Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Buffer overrun detected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby random/random » May 6th, 2007, 12:24 pm

Please run combofix again, and then check for the log (it may be C:\combofix1.txt this time)
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm
Advertisement
Register to Remove

Unread postby GeniusMagic » May 6th, 2007, 8:42 pm

This is what I got after running combofix :

"Administrator" - 07-05-06 9:52:57 Service Pack 2
ComboFix 07-04-21.2V - Running from: C:\Documents and Settings\Administrator\Desktop\


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\ADMINI~1
C:\qoobox\purity\C\DOCUME~1\ADMINI~1\APPLIC~1
C:\qoobox\purity\C\DOCUME~1\ADMINI~1\MYDOCU~1
C:\qoobox\purity\C\DOCUME~1\ADMINI~1\APPLIC~1\RACLE~1
C:\qoobox\purity\C\DOCUME~1\ADMINI~1\APPLIC~1\RACLE~1\??oolsv.exe
C:\qoobox\purity\C\DOCUME~1\ADMINI~1\MYDOCU~1\WNSXS~1
C:\qoobox\purity\C\WINDOWS\system32\SEMBLY~1
C:\qoobox\purity\C\WINDOWS\system32\SEMBLY~1\dexplore.exe
C:\qoobox\purity\C\WINDOWS\system32\SEMBLY~1\??sembly


((((((((((((((((((((((((((((((( Files Created from 2007-04-06 to 2007-05-06 ))))))))))))))))))))))))))))))))))


2007-04-22 04:29 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-04-22 04:01 <DIR> d-------- C:\VundoFix Backups
2007-04-21 14:10 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-21 13:06 4,522 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-21 13:06 <DIR> d-------- C:\WINDOWS\wikm
2007-04-21 13:06 <DIR> d-------- C:\Program Files\Common Files\wikm
2007-04-21 13:05 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-04-21 13:05 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-19 02:17 <DIR> d-------- C:\Program Files\xloadnet


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-19 14:30 60928 --a------ C:\WINDOWS\system32\hgcrjws.dll
2007-03-17 09:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\psxmehko.dll [x]
{15E1A363-13D4-3955-A34C-6CE33FE1F9EB} C:\WINDOWS\system32\vaqkoxh.dll [x]
{1BB2A336-4483-385D-A34C-6CE26EECFFED} C:\WINDOWS\system32\hgcrjws.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{D8EA1A93-F516-4A64-9BDA-8248A98235A3} C:\WINDOWS\system32\tusqq.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"E:\\iTunesHelper.exe\""
"TPSMain"="TPSMain.exe"
"TouchED"="C:\\Program Files\\TOSHIBA\\TouchED\\TouchED.Exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\jusched.exe"
"STOPzilla"="C:\\Program Files\\STOPzilla!\\Stopzilla.exe /autostart"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe /tray"
"SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe"
"Realtime Monitor"="\"C:\\Program Files\\CA\\eTrust\\InoculateIT\\realmon.exe\""
"NDSTray.exe"="NDSTray.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"00THotkey"="C:\\WINDOWS\\system32\\00THotkey.exe"
"000StTHK"="000StTHK.exe"
"THotkey"="C:\\Program Files\\Toshiba\\Toshiba Applet\\thotkey.exe"
"CreativeTaskScheduler"="\"C:\\Program Files\\Creative\\Shared Files\\CTSched.exe\" /logon"
"Creative Software Update"="\"C:\\Program Files\\Creative\\Shared Files\\Software Update\\AutoUpdate.exe\" /Silent"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"SP2 Connection Patcher"="\"C:\\Program Files\\SP2 Connection Patcher\\SP2ConnPatcher.exe\" -n=200"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"Creative WebCam Tray"="\"C:\\Program Files\\Creative\\Shared Files\\CamTray.exe\""
"Esrm"="\"C:\\WINDOWS\\system32\\SEMBLY~1\\dexplore.exe\" -vt yazb"
"wikm"="C:\\PROGRA~1\\COMMON~1\\wikm\\wikmm.exe"
"Hvfh"="\"C:\\Documents and Settings\\Administrator\\Application Data\\?racle\\??oolsv.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"taangdhr.exe"="C:\\WINDOWS\\system\\taangdhr.exe"
"grox.exe"="C:\\WINDOWS\\system\\grox.exe"
"fxwtgktj.exe"="C:\\WINDOWS\\system\\fxwtgktj.exe"
"rpvsqmlgja.exe"="C:\\WINDOWS\\system\\rpvsqmlgja.exe"
"lftn.exe"="C:\\WINDOWS\\system\\lftn.exe"
"dbavkhqcnt.exe"="C:\\WINDOWS\\system\\dbavkhqcnt.exe"
"ngcws.exe"="C:\\WINDOWS\\system\\ngcws.exe"
"wwvlrajmjs.exe"="C:\\WINDOWS\\system\\wwvlrajmjs.exe"
"sxjjafcu.exe"="C:\\WINDOWS\\system\\sxjjafcu.exe"
"hwcgfd.exe"="C:\\WINDOWS\\system\\hwcgfd.exe"
"vjfqphrlo.exe"="C:\\WINDOWS\\system\\vjfqphrlo.exe"
"jrnohgxm.exe"="C:\\WINDOWS\\system\\jrnohgxm.exe"
"cmdpvn.exe"="C:\\WINDOWS\\system\\cmdpvn.exe"
"cudurhhqj.exe"="C:\\WINDOWS\\system\\cudurhhqj.exe"
"rtcbmv.exe"="C:\\WINDOWS\\system\\rtcbmv.exe"
"wcspsjrcas.exe"="C:\\WINDOWS\\system\\wcspsjrcas.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0nwprovau\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20060924-224054-924
O4 - HKCU\..\Run: [26b007bb.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\26b007bb.exe
backup-20060924-224054-834
O4 - HKLM\..\Run: [Ultimate Cleaner] C:\Program Files\WinSecureDisc\App.exe
backup-20060924-224054-657
O4 - HKLM\..\Run: [Ultimate Defender] "C:\Program Files\Ultimate Defender\App.exe" hide
backup-20060924-224054-624
O4 - HKLM\..\Run: [26d37433.exe] C:\WINDOWS\system32\26d37433.exe
backup-20060924-224054-122
O4 - HKCU\..\Run: [26d37433.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\26d37433.exe
backup-20060924-224054-110
O4 - HKLM\..\Run: [26b007bb.exe] C:\WINDOWS\system32\26b007bb.exe
backup-20060924-224054-459
O4 - HKLM\..\Run: [lich] lich.exe
backup-20051226-093502-560
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} - http://www.icannnews.com/app/ST/ActiveX.ocx
backup-20051226-093502-881
O18 - Filter hijack: text/xml - (no CLSID) - (no file)
backup-20051226-093502-735
O4 - HKLM\..\Run: [links] links.exe
backup-20051226-093502-470
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
backup-20051226-093502-293
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
backup-20051226-093501-240
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
backup-20051226-093501-461
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\iacrcw.exe reg_run
backup-20051226-093501-543
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html
backup-20051203-195234-276
O4 - Global Startup: hzjg.exe
backup-20051203-195234-844
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
backup-20051126-102730-193
O18 - Filter hijack: text/xml - (no CLSID) - (no file)
backup-20051126-102730-121
O16 - DPF: {95EEE69E-27B4-4D13-BD32-766617A16909} (NDTVVideo.MPlayer) - http://www.ndtv.com/video/NDTVseekvideo.CAB
backup-20051126-102729-151
O4 - Global Startup: hzjg.exe
backup-20050915-212928-830
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
backup-20050821-140136-951
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
backup-20050821-140136-419
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
backup-20050821-140136-819
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
backup-20050821-140136-812
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
backup-20050821-140136-150
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
backup-20050821-140136-737
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
backup-20050821-140136-923
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
backup-20050821-140136-299
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
backup-20050821-140136-748
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
backup-20050821-140136-527
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
backup-20050801-115314-287
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
backup-20050801-115314-773
O18 - Filter hijack: text/xml - (no CLSID) - (no file)
backup-20050801-115314-451
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
backup-20050710-111442-281
O18 - Filter hijack: text/xml - (no CLSID) - (no file)
backup-20050710-111408-815
O18 - Filter hijack: text/xml - (no CLSID) - (no file)
backup-20050710-111408-640
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\system32\stlb2.dll (file missing)
backup-20050710-111408-420
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\japnpr.exe reg_run
backup-20050710-111408-254
O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\system32\stlb2.dll (file missing)
backup-20050630-234358-488
O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
backup-20050630-234358-533
O18 - Filter hijack: text/xml - (no CLSID) - (no file)
backup-20050630-234358-177
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\japnpr.exe reg_run
backup-20050630-203304-167
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\kwdcz2.dll
backup-20050630-203304-313
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
backup-20050630-203304-900
O18 - Filter hijack: text/xml - (no CLSID) - (no file)
backup-20050630-203304-324
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\system32\stlb2.dll (file missing)
backup-20050630-203304-499
O4 - HKLM\..\Run: [scain] C:\WINDOWS\TEMP\s030109.Stub.exe
backup-20050630-203304-345
O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\system32\stlb2.dll (file missing)
backup-20050630-203304-104
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\japnpr.exe reg_run
backup-20050623-200254-482
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0008.exe
backup-20050623-200253-642
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bargain-buddy.net/downl ... TING14.cab
backup-20050623-200253-204
O4 - HKCU\..\Run: [a0q5RiKpT] w32log.exe
backup-20050623-200253-644
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
backup-20050623-200253-262
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
backup-20050623-200253-548
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
backup-20050623-200253-761
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
backup-20050623-200253-808
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll (file missing)
backup-20050623-200253-733
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\system32\mscb.dll (file missing)
backup-20050623-200253-238
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
backup-20050623-200253-285
R3 - Default URLSearchHook is missing
backup-20050623-200253-652
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
backup-20050623-200253-811
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\system32\PSof1.exe
backup-20050623-200253-398
O2 - BHO: (no name) - {C370527A-24A7-4583-BE01-72E59000EB17} - C:\WINDOWS\system32\n.dll (file missing)
backup-20050623-200253-755
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll (file missing)
backup-20050623-200253-541
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
backup-20050623-200253-462
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll (file missing)
backup-20050623-200253-480
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll (file missing)
backup-20050623-200253-990
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
backup-20050623-200253-356
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id==
backup-20050623-200253-659
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q==
backup-20050623-200253-702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id==
backup-20050623-200253-791
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
backup-20050623-200253-524
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
backup-20050623-200253-961
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id==
backup-20050623-200253-181
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id==
backup-20050623-200253-264
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
backup-20050620-214953-397
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-06 09:58:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\53OHAREP\.friend_icon[1].png 16384 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\53OHAREP\.friend_icon[2].png 24576 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\53OHAREP\.friend_icon[3].png 16384 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\53OHAREP\.friend_icon[4].png 24576 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\53OHAREP\817-grey[1].gif 48 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\.friend_icon[1].png 20480 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\.friend_icon[2].png 20480 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\B2253480[1].3;sz=300x250;p= 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\nf404[3].htm 0 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\nf404[4].htm 0 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\nicolasmain[1].jpg 24576 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\nobranding[1].js 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\nose_big_wink[1].png 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\nwvmail16_1[1].gif 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\onload_1.4.8[1].js 155648 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\opentriangle[1].gif 72 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\optn=1[1] 352 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\optn=1[2] 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\pa-icons2[1].gif 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\pageid=95686621[1] 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\pager-btm[1].gif 56 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\paper-bottomright-top[1].gif 424 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\Parul717-DrKal-sm[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\pfcam[1].js 16384 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\pgcnt[1].gif 48 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\photo-srchres[1].gif 296 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\photo[1].gif 168 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\playmessenger[1].htm 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\pnvhero[1].gif 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\PPPrimary[1].js 20480 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\pricilla[1].jpg 36864 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\profile[1].js 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\p[2].gif 48 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\p_left_next_bg[1].gif 12288 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\p_left_sweetspicy_bg[1].gif 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\p_left_trailer_control[1].gif 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\p_model_star[1].gif 288 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\p_model_vote_bg[1].gif 12288 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\p_onglet_wallpaper[1].gif 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\p_pen[1].gif 344 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\p_rate_spicy[1].gif 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\p_rate_sweet[1].gif 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\p_scrap[1].gif 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\QQsPbqG9[1].jpg 57344 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\r1357835991[1].jpg 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\randm[1].js 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\Rediff_News160x600_Right[1].htm 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\Rediff_usahomepage_180x70_Left[1].htm 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\reply[1].gif 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\reply[2].gif 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\RIC_Buzz_Logo[1].gif 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\right_bottom[1].gif 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\right_submit[1].gif 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\road&ad_type=text,flash&image_size=460x200&region=article&feedback_link=on&flash=9&u_h=768&u_w=1024&u_ah=734&u_aw=1024&u_cd=32&u_tz=-300&u_his=56&u_java=true 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\rohit-pooja-sm[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\rte[2].js 53248 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\sarahd[1].jpg 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\scanavgjk2[1].jpg 49152 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\schn_allg_125_125[1].gif 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\sc_rest[1].gif 104 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\seanna[1].jpg 28672 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\sendtofriend[1].gif 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\ServiceLoginBoxAuth706e130a[1] 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\shoutframe[1].htm 12288 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\showthread[1].htm 102400 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\showthread[2].htm 102400 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\showthread[3].htm 106496 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\showthread[4].htm 61440 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\show[1].gif 48 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\show[2].gif 48 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\shreshtha_2005_IN-angshuman_UK_2005-sm[1].jpg 12288 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\SiteCatalystH[2].js 20480 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\slant[1].png 592 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\slide-off[1].gif 80 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\smlnopresence[1].gif 56 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\sny056a_main[2].swf 40960 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\sny056_52483[1].js 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\sopranos%20pick[1].jpg 28672 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\sort_dn_1[1].gif 96 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\Spaces[1].gif 576 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\Spaces[2].gif 576 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\space[1].gif 48 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\srch_shadow[1].gif 184 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\stronach-comments-cp-50x50[1].jpg 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\style-b84ea64e-00001[1].css 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\SuperSelectorLogo1[1].png 36864 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\T12PixBorderBottom[1].gif 48 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\T1TopLeft[1].gif 56 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\table_02[1].gif 20480 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\table_03[1].gif 20480 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\table_13[1].gif 96 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\table_17[1].gif 28672 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\table_18[1].gif 192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\template_css[1].css 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\TEXT[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\text_group[10].htm 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\text_group[11].htm 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\text_group[12].htm 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\text_group[13].htm 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\text_group[14].htm 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\text_group[15].htm 12288 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\text_group[1].htm 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\text_group[2].htm 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\text_group[3].htm 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\text_group[4].htm 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\text_group[5].htm 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\text_group[6].htm 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\text_group[7].htm 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\text_group[8].htm 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\text_group[9].htm 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\the-oj-simpsons_02[1].gif 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\thumb.0b3a20dee38546068bd3b2e24f0d5d4c.tv_o_donnell_exits_nyet183[1].jpg 20480 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\thumb.13079c473fa44154badbca1c5458373b.us_iraq__dcsw109[1].jpg 12288 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\thumb.7a7e43a5e1574884a86049c5c950da36.a_week_on_food_stamps_ny122[1].jpg 12288 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\thumb.85b39b534cdb465dbd5b3296e5526107.germany_horse_nyol946[1].jpg 16384 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\thumb.905b08250e794c47b2c2a8fec223ea0c.virginia_tech_shooting_memorial_stones_vadm119[1].jpg 16384 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\thumb.b1b7e5ab0cff43938512c18d7cd3f07b.people_alec_baldwin_ny127[1].jpg 12288 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\thumb.bf00d4fc1f214d609d4d58159dca44b4.congress_iraq_wcap106[1].jpg 16384 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\thumb.ce33533f79d24e6880dc6f28438e4051.beautiful_bulldog_iacn101[1].jpg 16384 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\thumb.sge.rft14.220407075932.photo00.photo.default-512x403[1].jpg 16384 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\thumb.sge.sbg42.240407162201.photo00.photo.default-512x353[1].jpg 16384 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\thumb.xdel10304261009.india_people_gere_xdel103[1].jpg 16384 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\thumbn[1].gif 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\thumbn[2].gif 144 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_008_SunnyLeoneSummerCoolDown_13[1].jpg 20480 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_01b_SunnyLeoneFurSir_70[1].jpg 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_0aa8f_SunnyLeoneNatureSunny_47[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_0f1_2717S007[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_0fa_SunnyLeoneMyFurryFriend_14[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_11fc4_SunnyLeonePenthousePetSet2_2[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_13d64_SunnyLeonePenthousePetSet2_5[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_16c_SunnyLeoneConnect4_3[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_1a9_AYHJA_SunnyLeone_82646_16[1].jpg 36864 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_1bd_9[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_1bf72_SunnyLeonePenthousePetSet1_12[1].jpg 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_1c7_AYHJA_SunnyLeone_319_01[1].jpg 40960 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_206_SunnyLeoneFurSir_35[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_227bd_SunnyLeonePenthousePetSet11_2[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_23136_SunnyLeoneNatureSunny_50[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_2a1_25[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_2d7_km06905b[1].jpg 12288 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_2db_AYHJA_SunnyLeone_80146_07[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_35a_km06928b[1].jpg 12288 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_364_SunnyLeoneConnect4_12[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_372_AYHJA_SunnyLeone_80146_16[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_37c_SunnyLeoneFurSir_97[1].jpg 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_396_2717S043[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_3ab_km06931b[1].jpg 12288 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_42d0d_SunnyLeoneNatureSunny_17[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_440_15[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_44f_SunnyLeoneFurSir_13[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_457_SunnyLeoneTheWall_14[1].jpg 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_485_SunnyLeoneMyFurryFriend_10[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_4902d_SunnyLeoneNatureSunny_40[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_4ba_AYHJA_SunnyLeone_82646_12[1].jpg 36864 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_513_SunnyLeoneFurSir_77[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_530_8[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_533_SunnyLeoneFurSir_37[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_596_km06916b[1].jpg 12288 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_5b3ae_SunnyLeoneNatureSunny_5[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_5dab6_SunnyLeonePenthousePetSet3_10[1].jpg 12288 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_5e0_km06913b[1].jpg 12288 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_5f7_12[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_67f_SunnyLeoneMyFurryFriend_9[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_6bb9f_SunnyLeoneNatureSunny_20[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_6dc_AYHJA_SunnyLeone_80146_21[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_6e2_2717S013[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_6ec25_SunnyLeoneNatureSunny_1[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_6ed_2717S016[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_6ee_35[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_6ef89_SunnyLeonePenthousePetSet11_7[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_6fcf6_SunnyLeoneNatureSunny_35[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_716a5_SunnyLeoneNatureSunny_3[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_730ce_SunnyLeonePenthousePetSet3_0[1].jpg 12288 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_764_22[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_7885d_SunnyLeonePenthousePetSet3_18[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_794c9_SunnyLeoneNatureSunny_19[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_7a7_SunnyLeoneFurSir_4[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_7b348_SunnyLeoneNatureSunny_48[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_7bc_km06927b[1].jpg 12288 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_7d682_SunnyLeonePenthousePetSet2_6[1].jpg 40960 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_805_SunnyLeoneFurSir_49[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_862_1[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_871_AYHJA_SunnyLeone_Mystique_12092002_24[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_872bc_SunnyLeonePenthousePetSet11_0[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_899ce_SunnyLeonePenthousePetSet1_3[1].jpg 12288 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_89d3f_SunnyLeonePenthousePetSet2_4[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_8b5_37[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_8b7_5[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_8e1_km06906b[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_8ee_SunnyLeoneFurSir_16[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_931f7_SunnyLeoneNatureSunny_26[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_93616_SunnyLeoneNatureSunny_32[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_93980_SunnyLeonePenthousePetSet10_5[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_945_SunnyLeoneConnect4_15[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_979_SunnyLeoneFurSir_8[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_9a1e3_SunnyLeoneNatureSunny_22[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_9e6_SunnyLeoneMyFurryFriend_0[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_9e9_AYHJA_SunnyLeone_80146_23[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_9f8_6[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_9f96e_SunnyLeonePenthousePetSet11_3[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_a0e_SunnyLeoneTheWall_13[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_a10_SunnyLeoneFurSir_5[1].jpg 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_a22_34[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_a5d_SunnyLeoneMyFurryFriend_8[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_a60_SunnyLeoneFurSir_101[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_a7200_SunnyLeonePenthousePetSet2_0[1].jpg 40960 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_a92_7[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_aaf_SunnyLeoneFurSir_99[1].jpg 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_ab9_20[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_abb_16[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_ac0_2717S052[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_ad4_SunnyLeoneFurSir_82[1].jpg 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_af0_SunnyLeoneFurSir_81[1].jpg 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_b0ad6_SunnyLeonePenthousePetSet2_3[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_b3c_17[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_b3f_SunnyLeoneFurSir_23[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_b4f81_SunnyLeonePenthousePetSet3_12[1].jpg 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_b77_SunnyLeoneTheWall_12[1].jpg 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_b89_DSCF0739[1].jpg 16384 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_bfc_2[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_c0b_SunnyLeoneFurSir_67[1].jpg 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_c3a_AYHJA_SunnyLeone_319_48[1].jpg 40960 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_c51_31[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_c56_SunnyLeoneFurSir_91[1].jpg 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_c75_SunnyLeoneFurSir_74[1].jpg 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_c85_km06936b[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_cb0_km06902b[1].jpg 12288 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_cb3_SunnyLeoneFurSir_108[1].jpg 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_ccc_km06910b[1].jpg 12288 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_cdf8f_SunnyLeonePenthousePetSet11_6[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_d37_km06912b[1].jpg 12288 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_d3a_SunnyLeoneBlueSatin_5[1].jpg 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_d996e_SunnyLeonePenthousePetSet11_12[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_d9a_39[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_da6_SunnyLeoneSummerCoolDown_6[1].jpg 24576 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_db2_2717S015[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_dc9f7_SunnyLeonePenthousePetSet10_2[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_dd1_SunnyLeoneFurSir_61[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_ddb_20[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_df8_km06929b[1].jpg 12288 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_e1034_SunnyLeoneNatureSunny_13[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_e3a_SunnyLeoneFurSir_42[1].jpg 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_e4f_AYHJA_SunnyLeone_82646_02[1].jpg 32768 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_e57_SunnyLeoneFurSir_24[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_e80_2717S046[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_e84_AYHJA_SunnyLeone_1100_051[1].jpg 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_ee0_SunnyLeoneFurSir_9[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_f16_SunnyLeoneFurSir_51[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_f70_SunnyLeoneTheWall_0[1].jpg 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_fd8_km06930b[1].jpg 12288 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\th_fe4_SunnyLeoneFurSir_39[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\tn_6[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\tn_9[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\top-lft-cnl[1].gif 208 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\topbar-bg[1].gif 128 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\tour[1].css 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\tpl_btn_babes[1].gif 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\tpl_btn_babes_o[1].gif 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\tpl_btn_download[1].gif 160 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\tpl_btn_home_o[1].gif 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\tpl_btn_join[1].gif 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\tpl_btn_updates[1].gif 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\tpl_gc_flashy[1].gif 28672 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\tpl_spicy_white[1].gif 232 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\travelocity_215x30[1].gif 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\t_02_26_07_04[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\t_02_26_07_08[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\t_02_26_07_10[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\t_02_26_07_11[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\t_02_26_07_14[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\t_03_05_07_02[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\t_03_05_07_05[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\t_03_05_07_07[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\t_03_05_07_08[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\t_03_05_07_15[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\t_wet_fun01[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\t_wet_fun04[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\t_wet_fun11[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\t_wet_fun14[1].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\uh_tcrn[1].gif 80 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\Un9p4GYh[1].jpg 106496 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\upgrade-now[1].gif 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\upgrade-write-2her[1].gif 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\urge_tmp[1].png 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\use2way[1].gif 69632 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\v4flash[1].js 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\v4_hb_2a[1].swf 12288 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\validation003[2].js 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\vbulletin_global[1].js 40960 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\viewtopic[1].htm 196608 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\view[1].htm 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\vivek-neily-sm[1].jpg 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\vote_bar_5[1].gif 456 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\vote_bar_5_o[1].gif 464 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\vote_bar_6_o[1].gif 456 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\vote_bar_7_o[1].gif 448 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\vote_bar_9_g[1].gif 448 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\VPLwDk52[1].jpg 40960 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\what-is-this[1].gif 128 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\whoisonline[1].gif 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\wince[1].png 344 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\wlmcore1[2].js 77824 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\wmp-payplay.fm-menu[1].png 536 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\wmpdms_menuicon[1].png 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\WxuwAjLJ[1].jpg 65536 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\xb_ia2[1].htm 352 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\y0[1].jpg 16384 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\yad_20060816[1].js 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\yahoochat[1].gif 4096 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\YB1[2].jpg 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\ypfl_global_200512091615[1].css 8192 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\zHP8YzsP[1].jpg 40960 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\_;ord=1177591988780155[1].htm 24576 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\_;ord=1177592017250394[1].htm 24576 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ATC0ABRE\_;ord=1177625329984351[1].htm 24576 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 316


********************************************************************

Completion time: 07-05-06 9:59:26
C:\ComboFix-quarantined-files.txt ... 07-05-06 09:59
GeniusMagic
Regular Member
 
Posts: 77
Joined: June 20th, 2005, 11:28 pm

Unread postby random/random » May 7th, 2007, 8:39 am

  • Go to Start > My Computer
  • Go to Tools > Folder Options
  • Click on the View tab
  • Untick the following:
    • Hide extensions for known file types
    • Hide protected operating system files (Recommended)
  • You will get a message warning you about showing protected operating system files, click Yes
  • Make sure this option is selected:
    • Show hidden files and folders
  • Click Apply and then click OK

Go to Start> Control Panel> Add or Remove Programs.

Remove the following programs, if they are present.

    ewido << it is now AVG antispyware which you have installed

Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)


R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\psxmehko.dll (file missing)
O2 - BHO: (no name) - {15E1A363-13D4-3955-A34C-6CE33FE1F9EB} - C:\WINDOWS\system32\vaqkoxh.dll (file missing)
O2 - BHO: (no name) - {1BB2A336-4483-385D-A34C-6CE26EECFFED} - C:\WINDOWS\system32\hgcrjws.dll
O2 - BHO: (no name) - {D8EA1A93-F516-4A64-9BDA-8248A98235A3} - C:\WINDOWS\system32\tusqq.dll (file missing)
O4 - HKCU\..\Run: [Esrm] "C:\WINDOWS\system32\SEMBLY~1\dexplore.exe" -vt yazb
O4 - HKCU\..\Run: [wikm] C:\PROGRA~1\COMMON~1\wikm\wikmm.exe
O4 - HKCU\..\Run: [Hvfh] "C:\Documents and Settings\Administrator\Application Data\?racle\??oolsv.exe"
O15 - Trusted Zone: *.adxgate.net
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.snipenet.net
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.sxload.net (HKLM)

Then close all windows except HijackThis and click Fix Checked

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Copy the contents of the following codebox to a notepad window

Code: Select all
REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] 
 


Save it to the desktop as fix.reg, making sure save as type is set to all files

Locate Fix.reg on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt

Restart

Use windows explorer to find and delete these files:

C:\WINDOWS\system\taangdhr.exe
C:\WINDOWS\system\grox.exe
C:\WINDOWS\system\fxwtgktj.exe
C:\WINDOWS\system\rpvsqmlgja.exe
C:\WINDOWS\system\lftn.exe
C:\WINDOWS\system\dbavkhqcnt.exe
C:\WINDOWS\system\ngcws.exe
C:\WINDOWS\system\wwvlrajmjs.exe
C:\WINDOWS\system\sxjjafcu.exe
C:\WINDOWS\system\hwcgfd.exe
C:\WINDOWS\system\vjfqphrlo.exe
C:\WINDOWS\system\jrnohgxm.exe
C:\WINDOWS\system\cmdpvn.exe
C:\WINDOWS\system\cudurhhqj.exe
C:\WINDOWS\system\rtcbmv.exe
C:\WINDOWS\system\wcspsjrcas.exe
C:\WINDOWS\system32\hgcrjws.dll

And these folders:

C:\WINDOWS\wikm\
C:\Program Files\Common Files\wikm\
C:\Program Files\xloadnet\

Go here to run an online scannner from Kaspersky.
  • Click on "Kaspersky Online Scanner"
  • A new smaller window will pop up. Press on "Accept". After reading the contents.
  • Now Kaspersky will update the anti-virus database. Let it run.
  • Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
  • Then click on "My Computer", and the scan will start.
  • Once finished, save the log as "KAV.txt" to the desktop.


Post back with the kaspersky log and a new HijackThis log
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm

Unread postby GeniusMagic » May 13th, 2007, 9:31 pm

Hi - I followed all the steps you mentioned but I could not find the files you wanted me to delete from C:\Windows\System. I deleted the wikm folders.
I can only see the files mentioned below in my C\Windows\System folder :

08/04/2004 07:00 AM 69,584 AVICAP.DLL
08/04/2004 07:00 AM 109,456 AVIFILE.DLL
08/04/2004 07:00 AM 32,816 COMMDLG.DLL
08/04/2004 07:00 AM 2,000 KEYBOARD.DRV
08/04/2004 07:00 AM 9,936 LZEXPAND.DLL
08/04/2004 07:00 AM 73,376 MCIAVI.DRV
08/04/2004 07:00 AM 25,264 MCISEQ.DRV
08/04/2004 07:00 AM 28,160 MCIWAVE.DRV
08/04/2004 07:00 AM 68,768 MMSYSTEM.DLL
08/04/2004 07:00 AM 1,152 MMTASK.TSK
08/04/2004 07:00 AM 2,032 MOUSE.DRV
08/04/2004 07:00 AM 126,912 MSVIDEO.DLL
08/04/2004 07:00 AM 82,944 OLECLI.DLL
08/04/2004 07:00 AM 24,064 OLESVR.DLL
08/04/2004 07:00 AM 59,167 setup.inf
08/04/2004 07:00 AM 5,120 SHELL.DLL
08/04/2004 07:00 AM 1,744 SOUND.DRV
08/04/2004 07:00 AM 5,532 stdole.tlb
08/04/2004 07:00 AM 3,360 SYSTEM.DRV
08/04/2004 07:00 AM 19,200 TAPI.DLL
08/04/2004 07:00 AM 4,048 TIMER.DRV
08/04/2004 07:00 AM 9,008 VER.DLL
08/04/2004 07:00 AM 2,176 VGA.DRV
08/04/2004 07:00 AM 13,600 WFWNET.DRV
08/04/2004 07:00 AM 146,432 WINSPOOL.DRV

Pls let me know where can i find the files that you mentioned. They are not there in system or system32 folder

I will be performing the Kaspersky Online Scan and HJT scan and post them in my next posting.

Thanks
GeniusMagic
Regular Member
 
Posts: 77
Joined: June 20th, 2005, 11:28 pm

Unread postby random/random » May 14th, 2007, 1:26 pm

If you can't find them, then it is likely they were removed by an anti-malware program
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm

Hi

Unread postby GeniusMagic » May 19th, 2007, 3:48 pm

Hi - Pls see beloe the Kaspersky online log


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, January 01, 2000 2:46:54 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 19/05/2007
Kaspersky Anti-Virus database records: 324759
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 70686
Number of viruses found: 8
Number of infected objects: 24 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:17:13

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t25sqy76.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t25sqy76.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t25sqy76.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t25sqy76.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t25sqy76.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t25sqy76.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t25sqy76.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t25sqy76.default\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-2eb076c9-48514f79.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-2eb076c9-48514f79.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-2eb076c9-48514f79.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-2eb076c9-48514f79.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-43394365-3e959f80.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-43394365-3e959f80.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-43394365-3e959f80.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-43394365-3e959f80.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\Rescue\l2mfix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Administrator\Desktop\Rescue\l2mfix.exe/l2mfix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Administrator\Desktop\Rescue\l2mfix.exe ZIP: infected - 1 skipped
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012000010120000102\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_92c.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA695.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\HJT\backups\backup-20070513-034721-152.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Program Files\CA\eTrust\InoculateIT\DB\rtmaster.dbf Object is locked skipped
C:\Program Files\CA\eTrust\InoculateIT\DB\rtmaster.ntx Object is locked skipped
C:\Program Files\CA\eTrust\InoculateIT\RPCMtDB\jobserv.dbf Object is locked skipped
C:\Program Files\CA\eTrust\InoculateIT\RPCMtDB\jobserv.ntx Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\default-000000.log Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\default-000000.logaccount_ptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\default-000000.loginitial_ptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\default-000000.logLuuidDB Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\default-000000.logptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-042373.log Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-042373.logaccount_ptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-042373.loginitial_ptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-042373.logLuuidDB Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-042373.logptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\sr_service_tde.log Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\sr_watchdog_tde.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Administrator.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Administrator.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Administrator.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{48D986EB-81B6-4845-8A0D-1A10BE4C458C}\RP502\A0234121.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\System Volume Information\_restore{48D986EB-81B6-4845-8A0D-1A10BE4C458C}\RP505\A0236183.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{48D986EB-81B6-4845-8A0D-1A10BE4C458C}\RP510\change.log Object is locked skipped
C:\VundoFix Backups\rkbhecdj.dll.bad Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\VundoFix Backups\tusqq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.iu skipped
C:\VundoFix Backups\uwwbwomj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\VundoFix Backups\xnalfnfo.dll.bad Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\WINDOWS\$NtUninstallKB912812$\wininet.dll Infected: Virus.Win32.Nsag.b skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{138C8B92-61C0-4CA1-A7BB-1648EDF5D572}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{7362AFD8-9EFD-4DB2-A59E-C4E15AA2A3D5}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
GeniusMagic
Regular Member
 
Posts: 77
Joined: June 20th, 2005, 11:28 pm

Unread postby GeniusMagic » May 19th, 2007, 3:55 pm

Fresh HJT log is below :


Logfile of HijackThis v1.99.1
Scan saved at 3:58:34 AM, on 1/1/2000
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
E:\iTunesHelper.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\CA\eTrust\InoculateIT\realmon.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\random.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.248.208.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunesHelper.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\Stopzilla.exe /autostart
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\InoculateIT\realmon.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [Creative Software Update] "C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe" /Silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Hvfh] "C:\Documents and Settings\Administrator\Application Data\?racle\??oolsv.exe"
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://hindi.india-today.com/tdserver.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/res ... nPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2717667132
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/B ... ofupld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b47946.cab
O16 - DPF: {BADA82CB-BF48-4D76-9611-78E2C6F49F03} (BolDownloader Control) - http://messenger.rediff.com/newbol/Bol.CAB
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust InoculateIT RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
O23 - Service: eTrust InoculateIT Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
O23 - Service: eTrust InoculateIT Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
GeniusMagic
Regular Member
 
Posts: 77
Joined: June 20th, 2005, 11:28 pm

Unread postby random/random » May 20th, 2007, 4:08 pm

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.


Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

O4 - HKCU\..\Run: [Hvfh] "C:\Documents and Settings\Administrator\Application Data\?racle\??oolsv.exe"
O16 - DPF: {BADA82CB-BF48-4D76-9611-78E2C6F49F03} (BolDownloader Control) - http://messenger.rediff.com/newbol/Bol.CAB

Then close all windows except HijackThis and click Fix Checked

Use windows explorer to find and delete this file:

C:\WINDOWS\$NtUninstallKB912812$\wininet.dll

And this folder:

C:\VundoFix Backups\

Restart

Post a new HijackThis log and let me know of any remaining problems

Also let me know if you recognize this ip address:

69.248.208.1
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm

Thanks

Unread postby GeniusMagic » May 25th, 2007, 10:08 pm

Hi - I updated my java version and removed the two hijack this enteries you mentioned. Also deleted wininet.dll
and the vundofix back up folders.

My laptop is in a much better shape now. Very few pop ups. Thanks for your help. However I have still not been able to connect to my wireless network. The problem started the day I came under malware attack. I thought an infected wininet.dll could be a reason ??...pls advise if there is a fix for this - I can detect my wireless networks but I am unable to connect to it from this laptop. Could it be related to a malware/virus ?

I am not sure I recognise the IP adddress : 69.248.208.1


Posted below is a fresh HJT log :

Logfile of HijackThis v1.99.1
Scan saved at 8:44:13 AM, on 5/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
E:\iTunesHelper.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\CA\eTrust\InoculateIT\realmon.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\random.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.248.208.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunesHelper.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\Stopzilla.exe /autostart
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\InoculateIT\realmon.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [Creative Software Update] "C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe" /Silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://hindi.india-today.com/tdserver.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/res ... nPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2717667132
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/B ... ofupld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b47946.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust InoculateIT RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
O23 - Service: eTrust InoculateIT Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
O23 - Service: eTrust InoculateIT Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
GeniusMagic
Regular Member
 
Posts: 77
Joined: June 20th, 2005, 11:28 pm

Unread postby random/random » May 26th, 2007, 6:54 am

Is comcast your internet provider?
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm

Hi

Unread postby GeniusMagic » May 26th, 2007, 8:26 am

Yes it is.
GeniusMagic
Regular Member
 
Posts: 77
Joined: June 20th, 2005, 11:28 pm

Unread postby random/random » May 26th, 2007, 8:46 am

I don't think your wireless problems are being caused by malware

The infected copy of wininet.dll was a in a backup location, not the one that is used by windows

However, we can check for any malware

  • Download Autoruns from here
  • Unzip/extract it to a folder on your desktop
  • Double click on autoruns.exe to start Autoruns
  • Wait for it to finish scanning
  • Under Options make sure the following options are slected
    • Verify Code Signatures
    • Hide Signed Microsoft Entries
  • Click File > Refresh
  • Click File > Save As
  • Save it to the desktop as autoruns.txt
  • Post the contents of autoruns.txt as a reply to this topic

  • Download GMER by GMER from here
  • Unzip it to a folder on your desktop
  • Double click on gmer.exe to launch GMER
  • If asked, allow the gmer.sys driver load
  • If it warns you about rootkit activity and asks if you want to run scan, click OK
  • If you don't get a warning then
    • Click the rootkit tab
    • Click Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerrk.txt
  • Click on the >>> tab
  • This will open up the rest of the tabs for you
  • Click on the Autostart tab
  • Click on Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerautos.txt
  • Copy and paste the contents of gmerautos.txt and gmerrk.txt as a reply to this topic
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm

Unread postby NonSuch » June 7th, 2007, 12:24 am

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27229
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 40 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware