWS\retadpu1000272.exe.vir Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\QooBox\Quarantine\C\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uwskuahd.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\roxipreb.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\umadsnti.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ncdsnvqj.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vbsvhuaf.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dhhompvk.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xwpgdugj.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\trjreygc.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\davqycqc.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xslhpkky.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mcsoaato.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ptqujmyy.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vhuoukgs.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nmgffgen.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\efcyxyy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\winjjq32.dll.vir Infected: Trojan.Win32.Dialer.qn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmkhh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yydnkecc.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dxjbgfji.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ubtcpwlp.dll.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqoonn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\QooBox\Quarantine\C\WINDOWS\SCURIT~1\regsvr32.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.ej skipped
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir NSIS: infected - 2 skipped
C:\QooBox\Quarantine\C\WINDOWS\hfhjxefc.exe.vir Infected: not-a-virus:AdWare.Win32.SurfAccuracy.q skipped
C:\QooBox\Quarantine\C\WINDOWS\nem220.dll.vir Infected: Trojan-Downloader.Win32.Dyfuca.gen skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B80000.VBN/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B80000.VBN/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B80000.VBN/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B80000.VBN ZIP: infected - 3 skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B80000.VBN CryptZ: infected - 3 skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B80001.VBN/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B80001.VBN/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B80001.VBN/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B80001.VBN ZIP: infected - 3 skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B80001.VBN CryptZ: infected - 3 skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08100000.VBN Infected: Exploit.HTML.Mht skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08340000.VBN Infected: Exploit.HTML.Mht skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08500000.VBN Infected: Exploit.HTML.Mht skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08540000.VBN Infected: Exploit.HTML.Mht skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08540001.VBN Infected: Exploit.HTML.Mht skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\087C0000.VBN Infected: Exploit.HTML.Mht skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08800000.VBN Infected: Exploit.HTML.Mht skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08800001.VBN Infected: Exploit.HTML.Mht skipped
E:\Documents and Settings\Barbara\Local Settings\Temporary Internet Files\Content.IE5\I323IPYB\dogado999[1].jpg Infected: Exploit.HTML.Mht skipped
E:\Documents and Settings\Lance\Local Settings\Temp\__unin__.exe Infected: not-a-virus:AdWare.Win32.Altnet.g skipped
E:\found.001\file0003.chk Infected: not-a-virus:AdWare.Win32.MyWay.b skipped
E:\LOSTFILE\DIR18\Altnet\adm.exe Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
E:\LOSTFILE\DIR18\Altnet\adm25.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
E:\LOSTFILE\DIR18\Altnet\adm4.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
E:\LOSTFILE\DIR18\Altnet\admdloader.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
E:\LOSTFILE\DIR18\Altnet\admfdi.dll Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
E:\LOSTFILE\DIR18\Altnet\admprog.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
E:\LOSTFILE\DIR18\Altnet\dmfiles.cab/AltnetUninstall.exe Infected: not-a-virus:AdWare.Win32.Altnet.g skipped
E:\LOSTFILE\DIR18\Altnet\dmfiles.cab CAB: infected - 1 skipped
E:\LOSTFILE\DIR18\Altnet\mysearch.cab/mySetp.exe Infected: not-a-virus:AdWare.Win32.MyWay.g skipped
E:\LOSTFILE\DIR18\Altnet\mysearch.cab CAB: infected - 1 skipped
E:\LOSTFILE\DIR18\Altnet\pmexe.cab/Points Manager.exe Infected: not-a-virus:AdWare.Win32.Altnet.h skipped
E:\LOSTFILE\DIR18\Altnet\pmexe.cab CAB: infected - 1 skipped
E:\LOSTFILE\DIR18\Altnet\pmfiles.cab/sysdetect.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
E:\LOSTFILE\DIR18\Altnet\pmfiles.cab CAB: infected - 1 skipped
E:\LOSTFILE\DIR18\Altnet\Setup.exe Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
E:\Program Files\hbinst\Hbinst.exe Infected: not-a-virus:AdWare.Win32.Hotbar.k skipped
E:\Program Files\Hotbar\bin\4.4.5.0\HbHostIE.dll Infected: not-a-virus:AdWare.Win32.Hotbar.m skipped
E:\Program Files\Hotbar\bin\4.4.5.0\HbHostOE.dll Infected: not-a-virus:AdWare.Win32.Hotbar.m skipped
E:\Program Files\Hotbar\bin\4.4.5.0\HbHostOL.dll Infected: not-a-virus:AdWare.Win32.Hotbar.m skipped
E:\Program Files\Hotbar\bin\4.4.5.0\Hbinst.exe Infected: not-a-virus:AdWare.Win32.Hotbar.k skipped
E:\Program Files\Hotbar\bin\4.4.5.0\HbInstIE.dll Infected: not-a-virus:AdWare.Win32.Hotbar.k skipped
E:\Program Files\Hotbar\bin\4.4.5.0\HbSrv.exe Infected: not-a-virus:AdWare.Win32.Hotbar.o skipped
E:\Program Files\Hotbar\bin\4.4.5.0\HbToolbar.dll Infected: not-a-virus:AdWare.Win32.Hotbar.ak skipped
E:\Program Files\Hotbar\bin\4.4.5.0\WeatherOnTray.exe Infected: not-a-virus:AdWare.Win32.Hotbar.an skipped
E:\Program Files\INSTAFINK\InstaFinderK_inst.exe/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped
E:\Program Files\INSTAFINK\InstaFinderK_inst.exe NSIS: infected - 1 skipped
E:\Program Files\INSTAFINK\instafink.dll Infected: not-a-virus:AdWare.Win32.404Search.h skipped
E:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL Infected: not-a-virus:AdWare.Win32.MyWay.g skipped
E:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL Infected: not-a-virus:AdWare.Win32.MyWay.f skipped
E:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\PerfectNav\BHO\PerfectNav150c.dll Infected: not-a-virus:AdWare.Win32.Perfnav.a skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP3\change.log Object is locked skipped

Scan process completed.

_____________________________

Combofix Log (Incomplete)

"Jacqui Hampton" - 2007-06-30 20:14:03 - ComboFix 07-06-29.3 - Service Pack 2
Command switches used :: C:\Documents and Settings\Jacqui Hampton\Desktop\ComboFix-Do.txt

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\jqbdikjy.dll
C:\WINDOWS\system32\vnfrkprv.dll
C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\vrpkrfnv.ini
C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\egjlm.bak1

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ALLUSE~1\APPLIC~1\ctqbgngx.exe
C:\WINDOWS\63ffj9lp.exe
C:\WINDOWS\hfhjxefc.exe
C:\WINDOWS\nem220.dll
C:\WINDOWS\system32\dxjbgfji.exe
C:\WINDOWS\system32\lcmrvx.dll
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\mm4095oo.dll
C:\WINDOWS\system32\qbb5o8jg.exe
C:\WINDOWS\system32\qkchukoe
C:\WINDOWS\system32\qkchukoe\bg1.gif
C:\WINDOWS\system32\qkchukoe\bgtop.gif
C:\WINDOWS\system32\qkchukoe\bottom1.gif
C:\WINDOWS\system32\qkchukoe\essentials.gif
C:\WINDOWS\system32\qkchukoe\icon1.ico
C:\WINDOWS\system32\qkchukoe\install1.gif
C:\WINDOWS\system32\qkchukoe\left1.gif
C:\WINDOWS\system32\qkchukoe\li.gif
C:\WINDOWS\system32\qkchukoe\logo.gif
C:\WINDOWS\system32\qkchukoe\main.htm
C:\WINDOWS\system32\qkchukoe\mainframe.htm
C:\WINDOWS\system32\qkchukoe\reinstall1.gif
C:\WINDOWS\system32\qkchukoe\right1.gif
C:\WINDOWS\system32\qkchukoe\s1.htm
C:\WINDOWS\system32\qkchukoe\s2.htm
C:\WINDOWS\system32\qkchukoe\s3.htm
C:\WINDOWS\system32\qkchukoe\SMTop1.gif
C:\WINDOWS\system32\qkchukoe\SMTop2.gif
C:\WINDOWS\system32\qkchukoe\SMTop3.gif
C:\WINDOWS\system32\qkchukoe\SMTop4.gif
C:\WINDOWS\system32\qkchukoe\soft1_off.gif
C:\WINDOWS\system32\qkchukoe\soft1_off_ext.gif
C:\WINDOWS\system32\qkchukoe\soft1_on.gif
C:\WINDOWS\system32\qkchukoe\soft1_on_ext.gif
C:\WINDOWS\system32\qkchukoe\soft2_off.gif
C:\WINDOWS\system32\qkchukoe\soft2_off_ext.gif
C:\WINDOWS\system32\qkchukoe\soft2_on.gif
C:\WINDOWS\system32\qkchukoe\soft2_on_ext.gif
C:\WINDOWS\system32\qkchukoe\soft3_off.gif
C:\WINDOWS\system32\qkchukoe\soft3_off_ext.gif
C:\WINDOWS\system32\qkchukoe\soft3_on.gif
C:\WINDOWS\system32\qkchukoe\soft3_on_ext.gif
C:\WINDOWS\system32\qkchukoe\softbottom_off.gif
C:\WINDOWS\system32\qkchukoe\softbottom_on.gif
C:\WINDOWS\system32\qkchukoe\softleft_off.gif
C:\WINDOWS\system32\qkchukoe\softleft_on.gif
C:\WINDOWS\system32\qkchukoe\top1.gif
C:\WINDOWS\system32\qkchukoe\top2.gif
C:\WINDOWS\system32\qkchukoe\turnoff1.gif
C:\WINDOWS\system32\qkchukoe\turnon1.gif
C:\WINDOWS\system32\ssqoonn.dll
C:\WINDOWS\system32\ubtcpwlp.dll
C:\WINDOWS\system32\yydnkecc.exe

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-30 )))))))))))))))))))))))))))))))

2007-06-29 21:46 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-29 16:51 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-29 16:11 <DIR> d-------- C:\Deckard
2007-06-28 20:48 1,048,576 --ah----- C:\DOCUME~1\LOCALS~1.NTA\NTUSER.DAT
2007-06-28 20:48 <DIR> d---s---- C:\DOCUME~1\LOCALS~1.NTA\UserData
2007-06-28 20:47 <DIR> d--hs---- C:\FOUND.000
2007-06-23 23:35 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-06-22 11:37 <DIR> d-------- C:\DOCUME~1\JACQUI~1\APPLIC~1\Atari
2007-06-22 11:14 197,120 --a------ C:\WINDOWS\patchw32.dll
2007-06-22 11:14 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2007-06-22 11:14 <DIR> d-------- C:\DOCUME~1\JACQUI~1\APPLIC~1\Leadertech
2007-06-22 11:09 <DIR> d-------- C:\Program Files\Atari
2007-06-21 16:12 <DIR> d-------- C:\DOCUME~1\JACQUI~1\APPLIC~1\FileMaker
2007-06-13 22:02 <DIR> d-------- C:\DOCUME~1\JACQUI~1\APPLIC~1\Tenebril
2007-06-13 21:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tenebril
2007-06-13 21:52 40,960 --a-s---- C:\WINDOWS\system32\ProcessKiller.dll
2007-06-13 21:52 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-06-13 21:52 169,544 --a-s---- C:\WINDOWS\system32\SecuLoad.dll
2007-06-13 21:52 1,103,944 --a-s---- C:\WINDOWS\system32\Protector.dll
2007-06-13 21:52 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2007-06-13 21:52 <DIR> d-------- C:\Program Files\SpyCatcher
2007-06-13 17:57 754,808 --a------ C:\WINDOWS\system32\LiveProtectSetup.exe
2007-06-12 17:20 <DIR> d-------- C:\Program Files\Yahoo! Games
2007-06-11 16:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
2007-06-11 16:12 <DIR> d-------- C:\DOCUME~1\JACQUI~1\APPLIC~1\Sandlot Games

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-30 11:19:30 12 ----a-w C:\WINDOWS\bthservsdp.dat
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-01 08:49:06 16 ----a-w C:\WINDOWS\system32\a99vi88f.dat
2007-05-01 08:49:02 573,944 ----a-w C:\WINDOWS\system32\nc5vfm94.dat
2007-05-01 08:48:58 2,256 ----a-w C:\WINDOWS\system32\rl5ba39o.dat
2007-04-26 06

10 690,757 ----a-w C:\WINDOWS\system32\fppcbmfb.exe
2007-04-25 14:21:16 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 12:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 12:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 12:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 12:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 12:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 12:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 12:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 12:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4efb-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [2004-09-29 11:02]
{0A87E45F-537A-40B4-B812-E2544C21A09F}=C:\Program Files\SpyCatcher\SCActiveBlock.dll [2005-08-22 21:57]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}=C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 16:42]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-19 23:55]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-28 23:40]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll [2006-01-17 16:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-06-20 14:55 C:\WINDOWS\system32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [2004-08-04 18:56 C:\WINDOWS\system32\regsvr32.exe]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06]
"SoundMan"="SOUNDMAN.EXE" [2003-12-19 19:53 C:\WINDOWS\soundman.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 11:52]
"nwiz"="nwiz.exe" [2004-04-23 14:24 C:\WINDOWS\system32\nwiz.exe]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-24 06:59]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 17:14]
"Nokia Tray Application"="C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe" [2003-02-10 14:30]
"DataLayer"="C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe" [2003-10-07 06:44]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-11 14:52]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 20:54]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 18:56 C:\WINDOWS\system32\bthprops.cpl]
"DriveSMART"="C:\PROGRA~1\COMPUA~1\smartapp.exe" []
"F5D9050"="C:\Program Files\Belkin\F5D9050\Belkinwcui.exe" [2006-03-14 15:52]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24]
"ctqbgngx.exe"="C:\Documents and Settings\All Users\Application Data\ctqbgngx.exe" []
"SpyCatcher Reminder"="C:\Program Files\SpyCatcher\SpyCatcher.exe" [2007-05-07 11:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 23:40]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 12:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=secuload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
NtmlSvc

________________________

Thanks

sUBs · 06-30-2007, 10:25 AM

Quote:

I did as you requested as per combofix but after restarting it again never produced the log file. I let it run for about 3 hours yet no log file was produced.

The next time ComboFix does that, close the DOS window. From what I'm observing, it would appear to file system error. The 'Find3M' stage should never take more than 3 minutes, tops.

Kaspersky found numerous infected files. Before we go acting against them, I have some questions for you:

* Does Drive E:\ contain another copy of Windows?
* Is it still functional?

For the moment, please remove the files from Norton's quarantine cache. Use this guide: http://service1.symantec.com/SUPPORT...on=1#_Section1

Disko_Stu · 07-01-2007, 12:57 AM

sUBs,

Thanks for the heads up on the FIND3M report!

Drive E: was from another computer but got corrupted. The hard drive is in this computer temporarily just to back up the files from it. There is no Windows directory anymore, it was removed. Hence, the drive is not still functional aside from secondary storage.

I removed the quarantined files from Norton.

Hope that helps, Cheers.

sUBs · 07-01-2007, 02:46 AM

Go to Start → Control Panel → Add or Remove Programs and uninstall the following programs:

Media Pass
Morpheus
SurfAccuracy

---------------

Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
C:\WINDOWS\system32\drivers\etc\hosts.msn
C:\WINDOWS\system32\fppcbmfb.exe
C:\WINDOWS\system32\63ffj9lp.ini
C:\WINDOWS\wsem303.dll
C:\WINDOWS\b129.exe
C:\WINDOWS\b128.exe
E:\Program Files\MSN Messenger\riched20.dll
Folder::
C:\WINDOWS\Downloaded Program Files\CONFLICT.2
C:\WINDOWS\Downloaded Program Files\CONFLICT.2
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5
C:\Program Files\Media Pass
C:\Program Files\Morpheus
C:\Program Files\SurfAccuracy
C:\Program Files\Zxlmgww
C:\Deckard\System Scanner
E:\Documents and Settings\Barbara\Local Settings\Temporary Internet Files
E:\Documents and Settings\Lance\Local Settings\Temp
E:\found.001
E:\LOSTFILE\DIR18\Altnet
E:\Program Files\hbinst
E:\Program Files\Hotbar
E:\Program Files\INSTAFINK
E:\Program Files\MyWay
E:\Program Files\PerfectNav

Save this as ComboFix-Do.txt

Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe
Then post the resultant log

Reminder: Find3M should not take more than 3 minutes

Disko_Stu · 07-01-2007, 07:29 AM

Hi,

I removed the programs that you asked and upon running ComboFix it stalled again so I closed it like you said. I didn't even get a log to show you the beginning, all it says is the time and date that it was run.

Should I run DSS now?

sUBs · 07-01-2007, 08:33 AM

Do me a favor. Please zip/archive the entire C:\ComboFix folder & upload it to:

http://www.bleepingcomputer.com/subm....php?channel=4

Disko_Stu · 07-01-2007, 06:31 PM

Yep, Done

sUBs · 07-01-2007, 07:03 PM

I've looked at the package which you uploaded. It does not appear to have hunged. Did it come up with a long list of files & you closed the DOS box shortly after that?

By the look of things, only half the stuff got removed. The tool was heading for a reboot but it got stopped before that happened.

Please run the "ComboFix-Do" script again. This time round, keep an eye on Task Manager. When ComboFix runs, taskmanager's cpu usage is high. When it hangs, it's no longer high

Disko_Stu · 07-02-2007, 08:26 AM

Hey, I ran ComboFix again and this time it went through a long list of files and then restarted. When it came back on it did the whole 'Preparing Log' thing and the CPU usage was high for about an hour so I let it go, after that the CPU usage dropped to 1-4% so I closed it and pasted the log here, I'm unsure if its complete though.

__________________________

ComboFix Log (Incomplete?)

"Jacqui Hampton" - 2007-07-02 18:56:43 - ComboFix 07-06-29.3 - Service Pack 2
Command switches used :: C:\Documents and Settings\Jacqui Hampton\Desktop\ComboFix-Do.txt

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\0000000001_000000000000000377988[1].gif
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\20x20_chkr[1].png
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\20x20_hxic[1].png
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\20x20_mrps[1].png
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\63663.0.0[1].swf
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\70700.0.0[1].swf
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\airCombatIcon_trans25[1].png
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\arrowDownSmall[1].gif
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\bg_people[1].gif
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\bgradTile[1].gif
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\blank[1].htm
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\button_blank1[1].gif
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\button_error[1].gif
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\button_moregame_single[1].gif
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\CA4P45O7.htm
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\CA85MTHE.htm
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\contactcardservice[1].xml
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\dd_wedding81x46[1].gif
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\emot_icon[1].png
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\fish_tycoon81x46[1].gif
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\GAME_UNO1[1].cab
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\games_icon[1].png
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\lavalife_magheart01[1].png
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\legend_elDorado81x46[1].gif
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\links[1].dat
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\loading_ring[1].gif
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\main[1].css
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\main[1].htm
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\news_icon[1].png
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\sponsor_area[1].gif
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\table_tile[1].gif
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\tile_top_horizontal[1].gif
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\top_tile[2].gif
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\turbo_pizza81x46[1].gif
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\wildwest_billy81x46[1].gif
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\y1pQ67hu84rRYHdTQZq8q-BvyhGEMwR52jxKfy91ei2H-3EMwmvp2iPpc7yzkjVX48F[1].bin
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\zone[1].css
C:\Program Files\Morpheus
C:\Program Files\Zxlmgww
C:\WINDOWS\b128.exe
C:\WINDOWS\b129.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.2
C:\WINDOWS\system32\63ffj9lp.ini
C:\WINDOWS\system32\drivers\etc\hosts.msn
C:\WINDOWS\system32\fppcbmfb.exe
C:\WINDOWS\wsem303.dll
E:\Documents and Settings\Barbara\Local Settings\Temporary Internet Files
E:\Documents and Settings\Lance\Local Settings\Temp
E:\Documents and Settings\Lance\Local Settings\Temp\__unin__.exe
E:\Documents and Settings\Lance\Local Settings\Temp\{1068130f-17ab-11d5-9875-00105ace7734}\eBay.url
E:\Documents and Settings\Lance\Local Settings\Temp\{5809e7cf-4dcf-11d4-9875-00105ace7734}\Register on the Logitech website.url
E:\Documents and Settings\Lance\Local Settings\Temp\~157.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~600C.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DF35D9.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DF3CED.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DF3FF5.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DF552C.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DF5B18.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DF5B20.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DF5B68.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DF5B99.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DF5BE5.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DF5C9D.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DF6A81.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DF6CC9.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DF7654.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DF82E7.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DF8341.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DF884.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DF8A18.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DF900.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DF9033.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DF91.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DF9DB6.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DFA8E5.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DFA9A5.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DFACEF.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DFB492.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DFB5E7.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DFBBD8.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DFC7AC.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DFCA84.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DFD3D.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DFF32B.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DFF676.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DFF8EA.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~DFFB3E.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~e5d141.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~F8.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC0000.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC0001.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC0002.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC0003.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC0004.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC0068.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC0446.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC0501.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC0662.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC0920.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC0964.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC1080.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC1128.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC1218.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC1219.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC1258.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC1298.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC1365.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC1381.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC1429.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC1528.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC1551.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC1558.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC1563.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC1601.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC1708.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC1781.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC1861.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC1959.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC2039.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC2169.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC2249.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC2257.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC2315.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC2405.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC2572.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC2770.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC2920.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC3018.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC3105.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC3108.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC3538.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC3589.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC3598.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC3608.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC3618.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC3726.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC3745.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC3781.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC3789.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC4069.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC4071.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRC4097.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRD0000.doc
E:\Documents and Settings\Lance\Local Settings\Temp\~WRD0001.doc
E:\Documents and Settings\Lance\Local Settings\Temp\~WRD0001.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRD0002.doc
E:\Documents and Settings\Lance\Local Settings\Temp\~WRD0002.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRD0003.doc
E:\Documents and Settings\Lance\Local Settings\Temp\~WRD0003.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRD0283.doc
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF0000.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF0001.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF0002.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF0003.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF0004.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF0184.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF0189.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF0202.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF0317.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF0416.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF0562.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF0705.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF0729.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF0783.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF0863.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF0889.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF1220.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF1723.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF1745.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF1913.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF2258.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF2421.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF2478.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF2486.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF2533.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF2797.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF3144.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF3299.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF3334.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF3370.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF3545.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF3963.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRF4069.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS0000.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS0001.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS0002.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS0003.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS0004.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS0005.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS0006.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS0007.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS0008.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS0009.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS0010.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS0011.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS0012.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS0094.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS0105.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS0217.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS0319.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS0464.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS0608.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS0688.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS0759.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS0766.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS0793.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS1625.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS1647.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS1818.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS2161.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS2326.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS2381.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS2391.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS2435.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS2700.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS3197.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS3198.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS3237.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS3272.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\~WRS3972.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\002950
E:\Documents and Settings\Lance\Local Settings\Temp\003798
E:\Documents and Settings\Lance\Local Settings\Temp\020352
E:\Documents and Settings\Lance\Local Settings\Temp\021696
E:\Documents and Settings\Lance\Local Settings\Temp\0UE8R6RF.htm
E:\Documents and Settings\Lance\Local Settings\Temp\125849441.cvr
E:\Documents and Settings\Lance\Local Settings\Temp\133ea3c.mst
E:\Documents and Settings\Lance\Local Settings\Temp\153328344.cvr
E:\Documents and Settings\Lance\Local Settings\Temp\153347712.cvr
E:\Documents and Settings\Lance\Local Settings\Temp\1f789712.mst
E:\Documents and Settings\Lance\Local Settings\Temp\4896DE4.dmp
E:\Documents and Settings\Lance\Local Settings\Temp\489D751.dmp
E:\Documents and Settings\Lance\Local Settings\Temp\48e1_appcompat.txt
E:\Documents and Settings\Lance\Local Settings\Temp\4FC288F.dmp
E:\Documents and Settings\Lance\Local Settings\Temp\4FCD36E.dmp
E:\Documents and Settings\Lance\Local Settings\Temp\6B5CD92.dmp
E:\Documents and Settings\Lance\Local Settings\Temp\76114897.cvr
E:\Documents and Settings\Lance\Local Settings\Temp\83633879.cvr
E:\Documents and Settings\Lance\Local Settings\Temp\83654338.cvr
E:\Documents and Settings\Lance\Local Settings\Temp\873101.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\923E78E.dmp
E:\Documents and Settings\Lance\Local Settings\Temp\9f2np6o~momk9q.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\9f2np6o~mpm99o9.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX5592.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX5593.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX5594.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX5595.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX5596.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX5597.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX5598.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX5599.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX559B.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX55A0.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX55A2.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX55C4.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX55C6.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX55C7.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX55C8.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX55C9.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX55CA.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX55CB.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX55CC.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX55CD.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX55CE.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX55CF.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX55D0.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX55D1.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX55D2.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX55D4.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX5616.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX5617.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX5618.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX5619.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX9C9.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAX9CB.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAXB28E.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAXB291.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\AAXBB0.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\Abstract1.atr.bmp
E:\Documents and Settings\Lance\Local Settings\Temp\Acc64.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\ACLog1.CAB
E:\Documents and Settings\Lance\Local Settings\Temp\ACLog2.CAB
E:\Documents and Settings\Lance\Local Settings\Temp\ACLog3.CAB
E:\Documents and Settings\Lance\Local Settings\Temp\Aquatica-Install-fsg.exe
E:\Documents and Settings\Lance\Local Settings\Temp\AQuninst.exe
E:\Documents and Settings\Lance\Local Settings\Temp\au_all.cab
E:\Documents and Settings\Lance\Local Settings\Temp\au_res.dll
E:\Documents and Settings\Lance\Local Settings\Temp\au_setuph.dll
E:\Documents and Settings\Lance\Local Settings\Temp\b43d_appcompat.txt
E:\Documents and Settings\Lance\Local Settings\Temp\Bubbles.atr.bmp
E:\Documents and Settings\Lance\Local Settings\Temp\bundle.inf
E:\Documents and Settings\Lance\Local Settings\Temp\BWInstall.log
E:\Documents and Settings\Lance\Local Settings\Temp\c871B9.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\cab156
E:\Documents and Settings\Lance\Local Settings\Temp\cab157
E:\Documents and Settings\Lance\Local Settings\Temp\cab158
E:\Documents and Settings\Lance\Local Settings\Temp\cab161
E:\Documents and Settings\Lance\Local Settings\Temp\cebd_appcompat.txt
E:\Documents and Settings\Lance\Local Settings\Temp\cf21_appcompat.txt
E:\Documents and Settings\Lance\Local Settings\Temp\control.xml
E:\Documents and Settings\Lance\Local Settings\Temp\Cookies\index.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Cookies\lance@bfast[2].txt
E:\Documents and Settings\Lance\Local Settings\Temp\Cookies\lance@cgi-bin[2].txt
E:\Documents and Settings\Lance\Local Settings\Temp\Cookies\lance@commbank.com[1].txt
E:\Documents and Settings\Lance\Local Settings\Temp\Cookies\lance@counter13.sextracker[1].txt
E:\Documents and Settings\Lance\Local Settings\Temp\Cookies\lance@doubleclick[1].txt
E:\Documents and Settings\Lance\Local Settings\Temp\Cookies\lance@e-2dj6wjmyald5wcp.stats.esomniture[2].txt
E:\Documents and Settings\Lance\Local Settings\Temp\Cookies\lance@e-2dj6wjmyqkajeho.stats.esomniture[1].txt
E:\Documents and Settings\Lance\Local Settings\Temp\Cookies\lance@ebay.com[2].txt
E:\Documents and Settings\Lance\Local Settings\Temp\Cookies\lance@google.com[1].txt
E:\Documents and Settings\Lance\Local Settings\Temp\Cookies\lance@google[1].txt
E:\Documents and Settings\Lance\Local Settings\Temp\Cookies\lance@hellomagazine[2].txt
E:\Documents and Settings\Lance\Local Settings\Temp\Cookies\lance@infospace[2].txt
E:\Documents and Settings\Lance\Local Settings\Temp\Cookies\lance@msn[1].txt
E:\Documents and Settings\Lance\Local Settings\Temp\Cookies\lance@national.com[1].txt
E:\Documents and Settings\Lance\Local Settings\Temp\Cookies\lance@ninemsn.com[2].txt
E:\Documents and Settings\Lance\Local Settings\Temp\Cookies\lance@search.ninemsn.com[2].txt
E:\Documents and Settings\Lance\Local Settings\Temp\Cookies\lance@sextracker[1].txt
E:\Documents and Settings\Lance\Local Settings\Temp\Cookies\lance@www.abc.net[1].txt
E:\Documents and Settings\Lance\Local Settings\Temp\d94d.rra
E:\Documents and Settings\Lance\Local Settings\Temp\DelUS.bat
E:\Documents and Settings\Lance\Local Settings\Temp\Des65.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\DOTVVYZ9.htm
E:\Documents and Settings\Lance\Local Settings\Temp\dw.log
E:\Documents and Settings\Lance\Local Settings\Temp\Excel8.0\MSForms.exd
E:\Documents and Settings\Lance\Local Settings\Temp\Fav62.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\FDT45.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla10.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla12.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla14.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla167B.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla1DFB.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla1DFD.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla1DFE.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla2.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla28.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla29.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla2A.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla2E8F.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla2E91.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla3.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla35C3.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla35C4.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla4.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla5.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla6.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla67.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla6D4.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla6E.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla6FA.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla6FB.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla6FD.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla7.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla778.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla77D.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla8.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\fla9.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\flaA.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\flaB.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\flaE1D.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\flaE1E.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\flaF.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\Florabunda.atr.bmp
E:\Documents and Settings\Lance\Local Settings\Temp\History\History.IE5\desktop.ini
E:\Documents and Settings\Lance\Local Settings\Temp\History\History.IE5\index.dat
E:\Documents and Settings\Lance\Local Settings\Temp\hpilog00.txt
E:\Documents and Settings\Lance\Local Settings\Temp\hpilog01.txt
E:\Documents and Settings\Lance\Local Settings\Temp\hpilog02.txt
E:\Documents and Settings\Lance\Local Settings\Temp\hpilog03.txt
E:\Documents and Settings\Lance\Local Settings\Temp\hpilog04.txt
E:\Documents and Settings\Lance\Local Settings\Temp\hpilog05.txt
E:\Documents and Settings\Lance\Local Settings\Temp\hpilog06.txt
E:\Documents and Settings\Lance\Local Settings\Temp\hpilog07.txt
E:\Documents and Settings\Lance\Local Settings\Temp\hpistr.hpi
E:\Documents and Settings\Lance\Local Settings\Temp\IadHide4.dll
E:\Documents and Settings\Lance\Local Settings\Temp\IEC3EAE.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\IEC3EAF.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\IEC3EB0.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\IEC3EB1.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\IEC3EB2.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\IECFE3.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\IMT1A.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMT1B.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMT1C.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMT1D.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMT1E.dtd
E:\Documents and Settings\Lance\Local Settings\Temp\IMT1F.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMT20.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMT21.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMTF922.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMTF923.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMTF924.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMTF925.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMTF926.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMTF927.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMTF929.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMTF92A.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMTF92B.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMTF92C.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMTF92D.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMTF92E.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMTFED.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMTFEE.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMTFEF.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMTFF6.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMTFF7.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMTFF8.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMTFF9.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMTFFA.xml
E:\Documents and Settings\Lance\Local Settings\Temp\IMTFFB.xml
E:\Documents and Settings\Lance\Local Settings\Temp\ins1.tmp\LDMClient.exe
E:\Documents and Settings\Lance\Local Settings\Temp\ins1.tmp\LiteInstRC_EN.dll
E:\Documents and Settings\Lance\Local Settings\Temp\ins2.tmp\LDMClient.exe
E:\Documents and Settings\Lance\Local Settings\Temp\ins2.tmp\LiteInstRC_EN.dll
E:\Documents and Settings\Lance\Local Settings\Temp\INSTALL.LOG
E:\Documents and Settings\Lance\Local Settings\Temp\is-30C6.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\isp8.tmp\_setup.dll
E:\Documents and Settings\Lance\Local Settings\Temp\IVIApp.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\j07ygjl~pmp0ql.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\JW3UGUJI.htm
E:\Documents and Settings\Lance\Local Settings\Temp\kmd20.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd21.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd22.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd23.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd24.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd25.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd26.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd27.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd28.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd29.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd2A.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd2B.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd2C.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd2D.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd2E.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd2F.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd30.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd31.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd32.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd4B54.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd4B55.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd4B56.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd4B58.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd4B59.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd4B5B.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd4B5C.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd4B5D.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd4B5E.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd4B5F.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd4B60.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd4B62.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd4B64.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd4B65.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd4B66.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd4B67.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd4B68.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd4B69.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd4B6A.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd4B7F.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd5C3D.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd5C3E.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd5C40.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd5C42.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd5C43.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd5C44.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd5C45.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd5C47.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd5C49.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd5C4A.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd5C4B.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd5C4E.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd5C50.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd5C51.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd5C53.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd5C54.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd5C55.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd5C56.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd5C57.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd7C6.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd7C7.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd7C8.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd7C9.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd7CB.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd7CD.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd7CE.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd7CF.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd7D1.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd7D3.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd7D4.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd7D5.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd7D8.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd7D9.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd7DA.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd7DB.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd7DD.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd7DE.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd7DF.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd7FC.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd7FD.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd7FE.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd7FF.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd800.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd801.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd802.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd803.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd804.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd805.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd806.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd807.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd808.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd809.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd80A.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd80B.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd80C.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd80D.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\kmd80E.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\lastscan.JPG
E:\Documents and Settings\Lance\Local Settings\Temp\links.txt
E:\Documents and Settings\Lance\Local Settings\Temp\logitemp0001\logimail0001.ini
E:\Documents and Settings\Lance\Local Settings\Temp\logitemp0001\logimail0001.txt
E:\Documents and Settings\Lance\Local Settings\Temp\logitemp0001\Video 1.WMV
E:\Documents and Settings\Lance\Local Settings\Temp\LVCOMSX.LOG
E:\Documents and Settings\Lance\Local Settings\Temp\manifest.cfg
E:\Documents and Settings\Lance\Local Settings\Temp\Microsoft Office 2003 Setup(0001).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Microsoft Office 2003 Setup(0001)_Task(0001).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Microsoft Office 2003 Setup(0002).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Microsoft Office 2003 Setup(0002)_Task(0001).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Microsoft Project 2000 Setup(0002).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Microsoft Project 2000 Setup(0002)_MsiExec.txt
E:\Documents and Settings\Lance\Local Settings\Temp\mmreg.log
E:\Documents and Settings\Lance\Local Settings\Temp\mmsetup13047.exe
E:\Documents and Settings\Lance\Local Settings\Temp\MSI52d92.LOG
E:\Documents and Settings\Lance\Local Settings\Temp\MSI7c00b.LOG
E:\Documents and Settings\Lance\Local Settings\Temp\MSI7d023.LOG
E:\Documents and Settings\Lance\Local Settings\Temp\MSI91a10.LOG
E:\Documents and Settings\Lance\Local Settings\Temp\MSI956dc.LOG
E:\Documents and Settings\Lance\Local Settings\Temp\MSId150a.LOG
E:\Documents and Settings\Lance\Local Settings\Temp\MSId150b.LOG
E:\Documents and Settings\Lance\Local Settings\Temp\msnsearch.exe
E:\Documents and Settings\Lance\Local Settings\Temp\msntb.cfg
E:\Documents and Settings\Lance\Local Settings\Temp\mso33C.wmf
E:\Documents and Settings\Lance\Local Settings\Temp\NER6E0.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\np.m3u
E:\Documents and Settings\Lance\Local Settings\Temp\O206Q56M.htm
E:\Documents and Settings\Lance\Local Settings\Temp\Off60.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\offcln11.log
E:\Documents and Settings\Lance\Local Settings\Temp\offcln9.log
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 CD2 Setup(0002).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 CD2 Setup(0002)_MsiExec.txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 CD2 Setup(0004).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 CD2 Setup(0004)_MsiExec.txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 CD2 Setup(0006).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 CD2 Setup(0006)_MsiExec.txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 CD2 Setup(0008).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 CD2 Setup(0009).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 CD2 Setup(0011).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0002).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0002)_MsiExec.txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0004).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0006).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0008).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0010).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0012).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0012)_MsiExec.txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0014).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0014)_MsiExec.txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0016).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0017).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0019).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0019)_MsiExec.txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0021).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0023).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0025).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0025)_MsiExec.txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0027).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0027)_MsiExec.txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0029).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0031).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0033).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0035).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0035)_MsiExec.txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0037).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0037)_MsiExec.txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0038).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0040).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0042).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0042)_MsiExec.txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0044).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0044)_MsiExec.txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0046).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0046)_MsiExec.txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0048).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0048)_MsiExec.txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0050).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0050)_MsiExec.txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0052).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0052)_MsiExec.txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0054).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0056).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0058).txt
E:\Documents and Settings\Lance\Local Settings\Temp\Office 2000 Premium Setup(0060).txt
E:\Documents and Settings\Lance\Local Settings\Temp\OfficeUpdate\OU(00001)_Msi.log
E:\Documents and Settings\Lance\Local Settings\Temp\OfficeUpdate\OU(00002)_Msi.log
E:\Documents and Settings\Lance\Local Settings\Temp\outlook logging\firstrun.log
E:\Documents and Settings\Lance\Local Settings\Temp\Outlook Startup.BAK
E:\Documents and Settings\Lance\Local Settings\Temp\Outlook Startup.Log
E:\Documents and Settings\Lance\Local Settings\Temp\p2p9.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\p2pA.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\p2psetup.exe
E:\Documents and Settings\Lance\Local Settings\Temp\patch.exe
E:\Documents and Settings\Lance\Local Settings\Temp\patchw32.dll
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_184.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_1bc.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_330.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_458.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_494.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_4b8.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_5ac.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_5e8.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_60c.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_634.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_640.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_648.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_654.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_660.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_674.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_688.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_6a8.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_6d8.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_6f0.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_6fc.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_704.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_720.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_75c.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_770.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_8d4.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_b8.dat
E:\Documents and Settings\Lance\Local Settings\Temp\Perflib_Perfdata_e0.dat
E:\Documents and Settings\Lance\Local Settings\Temp\pp9setup.log
E:\Documents and Settings\Lance\Local Settings\Temp\PPT8.0\ShockwaveFlashObjects.exd
E:\Documents and Settings\Lance\Local Settings\Temp\prjcln9.log
E:\Documents and Settings\Lance\Local Settings\Temp\Pro63.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\qmgr.cab
E:\Documents and Settings\Lance\Local Settings\Temp\qmgr.inf
E:\Documents and Settings\Lance\Local Settings\Temp\Qui61.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\R0MIX5Y5.htm
E:\Documents and Settings\Lance\Local Settings\Temp\Reflections.atr.bmp
E:\Documents and Settings\Lance\Local Settings\Temp\rtdrvmon.exe
E:\Documents and Settings\Lance\Local Settings\Temp\set4.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\Set7.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\setb0.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\setb1.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\setb2.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\setb3.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\setb4.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\SetD0.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\SetD1.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\SetD2.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\SetE7.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\setE8.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\setE9.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\setEFB.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\SetFEF.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\setup.exe
E:\Documents and Settings\Lance\Local Settings\Temp\SETUP.LST
E:\Documents and Settings\Lance\Local Settings\Temp\setup_wm.exe
E:\Documents and Settings\Lance\Local Settings\Temp\sr1patch\Office 2000 SR-1 Setup(0001).txt
E:\Documents and Settings\Lance\Local Settings\Temp\sr1patch\Office 2000 SR-1 Setup(0001)_MsiExec.txt
E:\Documents and Settings\Lance\Local Settings\Temp\sr1patch\setup.exe
E:\Documents and Settings\Lance\Local Settings\Temp\sr1patch\source.ini
E:\Documents and Settings\Lance\Local Settings\Temp\Strawberry.atr.bmp
E:\Documents and Settings\Lance\Local Settings\Temp\Subjects0.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\Sunset1.atr.bmp
E:\Documents and Settings\Lance\Local Settings\Temp\swtmp.htm
E:\Documents and Settings\Lance\Local Settings\Temp\TCD40.tmp\Agenda wizard.Wiz
E:\Documents and Settings\Lance\Local Settings\Temp\TCD41.tmp\Agenda wizard.Wiz
E:\Documents and Settings\Lance\Local Settings\Temp\TFR10.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR11.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR14.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR15.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR16.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR17.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR18.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR19.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR1B.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR1C.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR1D.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR1E.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR2.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR20.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR2091.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR2092.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR2093.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR2097.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR2098.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR2099.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR209B.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR209E.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR209F.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR20A1.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR20A4.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR20A8.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR20AC.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR20B0.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR20B4.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR20B8.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR21.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR23.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR24.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR25.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR27.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR29.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR2A.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR2B.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR2C.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR2D.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR2F.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR30.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR31.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR33.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR34.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR35.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR36.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR37.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3728.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR372C.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR372D.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3731.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR38.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR39.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3B.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3C.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3D.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3E.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3EE7.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3EE8.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3EEA.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3EEC.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3EEE.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3EEF.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3EF1.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3EF2.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3EF4.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3EF6.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3EFA.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3EFE.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3F02.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3F06.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3F0A.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3F0E.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3F0F.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3F11.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3F13.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3F15.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3F17.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3F19.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3F1B.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3F1C.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3F1E.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3F21.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3F25.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3F29.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3F2D.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR3F31.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR40.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR41.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR43.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR44.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR45.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR48.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR49.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR4C.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR4D.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR4E85.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR4E86.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR4E87.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR4E8A.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR4E8C.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR4E8D.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR4E8F.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR4E91.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR4E93.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR4E94.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR4E98.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR4E9C.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR4EA0.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR4EA4.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR4EA8.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR4EAC.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR5.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR50.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR51.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR54.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR55.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR55D6.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR55DA.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR55DB.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR55DF.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR55E0.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR55E4.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR55E5.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR55E9.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR55EA.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR55EE.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR55EF.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR55F1.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR55F3.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR55F5.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR55F6.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR55F7.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR55FA.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR55FC.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR55FD.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR5601.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR5605.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR5609.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR560D.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR5611.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR58.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR5C.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR6.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR60.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR6F1E.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR6F1F.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR6F21.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR6F24.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR6F25.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR6F26.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR6F28.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR6F29.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR6F2C.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR6F30.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR6F34.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR6F38.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR6F3C.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR6F40.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR7.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR8.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR867.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR868.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR86A.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR86C.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR86C9.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR86CB.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR86CE.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR86CF.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR86D0.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR86D1.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR86D3.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR86D6.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR86D7.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR86D9.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR86DC.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR86E.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR86E0.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR86E4.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR86E8.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR86EC.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR86F0.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR871.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR874.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR876.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFR9.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRB.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRC.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRC337.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRC350.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRC352.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRC354.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRC357.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRC35A.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRC35C.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRC4B3.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRC4B4.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRC4B6.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRC4B9.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRC4BD.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRC4C1.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRC4C2.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRC4C4.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRC4C7.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRC4C8.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRC4C9.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRC4CD.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRC4D1.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRC4D5.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRD.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRE.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRE4E.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TFRF.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\TWAIN.LOG
E:\Documents and Settings\Lance\Local Settings\Temp\Twain001.Mtx
E:\Documents and Settings\Lance\Local Settings\Temp\Twunk001.MTX
E:\Documents and Settings\Lance\Local Settings\Temp\Twunk002.MTX
E:\Documents and Settings\Lance\Local Settings\Temp\VBE\MSForms.exd
E:\Documents and Settings\Lance\Local Settings\Temp\Veggies.atr.bmp
E:\Documents and Settings\Lance\Local Settings\Temp\VGX61DB.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\VGX61DC.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\VGX61DD.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\VGX61DE.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\VGXA38C.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\VGXA38D.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\VGXA38E.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\VGXA38F.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\Video 1.WMV
E:\Documents and Settings\Lance\Local Settings\Temp\WaterLilies.atr.bmp
E:\Documents and Settings\Lance\Local Settings\Temp\WER1.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\WER1.tmp.dir00\manifest.txt
E:\Documents and Settings\Lance\Local Settings\Temp\WER1.tmp.dir00\sysdata.xml
E:\Documents and Settings\Lance\Local Settings\Temp\WER6d2d.dir00\appcompat.txt
E:\Documents and Settings\Lance\Local Settings\Temp\WER6d2d.dir00\OUTLOOK.EXE.hdmp
E:\Documents and Settings\Lance\Local Settings\Temp\WER6d2d.dir00\OUTLOOK.EXE.mdmp
E:\Documents and Settings\Lance\Local Settings\Temp\WER7bc5.dir00\appcompat.txt
E:\Documents and Settings\Lance\Local Settings\Temp\WER7bc5.dir00\manifest.txt
E:\Documents and Settings\Lance\Local Settings\Temp\WER7bc5.dir00\services.exe.hdmp
E:\Documents and Settings\Lance\Local Settings\Temp\WER7bc5.dir00\services.exe.mdmp
E:\Documents and Settings\Lance\Local Settings\Temp\WER8301.dir00\manifest.txt
E:\Documents and Settings\Lance\Local Settings\Temp\WER8301.dir00\Mini042705-01.dmp
E:\Documents and Settings\Lance\Local Settings\Temp\WER8301.dir00\sysdata.xml
E:\Documents and Settings\Lance\Local Settings\Temp\WERd7c2.dir00\appcompat.txt
E:\Documents and Settings\Lance\Local Settings\Temp\WERd7c2.dir00\manifest.txt
E:\Documents and Settings\Lance\Local Settings\Temp\WERd7c2.dir00\OUTLOOK.EXE.hdmp
E:\Documents and Settings\Lance\Local Settings\Temp\WERd7c2.dir00\OUTLOOK.EXE.mdmp
E:\Documents and Settings\Lance\Local Settings\Temp\WERe435.dir00\manifest.txt
E:\Documents and Settings\Lance\Local Settings\Temp\WERe435.dir00\Mini052805-01.dmp
E:\Documents and Settings\Lance\Local Settings\Temp\WERe435.dir00\sysdata.xml
E:\Documents and Settings\Lance\Local Settings\Temp\WERec36.dir00\appcompat.txt
E:\Documents and Settings\Lance\Local Settings\Temp\WERec36.dir00\drwtsn32.exe.hdmp
E:\Documents and Settings\Lance\Local Settings\Temp\WERec36.dir00\drwtsn32.exe.mdmp
E:\Documents and Settings\Lance\Local Settings\Temp\WERec36.dir00\manifest.txt
E:\Documents and Settings\Lance\Local Settings\Temp\WERf28b.dir00\appcompat.txt
E:\Documents and Settings\Lance\Local Settings\Temp\WERf28b.dir00\manifest.txt
E:\Documents and Settings\Lance\Local Settings\Temp\WERf28b.dir00\WINWORD.EXE.hdmp
E:\Documents and Settings\Lance\Local Settings\Temp\WERf28b.dir00\WINWORD.EXE.mdmp
E:\Documents and Settings\Lance\Local Settings\Temp\WERf3d4.dir00\appcompat.txt
E:\Documents and Settings\Lance\Local Settings\Temp\WERf3d4.dir00\manifest.txt
E:\Documents and Settings\Lance\Local Settings\Temp\WERf3d4.dir00\svchost.exe.hdmp
E:\Documents and Settings\Lance\Local Settings\Temp\WERf3d4.dir00\svchost.exe.mdmp
E:\Documents and Settings\Lance\Local Settings\Temp\WinterWonderland.atr.bmp
E:\Documents and Settings\Lance\Local Settings\Temp\Word8.0\MSForms.exd
E:\Documents and Settings\Lance\Local Settings\Temp\Word8.0\ShockwaveFlashObjects.exd
E:\Documents and Settings\Lance\Local Settings\Temp\y98w0t0~n0n8o9.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\y98w0t0~nknpp0.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\ZTR24.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\ZTR28.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\ZTR2F.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\ZTR33.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\ZTRBC5A.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\ZTRBC5E.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\ZTRBC65.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\ZTRBC69.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\ZTRC5.tmp
E:\Documents and Settings\Lance\Local Settings\Temp\ZTRC9.tmp
E:\found.001
E:\found.001\file0000.chk
E:\found.001\file0001.chk
E:\found.001\file0002.chk
E:\found.001\file0003.chk
E:\LOSTFILE\DIR18\Altnet
E:\LOSTFILE\DIR18\Altnet\adm.exe
E:\LOSTFILE\DIR18\Altnet\adm25.dll
E:\LOSTFILE\DIR18\Altnet\adm4.dll
E:\LOSTFILE\DIR18\Altnet\admdata.dll
E:\LOSTFILE\DIR18\Altnet\admdloader.dll
E:\LOSTFILE\DIR18\Altnet\admfdi.dll
E:\LOSTFILE\DIR18\Altnet\admprog.dll
E:\LOSTFILE\DIR18\Altnet\atl.dll
E:\LOSTFILE\DIR18\Altnet\dmfiles.cab
E:\LOSTFILE\DIR18\Altnet\DMinfo3.cab
E:\LOSTFILE\DIR18\Altnet\dminstall7.cab
E:\LOSTFILE\DIR18\Altnet\msvcirt.dll
E:\LOSTFILE\DIR18\Altnet\mysearch.cab
E:\LOSTFILE\DIR18\Altnet\pmexe.cab
E:\LOSTFILE\DIR18\Altnet\pmfiles.cab
E:\LOSTFILE\DIR18\Altnet\pminstall.cab
E:\LOSTFILE\DIR18\Altnet\Setup.cab
E:\LOSTFILE\DIR18\Altnet\Setup.exe
E:\Program Files\hbinst
E:\Program Files\hbinst\Hbinst.exe
E:\Program Files\Hotbar
E:\Program Files\Hotbar\bin\4.4.5.0\HbHostIE.dll
E:\Program Files\Hotbar\bin\4.4.5.0\HbHostOE.dll
E:\Program Files\Hotbar\bin\4.4.5.0\HbHostOL.dll
E:\Program Files\Hotbar\bin\4.4.5.0\Hbinst.exe
E:\Program Files\Hotbar\bin\4.4.5.0\HbInstIE.dll
E:\Program Files\Hotbar\bin\4.4.5.0\HbSrv.exe
E:\Program Files\Hotbar\bin\4.4.5.0\HbToolbar.dll
E:\Program Files\Hotbar\bin\4.4.5.0\Install.scr
E:\Program Files\Hotbar\bin\4.4.5.0\Wallpaper.dll
E:\Program Files\Hotbar\bin\4.4.5.0\WeatherOnTray.exe
E:\Program Files\Hotbar\Hotbar.log
E:\Program Files\INSTAFINK
E:\Program Files\INSTAFINK\Cache\ErrorLog.txt
E:\Program Files\INSTAFINK\Cache\instafinktb0302.cfg
E:\Program Files\INSTAFINK\InstaFinderK_inst.exe
E:\Program Files\INSTAFINK\instafink.dll
E:\Program Files\INSTAFINK\Uninstall.exe
E:\Program Files\MSN Messenger\riched20.dll
E:\Program Files\MyWay
E:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
E:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS
E:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL
E:\Program Files\MyWay\myBar\1.bin\PARTNER.BMP
E:\Program Files\MyWay\myBar\1.bin\PARTNER.DAT
E:\Program Files\MyWay\myBar\1.bin\PARTNER2.DAT
E:\Program Files\MyWay\myBar\1.bin\PARTNER3.DAT
E:\Program Files\MyWay\myBar\1.bin\PARTNER4.DAT
E:\Program Files\MyWay\myBar\1.bin\PARTNER5.DAT
E:\Program Files\MyWay\myBar\1.bin\PARTNER6.DAT
E:\Program Files\MyWay\myBar\Cache\00039BCA
E:\Program Files\MyWay\myBar\Cache\003F0BA7.w
E:\Program Files\MyWay\myBar\Cache\003F156E
E:\Program Files\MyWay\myBar\Cache\003F1821.bin
E:\Program Files\MyWay\myBar\Cache\003F1B4C.bin
E:\Program Files\MyWay\myBar\Cache\003F1DEB.bin
E:\Program Files\MyWay\myBar\Cache\0042DACE
E:\Program Files\MyWay\myBar\Cache\00598250
E:\Program Files\MyWay\myBar\Cache\0FF12493
E:\Program Files\MyWay\myBar\Cache\files.ini
E:\Program Files\MyWay\myBar\History\search
E:\Program Files\MyWay\myBar\Settings\prevcfg.htm
E:\Program Files\PerfectNav
E:\Program Files\PerfectNav\BHO\PerfectNav150c.dll

((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 )))))))))))))))))))))))))))))))

2007-07-01 23:03 <DIR> d-------- C:\WINDOWS\LastGood
2007-06-30 22:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-29 21:46 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-29 16:51 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-29 16:11 <DIR> d-------- C:\Deckard
2007-06-28 20:48 1,048,576 --ah----- C:\DOCUME~1\LOCALS~1.NTA\NTUSER.DAT
2007-06-28 20:48 <DIR> d---s---- C:\DOCUME~1\LOCALS~1.NTA\UserData
2007-06-28 20:47 <DIR> d--hs---- C:\FOUND.000
2007-06-23 23:35 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-06-22 11:37 <DIR> d-------- C:\DOCUME~1\JACQUI~1\APPLIC~1\Atari
2007-06-22 11:14 197,120 --a------ C:\WINDOWS\patchw32.dll
2007-06-22 11:14 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2007-06-22 11:14 <DIR> d-------- C:\DOCUME~1\JACQUI~1\APPLIC~1\Leadertech
2007-06-22 11:09 <DIR> d-------- C:\Program Files\Atari
2007-06-21 16:12 <DIR> d-------- C:\DOCUME~1\JACQUI~1\APPLIC~1\FileMaker
2007-06-13 22:02 <DIR> d-------- C:\DOCUME~1\JACQUI~1\APPLIC~1\Tenebril
2007-06-13 21:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tenebril
2007-06-13 21:52 40,960 --a-s---- C:\WINDOWS\system32\ProcessKiller.dll
2007-06-13 21:52 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-06-13 21:52 169,544 --a-s---- C:\WINDOWS\system32\SecuLoad.dll
2007-06-13 21:52 1,103,944 --a-s---- C:\WINDOWS\system32\Protector.dll
2007-06-13 21:52 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2007-06-13 21:52 <DIR> d-------- C:\Program Files\SpyCatcher
2007-06-13 17:57 754,808 --a------ C:\WINDOWS\system32\LiveProtectSetup.exe
2007-06-12 17:20 <DIR> d-------- C:\Program Files\Yahoo! Games
2007-06-11 16:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
2007-06-11 16:12 <DIR> d-------- C:\DOCUME~1\JACQUI~1\APPLIC~1\Sandlot Games

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-01 12:12:06 12 ----a-w C:\WINDOWS\bthservsdp.dat
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-01 08:49:06 16 ----a-w C:\WINDOWS\system32\a99vi88f.dat
2007-05-01 08:49:02 573,944 ----a-w C:\WINDOWS\system32\nc5vfm94.dat
2007-05-01 08:48:58 2,256 ----a-w C:\WINDOWS\system32\rl5ba39o.dat
2007-04-25 14:21:16 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 12:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 12:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 12:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 12:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 12:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 12:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 12:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 12:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4efb-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [2004-09-29 11:02]
{0A87E45F-537A-40B4-B812-E2544C21A09F}=C:\Program Files\SpyCatcher\SCActiveBlock.dll [2005-08-22 21:57]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}=C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 16:42]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-19 23:55]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-28 23:40]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll [2006-01-17 16:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-06-20 14:55 C:\WINDOWS\system32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [2004-08-04 18:56 C:\WINDOWS\system32\regsvr32.exe]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06]
"SoundMan"="SOUNDMAN.EXE" [2003-12-19 19:53 C:\WINDOWS\soundman.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 11:52]
"nwiz"="nwiz.exe" [2004-04-23 14:24 C:\WINDOWS\system32\nwiz.exe]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-24 06:59]
"Nokia Tray Application"="C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe" [2003-02-10 14:30]
"DataLayer"="C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe" [2003-10-07 06:44]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-11 14:52]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 20:54]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 18:56 C:\WINDOWS\system32\bthprops.cpl]
"DriveSMART"="C:\PROGRA~1\COMPUA~1\smartapp.exe" []
"F5D9050"="C:\Program Files\Belkin\F5D9050\Belkinwcui.exe" [2006-03-14 15:52]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24]
"ctqbgngx.exe"="C:\Documents and Settings\All Users\Application Data\ctqbgngx.exe" []
"SpyCatcher Reminder"="C:\Program Files\SpyCatcher\SpyCatcher.exe" [2007-05-07 11:56]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 23:40]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 12:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=secuload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
NtmlSvc

*Newly Created Service* - GTNDIS5

sUBs · 07-02-2007, 08:49 AM

Looks good but the log is still incomplete. I need to find out what's causing the hiccup. Please zip up C:\ComboFix folder again & upload it to http://www.bleepingcomputer.com/subm....php?channel=4

Disko_Stu · 07-02-2007, 10:18 AM

Yeah, done

sUBs · 07-02-2007, 10:36 AM

Ermm ...where exactly have you uploaded it to? I haven't received it yet

Disko_Stu · 07-02-2007, 08:25 PM

Ah...thats a bother. I've just re-uploaded it now, hopefully this time it will work fine, sorry about that...scrap that I got an error message saying that I've exceeded the upload size limit. My file is 8MB and I'm only allowed 3MB, the original folder size is about 32MB, is that normal?

06-29-2007, 01:14 AM	#1 (permalink)
Disko_Stu Registered User Join Date: May 2007 Location: Australia Posts: 43 OS: Windows XP and Vista	Internet Explorer Pop-ups Hi all, as the title says I have been inundated with Internet Explorer pop-up's. At first there were just pop-up's as usual during my web browsing but they have started popping up even when I'm not using the internet. Weather I'm just listening to music or playing a game, the pop-ups still come through which makes me think that its something worse. I have run Norton and it has come up clean yet the ads keep popping up. Aside from that, my other troubles are that the computer has started running increasingly slow. Internet Explorer has also started randomly crashing, sometimes within the first minute, other times it takes 5-10 minutes. It crashes so frequently that I even had to download and use firefox to post here because IE wouldn't stay up for long enough to post. It was surprising that I was even able to download firefox. As per your instructions here i downloaded and ran DSS (Deckard) but it got to about 16% and said "Cleaning Temporary Files" and then crashed also. I ran it again and it crashed even sooner. So the best that I could do was to download Hijackthis and run that so I've posted that. If anyone can help it would be greatly appreciated. Thanks in advance! _________________________________________________________________ Logfile of HijackThis v1.99.1 Scan saved at 519 PM, on 29/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ANYCOM\Blue USB-120-240\bin\btwdins.exe C:\Program Files\NavNT\defwatch.exe C:\WINDOWS\system32\umadsnti.exe C:\Program Files\NavNT\rtvscan.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsgSys.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\explorer.exe C:\Program Files\Belkin\F5D9050\Belkinwcui.exe C:\Program Files\?ystem\?srss.exe C:\WINDOWS\SCURIT~1\regsvr32.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/ R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) F3 - REG:win.ini: load=C:\WINDOWS\system32\labfsna\csrss.exe F3 - REG:win.ini: run=C:\WINDOWS\system32\labfsna\csrss.exe O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize313.exe" O4 - HKLM\..\Run: [Muahwzyt] C:\Program Files\Zxlmgww\Yzagfp.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [k6t09] C:\WINDOWS\fdfywdeg.exe O4 - HKLM\..\Run: [fppcbmfb] C:\WINDOWS\system32\fppcbmfb.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\fdfywdeg.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\hfhjxefc.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [DriveSMART] C:\PROGRA~1\COMPUA~1\smartapp.exe STARTUP O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe O4 - HKLM\..\Run: [WinMsg] C:\WINDOWS\winmsgr.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [SDR6_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcsdr.exe" O4 - HKLM\..\Run: [PAS_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcpas.exe" O4 - HKLM\..\Run: [ctqbgngx.exe] C:\Documents and Settings\All Users\Application Data\ctqbgngx.exe O4 - HKLM\..\Run: [SpyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E2C2832210359926033AAC O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe" O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\hqenbiqm.dll",forkonce O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Ttah] "C:\WINDOWS\SCURIT~1\regsvr32.exe" -vt yazb O4 - HKCU\..\Run: [Blixzhi] "C:\Program Files\?ystem\?srss.exe" O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe O4 - Startup: csrss.lnk = ? O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ANYCOM\Blue USB-120-240\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-120-240\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-120-240\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/ O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Mu...ridge-c106.cab O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} (VacPro.int_ver40v) - http://advnt01.com/dialer/intES_ver40v.CAB O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: secuload.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\ANYCOM\Blue USB-120-240\bin\btwdins.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: DomainService - - C:\WINDOWS\system32\umadsnti.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

06-29-2007, 02:57 AM	#2 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,333 OS: N/A	Re: Internet Explorer Pop-ups 1. Download & save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe 2. Double click on combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall __________________ Question - what have you done for the community today?

06-29-2007, 10:53 PM	#3 (permalink)
Disko_Stu Registered User Join Date: May 2007 Location: Australia Posts: 43 OS: Windows XP and Vista	Re: Internet Explorer Pop-ups Hey sUBs, thanks for the help. I downloaded and ran ComboFix and it went through the first stage fine and then restarted, when I logged back in it continued and it just never ended :( I put it on before bed and it ran for over 10 hours and just never produced a log file.It was just stalled on the 'FIND3M' stage. To make note I never clicked or ran any other programs or files or folders whilst it was going! The best I could do was find the log file INSIDE the ComboFix directory which I believe is incomplete. I've also got a text file of all the quarentined files that I can post if you need. To finish up I ran HiJack This and produced a log file for you to look at, if you will. Hopefully you can assist, thanks. _____________________ ComboFix Log (Imcomplete I believe) "Jacqui Hampton" - 2007-06-30 2:46:13 - ComboFix 07-06-29.3 - Service Pack 2 (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\bbeeg.ini C:\WINDOWS\system32\bbeeg.bak1 C:\WINDOWS\system32\geebb.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-29 ))))))))))))))))))))))))))))))) 2007-06-29 21:46 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-29 16:51 0 --a------ C:\WINDOWS\nsreg.dat 2007-06-29 16:11 <DIR> d-------- C:\Deckard 2007-06-28 20:48 1,048,576 --ah----- C:\DOCUME~1\LOCALS~1.NTA\NTUSER.DAT 2007-06-28 20:48 <DIR> d---s---- C:\DOCUME~1\LOCALS~1.NTA\UserData 2007-06-28 20:47 <DIR> d--hs---- C:\FOUND.000 2007-06-24 00:27 4,672 --a------ C:\WINDOWS\system32\dxjbgfji.exe 2007-06-23 23:35 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2007-06-22 11:37 <DIR> d-------- C:\DOCUME~1\JACQUI~1\APPLIC~1\Atari 2007-06-22 11:14 197,120 --a------ C:\WINDOWS\patchw32.dll 2007-06-22 11:14 <DIR> d-------- C:\Program Files\Common Files\PocketSoft 2007-06-22 11:14 <DIR> d-------- C:\DOCUME~1\JACQUI~1\APPLIC~1\Leadertech 2007-06-22 11:09 <DIR> d-------- C:\Program Files\Atari 2007-06-21 16:12 <DIR> d-------- C:\DOCUME~1\JACQUI~1\APPLIC~1\FileMaker 2007-06-21 12:12 125,504 --a------ C:\WINDOWS\system32\ubtcpwlp.dll 2007-06-21 11:37 <DIR> d-------- C:\WINDOWS\system32\qkchukoe 2007-06-21 11:04 60,928 --a------ C:\WINDOWS\system32\lcmrvx.dll 2007-06-13 22:02 <DIR> d-------- C:\DOCUME~1\JACQUI~1\APPLIC~1\Tenebril 2007-06-13 21:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tenebril 2007-06-13 21:52 40,960 --a-s---- C:\WINDOWS\system32\ProcessKiller.dll 2007-06-13 21:52 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll 2007-06-13 21:52 169,544 --a-s---- C:\WINDOWS\system32\SecuLoad.dll 2007-06-13 21:52 1,103,944 --a-s---- C:\WINDOWS\system32\Protector.dll 2007-06-13 21:52 <DIR> d-------- C:\WINDOWS\system32\tenarchlib 2007-06-13 21:52 <DIR> d-------- C:\Program Files\SpyCatcher 2007-06-13 21:47 56,832 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\ctqbgngx.exe 2007-06-13 17:57 754,808 --a------ C:\WINDOWS\system32\LiveProtectSetup.exe 2007-06-13 17:42 24,643 --a------ C:\WINDOWS\system32\ssqoonn.dll 2007-06-12 17:20 <DIR> d-------- C:\Program Files\Yahoo! Games 2007-06-11 16:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games 2007-06-11 16:12 <DIR> d-------- C:\DOCUME~1\JACQUI~1\APPLIC~1\Sandlot Games 2007-05-01 18:49 167,936 --a------ C:\WINDOWS\system32\mm4095oo.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-29 17:51:06 12 ----a-w C:\WINDOWS\bthservsdp.dat 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-01 08:49:06 16 ----a-w C:\WINDOWS\system32\a99vi88f.dat 2007-05-01 08:49:02 573,944 ----a-w C:\WINDOWS\system32\nc5vfm94.dat 2007-05-01 08:48:58 2,256 ----a-w C:\WINDOWS\system32\rl5ba39o.dat 2007-04-26 0610 690,757 ----a-w C:\WINDOWS\system32\fppcbmfb.exe 2007-04-25 14:21:16 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-20 02:46:26 45,056 ----a-w C:\WINDOWS\system32\qbb5o8jg.exe 2007-04-18 16:12:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-18 06:08:36 107,520 ----a-w C:\WINDOWS\63ffj9lp.exe 2007-04-16 12:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 12:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 12:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 12:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 12:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 12:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 12:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 12:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-05 00:34:12 16,384 ----a-w C:\WINDOWS\hfhjxefc.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {00000010-6F7D-442C-93E3-4A4827C2E4C8}=C:\WINDOWS\nem220.dll [2005-03-06 16:37] {02478D38-C3F9-4efb-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [2004-09-29 11:02] {0A87E45F-537A-40B4-B812-E2544C21A09F}=C:\Program Files\SpyCatcher\SCActiveBlock.dll [2005-08-22 21:57] {6A3D18F9-DB38-80C8-1A64-FE8DB02185EF}=C:\WINDOWS\system32\lcmrvx.dll [2007-06-21 00:49] {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}=C:\WINDOWS\system32\ssqoonn.dll [2007-06-13 17:42] {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}=C:\WINDOWS\wsem303.dll [2005-03-10 19:54] {9394EDE7-C8B5-483E-8773-474BF36AF6E4}=C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 16:42] {9E8125C9-9511-4E77-97DC-522439AB8F68}=C:\WINDOWS\system32\ubtcpwlp.dll [2007-06-21 12:12] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-19 23:55] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-28 23:40] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll [2006-01-17 16:04] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTHelper"="CTHELPER.EXE" [2003-06-20 14:55 C:\WINDOWS\system32\CTHELPER.EXE] "AsioReg"="REGSVR32.exe" [2004-08-04 18:56 C:\WINDOWS\system32\regsvr32.exe] "SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06] "SoundMan"="SOUNDMAN.EXE" [2003-12-19 19:53 C:\WINDOWS\soundman.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 11:52] "nwiz"="nwiz.exe" [2004-04-23 14:24 C:\WINDOWS\system32\nwiz.exe] "vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-24 06:59] "IST Service"="C:\Program Files\ISTsvc\istsvc.exe" [] "Internet Optimizer"="C:\Program Files\Internet Optimizer\optimize313.exe" [] "Muahwzyt"="C:\Program Files\Zxlmgww\Yzagfp.exe" [] "Media Access"="C:\Program Files\Media Access\MediaAccK.exe" [] "Media Pass"="C:\Program Files\Media Pass\MediaPassK.exe" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 17:14] "Nokia Tray Application"="C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe" [2003-02-10 14:30] "DataLayer"="C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe" [2003-10-07 06:44] "csrss"="" [] "SurfAccuracy"="C:\Program Files\SurfAccuracy\SAcc.exe" [2007-04-05 10:31] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-11 14:52] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 20:54] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 18:56 C:\WINDOWS\system32\bthprops.cpl] "DriveSMART"="C:\PROGRA~1\COMPUA~1\smartapp.exe" [] "F5D9050"="C:\Program Files\Belkin\F5D9050\Belkinwcui.exe" [2006-03-14 15:52] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24] "ctqbgngx.exe"="C:\Documents and Settings\All Users\Application Data\ctqbgngx.exe" [2007-06-13 21:47] "SpyCatcher Reminder"="C:\Program Files\SpyCatcher\SpyCatcher.exe" [2007-05-07 11:56] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 23:40] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 12:06] "Ttah"="C:\WINDOWS\SCURIT~1\regsvr32.exe" [] "Blixzhi"="C:\Program Files\?ystem\?srss.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"="C:\WINDOWS\system32\ssqoonn.dll" [2007-06-13 17:42] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljge] C:\WINDOWS\system32\mljge.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SOFTWARE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoonn] ssqoonn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=secuload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs NtmlSvc Newly Created Service - GTNDIS5 ________________________________ Hijack This log completed after ComboFix Logfile of HijackThis v1.99.1 Scan saved at 02:45, on 2007-06-30 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ANYCOM\Blue USB-120-240\bin\btwdins.exe C:\Program Files\NavNT\defwatch.exe C:\Program Files\NavNT\rtvscan.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsgSys.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\ComboFix\catchme.cfexe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Belkin\F5D9050\Belkinwcui.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Documents and Settings\All Users\Application Data\ctqbgngx.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\ANYCOM\Blue USB-120-240\BTTray.exe C:\Program Files\SpyCatcher\Protector.exe C:\Program Files\SpyCatcher\Scheduler daemon.exe C:\WINDOWS\system32\LVComsX.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/ R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize313.exe" O4 - HKLM\..\Run: [Muahwzyt] C:\Program Files\Zxlmgww\Yzagfp.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [DriveSMART] C:\PROGRA~1\COMPUA~1\smartapp.exe STARTUP O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [ctqbgngx.exe] C:\Documents and Settings\All Users\Application Data\ctqbgngx.exe O4 - HKLM\..\Run: [SpyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Ttah] "C:\WINDOWS\SCURIT~1\regsvr32.exe" -vt yazb O4 - HKCU\..\Run: [Blixzhi] "C:\Program Files\?ystem\?srss.exe" O4 - Startup: csrss.lnk = ? O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ANYCOM\Blue USB-120-240\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-120-240\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-120-240\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/ O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Mu...ridge-c106.cab O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} (VacPro.int_ver40v) - http://advnt01.com/dialer/intES_ver40v.CAB O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: secuload.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\ANYCOM\Blue USB-120-240\bin\btwdins.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

06-30-2007, 02:30 AM	#4 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,333 OS: N/A	Re: Internet Explorer Pop-ups Before fixing anything, open notepad and Copy/Paste the text in the box below into it: Code: @echo off For %%g in ( C:\WINDOWS\system32\dxjbgfji.exe C:\WINDOWS\system32\ubtcpwlp.dll C:\WINDOWS\system32\lcmrvx.dll C:\DOCUME~1\ALLUSE~1\APPLIC~1\ctqbgngx.exe C:\WINDOWS\system32\ssqoonn.dll C:\WINDOWS\system32\mm4095oo.dll C:\WINDOWS\system32\qbb5o8jg.exe C:\WINDOWS\63ffj9lp.exe C:\WINDOWS\hfhjxefc.exe C:\WINDOWS\nem220.dll C:\WINDOWS\system32\mljge.dll ) do catchme -l nul -k %%g >nul echo.Please submit the file, catchme.zip located on Desktop pause exit Save this as Submit.bat Choose to "Save type as - All Files". It should look like this: Double click on Submit.bat & allow it to generate a zipped file on your Desktop called catchme.zip Please submit catchme.zip to this site → http://www.bleepingcomputer.com/subm....php?channel=4 The file must be uploaded before proceeding to the next step. --------------- Do a HijackThis scan & place a check next to these items and select "Fix checked": R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize313.exe" O4 - HKLM\..\Run: [Muahwzyt] C:\Program Files\Zxlmgww\Yzagfp.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe O4 - HKCU\..\Run: [Ttah] "C:\WINDOWS\SCURIT~1\regsvr32.exe" -vt yazb O4 - HKCU\..\Run: [Blixzhi] "C:\Program Files\?ystem\?srss.exe" O4 - Startup: csrss.lnk = ? O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Mu...ridge-c106.cab O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} (VacPro.int_ver40v) - http://advnt01.com/dialer/intES_ver40v.CAB --------------- Open notepad and copy/paste the text in the quotebox below into it: Code: File:: C:\WINDOWS\system32\dxjbgfji.exe C:\WINDOWS\system32\ubtcpwlp.dll C:\WINDOWS\system32\lcmrvx.dll C:\DOCUME~1\ALLUSE~1\APPLIC~1\ctqbgngx.exe C:\WINDOWS\system32\ssqoonn.dll C:\WINDOWS\system32\mm4095oo.dll C:\WINDOWS\system32\qbb5o8jg.exe C:\WINDOWS\63ffj9lp.exe C:\WINDOWS\hfhjxefc.exe C:\WINDOWS\nem220.dll C:\WINDOWS\system32\mljge.dll Folder:: C:\WINDOWS\system32\qkchukoe Registry:: [-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8}] [-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{6A3D18F9-DB38-80C8-1A64-FE8DB02185EF}] [-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}] [-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}] [-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{9E8125C9-9511-4E77-97DC-522439AB8F68}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IST Service"=- "Internet Optimizer"=- "Muahwzyt"=- "Media Access"=- "Media Pass"=- "csrss"=- "SurfAccuracy"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ttah"=- "Blixzhi"="- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljge] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SOFTWARE] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoonn] Save this as ComboFix-Do.txt Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe Then post the resultant log --------------- Please perform an online scan using Internet Explorer at http://www.kaspersky.com/virusscanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. We only require a report from it. It does not provide an option to clean/disinfect. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. --------------- In your next post, please include fresh logs from: Fresh Hijackthis log taken just before replying Online scan ComboFix's log Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now __________________ Question - what have you done for the community today?

06-30-2007, 02:31 AM	#5 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,333 OS: N/A	Re: Internet Explorer Pop-ups This is to be performed after you have posted the required logs. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u1 - http://java.sun.com/javase/downloads/index.jsp Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Check the box that says: "*Accept* License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version. __________________ Question - what have you done for the community today?

06-30-2007, 03:12 AM	#6 (permalink)
Disko_Stu Registered User Join Date: May 2007 Location: Australia Posts: 43 OS: Windows XP and Vista	Re: Internet Explorer Pop-ups Hi sUBs, I have tried to complete the first step that you set and I have created the batch file but when I run it, all goes well except the zip file is never created. I have not completed the next steps as you said to do this first. Thanks

06-30-2007, 03:23 AM	#7 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,333 OS: N/A	Re: Internet Explorer Pop-ups That's okay. I overlooked the fact that your machine is a FAT32 machine. Please download the Suspicious File Packer → http://www.safer-networking.org/files/sfp.zip Unzip it to the desktop and run it. Paste the following list of filepaths into the Suspicious File Packer window: C:\WINDOWS\system32\dxjbgfji.exe C:\WINDOWS\system32\ubtcpwlp.dll C:\WINDOWS\system32\lcmrvx.dll C:\DOCUME~1\ALLUSE~1\APPLIC~1\ctqbgngx.exe C:\WINDOWS\system32\ssqoonn.dll C:\WINDOWS\system32\mm4095oo.dll C:\WINDOWS\system32\qbb5o8jg.exe C:\WINDOWS\63ffj9lp.exe C:\WINDOWS\hfhjxefc.exe C:\WINDOWS\nem220.dll C:\WINDOWS\system32\mljge.dll Allow SFP to pack the files. This will generate a CAB archive on your desktop. Please submit it to this site → http://www.bleepingcomputer.com/subm....php?channel=4 Please include a link to this topic in the message. -------------- Then continue with the rest of the steps __________________ Question - what have you done for the community today?

07-01-2007, 12:57 AM	#10 (permalink)
Disko_Stu Registered User Join Date: May 2007 Location: Australia Posts: 43 OS: Windows XP and Vista	Re: Internet Explorer Pop-ups sUBs, Thanks for the heads up on the FIND3M report! Drive E: was from another computer but got corrupted. The hard drive is in this computer temporarily just to back up the files from it. There is no Windows directory anymore, it was removed. Hence, the drive is not still functional aside from secondary storage. I removed the quarantined files from Norton. Hope that helps, Cheers.

07-01-2007, 07:29 AM	#12 (permalink)
Disko_Stu Registered User Join Date: May 2007 Location: Australia Posts: 43 OS: Windows XP and Vista	Re: Internet Explorer Pop-ups Hi, I removed the programs that you asked and upon running ComboFix it stalled again so I closed it like you said. I didn't even get a log to show you the beginning, all it says is the time and date that it was run. Should I run DSS now?

07-01-2007, 08:33 AM	#13 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,333 OS: N/A	Re: Internet Explorer Pop-ups Do me a favor. Please zip/archive the entire C:\ComboFix folder & upload it to: http://www.bleepingcomputer.com/subm....php?channel=4 __________________ Question - what have you done for the community today?

07-01-2007, 06:31 PM	#14 (permalink)
Disko_Stu Registered User Join Date: May 2007 Location: Australia Posts: 43 OS: Windows XP and Vista	Re: Internet Explorer Pop-ups Yep, Done

07-01-2007, 07:03 PM	#15 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,333 OS: N/A	Re: Internet Explorer Pop-ups I've looked at the package which you uploaded. It does not appear to have hunged. Did it come up with a long list of files & you closed the DOS box shortly after that? By the look of things, only half the stuff got removed. The tool was heading for a reboot but it got stopped before that happened. Please run the "ComboFix-Do" script again. This time round, keep an eye on Task Manager. When ComboFix runs, taskmanager's cpu usage is high. When it hangs, it's no longer high __________________ Question - what have you done for the community today?

07-02-2007, 08:49 AM	#17 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,333 OS: N/A	Re: Internet Explorer Pop-ups Looks good but the log is still incomplete. I need to find out what's causing the hiccup. Please zip up C:\ComboFix folder again & upload it to http://www.bleepingcomputer.com/subm....php?channel=4 __________________ Question - what have you done for the community today?

07-02-2007, 10:18 AM	#18 (permalink)
Disko_Stu Registered User Join Date: May 2007 Location: Australia Posts: 43 OS: Windows XP and Vista	Re: Internet Explorer Pop-ups Yeah, done

07-02-2007, 10:36 AM	#19 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,333 OS: N/A	Re: Internet Explorer Pop-ups Ermm ...where exactly have you uploaded it to? I haven't received it yet __________________ Question - what have you done for the community today?

07-02-2007, 08:25 PM	#20 (permalink)
Disko_Stu Registered User Join Date: May 2007 Location: Australia Posts: 43 OS: Windows XP and Vista	Re: Internet Explorer Pop-ups Ah...thats a bother. I've just re-uploaded it now, hopefully this time it will work fine, sorry about that...scrap that I got an error message saying that I've exceeded the upload size limit. My file is 8MB and I'm only allowed 3MB, the original folder size is about 32MB, is that normal?