[inite]

Logfile of HijackThis v1.99.1
Scan saved at 12:53:27 PM, on 2/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Inite\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - D:\Program Files\FlashCapture\fcbho.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save F&lash with FlashCapture - res://D:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - D:\Program Files\FlashCapture\fciext.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {4029B52D-5935-46B6-94F2-AB702CBE6646} (CAddressBook Object) - http://www.fillmyclo...AddressBook.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117052785713
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

IE has been disconnecting every 30 mins or so. Hopefully its not some virus issue...

Thanks in advance =)

[Advertisements]

any staffs free?

[inite]

any staffs free?

[Jayzeee]

Hi inite and welcome to geeks to go

I am currently working on a fix for you, as soon as a staff member has reviewed it, I will post it here. Thankyou for your patience.

[Jayzeee]

Hi inite,

I notice that you are running HijackThis from your desktop. This is fine, but please be aware that a folder will appear on your desktop. Do not delete this folder, as it will contain important backup information.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - Default URLSearchHook is missing

Now close all windows other than HiJackThis, then click Fix Checked.

Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.

• Save it to the desktop.
• Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
• You will receive a prompt:
  • Do you want to skip supplementary searches?
    click NO
• If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
• You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
• Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here, along with a new HijackThis log.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

[inite]

ghez, i've deleted the folder created by hijackthis. Would it be harmful?

"Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"UserFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -u" [MS]
"Zone Labs Client" = "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = "SSVHelper Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{8B3868B4-EBA8-48FA-A19B-E1DFB99066FA}\(Default) = "FCBHOBHO Class"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\FlashCapture\fcbho.dll" ["Dreamingsoft, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "D:\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "D:\OFFICE11\msohev.dll" [MS]
"{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Inite\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Startup items in "Inite" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\Inite\Start Menu\Programs\Startup
"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\ = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\OFFICE11\REFIEBAR.DLL" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 119 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 19 seconds.
---------- (total run time: 180 seconds)

Thats the silentrunner's log.

Edited by inite, 16 February 2006 - 10:23 PM.

[Jayzeee]

Hi inite,

ghez, i've deleted the folder created by hijackthis. Would it be harmful?

Since you have only fixed that one entry, it shouldn't be a problem. Please delete HijackThis from your desktop, and download it again from here. Please be sure to save it to a permanent directory, such as C:\Program Files\HJT

If you have not already done so...

Open HiJackThis and scan. Check the box next to the entry listed below.

R3 - Default URLSearchHook is missing

Now close all windows other than HiJackThis, then click Fix Checked.

I'm not seeing anything suspicious in your HijackThis log or the Silent Runners log...Lets try this:

Please download Rootkit Revealer (link is at the very bottom of the page), Once downloaded unzip it to your desktop.

Download and Save Blacklight to your desktop.

• Open the rootkitrevealer folder on your desktop, and double-click rootkitrevealer.exe
• Click the Scan button (bottom right)
• It may take a while to scan (don't do anything while it's running)
• When it's done, go up to File > Save. Choose to save it to your desktop.
• Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here

Next:

Double-click blbeta.exe on your desktop. then accept the agreement, leave [X]scan through Windows Explorer checked, click > scan then > next

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

To clarify, please post back with the Rootkitreavealer.txt, the Backlight log, and a new HijackThis log

[inite]

From Blbeta (nothing found) :

02/18/06 11:38:57 [Info]: BlackLight Engine 1.0.32 initialized
02/18/06 11:38:57 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/18/06 11:38:58 [Note]: 7019 4
02/18/06 11:38:58 [Note]: 7005 0
02/18/06 11:39:16 [Note]: 7006 0
02/18/06 11:39:16 [Note]: 7011 1552
02/18/06 11:39:17 [Note]: FSRAW library version 1.7.1015
02/18/06 11:44:20 [Note]: 7007 0

Heres the rootkitreveal :

HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s0 11/22/2005 11:42 PM 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s1 11/22/2005 11:42 PM 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s2 11/22/2005 11:42 PM 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\g0 11/22/2005 11:42 PM 32 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\h0 11/22/2005 11:42 PM 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 12/21/2005 1:10 AM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Cookies\inite@connextra[1].txt 2/18/2006 1:08 AM 992 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Cookies\inite@connextra[2].txt 2/18/2006 11:47 AM 991 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Cookies\inite@geekstogo[1].txt 2/18/2006 11:33 AM 814 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Cookies\inite@geekstogo[2].txt 2/18/2006 11:39 AM 814 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Cookies\inite@revsci[1].txt 2/18/2006 11:48 AM 260 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Cookies\inite@revsci[2].txt 2/17/2006 12:09 PM 260 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Desktop\fsbl-20060218033857.log 2/18/2006 11:38 AM 392 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Desktop\HijackThis.exe 3/29/2005 6:31 AM 213.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temp\F-Secure 2/18/2006 11:38 AM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temp\F-Secure\BlackLight 2/18/2006 11:42 AM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temp\~DFA54E.tmp 2/18/2006 11:10 AM 16.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temp\~DFDAF1.tmp 2/18/2006 11:53 AM 16.00 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\0,,10278~18,00[1].js 2/18/2006 12:50 AM 4.93 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\0,,10278~2816329,00[1].gif 2/18/2006 11:40 AM 6.31 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\0,,10278~2816380,00[1].gif 2/17/2006 11:48 AM 14.88 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\0,,2004511154,00[1].gif 2/18/2006 11:52 AM 8.04 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\0,,2006080271,00[1].jpg 2/18/2006 11:48 AM 7.40 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\0,,3,00[1].htm 2/17/2006 12:09 PM 1.56 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\0,,3,00[2].htm 2/18/2006 11:48 AM 137.30 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\0,,3,00[3].htm 2/18/2006 11:48 AM 1.56 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\1989-02-18[1].jpg 2/18/2006 11:47 AM 4.05 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\adserver.adtech[1].htm 2/18/2006 11:40 AM 309 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\adserver.adtech[3].htm 2/18/2006 11:47 AM 309 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\CA2BGFQL.swf 2/18/2006 11:54 AM 23.96 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\CA8IVKD3.gif 2/18/2006 11:49 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\CA9O98XV.gif 2/18/2006 11:54 AM 35 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\CAADK7UT.gif 2/18/2006 11:50 AM 35 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\CAEVWHYZ.gif 2/18/2006 11:46 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\CANJ350K.gif 2/18/2006 11:52 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\CASVTVM2.gif 2/18/2006 11:40 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\controller[1] 2/18/2006 11:35 AM 1.02 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\dalglish[1].gif 2/18/2006 11:47 AM 2.06 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\gillespie[1].gif 2/18/2006 11:47 AM 3.03 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\index;pos=top;dcopt=ist;sz=468x60;tile=4;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234525314[1] 2/18/2006 11:48 AM 338 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\napster_300x350[1].gif 2/18/2006 11:50 AM 17.86 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\nufc[1].htm 2/18/2006 11:47 AM 119.07 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\sun_bingo_120X60a[1].gif 2/18/2006 11:48 AM 2.79 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\supergoals;pos=middle;sz=300x250;tile=7;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234617246[1] 2/18/2006 11:50 AM 318 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\3AVLPD7R\supergoals;pos=right;sz=120x600;tile=3;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234745961[1] 2/18/2006 11:52 AM 309 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\0,,10278,00[1].htm 2/18/2006 12:50 AM 32.09 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\0,,10278~2816329,00[1].gif 2/17/2006 11:48 AM 6.31 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\0,,10278~2816767,00[1].gif 2/18/2006 11:40 AM 1.91 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\0,,10278~2824635,00[1].jpg 2/17/2006 11:55 AM 14.18 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\0,,10278~2824635,00[2].jpg 2/18/2006 11:40 AM 14.18 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\0,,10278~2847860,00[1].gif 2/17/2006 11:48 AM 4.14 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\0,,10278~2850546,00[1].gif 2/18/2006 11:40 AM 5.19 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\0,,2002390000-2006080094,00[1].htm 2/18/2006 11:52 AM 69.46 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\0,,2006080104,00[1].gif 2/18/2006 11:48 AM 1.52 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\0,,2006080173,00[1].jpg 2/18/2006 11:52 AM 9.33 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\0,,2006080190,00[1].jpg 2/18/2006 11:48 AM 1.62 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\0,,2006080272,00[1].jpg 2/18/2006 11:48 AM 1.26 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\0,,3,00[3].htm 2/17/2006 12:09 PM 122.48 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\1967-02-18forest-a-f[1].jpg 2/18/2006 11:47 AM 3.79 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\adserver.adtech[1].htm 2/18/2006 11:47 AM 351 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\adserver.adtech[2].htm 2/18/2006 11:40 AM 351 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\adserver.adtech[3] 2/18/2006 11:40 AM 515 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\adserver.adtech[3].htm 2/18/2006 11:40 AM 324 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\blbeta[1].exe 2/18/2006 11:37 AM 737.55 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\bobby16[1].jpg 2/18/2006 11:47 AM 3.53 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\CA4TQ7K1.gif 2/18/2006 11:52 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\CA4YCO37.gif 2/18/2006 11:47 AM 67 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\CACTUVVN.gif 2/18/2006 11:54 AM 35 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\CAFG5ZBS.gif 2/18/2006 11:50 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\CAIFK7PA.gif 2/18/2006 11:40 AM 67 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\CAKT0DSR.gif 2/18/2006 11:40 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\CAOCIRGO.gif 2/18/2006 11:46 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\CAUZKLA7.swf 2/18/2006 11:49 AM 13.78 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\index;pos=margin160;sz=160x600;tile=15;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234525314[1] 2/18/2006 11:48 AM 433 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\index;pos=margin160;sz=160x600;tile=15;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234603446[1] 2/18/2006 11:50 AM 433 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\index[11].php 2/18/2006 11:19 AM 16.95 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\index[12].php 2/18/2006 11:39 AM 15.33 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\index[52].htm 2/18/2006 11:39 AM 63.09 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\miniClubLogo[1].gif 2/17/2006 11:48 AM 1.51 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\nufc[2].htm 2/18/2006 1:09 AM 115.85 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\rayner-kingz[1].jpg 2/18/2006 11:47 AM 4.46 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\ryan[1].gif 2/18/2006 11:47 AM 2.45 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\soccernet.espn.go[1] 2/18/2006 11:35 AM 21.10 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\supergoals;pos=topright;sz=120x60;tile=5;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234564390[1] 2/18/2006 11:49 AM 379 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\64A9JL40\widget[1] 2/18/2006 11:35 AM 674 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\8XYBC56V\0,,2002390000-2006070329,00[1].htm 2/18/2006 11:54 AM 67.13 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\8XYBC56V\0,,2002390000-2006080096,00[1].htm 2/18/2006 11:50 AM 67.11 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\8XYBC56V\0,,2004400098,00[1].gif 2/18/2006 11:52 AM 10.35 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\8XYBC56V\index;pos=topright;sz=120x60;tile=5;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234603446[1] 2/18/2006 11:50 AM 325 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\8XYBC56V\index;pos=topright;sz=120x60;tile=5;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234834409[1] 2/18/2006 11:53 AM 358 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\8XYBC56V\SunMoney_cc_468x60_save_money[1].gif 2/18/2006 11:52 AM 12.08 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\8XYBC56V\supergoals;pos=right;sz=120x600;tile=3;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234617246[1] 2/18/2006 11:50 AM 491 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\0,,10278~268981,00[1].gif 2/17/2006 11:48 AM 1015 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\0,,10278~268981,00[2].gif 2/18/2006 11:40 AM 1015 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\0,,10278~2816767,00[1].gif 2/17/2006 11:48 AM 1.91 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\0,,10278~2824632,00[1].jpg 2/18/2006 11:46 AM 13.77 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\0,,10278~2824634,00[1].jpg 2/18/2006 11:40 AM 17.19 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\0,,10278~2847860,00[1].gif 2/18/2006 11:40 AM 4.14 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\0,,10278~784861,00[1].htm 2/18/2006 11:40 AM 34.38 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\0,,10278~785179,00[1].htm 2/18/2006 11:46 AM 31.68 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\0,,2004370022,00[1].gif 2/18/2006 11:48 AM 686 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\0,,2006001061,00[1].gif 2/18/2006 11:48 AM 3.99 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\0,,2006070419,00[1].jpg 2/18/2006 11:54 AM 12.66 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\0,,2006080230,00[1].gif 2/18/2006 11:48 AM 1.81 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\0,,2006080270,00[1].gif 2/18/2006 11:48 AM 916 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\0,,3,00[2].js 2/17/2006 12:09 PM 3.07 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\0,,~,00[2].js 2/18/2006 12:49 AM 3.04 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\0,,~2831658,00[1].gif 2/18/2006 11:40 AM 6.19 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\0,,~2831658,00[2].gif 2/17/2006 11:48 AM 6.19 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\1956-02-18[1].jpg 2/18/2006 11:47 AM 3.16 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\1967-02-18[1].jpg 2/18/2006 11:47 AM 3.27 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\1984-02-18mancitya-f-s2[1].jpg 2/18/2006 11:47 AM 3.26 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\adcount_2[2] 2/18/2006 11:40 AM 1 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\adserver.adtech[4].htm 2/18/2006 11:40 AM 324 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\adserver.adtech[5].htm 2/18/2006 12:50 AM 327 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\adserver.adtech[6].htm 2/18/2006 12:50 AM 328 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\adserver.adtech[7].htm 2/18/2006 11:40 AM 350 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\CA1PB7QW.php%3Fshowtopic%3D97109%26hl%3D&cc=100&u_h=768&u_w=1024&u_ah=734&u_aw=1024&u_cd=32&u_tz=480&u_his=6&u_java=true 2/18/2006 11:40 AM 2.34 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\CA2P8D4D.gif 2/18/2006 11:49 AM 35 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\CA5G3U3H.htm 2/18/2006 11:40 AM 7.51 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\CA67GL8N.gif 2/18/2006 11:47 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\CAIIVBTG.gif 2/18/2006 11:52 AM 35 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\CAL9GDZS.gif 2/18/2006 11:52 AM 35 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\CAS52VSH.gif 2/18/2006 11:46 AM 67 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\earlybook_Jan06_120x600[1].gif 2/18/2006 11:49 AM 12.13 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\fear-free[1].jpg 2/18/2006 11:58 AM 40.88 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\gameaccount_pool_468x60[1].gif 2/18/2006 11:50 AM 7.50 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\index;pos=margin160;sz=160x600;tile=15;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234834409[1] 2/18/2006 11:54 AM 433 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\napster_468x60[1].gif 2/15/2006 12:10 PM 11.27 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\promo[1] 2/18/2006 11:35 AM 737 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\SunMoney_loan_120x60_debts_rising[1].gif 2/18/2006 11:50 AM 2.71 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\supergoals;pos=top;dcopt=ist;sz=468x60;tile=4;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234564390[1] 2/18/2006 11:49 AM 4.34 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\usene (2).gif 2/18/2006 11:10 AM 3.44 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\AF0VJW5G\wbkA.tmp 2/18/2006 11:10 AM 4.14 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\0,,10278,00[1].htm 2/18/2006 11:40 AM 32.09 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\0,,10278~18,00[1].js 2/18/2006 11:46 AM 4.92 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\0,,10278~2816380,00[1].gif 2/18/2006 11:40 AM 14.88 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\0,,10278~2824632,00[1].jpg 2/17/2006 11:48 AM 13.77 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\0,,10278~2824634,00[1].jpg 2/17/2006 11:48 AM 17.19 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\0,,10278~2839643,00[1].jpg 2/18/2006 11:46 AM 12.60 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\0,,10278~2841511,00[1].gif 2/17/2006 11:54 AM 23.97 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\0,,10278~2841511,00[2].gif 2/18/2006 11:40 AM 23.97 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\0,,2006080238,00[1].jpg 2/18/2006 11:48 AM 1.42 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\0,,3,00[1].js 2/18/2006 11:48 AM 3.10 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\0,,~,00[1].js 2/18/2006 11:40 AM 3.04 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\1-Page3_Poker_Michelle_MPU[1].gif 2/18/2006 11:50 AM 23.26 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\1961-02-18-1[1].jpg 2/18/2006 11:47 AM 3.27 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\1976-02-18[1].jpg 2/18/2006 11:47 AM 4.21 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\1991-02-18nottmforest-afa-f-s[1].jpg 2/18/2006 11:47 AM 4.14 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\2003-10-10jj-s[1].jpg 2/18/2006 11:47 AM 3.88 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\[38] 2/18/2006 11:53 AM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\[39] 2/18/2006 11:53 AM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\adserver.adtech[2].htm 2/18/2006 11:47 AM 328 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\c9a93a8b4e3655c4479d7fa%26search_in%3Dposts%26result_type%3Dtopics%26highlite%3D%252B&cc=100&u_h=768&u_w=1024&u_ah=734&u_aw=1024&u_cd=32&u_tz=480&u_his=5&u_java=t 2/18/2006 11:19 AM 2.07 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\CA1GZYZ9.gif 2/18/2006 11:39 AM 35 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\CA6ZG5AV.gif 2/18/2006 11:54 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\CAKLKPKB.gif 2/18/2006 11:48 AM 35 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\CAO0OQIG.gif 2/18/2006 11:54 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\CAQXGHSX.gif 2/18/2006 11:46 AM 67 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\CAW325QR.gif 2/18/2006 11:50 AM 35 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\index;pos=top;dcopt=ist;sz=468x60;tile=4;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234603446[1] 2/18/2006 11:50 AM 488 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\index;pos=top;dcopt=ist;sz=468x60;tile=4;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234722287[1] 2/18/2006 11:52 AM 353 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\index;pos=top;dcopt=ist;sz=468x60;tile=4;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234834409[1] 2/18/2006 11:53 AM 359 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\index[1].php 2/18/2006 11:58 AM 5.42 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\index[42].htm 2/18/2006 11:58 AM 36.41 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\miniClubLogo[2].gif 2/18/2006 11:40 AM 1.51 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\pcx[2].js 2/18/2006 11:48 AM 64 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\results[1].htm 2/17/2006 12:09 PM 3.27 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\supergoals;pos=top;dcopt=ist;sz=468x60;tile=4;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234745961[1] 2/18/2006 11:52 AM 309 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\usene.gif 2/18/2006 11:53 AM 3.44 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\BVDLPT9U\wbk12.tmp 2/18/2006 11:53 AM 4.14 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\CP6VOLYB\controller[1].htm 2/10/2006 12:53 PM 4.99 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\OTYRK96J\0,,2006080183,00[1].jpg 2/18/2006 11:50 AM 8.44 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\OTYRK96J\0,,2006080184,00[1].jpg 2/18/2006 11:49 AM 8.18 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\OTYRK96J\0,,2006080314,00[1].jpg 2/18/2006 11:48 AM 1.32 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\OTYRK96J\1981-02-18exetera[1].jpg 2/18/2006 11:47 AM 2.98 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\OTYRK96J\1990-02-18manunited-hfa-f-s[1].jpg 2/18/2006 11:47 AM 4.33 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\OTYRK96J\2003-02-18bayer-a-f-s[1].jpg 2/18/2006 11:47 AM 3.39 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\OTYRK96J\CAE7BBVO.gif 2/18/2006 11:50 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\OTYRK96J\index;pos=middle;sz=300x250;tile=7;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234834409[1] 2/18/2006 11:53 AM 372 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\OTYRK96J\index;pos=topright;sz=120x60;tile=5;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234722287[1] 2/18/2006 11:52 AM 307 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\OTYRK96J\index[15].htm 2/18/2006 11:56 AM 19.75 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\OTYRK96J\napster_468x60[1].gif 2/18/2006 11:48 AM 11.27 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\OTYRK96J\supergoals;pos=top;dcopt=ist;sz=468x60;tile=4;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234617246[1] 2/18/2006 11:50 AM 360 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\OTYRK96J\supergoals;pos=top;dcopt=ist;sz=468x60;tile=4;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234884310[1] 2/18/2006 11:54 AM 4.34 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\OTYRK96J\supergoals;pos=topright;sz=120x60;tile=5;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234745961[1] 2/18/2006 11:52 AM 341 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\SXEBGHQZ\0,,2002390000-2006080100,00[1].htm 2/18/2006 11:49 AM 65.43 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\SXEBGHQZ\0,,2006070413,00[1].jpg 2/18/2006 11:54 AM 7.12 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\SXEBGHQZ\[19] 2/18/2006 11:57 AM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\SXEBGHQZ\controller[1].htm 2/18/2006 11:50 AM 4.99 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\SXEBGHQZ\index;pos=middle;sz=300x250;tile=7;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234525314[1] 2/18/2006 11:48 AM 392 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\SXEBGHQZ\index;pos=middle;sz=300x250;tile=7;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234603446[1] 2/18/2006 11:50 AM 343 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\SXEBGHQZ\index[20].htm 2/18/2006 11:57 AM 28.06 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\SXEBGHQZ\results[2].htm 2/18/2006 11:52 AM 3.79 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\SXEBGHQZ\sun_poker_120x60_sunlogo[1].gif 2/18/2006 11:50 AM 3.04 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\SXEBGHQZ\supergoals;pos=middle;sz=300x250;tile=7;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234745961[1] 2/18/2006 11:52 AM 328 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\SXEBGHQZ\supergoals;pos=right;sz=120x600;tile=3;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234564390[1] 2/18/2006 11:49 AM 447 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\SXEBGHQZ\supergoals;pos=right;sz=120x600;tile=3;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234884310[1] 2/18/2006 11:54 AM 4.12 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\SXEBGHQZ\wbk15.tmp 2/18/2006 11:57 AM 1009 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\WHYVKHQF\0,,2006080334,00[1].jpg 2/18/2006 11:48 AM 1.59 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\WHYVKHQF\CA23HEJI.gif 2/18/2006 11:49 AM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\WHYVKHQF\index;pos=margin160;sz=160x600;tile=15;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234722287[1] 2/18/2006 11:52 AM 433 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\WHYVKHQF\index;pos=middle;sz=300x250;tile=7;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234722287[1] 2/18/2006 11:52 AM 343 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\WHYVKHQF\index;pos=topright;sz=120x60;tile=5;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234525314[1] 2/18/2006 11:48 AM 313 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\WHYVKHQF\index[11].htm 2/18/2006 11:57 AM 23.12 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\WHYVKHQF\simplyswitch_gas_300x250[1].gif 2/18/2006 11:49 AM 23.57 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\WHYVKHQF\SunMoney_loan_468x60_debts_rising[1].gif 2/18/2006 11:53 AM 11.13 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\WHYVKHQF\SunWorld_city_breaks_120x60[1].gif 2/18/2006 11:52 AM 2.96 KB Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\WHYVKHQF\supergoals;pos=topright;sz=120x60;tile=5;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234617246[1] 2/18/2006 11:50 AM 357 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\WHYVKHQF\supergoals;pos=topright;sz=120x60;tile=5;seg0=J05530_7;seg1=J05530_8;seg2=J05530_9;seg3=J05530_10;ord=1140234884310[1] 2/18/2006 11:54 AM 349 bytes Hidden from Windows API.
C:\Documents and Settings\Inite\Recent\fsbl-20060218033857.lnk 2/18/2006 11:44 AM 538 bytes Hidden from Windows API.
C:\RECYCLER\S-1-5-21-789336058-1060284298-1449999251-1003\Dc3.exe 3/29/2005 6:31 AM 213.00 KB Hidden from Windows API.

HJT log :

Logfile of HijackThis v1.99.1
Scan saved at 12:30:02 PM, on 2/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\Documents and Settings\Inite\Desktop\RootkitRevealer\RootkitRevealer.exe
C:\DOCUME~1\Inite\LOCALS~1\Temp\SJXKND.exe
C:\Program Files\BitComet\BitComet.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - D:\Program Files\FlashCapture\fcbho.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save F&lash with FlashCapture - res://D:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {4029B52D-5935-46B6-94F2-AB702CBE6646} (CAddressBook Object) - http://www.fillmyclo...AddressBook.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117052785713
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SJXKND - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Inite\LOCALS~1\Temp\SJXKND.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[Jayzeee]

Hi inite, I don't think your problem is malware related. There is nothing of concern in any of the logs you posted.

We can clean up your temporary internet files:

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

You could try this winsock fix by Option^Explicit Here

If that doesn't work I suggest that you start a new topic in the Internet and Browsers forum

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help prevent you getting infected.

Detect and Removal

• Spybot Search & Destroy- Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  
• AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.

Prevention

• SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  
• SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  
• IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  
• CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

[inite]

thx alot, very helpful =)

[therock247uk]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.