Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Hijacklog - persistant pop-ups [RESOLVED]

Started by angel5565 , Oct 10 2005 04:22 PM

This topic is locked

#1
angel5565

Posted 10 October 2005 - 04:22 PM

Member

Member
25 posts

I have followed the instructions on your page to do before posting hijackthis log -- I have used every legitimate spyware, adware, and virus removal program I can find, and I still get constant pop-ups. Please help!!

Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:19:38 PM, on 10/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\wwvifbu.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\pjzpchr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\FCEngine\FCEngine.exe
C:\Program Files\Common Files\mc-58-12-0000119.exe
C:\WINDOWS\system32\sgenie.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.s1s1s1search.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.s1s1s1search.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.s1s1s1search.com/sp2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.s1s1s1search.com/sp2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.s1s1s1search.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.s1s1s1search.com/sp2.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.s1s1s1search.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...ilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
R3 - URLSearchHook: (no name) - _{4573649D-3915-97A1-CB7F-EE2C968A0E1F} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [wwvifbu] C:\WINDOWS\wwvifbu.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sonic RecordNow!] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000119.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [FCEngine] "C:\Program Files\FCEngine\FCEngine.exe"
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000119.exe
O4 - HKCU\..\Run: [CustomHK] C:\WINDOWS\system32\sgenie.exe
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {11A02365-2859-4598-A9D5-4FDE99D67723} (PQIEBrowserConnector Class) - http://www.pqprintce...ntquick1611.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1121910418015
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com...ScannerCtrl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DEA239} (OTAutoInstall Class) - https://streaming.en...nloads/OTAI.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...587/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: MainSafe Service (MSFIE) - Unknown owner - C:\WINDOWS\system32\mainsafe.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\pjzpchr.exe

Thanks!!!!!

#2
Buckeye_Sam

Posted 14 October 2005 - 08:13 AM

Malware Expert

Member
10,019 posts

Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.

#3
angel5565

Posted 14 October 2005 - 11:40 AM

Member

Topic Starter
Member
25 posts

Thanks! I do still need some help. I've taken care of a few problems, but others seem to be getting worse.

Something keeps giving me a message that some part of McAfee has become unstable (or something to that effect) and says that the application needs to close. Although it doesn't look like McA is disabled, that makes me nervous, and it happens at some point each time I restart the computer.

Also, every time I start my computer, McAfee tells me that I have a "PUP": Services.exe. It says it deletes it, but it doesn't, and I tried to manually delete the file, but I can't.

Thanks for your help!!

Logfile of HijackThis v1.99.1
Scan saved at 1:37:00 PM, on 10/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\pjzpchr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\FCEngine\FCEngine.exe
C:\Program Files\Common Files\mc-58-12-0000119.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.s1s1s1search.com/sp2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.s1s1s1search.com/sp2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.s1s1s1search.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.s1s1s1search.com/sp2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...ilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
R3 - URLSearchHook: (no name) - _{4573649D-3915-97A1-CB7F-EE2C968A0E1F} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sonic RecordNow!] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000119.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [FCEngine] "C:\Program Files\FCEngine\FCEngine.exe"
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000119.exe
O4 - HKCU\..\Run: [CustomHK] C:\WINDOWS\system32\sgenie.exe
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {11A02365-2859-4598-A9D5-4FDE99D67723} (PQIEBrowserConnector Class) - http://www.pqprintce...ntquick1611.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1121910418015
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com...ScannerCtrl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DEA239} (OTAutoInstall Class) - https://streaming.en...nloads/OTAI.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...587/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: MainSafe Service (MSFIE) - Unknown owner - C:\WINDOWS\system32\mainsafe.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\pjzpchr.exe

#4
Buckeye_Sam

Posted 14 October 2005 - 05:16 PM

Malware Expert

Member
10,019 posts

First we need to download and prepare some tools that we will need to fix your problem.

Please download CWShredder but don't run it yet.
Please download Adaware SE 1.06
Install Adaware and check for updates, but don't run it yet.
Please download CleanUp 4.0
Install CleanUp, but don't run it yet.

==============

Now that you have the right tools we can start fixing your problem.

Please make sure that you can View Hidden Files

Please print out these instructions as the rest of this fix must be done in Safe mode and you won't be able to access the Internet.

Please reboot your computer in SafeMode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.

* if you have trouble getting into Safe mode go here for more info.

=============

Once in Safe mode, follow these steps:

Run CWShredder, making sure to click on "Fix".
Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.s1s1s1search.com/sp2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.s1s1s1search.com/sp2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.s1s1s1search.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.s1s1s1search.com/sp2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...ilion&pf=laptop
R3 - URLSearchHook: (no name) - _{4573649D-3915-97A1-CB7F-EE2C968A0E1F} - (no file)
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000119.exe
O4 - HKCU\..\Run: [FCEngine] "C:\Program Files\FCEngine\FCEngine.exe"
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000119.exe
O4 - HKCU\..\Run: [CustomHK] C:\WINDOWS\system32\sgenie.exe
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O23 - Service: MainSafe Service (MSFIE) - Unknown owner - C:\WINDOWS\system32\mainsafe.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\pjzpchr.exe
Delete these files (Do not be concerned if they do not exist);

C:\Program Files\Common Files\Windows\mc-58-12-0000119.exe
C:\Program Files\Common Files\mc-58-12-0000119.exe
C:\WINDOWS\system32\sgenie.exe
C:\WINDOWS\system32\mainsafe.exe
C:\WINDOWS\pjzpchr.exe
C:\Program Files\DNS
C:\Program Files\FCEngine
C:\Program Files\CMSystem
Now run CleanUp
IMPORTANT!
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp
Open Ad-aware and do a full scan. Remove everything that it finds.
Reboot back into normal mode.
Please run this online virus scan - Panda Virus Scan
- Make sure it is set to clean automatically.
- There may be files that this scan will not remove. Please save that information to include in your next post.
Reboot your computer and post the following information in your next reply:
- A new Hijackthis log
- The log from Panda online virus scan

Let me know how things are running and what problems you are still having.

#5
angel5565

Posted 16 October 2005 - 10:38 PM

Member

Topic Starter
Member
25 posts

Thanks for your help! Here are my two new reports:

Panda:

Incident Status Location
Adware:adware/maxifiles No disinfected C:\PROGRAM FILES\COMMON FILES\Windows
Adware:adware program No disinfected C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
Adware:adware/consumeralertsystemNo disinfected Windows Registry
Spyware:Application/Bestoffer No disinfected C:\Documents and Settings\Angela\Local Settings\Tempbooteula.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\mc-58-12-0000119.exe

Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 12:34:35 AM, on 10/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.s1s1s1search.com/sp2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://www.s1s1s1search.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by

Insight Broadband
R3 - URLSearchHook: (no name) - _{4573649D-3915-97A1-CB7F-EE2C968A0E1F} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1

\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sonic RecordNow!] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"

/startup
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000119.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [FCEngine] "C:\Program Files\FCEngine\FCEngine.exe"
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000119.exe
O4 - HKCU\..\Run: [CustomHK] C:\WINDOWS\system32\sgenie.exe
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program

files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11

\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program

files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program

files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program

Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft

ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11

\REFIEBAR.DLL
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) -

http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) -

http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -

http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {11A02365-2859-4598-A9D5-4FDE99D67723} (PQIEBrowserConnector Class) -

http://www.pqprintce...ntquick1611.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-

secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -

http://security.syma...bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -

http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.micros...b?1121910418015
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com/Apps/WSC/en-

us/WscWlanScannerCtrl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -

https://h17000.www1....loadManager.ocx
O16 - DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DEA239} (OTAutoInstall Class) -

https://streaming.en...nloads/OTAI.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -

http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-

secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -

http://download.mcaf...587/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security

suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security

suite\ewidoguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program

Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program

files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1

\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1

\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1

\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: MainSafe Service (MSFIE) - Unknown owner - C:\WINDOWS\system32\mainsafe.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

#6
angel5565

Posted 16 October 2005 - 10:48 PM

Member

Topic Starter
Member
25 posts

By the way, since I made these changes all of my XP Windows and buttons have returned to classic style. Not a big deal, but I definitely prefer the other way, and I'm not sure why it changed...

#7
Buckeye_Sam

Posted 17 October 2005 - 03:18 PM

Malware Expert

Member
10,019 posts

Right click on your desktop and select Properties.
Select the Themes tab and under Theme, select Windows XP.
That should change your theme back from classic to XP again.

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.s1s1s1search.com/sp2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.s1s1s1search.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
R3 - URLSearchHook: (no name) - _{4573649D-3915-97A1-CB7F-EE2C968A0E1F} - (no file)
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000119.exe
O4 - HKCU\..\Run: [FCEngine] "C:\Program Files\FCEngine\FCEngine.exe"
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000119.exe
O4 - HKCU\..\Run: [CustomHK] C:\WINDOWS\system32\sgenie.exe
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"

Please reboot your computer in SafeMode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.
If you have trouble getting into Safe mode go here for more info.

Please run a full scan with Ewido.
Save the log to post in your next reply.

Delete these files or folders:

C:\WINDOWS\system32\sgenie.exe
C:\Program Files\Common Files\mc-58-12-0000119.exe
C:\Program Files\Common Files\Windows\mc-58-12-0000119.exe
C:\Program Files\FCEngine
C:\Program Files\CMSystem

Reboot back into normal mode and post a new hijackthis log and the log from Ewido.

#8
angel5565

Posted 17 October 2005 - 08:01 PM

Member

Topic Starter
Member
25 posts

Thanks!

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:51:01 PM, 10/17/2005
+ Report-Checksum: 20C743DF

+ Scan result:

C:\Documents and Settings\Angela\Cookies\angela@com[2].txt -> Spyware.Cookie.Com : Cleaned without backup
C:\Documents and Settings\Angela\Cookies\angela@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned without backup

::Report End

Logfile of HijackThis v1.99.1
Scan saved at 9:58:42 PM, on 10/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sonic RecordNow!] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {11A02365-2859-4598-A9D5-4FDE99D67723} (PQIEBrowserConnector Class) - http://www.pqprintce...ntquick1611.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1121910418015
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com...ScannerCtrl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DEA239} (OTAutoInstall Class) - https://streaming.en...nloads/OTAI.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...587/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: MainSafe Service (MSFIE) - Unknown owner - C:\WINDOWS\system32\mainsafe.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

#9
Buckeye_Sam

Posted 18 October 2005 - 03:44 PM

Malware Expert

Member
10,019 posts

Your log is clean! :tazz:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
  - Change the Download signed ActiveX controls to Prompt
  - Change the Download unsigned ActiveX controls to Disable
  - Change the Initialize and script ActiveX controls not marked as safe to Disable
  - Change the Installation of desktop items to Prompt
  - Change the Launching programs and files in an IFRAME to Prompt
  - Change the Navigate sub-frames across different domains to Prompt
  - When all these settings have been made, click on the OK button.
  - If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

A tutorial on installing & using this product can be found here:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

A tutorial on installing & using this product can be found here:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

#10
angel5565

Posted 28 October 2005 - 12:44 PM

Member

Topic Starter
Member
25 posts

I am sorry I haven't responded before now. I had to leave town unexpectedly for a while. First, I want to say thank you for all of your help. However, I am still having a lot of problems -- actually, my computer has gone haywire, and I am hoping you can advise me. All of this has been going on continuously since my post last week.

First, I am still getting an excessive amount of pop-ups!

Also, I still cannot change my windows back to XP style. When I go to my display properties, I only have one choice for windows style, and it is Classic windows.

The newest and most concerning problem is that after my computer has been on for a number of hours, it locks up and I have to restart. I get various messages -- buffer overrun, insufficient resources to complete task or open program -- sometimes I get messages that certain .exe programs (that I don't know the names of) can't find .dll files and have to shut down. Today I got a message that:

"The istruction at '0x0032067d' referenced memory at '0x0000003c'. The memory could not be 'read.' Click on OK to Terminate program or Click on CANCEL to debug program."

No matter what I press, my computer locks up. At least two of the .exe program names that keep coming up are Fintinit.exe and KD1CAPI.EXE. I think this has to do with my internet connection, because the first thing that I notice is that I cannot browse online or check email.

I also get messages that McAfee has become "unstable" and has to shut down.

Is there any chance that these problems are malware/virus related, or were caused by my attempts to remove the malware? I am a little bit afraid that I deleted something or changed something in the registry that I wasn't supposed to. All of this started after I tried the steps in your Oct. 14 post.

McAfee, Windows AntiSpyware, and CWShredder don't pick up anything. Spybot and Ad-Aware always pick up three or four things, but it seems like they are picking up the same problems over and over again. (I always keep everything updated - including Windows and McAfee, and I have tried to run the antispyware programs, fix problems, and immediately restart, but that hasn't helped either.)

I am including an updated HijackThis log that I just saved, immediately after running Ad-Aware and removing 4 items.

Thanks for any help you can give me.

Logfile of HijackThis v1.99.1
Scan saved at 1:49:40 PM, on 10/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft Money 2005\MNYCoreFiles\mnybbsvc.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sonic RecordNow!] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {11A02365-2859-4598-A9D5-4FDE99D67723} (PQIEBrowserConnector Class) - http://www.pqprintce...ntquick1611.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1121910418015
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com...ScannerCtrl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DEA239} (OTAutoInstall Class) - https://streaming.en...nloads/OTAI.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...587/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: MainSafe Service (MSFIE) - Unknown owner - C:\WINDOWS\system32\mainsafe.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

#11
Buckeye_Sam

Posted 28 October 2005 - 11:08 PM

Malware Expert

Member
10,019 posts

Not much showing up in your log. The fact that you are still getting a lot of popup may indicate a rootkit infection.

I need to see a different type of log from Hijackthis

Run Hijackthis.
Click on "Open the Misc Tools section".
Next click on "Open uninstall manager".
Press the button 'save list'. It will open a Notepad file.
Place the content of that file here in your in your next post.

#12
angel5565

Posted 29 October 2005 - 06:29 PM

Member

Topic Starter
Member
25 posts

Here's my new scan. Thanks!!

360Share(remove only)
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Reader 6.0.1
Adobe Reader for Pocket PC 2.0
AvantGo Client
BHODemon 2.0.0.23
CleanUp!
Conexant AC-Link Audio
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
HP Help and Support
HP Image Zone Plus 4.2
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
HP Software Update
Insight Broadband QIC Service Activator
Intel® Extreme Graphics 2 Driver
Intellisync® for Yahoo!
Internet Explorer Toolbar - Intelligent Explorer
InterVideo WinDVD
iTunes
Java 2 Runtime Environment, SE v1.4.2_05
Legal Billing v6
Macromedia Shockwave Player
McAfee Personal Firewall Plus
McAfee SecurityCenter
McAfee VirusScan
Memorex Solid State Digital Audio Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft ActiveSync 3.8
Microsoft AntiSpyware
Microsoft Money 2005
Microsoft Office Professional Edition 2003
Monopoly
muvee autoProducer 3.5 - SE
Panda ActiveScan
Quick Launch Buttons 5.00 C2
QuickTime
RealArcade
Scrabble v2.0
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Snood for Windows version 3.52-W
Snood Towers for Windows version 1.02
SoftV90 Data Fax Modem with SmartCP
Sonic RecordNow!
Spybot - Search & Destroy 1.4
SpywareBlaster v3.4
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
Tweak UI
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900930)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Overlay Components
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888240
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinZip

#13
Buckeye_Sam

Posted 30 October 2005 - 07:57 AM

Malware Expert

Member
10,019 posts

Download and save backlight to your desktop. Doubleclick blbeta.exe, accept the agreement, leave [X]scan through Windows Explorer checked, click scan > next.

You'll see a list of all the items it found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (where xxxxxxx represents numbers). The application finds both bad files and legitimate ones such as "wbemtest.exe", so don't choose the rename option yet! Copy and paste the log it generated in your next reply.

#14
angel5565

Posted 30 October 2005 - 09:47 AM

Member

Topic Starter
Member
25 posts

Thanks, again:

10/30/05 10:19:22 [Info]: BlackLight Engine 1.0.24 initialized
10/30/05 10:19:22 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/30/05 10:19:22 [Note]: 4019 4
10/30/05 10:19:22 [Note]: 4005 0
10/30/05 10:19:27 [Note]: 4006 0
10/30/05 10:19:27 [Note]: 4011 1104
10/30/05 10:19:27 [Note]: 4018 1936
10/30/05 10:19:27 [Info]: Hidden process: C:\PROGRAM FILES\HIGOLDER\FINTINIT.EXE
10/30/05 10:19:27 [Note]: 4018 1960
10/30/05 10:19:27 [Info]: Hidden process: C:\WINDOWS\SYSTEM32\KD1CSAPI.EXE
10/30/05 10:19:28 [Note]: FSRAW library version 1.7.1013
10/30/05 10:19:29 [Info]: Hidden file: C:\Program Files\Higolder\ace.dll
10/30/05 10:19:29 [Note]: 4002 0
10/30/05 10:19:29 [Note]: 4003 1
10/30/05 10:19:29 [Note]: 10002 3
10/30/05 10:19:29 [Info]: Hidden file: C:\Program Files\Higolder\AI_24-10-2005.log
10/30/05 10:19:29 [Note]: 4002 0
10/30/05 10:19:29 [Note]: 4003 1
10/30/05 10:19:29 [Note]: 10002 3
10/30/05 10:19:29 [Info]: Hidden file: C:\Program Files\Higolder\AI_25-10-2005.log
10/30/05 10:19:29 [Note]: 4002 0
10/30/05 10:19:29 [Note]: 4003 1
10/30/05 10:19:29 [Note]: 10002 3
10/30/05 10:19:29 [Info]: Hidden file: C:\Program Files\Higolder\AI_26-10-2005.log
10/30/05 10:19:29 [Note]: 4002 0
10/30/05 10:19:29 [Note]: 4003 1
10/30/05 10:19:29 [Note]: 10002 3
10/30/05 10:19:29 [Info]: Hidden file: C:\Program Files\Higolder\AI_27-10-2005.log
10/30/05 10:19:29 [Note]: 4002 0
10/30/05 10:19:29 [Note]: 4003 1
10/30/05 10:19:29 [Note]: 10002 3
10/30/05 10:19:29 [Info]: Hidden file: C:\Program Files\Higolder\AI_28-10-2005.log
10/30/05 10:19:29 [Note]: 4002 0
10/30/05 10:19:29 [Note]: 4003 1
10/30/05 10:19:29 [Note]: 10002 3
10/30/05 10:19:29 [Info]: Hidden file: C:\Program Files\Higolder\AI_29-10-2005.log
10/30/05 10:19:29 [Note]: 4002 0
10/30/05 10:19:29 [Note]: 4003 1
10/30/05 10:19:29 [Note]: 10002 3
10/30/05 10:19:29 [Info]: Hidden file: C:\Program Files\Higolder\AI_30-10-2005.log
10/30/05 10:19:29 [Note]: 4002 0
10/30/05 10:19:29 [Note]: 4003 1
10/30/05 10:19:29 [Note]: 10002 3
10/30/05 10:19:29 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000029_435512c6_00057bcf
10/30/05 10:19:29 [Note]: 4002 0
10/30/05 10:19:29 [Note]: 4003 1
10/30/05 10:19:29 [Note]: 10002 3
10/30/05 10:19:29 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000029_4356992d_000aba95
10/30/05 10:19:29 [Note]: 4002 0
10/30/05 10:19:29 [Note]: 4003 1
10/30/05 10:19:29 [Note]: 10002 3
10/30/05 10:19:29 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000029_43585881_0001ab3f
10/30/05 10:19:29 [Note]: 4002 0
10/30/05 10:19:29 [Note]: 4003 1
10/30/05 10:19:29 [Note]: 10002 3
10/30/05 10:19:29 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000029_43590b91_0003d090
10/30/05 10:19:29 [Note]: 4002 0
10/30/05 10:19:29 [Note]: 4003 1
10/30/05 10:19:29 [Note]: 10002 3
10/30/05 10:19:29 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000029_435a5916_00089544
10/30/05 10:19:29 [Note]: 4002 0
10/30/05 10:19:29 [Note]: 4003 1
10/30/05 10:19:29 [Note]: 10002 3
10/30/05 10:19:29 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000029_435c21cd_0009c671
10/30/05 10:19:29 [Note]: 4002 0
10/30/05 10:19:29 [Note]: 4003 1
10/30/05 10:19:29 [Note]: 10002 3
10/30/05 10:19:29 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000029_435d5509_000d9701
10/30/05 10:19:29 [Note]: 4002 0
10/30/05 10:19:29 [Note]: 4003 1
10/30/05 10:19:29 [Note]: 10002 3
10/30/05 10:19:29 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000029_435ea524_0002dc6c
10/30/05 10:19:29 [Note]: 4002 0
10/30/05 10:19:29 [Note]: 4003 1
10/30/05 10:19:29 [Note]: 10002 3
10/30/05 10:19:29 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000029_43603de1_00003d09
10/30/05 10:19:29 [Note]: 4002 0
10/30/05 10:19:29 [Note]: 4003 1
10/30/05 10:19:29 [Note]: 10002 3
10/30/05 10:19:29 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000029_43623f1d_0000f424
10/30/05 10:19:29 [Note]: 4002 0
10/30/05 10:19:29 [Note]: 4003 1
10/30/05 10:19:29 [Note]: 10002 3
10/30/05 10:19:29 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000035_4356da09_000a4083
10/30/05 10:19:29 [Note]: 4002 0
10/30/05 10:19:29 [Note]: 4003 1
10/30/05 10:19:29 [Note]: 10002 3
10/30/05 10:19:29 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000035_435d1a57_000472ac
10/30/05 10:19:29 [Note]: 4002 0
10/30/05 10:19:29 [Note]: 4003 1
10/30/05 10:19:29 [Note]: 10002 3
10/30/05 10:19:29 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000035_435e7fb1_00053ec6
10/30/05 10:19:29 [Note]: 4002 0
10/30/05 10:19:29 [Note]: 4003 1
10/30/05 10:19:29 [Note]: 10002 3
10/30/05 10:19:29 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000035_4362a613_000e4e1c
10/30/05 10:19:29 [Note]: 4002 0
10/30/05 10:19:29 [Note]: 4003 1
10/30/05 10:19:29 [Note]: 10002 3
10/30/05 10:19:29 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00004823_43569933_00029f63
10/30/05 10:19:29 [Note]: 4002 0
10/30/05 10:19:29 [Note]: 4003 1
10/30/05 10:19:29 [Note]: 10002 3
10/30/05 10:19:29 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000048cc_4356d82d_0008d24d
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000489c_4356d8db_000a4083
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000491c_435514f0_00053ec6
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000491c_4356b4ec_00090f56
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000491c_435943db_0004c4b4
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000491c_435c3265_0001ab3f
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000491c_435d5b2a_00090f56
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000491c_435e733d_000a4083
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000491c_435eb753_0007a120
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000491c_4360fdfb_0001e848
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000491c_43626f4d_000501bd
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00004944_435c52ac_0000a3b0
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00004944_435d7fc4_00089544
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00004944_435e773c_000ec82e
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00004944_435ebeb3_0000b71b
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00004944_43627a41_00022551
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000494a_4356d8f8_0001312d
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000494a_435d1861_000d44f9
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000494a_435d8477_000f0537
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000494a_435e7cd7_000501bd
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000494a_4362a37f_00039387
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00001649_43569b00_00029f63
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00001649_43591013_0003d090
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00001649_435c2e12_00094c5f
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00001649_435d57ec_00090f56
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00001649_435d9a0f_000cdfe6
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00001649_435eb443_000b34a7
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000169a_43571332_000e8b25
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000169a_435e8bba_00057bcf
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000169a_4362eec6_000bebc2
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000016c5_4356d7c1_00044aa2
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000016c5_435c571d_000807c7
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000016c5_435d8148_000baeb9
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000016c5_435e7a0e_000c28cb
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000016c5_4362a0b4_000e8b25
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000016d4_4356dbbb_000d1cef
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000016d4_435d1c39_00006513
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000016d4_435e80a4_000ca2dd
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00001649_4355137c_000aba95
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00001796_4356dc64_0001312d
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00001796_435d2f4c_00098968
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00001796_4362e08e_00040d99
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000182f_4356dc6b_00081b32
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000182f_435d2f53_0005b8d8
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000182f_4362e273_00098968
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:30 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00006443_4356d55e_000e1113
10/30/05 10:19:30 [Note]: 4002 0
10/30/05 10:19:30 [Note]: 4003 1
10/30/05 10:19:30 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00006443_435c3499_000baeb9
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00006443_435d5e74_00000000
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00006443_435e737f_000c65d4
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00006443_436125f0_00022551
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00006443_43626fdc_0005b8d8
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00006479_435e8700_000c65d4
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00006479_4362e79b_000c65d4
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00006486_43571325_000f0537
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00006486_435e8ab1_000501bd
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00006486_4362ec13_000e1113
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000064a0_435806f1_00053ec6
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000064e0_4357b3b0_0007a120
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000064e0_435e8f3e_000e8b25
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000390c_4356b3b0_000c28cb
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000390c_43594245_0001312d
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000390c_435c3063_000d1cef
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000390c_435d5af1_000dd40a
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000390c_435e575f_00040d99
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000390c_435eb738_00040d99
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000390c_4360fd94_00003d09
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000390c_43626bf5_00057bcf
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00003960_4356fcc7_000b34a7
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00003960_435e83ca_000f0537
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00003960_4362e55c_000d1cef
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000039b3_43551650_000a7d8c
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000039b3_4356b54d_000d1cef
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000039b3_4359445c_000dd40a
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000039b3_435c3474_000af79e
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000039b3_435d5d6f_000a4083
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000039b3_435e7353_000c65d4
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000039b3_435eb845_0000b71b
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000039b3_43612478_0007270e
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000039b3_43626f95_00031975
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000039ce_4356dc1b_000c65d4
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000039ce_435d2f27_000e1113
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000039ce_4362b429_000a037a
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000390c_43551475_000baeb9
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00003a2d_4356db16_000b34a7
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00003a2d_435d1b02_000b5cb1
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000008c_43580731_000c28cb
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000124_435eb73d_0007270e
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000120_43551b2f_000f0537
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000030a_4356d5c2_000e1113
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000633_4356dc06_000f0537
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000732_435e73f1_000baeb9
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000074d_4355165d_000a037a
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000940_43570c91_00003d09
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000bb3_435513b5_0001ab3f
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000ce1_435712b7_00022551
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000d66_4356d88e_000af79e
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000f3e_435c3067_0008583b
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000010d9_43571350_00031975
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:31 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000121f_43551db4_000b34a7
10/30/05 10:19:31 [Note]: 4002 0
10/30/05 10:19:31 [Note]: 4003 1
10/30/05 10:19:31 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000012db_435513ed_000d59f8
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00001366_435c52b1_00034313
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000013e9_4356d7c5_00022551
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00001547_435d5d6c_0008d24d
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00001850_4356dbbb_000af79e
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00001916_4356d8df_00094c5f
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00001a49_435d7eda_000d1cef
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00001cd0_4356d66e_0008d24d
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00001d5e_4357eb34_0007270e
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00001e1f_43551a68_0008d24d
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00002079_435714d8_0006acfc
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00002213_4356d5b8_00003d09
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000701f_4356d56f_000b71b0
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00007049_4356d775_000b71b0
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00007014_43570c96_00094c5f
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000071f0_4356d8f5_000b71b0
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000071f0_435d1838_0000df25
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000071f0_435d8428_0000b71b
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000071f0_435e7cd3_0008583b
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000071f0_4362a345_00039387
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000071f2_435806ef_00053ec6
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000721d_4357fdb8_00076417
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000721d_435e9bf4_000af79e
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000721d_4364e380_00089544
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00007282_4356dc07_0002625a
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000056ae_435c35e9_000e4e1c
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000056ae_435d7e7b_000ca2dd
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000056ae_435e73f1_00090f56
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000056ae_435ebaa1_000d1cef
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000056ae_43614a06_0007270e
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000056ae_43627541_000baeb9
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000056ae_43551ad8_0005f5e1
10/30/05 10:19:32 [Note]: 4002 0
10/30/05 10:19:32 [Note]: 4003 1
10/30/05 10:19:32 [Note]: 10002 3
10/30/05 10:19:32 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00005753_4356d82d_000a4083
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00005753_435c585b_00034313
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00005753_435d81d9_000487ab
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00005753_435f1405_00003d09
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00005753_4362a16c_000aba95
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00005772_435c5640_0006d69a
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00005772_435d80fd_000ca2dd
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00005772_435e7950_000d9701
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00005772_435f0be5_0007de29
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00005772_43629ff1_0003567e
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000578d_435806e5_0007de29
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000026a6_4356d56f_00090f56
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000026a6_435c34af_0002dc6c
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000026a6_435e738c_00000000
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000026a6_435eb85f_000d59f8
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000026a6_436125f4_0002625a
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000026a6_43626fec_000e4e1c
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000026b1_435714ee_0001ab3f
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000026b1_435e8ed6_000a037a
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000026b1_436468b7_000aba95
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000026ca_43551dcb_00089544
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000026ca_4356d765_000f0537
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000026ca_435c53c1_000a6a21
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000026ca_435d80ae_0008583b
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000026ca_435e78e6_000e8b25
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000026ca_435f0a4f_0001e848
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000026ca_43629f3f_00000000
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000026e9_4355139f_0007de29
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000026e9_43593c27_000cdfe6
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000026e9_435c300c_0002625a
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000026e9_435d59e1_000e8b25
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000026e9_435d9abf_00000000
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000026e9_435eb6e7_000a7d8c
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000026e9_436268fe_00000000
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000bb3_43569e1e_0001e848
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000bb3_43593d19_0005b8d8
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000bb3_435c3023_000baeb9
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000bb3_435d5a24_00057bcf
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000bb3_435d9ac0_00094c5f
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000bb3_435eb6e9_0003d090
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000bb3_43626a9b_00076417
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000bdb_43551ac9_0001312d
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000bdb_435c35e9_00098968
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000bdb_435d7e7a_00066ff3
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000bdb_435e73f1_00081b32
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000bdb_435ebaa1_000aba95
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000bdb_43614a03_000487ab
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000bdb_43627533_000dd40a
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000c15_4356dc06_000b34a7
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000c15_435d1c6e_0000280a
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000c15_4362b35f_0004c4b4
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000c1e_435e94dd_00003d09
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000c1e_4364e2ee_0002625a
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000c7b_4356dbe6_0001312d
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000c7b_435d1c4b_000529c7
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00000c7b_4362b35b_000e8b25
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:33 [Note]: 10002 3
10/30/05 10:19:33 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00003ef6_4356d72f_000b34a7
10/30/05 10:19:33 [Note]: 4002 0
10/30/05 10:19:33 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00003e12_435c4715_000632ea
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00003f0b_43570cf7_000cdfe6
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00003f0b_435e891c_0009c671
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00003f0b_4362ea98_00098968
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00003f4a_4356dc78_0005b8d8
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00003f4a_435d2fe0_00022551
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00003f4a_4362e340_000632ea
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00003f97_43571192_0009c671
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00003f97_435e895a_0001312d
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00003f97_4362eabc_0007270e
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00003f9a_4357131e_00000000
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00003f9a_435e8a99_00022551
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00003f9a_4362ebce_000e8b25
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000401d_4356d8f5_000b34a7
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000401d_435d1831_000eb32f
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000401d_435e7cd1_00090f56
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000401d_4362a33a_000af79e
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00002ea6_43569e62_000d9701
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00002ea6_43593d8d_00039387
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00002ea6_435c3033_0007270e
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00002ea6_435d5a57_000c65d4
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00002ea6_435e5469_0000b71b
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00002ea6_435eb6e9_00089544
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00002ea6_43626aa2_00031975
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00002ea6_435513be_000b34a7
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00002e40_43551d38_0007de29
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00002e39_4357eaa4_00003d09
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00002f0c_43571484_00053ec6
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00002f0c_435e8d4f_000a7d8c
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00002f0c_43646837_000a7d8c
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00002f14_435c5a2f_000f2ed5
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00002f14_435d81fc_000c65d4
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00002f14_435e7ad8_000a4083
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00002f14_435f146f_0008d24d
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00002f14_4362a2cb_00040d99
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00007a5a_435c34e0_000d59f8
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00007a5a_435d621c_00016e36
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00007a5a_435e7390_00039387
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00007a5a_4362702e_0003d090
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00007a61_43570c89_00007a12
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00007a61_4362e886_0001312d
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00007ac2_43570229_00090f56
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00007ac2_435e85ea_0001e848
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00007ac2_4362e6ec_00066ff3
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00007a5a_43551a66_00081b32
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:34 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00007a5a_4356d56f_000e1113
10/30/05 10:19:34 [Note]: 4002 0
10/30/05 10:19:34 [Note]: 4003 1
10/30/05 10:19:34 [Note]: 10002 3
10/30/05 10:19:35 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00007b44_4356db7c_00053ec6
10/30/05 10:19:35 [Note]: 4002 0
10/30/05 10:19:35 [Note]: 4003 1
10/30/05 10:19:35 [Note]: 10002 3
10/30/05 10:19:35 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00007b44_435d1c04_00097469
10/30/05 10:19:35 [Note]: 4002 0
10/30/05 10:19:35 [Note]: 4003 1
10/30/05 10:19:35 [Note]: 10002 3
10/30/05 10:19:35 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00007b44_435e8003_00016e36
10/30/05 10:19:35 [Note]: 4002 0
10/30/05 10:19:35 [Note]: 4003 1
10/30/05 10:19:35 [Note]: 10002 3
10/30/05 10:19:35 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00007b44_4362a7e3_000c28cb
10/30/05 10:19:35 [Note]: 4002 0
10/30/05 10:19:35 [Note]: 4003 1
10/30/05 10:19:35 [Note]: 10002 3
10/30/05 10:19:35 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00007bb9_4356d76c_000cdfe6
10/30/05 10:19:35 [Note]: 4002 0
10/30/05 10:19:35 [Note]: 4003 1
10/30/05 10:19:35 [Note]: 10002 3
10/30/05 10:19:35 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00007bb9_435c5639_00056864
10/30/05 10:19:35 [Note]: 4002 0
10/30/05 10:19:35 [Note]: 4003 1
10/30/05 10:19:35 [Note]: 10002 3
10/30/05 10:19:35 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00007bb9_435d80ee_00016e36
10/30/05 10:19:35 [Note]: 4002 0
10/30/05 10:19:35 [Note]: 4003 1
10/30/05 10:19:35 [Note]: 10002 3
10/30/05 10:19:35 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00007bb9_435e792e_00044aa2
10/30/05 10:19:35 [Note]: 4002 0
10/30/05 10:19:35 [Note]: 4003 1
10/30/05 10:19:35 [Note]: 10002 3
10/30/05 10:19:35 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00007bb9_435f0b96_000cdfe6
10/30/05 10:19:35 [Note]: 4002 0
10/30/05 10:19:35 [Note]: 4003 1
10/30/05 10:19:35 [Note]: 10002 3
10/30/05 10:19:35 [Info]: Hidden file: C:\Program Files\Higolder\Cache\0000692c_4356d777_00076417
10/30/05 10:19:35 [Note]: 4002 0
10/30/05 10:19:35 [Note]: 4003 1
10/30/05 10:19:35 [Note]: 10002 3
10/30/05 10:19:35 [Info]: Hidden file: C:\Program Files\Higolder\Cache\000069d0_43570079_0000f424
10/30/05 10:19:35 [Note]: 4002 0
10/30/05 10:19:35 [Note]: 4003 1
10/30/05 10:19:35 [Note]: 10002 3
10/30/05 10:19:35 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00006a15_4356dc40_000e8b25
10/30/05 10:19:35 [Note]: 4002 0
10/30/05 10:19:35 [Note]: 4003 1
10/30/05 10:19:35 [Note]: 10002 3
10/30/05 10:19:35 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00006a15_435d2f4a_0002625a
10/30/05 10:19:35 [Note]: 4002 0
10/30/05 10:19:35 [Note]: 4003 1
10/30/05 10:19:35 [Note]: 10002 3
10/30/05 10:19:35 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00006ad4_435d19e3_0004afb5
10/30/05 10:19:35 [Note]: 4002 0
10/30/05 10:19:35 [Note]: 4003 1
10/30/05 10:19:35 [Note]: 10002 3
10/30/05 10:19:35 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00006ad4_435e7f41_00003d09
10/30/05 10:19:35 [Note]: 4002 0
10/30/05 10:19:35 [Note]: 4003 1
10/30/05 10:19:35 [Note]: 10002 3
10/30/05 10:19:35 [Info]: Hidden file: C:\Program Files\Higolder\Cache\00006ad4_4362a477_000c65d4
10/30/05 10:19:35 [Note]: 4002 0
10/30/05 10:19:35 [Note]: 4003 1
10/30/05 10:19:35 [Note]: 10002 3
10/30/05 10:19:35 [Info]: Hidden file: C:\Program Files\Higolder&