Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Istbar 1C [RESOLVED]

Started by Rocketdoctor , Nov 25 2005 01:24 PM

This topic is locked

#1
Rocketdoctor

Posted 25 November 2005 - 01:24 PM

New Member

Member
9 posts

Had Istbar 1C about a week now.

Reaslised I got it straight away and I turned off system restore.

ran Ad Aware
ran AVG
deleted Temp file manually
ran housecall
ran a symantec Istbar removal tool which said no infection
left it a couple of days and then tried Spybot.

Then came here and I have carried out 'your click here page' The only problem I had was Trojan Hunter kept crashing as soon as it started scanning files though it did do the initial scanning. I ran through your steps using AVG & housecall as the AV programs and they came up clean tonight though AVG has been picking up the IStbar in a Docs&Settings folder and this I manually delted after logging in as administrator. Done all the win updates and rebooted and I'm still getting popups when I go into IE or Firefox.

I guess something is still resident in the Registery Files.

Hijack this log follows. Hope you can help.

regards - RD

#2
Rocketdoctor

Posted 25 November 2005 - 01:26 PM

New Member

Topic Starter
Member
9 posts

F:\WINDOWS\system32\rundll32.exe
F:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
F:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Documents and Settings\Jim\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kudosifa.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.100
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [EazyScheduler] F:\Program Files\Eazy-Ware\ezSched.exe
O4 - HKLM\..\Run: [siService.exe] "F:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"
O4 - HKLM\..\Run: [PaperPort PTD] F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] F:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [WinampAgent] F:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AO_Shutdown] F:\1stDir32\Program\AO_Shutdown.exe
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [THGuard] "F:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\VALVE\\Steam.exe -silent
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adviser Office Taskbar.lnk = F:\1stDir32\Program\Taskbar.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0089F6EE-ED54-11D5-B0E7-00508B014C1D} (ExWebClientUtils Class) - http://exweb.exchang...ies/texInfo.CAB
O16 - DPF: {090EC279-1378-44B7-B521-888980212E7E} (Complist3 Class) - http://exweb.exchang...ebCListCtl3.CAB
O16 - DPF: {0F026C11-5A66-4C2B-87B5-88DDEBAE72A1} (ComponentOne FlexGrid 8.0 (Light)) - https://www.aequoson...ex/vsFlex8l.ocx
O16 - DPF: {2F6A847E-2EC2-11D3-AE1B-00508B014C1D} (Parser Class) - http://exweb.exchang...s/XMLParser.CAB
O16 - DPF: {500A5CC4-0334-11D5-87AD-0050DAC7511B} (GES.DesSSMain) - file://D:\CAB\GES.CAB
O16 - DPF: {511835FF-EDC9-11D7-A20A-000802318089} (EWGWholeLife.desInput) - http://exweb.exchang...WGWholeLife.CAB
O16 - DPF: {59A910DE-EE9A-11D7-A20A-000802318089} (EWGCombinedTerm.desInput) - http://exweb.exchang...rmAssurance.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122574157265
O16 - DPF: {735932BD-8729-11D5-8F19-0008C7E9C2C6} (RIMA For Windows NT) - file://D:\CAB\rimant.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E95B0CA-EB6F-11D3-979B-00508B64538B} (VersionInfo.clsVersionInfo) - file://D:\CAB\VersionInfo.cab
O16 - DPF: {A32DBCA3-4BFD-11D3-B9E4-008048FCE443} (Complist Class) - file://D:\CAB\eXwebCListCtl.cab
O16 - DPF: {A6339C32-3F93-11D5-8EB7-0008C7E9C2C6} (Pensions.clsPensionBusinessLogic) - file://D:\CAB\pensions.cab
O16 - DPF: {A74D724A-AB17-11D2-A96A-006097E20477} (eXwebUtils.HTMLUtils) - http://exweb.exchang.../eXwebUtils.CAB
O16 - DPF: {A9F86998-BB62-11D2-A988-006097E20477} (eXwebUtils.clsVersionInfo) - file://D:\CAB\eXwebUtils.cab
O16 - DPF: {A9F869B2-BB62-11D2-A988-006097E20477} (eXwebOccList.clsVersionInfo) - file://D:\CAB\eXwebOcc.cab
O16 - DPF: {A9F869C0-BB62-11D2-A988-006097E20477} (PHIHelpText.clsVersionInfo) - file://D:\CAB\PHIHelpText.cab
O16 - DPF: {A9F869CE-BB62-11D2-A988-006097E20477} (PHIToolTips.clsVersionInfo) - file://D:\CAB\PHIToolTips.cab
O16 - DPF: {AB5ED3AE-DE26-11D3-AD7A-0050044495F0} (WholeLife.clsVersionInfo) - file://D:\CAB\wholelife.cab
O16 - DPF: {ABF92614-EBA5-11D3-A315-006008134E84} (Annuities.dsrMain) - file://D:\CAB\ann_GD.cab
O16 - DPF: {B539A417-0C5E-11D4-97CF-00508B64538B} (Bonds.GLBI030) - file://D:\CAB\Bonds.cab
O16 - DPF: {B5805B24-2D86-11D0-ADA6-00400520799C} (ProtoView Calendar Control) - file://D:\CAB\pvcalctl.cab
O16 - DPF: {BC954BAD-872A-11D5-8F19-0008C7E9C2C6} (RIMA For Windows 9x) - file://D:\CAB\rima9x.cab
O16 - DPF: {C2A91890-0BBD-11D4-833E-0008C78A797E} (CTP Goal Proposal Update) - file://D:\CAB\GoalUpdate.CAB
O16 - DPF: {CC696B63-4159-11D0-BDCB-0020A90B183A} (ProtoView Date Control) - file://D:\CAB\pvdate2.cab
O16 - DPF: {DB1F08C5-F410-11D3-A316-006008134E84} (CombinedTerm.desUserDefaultsGrid) - file://D:\CAB\TermAssurance.cab
O16 - DPF: {DBA9E4A1-885A-11D3-8919-0050049D81F4} (TexPHIDS.dsrPHIInput) - file://D:\CAB\TexPHIDS.cab
O16 - DPF: {DDECE2F5-AF1F-44E7-B37F-96B6630F5C60} (PrintComponent.clsVersionInfo) - http://exweb.exchang...es/printdll.CAB
O16 - DPF: {E5CFA957-1CD1-11D2-85AD-006097B42E68} (TEXCList.ctlCompanyList) - file://D:\CAB\eXwebCList.cab
O16 - DPF: {E7FF5332-854E-11D2-A952-006097E20477} (eXwebOccList.clsOccRes) - http://exweb.exchang...es/eXwebOcc.CAB
O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} (ProtoView DataTable Control 7.0 (OLEDB)) - file://D:\CAB\pvdt70.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

#3
Armodeluxe

Posted 02 December 2005 - 01:14 PM

Member 2k

Retired Staff
2,744 posts

Hi Rocketdoctor,

The top portion of the log containing OS information is missing..please post a new log and make sure that you post the whole log..

Do you know what this entry is about?

O4 - HKLM\..\Run: [AO_Shutdown] F:\1stDir32\Program\AO_Shutdown.exe

I couldn't find any information about it and it doesn't look random..please navigate to the file

F:\1stDir32\Program\AO_Shutdown.exe

and choose properties. Please post the information under the version tab.

Also I'd like to see the results of two scans:

1)Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make sure that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

2)Please download Rootkit Revealer (link is at the very bottom of the page)

Unzip it to your desktop.
Open the rootkitrevealer folder and double-click rootkitrevealer.exe
Click the Scan button (bottom right)
It may take a while to scan (don't do anything while it's running)
When it's done, go up to File > Save. Choose to save it to your desktop.
Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here

Please post those two logs along with a new HijackThis log and the info on that file.

#4
Rocketdoctor

Posted 02 December 2005 - 04:41 PM

New Member

Topic Starter
Member
9 posts

Hi thanks for the help.

The line with AO is part of a known program that I use for my work

Will do the other scans and post them

Logfile of HijackThis v1.99.1
Scan saved at 22:38:57, on 02/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
F:\Program Files\Eazy-Ware\ezSched.exe
F:\Program Files\GIANT Company Software\Spam Inspector\siService.exe
F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
F:\Program Files\Winamp\winampa.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\1stDir32\Program\AO_Shutdown.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\TrojanHunter 4.2\THGuard.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\PFU\ScanSnap!\CardMinder\CardLauncher.exe
F:\Program Files\PFU\ScanSnap!\PDF Thumbnail View\pdfquickview.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
F:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
F:\Program Files\PFU\ScanSnap!\CardMinder\bcd_file\SbCRecE.exe
F:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Documents and Settings\Jim\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.londinivm...action=withdraw
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.100
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [EazyScheduler] F:\Program Files\Eazy-Ware\ezSched.exe
O4 - HKLM\..\Run: [siService.exe] "F:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"
O4 - HKLM\..\Run: [PaperPort PTD] F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] F:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [WinampAgent] F:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AO_Shutdown] F:\1stDir32\Program\AO_Shutdown.exe
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [THGuard] "F:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CardMinder] F:\Program Files\PFU\ScanSnap!\CardMinder\CardLauncher.exe
O4 - HKLM\..\Run: [Pdfquickview] F:\Program Files\PFU\ScanSnap!\PDF Thumbnail View\pdfquickview.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\VALVE\\Steam.exe -silent
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adviser Office Taskbar.lnk = F:\1stDir32\Program\Taskbar.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: ScanSnap! Monitor.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0089F6EE-ED54-11D5-B0E7-00508B014C1D} (ExWebClientUtils Class) - http://exweb.exchang...ies/texInfo.CAB
O16 - DPF: {034DA761-EDB7-11D7-A20A-000802318089} (EWGPHI.desInput) - http://exweb.exchang...ries/EWGPHI.CAB
O16 - DPF: {090EC279-1378-44B7-B521-888980212E7E} (Complist3 Class) - http://exweb.exchang...ebCListCtl3.CAB
O16 - DPF: {0F026C11-5A66-4C2B-87B5-88DDEBAE72A1} (ComponentOne FlexGrid 8.0 (Light)) - https://www.aequoson...ex/vsFlex8l.ocx
O16 - DPF: {2F6A847E-2EC2-11D3-AE1B-00508B014C1D} (Parser Class) - http://exweb.exchang...s/XMLParser.CAB
O16 - DPF: {500A5CC4-0334-11D5-87AD-0050DAC7511B} (GES.DesSSMain) - file://D:\CAB\GES.CAB
O16 - DPF: {511835FF-EDC9-11D7-A20A-000802318089} (EWGWholeLife.desInput) - http://exweb.exchang...WGWholeLife.CAB
O16 - DPF: {59A910DE-EE9A-11D7-A20A-000802318089} (EWGCombinedTerm.desInput) - http://exweb.exchang...rmAssurance.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122574157265
O16 - DPF: {735932BD-8729-11D5-8F19-0008C7E9C2C6} (RIMA For Windows NT) - file://D:\CAB\rimant.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E95B0CA-EB6F-11D3-979B-00508B64538B} (VersionInfo.clsVersionInfo) - file://D:\CAB\VersionInfo.cab
O16 - DPF: {A32DBCA3-4BFD-11D3-B9E4-008048FCE443} (Complist Class) - file://D:\CAB\eXwebCListCtl.cab
O16 - DPF: {A6339C32-3F93-11D5-8EB7-0008C7E9C2C6} (Pensions.clsPensionBusinessLogic) - file://D:\CAB\pensions.cab
O16 - DPF: {A74D724A-AB17-11D2-A96A-006097E20477} (eXwebUtils.HTMLUtils) - http://exweb.exchang.../eXwebUtils.CAB
O16 - DPF: {A9F86998-BB62-11D2-A988-006097E20477} (eXwebUtils.clsVersionInfo) - file://D:\CAB\eXwebUtils.cab
O16 - DPF: {A9F869B2-BB62-11D2-A988-006097E20477} (eXwebOccList.clsVersionInfo) - file://D:\CAB\eXwebOcc.cab
O16 - DPF: {A9F869C0-BB62-11D2-A988-006097E20477} (PHIHelpText.clsVersionInfo) - file://D:\CAB\PHIHelpText.cab
O16 - DPF: {A9F869CE-BB62-11D2-A988-006097E20477} (PHIToolTips.clsVersionInfo) - file://D:\CAB\PHIToolTips.cab
O16 - DPF: {AB5ED3AE-DE26-11D3-AD7A-0050044495F0} (WholeLife.clsVersionInfo) - file://D:\CAB\wholelife.cab
O16 - DPF: {ABF92614-EBA5-11D3-A315-006008134E84} (Annuities.dsrMain) - file://D:\CAB\ann_GD.cab
O16 - DPF: {B539A417-0C5E-11D4-97CF-00508B64538B} (Bonds.GLBI030) - file://D:\CAB\Bonds.cab
O16 - DPF: {B5805B24-2D86-11D0-ADA6-00400520799C} (ProtoView Calendar Control) - file://D:\CAB\pvcalctl.cab
O16 - DPF: {BC954BAD-872A-11D5-8F19-0008C7E9C2C6} (RIMA For Windows 9x) - file://D:\CAB\rima9x.cab
O16 - DPF: {C2A91890-0BBD-11D4-833E-0008C78A797E} (CTP Goal Proposal Update) - file://D:\CAB\GoalUpdate.CAB
O16 - DPF: {CC696B63-4159-11D0-BDCB-0020A90B183A} (ProtoView Date Control) - file://D:\CAB\pvdate2.cab
O16 - DPF: {DB1F08C5-F410-11D3-A316-006008134E84} (CombinedTerm.desUserDefaultsGrid) - file://D:\CAB\TermAssurance.cab
O16 - DPF: {DBA9E4A1-885A-11D3-8919-0050049D81F4} (TexPHIDS.dsrPHIInput) - file://D:\CAB\TexPHIDS.cab
O16 - DPF: {DDECE2F5-AF1F-44E7-B37F-96B6630F5C60} (PrintComponent.clsVersionInfo) - http://exweb.exchang...es/printdll.CAB
O16 - DPF: {E5CFA957-1CD1-11D2-85AD-006097B42E68} (TEXCList.ctlCompanyList) - file://D:\CAB\eXwebCList.cab
O16 - DPF: {E7FF5332-854E-11D2-A952-006097E20477} (eXwebOccList.clsOccRes) - http://exweb.exchang...es/eXwebOcc.CAB
O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} (ProtoView DataTable Control 7.0 (OLEDB)) - file://D:\CAB\pvdt70.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

#5
Rocketdoctor

Posted 03 December 2005 - 03:10 AM

New Member

Topic Starter
Member
9 posts

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, December 03, 2005 00:27:01
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 2/12/2005
Kaspersky Anti-Virus database records: 162936
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\
J:\
K:\
S:\

Scan Statistics:
Total number of scanned objects: 70510
Number of viruses found: 3
Number of infected objects: 9
Number of suspicious objects: 0
Duration of the scan process: 2558 sec

Infected Object Name - Virus Name
F:\Documents and Settings\Jim\.housecall\Quarantine\SAcc.prod.v1118.03nov2005.exe[1].83fa7de676c8eaddac66b608da6c50b4.bac_a24416 Infected: not-a-virus:AdWare.Win32.SurfAccuracy.d
F:\Documents and Settings\Jim\Desktop\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616
F:\Documents and Settings\Jim\Desktop\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616
F:\Documents and Settings\Jim\Local Settings\Temp\secorier.exe Infected: Trojan.Win32.Crypt.t
F:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\XR7J2NO5\mirc616[1].exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616
F:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\XR7J2NO5\mirc616[1].exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616
F:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616
F:\WINDOWS\system32\mslpcups.dll Infected: Trojan.Win32.Crypt.t
F:\WINDOWS\system32\uxtkbdhu.exe Infected: Trojan.Win32.Crypt.t

Scan process completed.

#6
Rocketdoctor

Posted 03 December 2005 - 03:12 AM

New Member

Topic Starter
Member
9 posts

Root revealer

HKLM\SOFTWARE\C6ignAFtZSmm 11/26/2005 02:49 0 bytes Hidden from Windows API.
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 12/3/2005 09:19 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-776561741-1788223648-839522115-1003\Extension-List\{00000000-0000-0000-0000-000000000000}\StartTimeLo 12/3/2005 07:48 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-776561741-1788223648-839522115-1003\Extension-List\{00000000-0000-0000-0000-000000000000}\StartTimeHi 12/3/2005 07:48 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-776561741-1788223648-839522115-1003\Extension-List\{00000000-0000-0000-0000-000000000000}\EndTimeLo 12/3/2005 07:48 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-776561741-1788223648-839522115-1003\Extension-List\{00000000-0000-0000-0000-000000000000}\EndTimeHi 12/3/2005 07:48 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_AHATSVC 11/26/2005 02:49 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\AhatSvc 12/3/2005 09:19 0 bytes Hidden from Windows API.
F:\Program Files\Movenger 12/3/2005 00:24 0 bytes Hidden from Windows API.
F:\Program Files\Movenger\ace.dll 11/26/2005 02:49 568.00 KB Hidden from Windows API.
F:\Program Files\Movenger\AI_01-12-2005.log 12/1/2005 00:00 3 bytes Hidden from Windows API.
F:\Program Files\Movenger\AI_02-12-2005.log 12/2/2005 02:49 3 bytes Hidden from Windows API.
F:\Program Files\Movenger\AI_03-12-2005.log 12/3/2005 00:24 3 bytes Hidden from Windows API.
F:\Program Files\Movenger\AI_27-11-2005.log 11/27/2005 00:00 3 bytes Hidden from Windows API.
F:\Program Files\Movenger\AI_28-11-2005.log 11/28/2005 00:03 3 bytes Hidden from Windows API.
F:\Program Files\Movenger\AI_29-11-2005.log 11/29/2005 00:01 3 bytes Hidden from Windows API.
F:\Program Files\Movenger\AI_30-11-2005.log 11/30/2005 00:00 3 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache 12/3/2005 00:27 0 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000001c_438af97a_0004c4b4 11/28/2005 12:35 3.99 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000001c_438f45d8_0002dc6c 12/1/2005 18:50 21.16 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000001c_43905c2e_0002dc6c 12/2/2005 14:37 237 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000029_438b32c2_0001ab3f 11/28/2005 16:39 5.08 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000029_438b3917_000bebc2 11/28/2005 17:06 29.55 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000029_43908b82_0001e848 12/2/2005 17:59 4.54 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000035_43883ddb_00090f56 11/26/2005 10:50 420 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000035_438c59b6_000d1cef 11/29/2005 13:37 12.62 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000003a_43904803_0008583b 12/2/2005 13:11 16.55 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000007b_4388cc47_000baeb9 11/26/2005 20:57 28.32 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000007b_438d447e_0009c671 11/30/2005 10:30 28.42 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000008c_4388b42f_00016e36 12/3/2005 00:27 254 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000008c_438cdaed_000e8b25 11/29/2005 22:49 146.32 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000008e_438cc565_00076417 11/29/2005 21:17 141.60 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000094_438b2200_0008d24d 11/28/2005 15:28 31.23 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000094_438f8af4_0001ab3f 12/1/2005 23:44 76.94 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000099_4388219f_00044aa2 11/26/2005 08:49 69.03 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000099_438b808c_000d59f8 12/1/2005 23:32 30.49 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000099_43908efc_0006acfc 12/2/2005 18:14 47.83 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000000eb_4388547a_0006acfc 11/26/2005 21:31 32.80 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000000eb_438cd479_0000b71b 11/29/2005 22:21 34.91 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000120_43882e7c_0007a120 12/1/2005 00:10 369 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000120_438c08ce_000a7d8c 12/2/2005 18:10 54.93 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000120_43909bbc_000aba95 12/2/2005 19:08 19.46 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000124_4388219f_00053ec6 11/26/2005 08:49 1.41 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000124_438b818d_000b71b0 12/1/2005 23:44 12.51 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000124_43908f2a_000c28cb 12/2/2005 18:15 52.85 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000012c_4389e966_00044aa2 12/1/2005 13:12 34.16 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000012c_438ea4e8_0008583b 12/1/2005 07:23 30.83 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000012f_438a5c85_000e1113 11/28/2005 01:25 17.63 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000012f_438f43a4_00016e36 12/1/2005 18:40 343 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000014f_438a10e2_000a4083 11/27/2005 20:02 47 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000014f_438f099a_000b71b0 12/1/2005 14:32 27.95 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000001e1_438cb917_00076417 11/29/2005 20:24 162.31 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000001eb_4388216c_000c65d4 11/26/2005 08:48 2.08 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000001eb_438b5578_000d9701 11/28/2005 19:07 35.45 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000001eb_43908e47_000ca2dd 12/2/2005 18:11 40.19 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000001f7_438a59f7_000c65d4 11/28/2005 01:14 4.47 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000260_438b08de_000dd40a 11/28/2005 13:40 32.85 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000260_438f5f11_0002dc6c 12/1/2005 20:37 17.40 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000262_438a0ffa_0001e848 11/27/2005 19:58 5.58 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000262_438ef5dd_000c65d4 12/1/2005 13:08 30.12 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000002b2_438f6099_00040d99 12/1/2005 20:44 47 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\000002ec_438b1479_00090f56 11/28/2005 14:30 7.89 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000002ec_438f60a0_0005b8d8 12/1/2005 20:44 330 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\000002ee_438f3fec_0007de29 12/2/2005 18:36 26.42 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000030a_43882e31_000487ab 11/26/2005 09:43 338 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000030a_438c089b_00044aa2 11/29/2005 07:51 6.12 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000030a_43909606_00031975 12/2/2005 20:51 35.74 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000314_43905ba3_000632ea 12/2/2005 14:35 1.99 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000036b_438ef537_000e8b25 12/1/2005 13:06 120.06 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000384_438c58f6_000e8b25 12/2/2005 08:55 8.57 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000384_4390cdd8_0002dc6c 12/2/2005 22:42 19.39 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000038f_43897556_00039387 12/2/2005 12:12 37.99 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000038f_438e3999_000c28cb 12/1/2005 00:10 31.52 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000390_438cb307_00007a12 11/29/2005 19:59 30.02 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000003f9_438a1036_00089544 12/1/2005 20:52 5.57 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000003f9_438ef5e2_00066ff3 12/1/2005 13:08 30.32 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000003fa_4388b56f_000baeb9 11/26/2005 19:20 80.37 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000003fa_438cddbb_00031975 11/29/2005 23:01 338 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000046b_438f84ad_0009c671 12/1/2005 23:18 29.37 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000047e_438c58d9_000487ab 12/2/2005 14:37 1.34 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000047e_4390ca1e_00000000 12/2/2005 22:27 28.50 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000004b0_4388d23c_000bebc2 11/26/2005 21:23 31.36 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000004b0_438dbe1c_0005f5e1 11/30/2005 14:58 98.16 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000004f0_4388cd44_00066ff3 11/28/2005 23:10 278 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\000004f0_438d605a_000c65d4 12/3/2005 09:18 0 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000502_43900bdb_00081b32 12/2/2005 08:54 738 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000053c_43905caf_00053ec6 12/2/2005 14:39 5.41 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000054b_438f7fae_000cdfe6 12/1/2005 22:56 35.66 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000588_438c5edc_000af79e 11/29/2005 13:59 6.29 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000005eb_4390479f_000487ab 12/2/2005 13:09 58.85 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000005f8_43905ca1_0001ab3f 12/2/2005 14:40 1.29 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000603_438f4048_0003567e 12/1/2005 18:26 30.98 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000607_43884e36_0009c671 11/26/2005 11:59 6.52 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000607_438cba8a_00094c5f 11/29/2005 20:31 745 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000633_438c5ad3_000b34a7 11/29/2005 13:42 20.76 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000634_438b083b_0000f424 11/28/2005 13:38 30.25 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000634_438f5ef7_0001ab3f 12/1/2005 20:37 54.67 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000065a_4388e38c_000aba95 11/26/2005 22:37 35.32 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000065a_4389e62f_00076417 11/27/2005 17:00 85.03 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000065a_438ddedb_000bebc2 11/30/2005 17:18 35.58 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000065a_438e4032_00090f56 12/1/2005 00:13 111.43 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000665_4389e71c_00029f63 11/27/2005 17:04 4.58 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000665_438ea1ba_00022551 12/1/2005 07:09 87.58 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000672_438f86be_000f0537 12/1/2005 23:26 240 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000677_4390e668_000baeb9 12/3/2005 09:16 21.56 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000068f_43905b95_000f0537 12/2/2005 14:35 745 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\000006bb_43905c2c_000c28cb 12/2/2005 14:37 0 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\000006d8_4389f799_00098968 11/27/2005 18:14 29.53 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000006d8_438ef35d_000d1cef 12/1/2005 12:58 338 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\000006de_438b1390_00016e36 11/28/2005 14:26 173.63 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000006de_438f5f36_000cdfe6 12/1/2005 20:38 3.67 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000006e3_43884c9f_0006ea05 11/26/2005 11:53 6.25 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000006e3_438cba11_0005b8d8 11/29/2005 20:29 1.94 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000006e9_438f43b6_000632ea 12/1/2005 18:49 1011 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000728_4388495b_000487ab 11/26/2005 11:39 4.04 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000728_438cb8bd_00031975 12/2/2005 14:33 8.20 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000732_43882e78_0006acfc 11/26/2005 09:44 35.83 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000732_438c08be_0002625a 11/29/2005 07:52 4.54 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000732_43909bb7_0005b8d8 12/2/2005 19:08 8.21 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000074d_438821f3_0001ab3f 11/26/2005 08:50 7.85 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000074d_438b8ca1_00022551 11/28/2005 23:03 35.57 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000074d_43909460_0003d090 12/2/2005 18:37 8.03 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000784_43884e3c_0001e848 11/26/2005 11:59 6.24 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000786_4388b768_00081b32 11/26/2005 19:28 1001 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000786_438cde12_0000b71b 11/29/2005 23:02 125.15 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000007c9_4389e735_000e1113 11/28/2005 01:14 106.90 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000007c9_438ea22c_00076417 12/2/2005 19:12 31.35 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000007db_438f8572_000ec82e 12/1/2005 23:21 29.04 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000822_438836de_00040d99 11/30/2005 23:40 39.05 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000822_438c339e_0009c671 11/29/2005 10:55 47.44 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000822_4390b03a_000e4e1c 12/2/2005 20:36 33.81 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000828_438b00d4_0002dc6c 11/28/2005 13:06 298 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000828_438f45d9_000501bd 12/1/2005 18:50 12.14 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000084d_4388b432_0001312d 12/3/2005 00:27 552 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000086a_438842a8_000a4083 11/26/2005 11:10 47 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000086a_438c6374_0005b8d8 11/29/2005 14:19 406 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000871_438849d7_0003d090 11/26/2005 11:41 38.98 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000008af_438975b4_0008d24d 12/2/2005 20:26 32.30 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000008af_438e3e11_000a4083 12/1/2005 00:04 6.29 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000008ff_4388d29c_0001312d 11/26/2005 21:24 399 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\000008ff_438dbf8d_0007a120 11/30/2005 15:04 166.80 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000902_438837bc_000c65d4 12/2/2005 22:32 49.97 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000902_438c3479_00022551 11/29/2005 10:59 5.87 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000902_4390b134_000c28cb 12/2/2005 20:40 31.83 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000914_4388d375_00031975 12/2/2005 09:04 63.21 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000914_438dc194_000c28cb 11/30/2005 15:13 122.42 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000093b_438a5a31_000cdfe6 11/28/2005 01:15 86.94 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000093b_438f21a1_000dd40a 12/1/2005 16:15 22.18 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000940_4388434f_0000b71b 11/26/2005 11:13 62.61 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000940_438c6ad3_000d59f8 11/29/2005 14:50 122.65 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000975_43883e3e_000c65d4 11/26/2005 10:51 388 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\000009b3_438974f2_0006ea05 12/1/2005 19:36 29.71 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000009b3_438e3980_00039387 11/30/2005 23:45 10.38 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000a1d_438f026a_000bebc2 12/1/2005 23:48 92.32 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000a28_43884142_00053ec6 11/26/2005 11:04 62.88 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000a2f_4389741a_00089544 11/27/2005 08:53 28.34 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000a2f_438e397f_000bebc2 11/30/2005 23:45 578 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000a41_43884dd0_000501bd 11/26/2005 11:58 16.28 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000a41_4388c04b_00003d09 11/26/2005 20:06 31.04 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000a41_438cba8a_00040d99 11/29/2005 20:31 85.33 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000a41_438ceba8_000e4e1c 11/30/2005 00:00 6.33 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000a6c_43884ca8_000bebc2 11/26/2005 11:53 9.21 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000a6c_438cba24_000ec82e 11/29/2005 20:29 2.12 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000a6e_438a5221_000501bd 11/28/2005 00:41 28.33 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000a6e_438f20d1_00066ff3 12/1/2005 16:12 1.81 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000a87_4388b431_000af79e 12/3/2005 00:27 784 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000af0_4388b6d7_000cdfe6 11/26/2005 19:26 35.32 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000b31_438adbb0_0002625a 11/28/2005 10:28 35.33 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000b31_438f43b8_0007270e 12/1/2005 18:40 161 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000b7f_438b00d4_0005b8d8 11/28/2005 13:06 83.58 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000b93_43891174_000f0537 11/27/2005 01:52 28.34 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000b93_438e397f_0007a120 12/2/2005 18:36 15.80 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000b9b_438a5ca7_0008583b 11/28/2005 01:25 3.71 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000b9b_438f43af_0001ab3f 12/1/2005 18:40 237 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000bb3_4388216c_000e4e1c 11/26/2005 08:48 7.83 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000bb3_43908e48_000e4e1c 12/2/2005 18:11 6.27 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000bdb_43882e40_000501bd 11/26/2005 09:43 124.04 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000bdb_438c08b7_00039387 11/29/2005 07:52 7.69 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000bdf_43905b5c_0000f424 12/2/2005 14:34 7.63 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000c1e_43884cc0_0007de29 11/26/2005 11:53 4.04 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000c7b_438c5a4d_00090f56 11/29/2005 13:40 8.88 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000c95_4389e599_0002625a 11/27/2005 20:06 38.75 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000c95_438e3fb0_000d1cef 12/1/2005 00:11 6.06 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000ce1_438c882c_00003d09 11/29/2005 16:56 51.44 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000ced_43905c44_000a037a 12/2/2005 14:37 11.02 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000d1f_438b16f3_00040d99 11/28/2005 14:40 7.59 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000d1f_438f6241_0002dc6c 12/1/2005 20:51 298 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000d66_438c58da_000aba95 11/29/2005 13:34 512 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000d66_4390cb0c_000632ea 12/2/2005 22:30 298 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000d6a_43884572_00016e36 11/26/2005 11:22 3 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000d6a_438c6b3a_000b34a7 11/29/2005 14:52 167.71 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000d9f_4388bea8_000d9701 11/26/2005 19:59 29.75 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000d9f_438ceb95_000b71b0 11/30/2005 00:00 3.58 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000dc7_438ae554_000ec82e 12/2/2005 08:37 143.04 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000ddc_4388361d_00076417 12/2/2005 08:37 28.24 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000ddc_438c2a7f_0002625a 11/29/2005 10:16 56.82 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000ddc_43909f10_000ca2dd 12/2/2005 20:41 30.17 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000de9_43900bda_000cdfe6 12/2/2005 08:54 387 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000e00_4388fa79_0006acfc 11/27/2005 18:43 30.03 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000e00_438e38b7_00031975 11/30/2005 23:41 2.24 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000e12_43883d33_00007a12 11/26/2005 10:47 3.91 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000e12_43916182_00081b32 12/3/2005 09:12 85.89 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000e29_438cb9a4_000501bd 11/29/2005 20:27 1.99 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000e5c_43900b0b_0005f5e1 12/2/2005 08:51 342 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000e99_4388cc75_0001312d 11/26/2005 20:58 28.32 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000e99_438d4f00_000b71b0 11/30/2005 07:04 113.39 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000ea9_438c852c_000632ea 11/29/2005 16:43 51.44 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000ecc_438c59e2_0001e848 12/2/2005 14:52 4.81 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000ef5_438a118f_000af79e 12/2/2005 11:43 8.11 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000ef5_438f1089_000d1cef 12/1/2005 15:02 35.52 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000f3e_4388218e_00090f56 11/26/2005 08:49 4.86 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000f3e_438b8084_000c28cb 12/1/2005 23:33 35.67 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000f77_439034eb_00098968 12/2/2005 11:50 28.62 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000fbf_43883acd_0000b71b 11/26/2005 10:37 51.45 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000fbf_4390c586_00007a12 12/2/2005 22:12 35.77 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000fc9_438c5997_000501bd 12/2/2005 14:39 1.17 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000fc9_43916150_000cdfe6 12/3/2005 09:11 4.75 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00000ff4_438a56e4_000aba95 11/28/2005 01:01 36.00 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001003_43884d6c_0005b8d8 11/26/2005 11:56 5.96 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001003_438cba79_0006acfc 11/29/2005 20:30 13.88 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001030_43884971_00029f63 11/26/2005 11:39 3.90 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001030_438cb918_00040d99 11/29/2005 20:24 744 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001049_438c62b0_00022551 11/29/2005 14:16 3.69 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000105a_438f8692_00016e36 12/1/2005 23:26 146.87 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001075_438b2252_000501bd 11/28/2005 15:29 28.84 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001075_438f8b30_000632ea 12/1/2005 23:45 90.95 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000010d9_438cb02b_000487ab 11/29/2005 19:46 28.21 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000010d9_438cb8f1_0001ab3f 11/29/2005 20:24 7.82 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000113e_43884af1_000487ab 11/26/2005 11:45 3.92 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000113e_438cb9ac_000a4083 11/29/2005 20:27 1.99 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000011b8_438b1494_00039387 11/28/2005 14:30 1.32 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000011b8_438f61d2_000ec82e 12/1/2005 21:18 109.22 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000011d5_4388f9d3_0000f424 11/27/2005 13:15 29.45 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000011d5_438e3724_000a7d8c 12/1/2005 20:55 5.59 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000011f4_43883d3c_000bebc2 11/26/2005 10:47 4.47 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000011f4_439162ef_0002625a 12/3/2005 09:18 8.76 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000121f_4388371d_0000f424 11/26/2005 10:21 35.53 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000121f_438c3478_00076417 11/29/2005 10:59 999 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000121f_4390b0ab_0001ab3f 12/2/2005 20:52 29.87 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001238_438826e3_00029f63 11/27/2005 00:08 29.46 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001238_438b9059_00057bcf 11/28/2005 23:18 2.24 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001238_439094ad_0001ab3f 12/2/2005 18:38 3.58 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000123b_43885d00_00081b32 11/26/2005 13:02 35.52 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000123b_438cda7f_00000000 11/29/2005 22:47 298 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001243_43897589_0005b8d8 11/27/2005 08:59 29.85 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001243_438e3d88_000af79e 12/1/2005 00:02 28.91 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001246_4388b49f_000ca2dd 11/26/2005 19:16 240 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001249_438b0837_000bebc2 11/30/2005 17:54 35.40 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001249_438f4685_0000f424 12/1/2005 18:52 258.07 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000124e_43905c6b_0008d24d 12/2/2005 14:38 4.78 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001255_43905c44_000b34a7 12/2/2005 14:37 4.82 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001289_43884a50_000b71b0 11/26/2005 11:43 62.20 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001295_4388b7ef_0005f5e1 12/2/2005 13:11 0 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\000012c2_43884d62_00031975 11/26/2005 11:56 6.10 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000012c2_438cba6f_000af79e 11/29/2005 20:30 22.77 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000012db_43882185_0001312d 11/26/2005 08:49 68.59 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000012db_438b7af1_000c28cb 11/28/2005 21:47 29.79 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000012db_43908ec1_00081b32 12/2/2005 18:13 4.62 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000012e1_438836f8_000487ab 12/2/2005 22:34 27.90 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000012e1_438c346d_00022551 11/29/2005 10:58 52.43 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000012e1_4390b092_00044aa2 12/2/2005 20:37 33.42 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000134c_4388d146_00040d99 11/26/2005 21:19 33.58 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000134c_438d8ae5_000c65d4 11/30/2005 11:20 10.01 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001350_438f6289_00007a12 12/1/2005 20:52 32.82 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001366_4388362f_00003d09 11/26/2005 10:17 4.49 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001366_4390acce_00003d09 12/2/2005 20:21 7.25 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000136f_438a5c80_000aba95 11/28/2005 01:25 518 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000138a_438841a7_00040d99 12/1/2005 20:44 7.11 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000139d_438837e8_00081b32 11/26/2005 10:24 6.16 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000139d_438c3485_00081b32 11/29/2005 10:59 0 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000139d_4390b207_0005f5e1 12/2/2005 20:44 29.17 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000013a6_4388cf48_00066ff3 11/26/2005 21:10 5.87 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000013a6_438d6f17_000ca2dd 11/30/2005 09:21 258.07 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000013cf_43905c33_000baeb9 12/2/2005 14:37 10.77 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000013e9_438c408e_00098968 11/29/2005 14:06 31.98 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000013e9_4390baf7_000a7d8c 12/2/2005 21:21 28.88 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000013f4_4388d38b_000e8b25 11/26/2005 21:28 130.53 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000013f4_438dc209_0007a120 11/30/2005 16:28 35.31 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000013f5_4388bd6d_00089544 11/29/2005 22:24 28.34 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001481_43883ece_00090f56 11/26/2005 10:54 395 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001481_438c5a3e_000ec82e 11/29/2005 13:40 275 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000151a_43900be0_000ca2dd 12/2/2005 08:54 335 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000153c_43882185_00016e36 11/26/2005 08:49 1.41 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000153c_438b7b2e_0002dc6c 11/28/2005 21:48 26 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000153c_43908eca_00031975 12/2/2005 18:13 5.98 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001547_438821c1_00076417 11/26/2005 08:50 8.74 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001547_438b8529_0001312d 11/28/2005 22:31 35.23 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001547_43909438_000a4083 12/2/2005 18:36 3.59 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000154e_438f8861_000f0537 12/1/2005 23:33 30.31 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000159f_438849d7_0007de29 11/26/2005 11:41 4.04 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000015a1_43883664_000d59f8 12/2/2005 22:30 32.34 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000015a1_438c2a9e_00090f56 11/29/2005 10:17 395 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\000015a1_4390afd5_0000b71b 12/2/2005 20:34 32.02 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000015b4_4389e71d_0008d24d 11/27/2005 17:04 47 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\000015b4_438ea1d1_00098968 12/1/2005 07:10 4.47 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000015bd_438af97a_0002dc6c 11/28/2005 12:35 25.46 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000015bd_438f45d8_0002625a 12/1/2005 18:50 161 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\000015d5_43900c75_000b34a7 12/2/2005 13:28 1.35 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000015e1_438a50b2_000cdfe6 11/28/2005 00:34 28.31 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000015e1_438f20ac_00090f56 12/1/2005 16:11 744 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\000015e2_439071e3_0009c671 12/2/2005 16:10 29.56 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000015fd_4388c8ac_000b71b0 11/26/2005 20:42 30.19 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000015fd_438ceccb_0008583b 11/30/2005 00:05 704 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000161e_438f86bf_0001e848 12/1/2005 23:26 12.51 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001636_43905caf_0006ea05 12/2/2005 14:39 4.82 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001649_43882146_00081b32 11/26/2005 08:48 4.80 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001649_438b34ab_000f0537 11/28/2005 16:47 83.58 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001649_438b5257_000501bd 11/28/2005 18:54 31.12 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001649_43908e0d_0006acfc 12/2/2005 18:10 240 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000164a_438a5a24_00098968 11/28/2005 01:15 74.66 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000169a_438cac82_00003d09 11/29/2005 19:31 30.38 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000016c5_43883951_000baeb9 11/26/2005 10:32 2.23 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000016c5_438c3ea1_0009c671 12/1/2005 14:31 39.47 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000016c5_4390b418_0001ab3f 12/2/2005 20:52 29.64 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000016d4_43883edb_00040d99 11/26/2005 10:54 3.92 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000016d4_438c5a47_0009c671 11/29/2005 13:40 5.78 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001732_43900eee_00057bcf 12/2/2005 09:07 79.79 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000176a_438f7b58_000a4083 12/1/2005 22:38 30.75 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000176d_438a11e9_000b71b0 11/27/2005 20:07 7.87 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000176d_438f1fd7_000e4e1c 12/1/2005 16:07 6.13 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001796_43883f7c_0008d24d 11/26/2005 10:57 3.97 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000017b8_4388dfc7_000dd40a 11/26/2005 22:20 28.33 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000017b8_438dd9d7_000baeb9 12/2/2005 19:20 34.01 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000017bd_438a22f0_000dd40a 11/27/2005 21:19 3.70 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000017bd_438f209d_00098968 12/1/2005 16:11 75.45 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000182f_4388404b_00053ec6 11/26/2005 11:00 47 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000183a_4388cd45_000a4083 11/26/2005 21:01 133.00 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000183a_438d60ad_00057bcf 11/30/2005 08:19 83.58 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000185a_439033b0_00007a12 12/2/2005 11:44 3.96 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000187e_438c3e9f_000af79e 12/1/2005 14:31 334 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000187e_4390b413_000a037a 12/2/2005 20:52 30.45 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000188f_438a598b_000d9701 12/2/2005 22:30 12.51 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000018be_438820df_000a4083 11/28/2005 00:57 5.64 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000018be_438b33dd_000501bd 11/28/2005 16:44 16.91 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000018be_438b4ad2_000ec82e 11/28/2005 18:22 220.47 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000018d7_43883c7c_00081b32 11/26/2005 10:44 374 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\000018d7_438c58f8_0008d24d 12/2/2005 08:55 4.71 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000018d7_439160cb_000d59f8 12/3/2005 09:09 7.74 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000190b_4388cf7c_00076417 12/1/2005 20:55 15.54 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000190b_438d72a2_0007a120 11/30/2005 09:36 136.46 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001916_43883bbb_000bebc2 11/26/2005 10:40 426 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001916_438c58eb_000af79e 12/2/2005 08:55 12.48 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001927_438dbf84_0009c671 11/30/2005 15:04 155.96 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001943_438a2131_0001312d 11/27/2005 21:12 30.20 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000194d_4388d378_000b34a7 11/26/2005 21:28 87.41 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000194d_438dc1f7_000c28cb 11/30/2005 15:27 29.73 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001953_43916148_00031975 12/3/2005 09:11 6.14 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000195d_4390354d_00076417 12/2/2005 11:51 28.61 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000196f_438975d0_0008583b 12/2/2005 16:04 30.72 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000196f_438e3e3d_00031975 12/1/2005 00:05 29.26 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000198c_4388d422_0005f5e1 11/26/2005 21:31 468.66 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000198c_438dd466_00031975 11/30/2005 16:33 28.34 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000199f_4388f9e1_000e1113 11/27/2005 13:15 29.53 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000199f_438e372a_00040d99 11/30/2005 23:35 14.10 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000019d9_438c5a2e_000c28cb 12/2/2005 08:56 7.91 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000019da_43883ef0_000487ab 11/26/2005 10:54 388 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\000019fc_438f7e5a_00040d99 12/1/2005 22:55 35.68 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000019fe_4388fac7_000d59f8 11/27/2005 00:16 29.37 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000019fe_438e392d_00094c5f 11/30/2005 23:58 15.80 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001a2a_43900c74_00040d99 12/2/2005 13:28 278 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001a31_438f7389_00022551 12/1/2005 22:04 30.74 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001a49_43883074_00031975 11/28/2005 15:31 4.09 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001a49_438c0f39_00040d99 11/29/2005 08:20 2.25 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001a49_43909c24_000a4083 12/2/2005 19:10 214.94 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001ad4_43882c86_0003d090 11/29/2005 22:14 3.92 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001ad4_438b9073_0002dc6c 11/28/2005 23:19 20.48 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001ad4_439094dd_000bebc2 12/2/2005 18:39 4.43 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001af6_4388ca70_00040d99 11/26/2005 20:49 28.32 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001af6_438cedc1_000c65d4 11/30/2005 00:10 18.36 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001b32_4389e74d_0000b71b 11/27/2005 17:05 152.28 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001b32_438ea345_0002625a 12/1/2005 07:16 28.78 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001b7e_438b14a7_00081b32 11/28/2005 14:31 7.93 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001b7e_438f61d4_000a7d8c 12/1/2005 21:18 86 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001bd9_438849d2_00066ff3 11/26/2005 11:41 4.03 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001bfc_4388bd67_000d9701 12/1/2005 16:38 29.21 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001c5e_438f8770_0009c671 12/1/2005 23:29 30.44 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001c75_43885d0a_000e1113 11/26/2005 13:03 29.75 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001c75_438cda7f_00044aa2 11/29/2005 22:47 83.58 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001cd0_43883638_0001ab3f 11/26/2005 10:17 149.70 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001cd0_4390add5_00098968 12/3/2005 09:13 33.74 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001cdf_43884ac4_0002dc6c 11/26/2005 11:45 3 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001cdf_438cb99f_000aba95 11/29/2005 20:27 1.99 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001d11_43884678_00066ff3 11/26/2005 11:26 70.45 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001d11_438c7067_000a7d8c 11/29/2005 15:14 132.16 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001d3f_43884c24_00094c5f 11/26/2005 11:51 6.29 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001d5c_43905ca2_000baeb9 12/2/2005 14:39 7.27 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001d5e_43884c45_000d1cef 11/26/2005 11:51 5.55 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001da7_438a5c28_0007de29 11/28/2005 01:25 1.14 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001da7_438f2fe7_000a4083 12/1/2005 17:16 30.47 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001db5_438f1021_00000000 12/3/2005 09:14 30.04 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001dc3_438a5bef_00090f56 11/28/2005 01:22 96.06 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001dc3_438f2e4b_0008d24d 12/1/2005 17:17 30.75 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001dcb_43884d59_000a037a 11/26/2005 11:56 6.53 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001e1f_4388274b_000a4083 11/26/2005 09:13 35.23 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001e1f_438b905c_0008583b 11/28/2005 23:19 4.75 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001e1f_439094b2_0001ab3f 12/2/2005 18:38 3.62 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001e87_43905b53_0006acfc 12/2/2005 14:33 7.82 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001eb8_43905ca1_0006acfc 12/2/2005 14:39 161 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001eca_4388bdad_000a037a 12/2/2005 19:51 30.11 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001eca_438ce7eb_00016e36 11/29/2005 23:44 35.28 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001edc_438cca7e_0001ab3f 11/29/2005 21:39 31.28 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001f0d_438b1431_000a7d8c 11/28/2005 14:29 28.77 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001f8b_438b1a8d_00031975 11/28/2005 14:56 5.05 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001f8b_438f6aa6_0006ea05 12/1/2005 21:27 12.51 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001fb4_4388cf09_00081b32 11/27/2005 17:18 35.42 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001fb4_438d673b_00090f56 11/30/2005 08:48 110.89 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00001ff1_43884c70_00057bcf 11/26/2005 11:52 6.05 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002015_438a284e_0009c671 11/27/2005 21:43 35.24 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002015_438f20a1_00022551 12/1/2005 16:11 1.99 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002044_4388cd45_00081b32 11/28/2005 23:10 1.92 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002044_438d60ad_00039387 11/30/2005 08:19 298 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\000020ad_4388d1fa_00098968 11/26/2005 21:22 31.12 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000020ad_438dbcbe_000501bd 11/30/2005 14:52 165.29 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000020d5_43905ca1_00089544 12/2/2005 14:39 161 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002120_43884cc3_00057bcf 11/26/2005 11:53 8.34 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000212c_438852cf_0002dc6c 11/26/2005 12:19 78.50 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000212c_438cc54a_0003567e 11/30/2005 08:58 5.04 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002147_438ad8eb_0008583b 11/28/2005 10:16 33.13 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002147_438f43b7_00040d99 12/1/2005 18:40 161 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000214e_4388e474_0001ab3f 11/29/2005 23:29 36.52 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000214e_438de0a5_000632ea 11/30/2005 17:25 28.10 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000021eb_438a24a3_0003567e 11/27/2005 21:26 29.90 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000021eb_438f20a0_000baeb9 12/1/2005 16:11 29.52 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002213_43882d3f_000d1cef 11/26/2005 09:39 139.17 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002213_43909593_00098968 12/2/2005 18:42 29.55 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002237_438a10e7_00044aa2 11/27/2005 20:02 4.14 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002237_438f099d_000c65d4 12/1/2005 14:33 50.73 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000022cd_4390cc40_000b34a7 12/2/2005 22:35 4.43 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000022e4_4388f9f9_0006ea05 11/27/2005 00:12 29.40 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000022e4_438e382d_00003d09 11/30/2005 23:39 298 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\000022ee_43882feb_0004c4b4 12/2/2005 22:23 29.93 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000022ee_43909bc6_0001ab3f 12/2/2005 19:08 140.14 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002332_4388b7aa_00057bcf 11/26/2005 19:29 9.54 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002332_438a5a8b_000e8b25 11/28/2005 01:16 88.42 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002332_438cde12_0008d24d 11/29/2005 23:02 338 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002332_438f2592_000e8b25 12/1/2005 16:32 30.26 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002350_43882e7c_000e1113 11/26/2005 09:44 87.58 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002350_43909bbf_0009c671 12/2/2005 19:08 10.03 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000023c9_4390bf51_000e4e1c 12/2/2005 21:41 30.93 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002410_438a5c54_000dd40a 11/28/2005 01:24 4.06 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002410_438f3feb_00022551 12/1/2005 18:24 365 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002461_4389fc50_000d59f8 11/27/2005 18:34 29.71 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002461_438ef4cb_000c28cb 12/1/2005 13:04 159.43 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002462_43884af1_000a037a 11/26/2005 11:45 3.91 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002466_43906f8e_0005f5e1 12/2/2005 16:00 6.27 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000248d_4388e39b_0002dc6c 11/26/2005 22:37 32.66 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000248d_438ddee5_00029f63 11/30/2005 17:18 29.55 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000249e_43883d3a_0001312d 11/26/2005 10:47 3.92 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000249e_438c599d_0007de29 12/2/2005 08:56 22.03 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000249e_439162da_0007a120 12/3/2005 09:18 5.91 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002518_438b1753_0005b8d8 11/28/2005 14:42 3.90 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002518_438f689c_00098968 12/1/2005 21:18 339 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000251f_438c5b4c_0005f5e1 11/29/2005 13:44 8.56 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002528_438846a0_00098968 11/29/2005 16:57 389 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002528_438c7086_0009c671 11/29/2005 15:15 107.26 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000252a_43883eb6_000af79e 11/26/2005 10:53 395 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000252a_438c5a2e_000d59f8 12/2/2005 08:56 2.18 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000252b_438b1a75_00000000 12/2/2005 18:15 3.54 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002568_438cdf38_00053ec6 11/29/2005 23:07 9.54 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002581_438ae2cc_00039387 12/2/2005 22:34 18.98 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000025cc_43905c43_0009c671 12/2/2005 14:37 9.11 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000260d_43882d8b_0001312d 11/26/2005 09:40 158.19 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000260d_438b9181_000b71b0 11/29/2005 22:50 159.23 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000260d_439095a0_000d1cef 12/2/2005 18:42 29.28 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000261e_43883bb6_000a037a 11/26/2005 10:40 4.49 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000261e_4390cc73_00057bcf 12/2/2005 22:36 136.16 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002668_4388421c_000c28cb 11/26/2005 11:08 4.76 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\0000267d_438b14a9_000baeb9 11/28/2005 14:31 7.93 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000026a6_4388221e_000bebc2 12/3/2005 09:18 89.50 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000026a6_438b8dd2_00089544 11/28/2005 23:08 32.28 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000026a6_43909470_0008583b 12/2/2005 18:37 3.49 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000026b1_43884ac3_000501bd 11/26/2005 11:45 4.09 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000026ca_438c3478_000aba95 11/29/2005 10:59 5.56 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000026ca_4390b0d2_0005b8d8 12/2/2005 20:38 31.06 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000026e9_4388216c_0007270e 11/26/2005 08:48 69.42 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\000026e9_439034bf_0001312d 12/2/2005 11:49 28.64 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002718_43905c14_0000b71b 12/2/2005 14:37 355 bytes Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002725_43884139_00044aa2 11/26/2005 11:04 7.75 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002738_4389fc46_00094c5f 11/27/2005 18:34 35.38 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002738_438ef47d_000487ab 12/1/2005 13:02 160.92 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002753_43897583_00076417 11/27/2005 08:59 28.49 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002753_438e3d1b_0006acfc 12/1/2005 00:00 33.56 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002780_4388ea3e_0001e848 11/26/2005 23:13 29.88 KB Hidden from Windows API.
F:\Program Files\Movenger\Cache\00002780_438e35cd_0000b71b 12/1/2005 23:34 283 bytes Hidden from Windows API.
F:\Program Files&#

Edited by Rocketdoctor, 03 December 2005 - 04:42 AM.

#7
Armodeluxe

Posted 03 December 2005 - 01:33 PM

Member 2k

Retired Staff
2,744 posts

Open HijackThis and click Scan. Put a check next to this:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm

Close all other windows except HijackThis and click Fix Checked.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.gee.../aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Then delete these files:

F:\Documents and Settings\Jim\Local Settings\Temp\secorier.exe
F:\WINDOWS\system32\mslpcups.dll
F:\WINDOWS\system32\uxtkbdhu.exe

Change the file view settings back when done.

Next, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.

#8
Rocketdoctor

Posted 03 December 2005 - 03:53 PM

New Member

Topic Starter
Member
9 posts

Logfile of HijackThis v1.99.1
Scan saved at 21:51:20, on 03/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\svchost.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
F:\Program Files\Eazy-Ware\ezSched.exe
F:\Program Files\GIANT Company Software\Spam Inspector\siService.exe
F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
F:\WINDOWS\System32\alg.exe
F:\Program Files\Winamp\winampa.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\1stDir32\Program\AO_Shutdown.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\PFU\ScanSnap!\CardMinder\CardLauncher.exe
F:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
F:\Program Files\PFU\ScanSnap!\PDF Thumbnail View\pdfquickview.exe
F:\WINDOWS\system32\ctfmon.exe
C:\VALVE\Steam.exe
F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
F:\Program Files\PFU\ScanSnap!\Driver\PfuSsMon.exe
F:\Program Files\PFU\ScanSnap!\CardMinder\bcd_file\SbCRecE.exe
F:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
F:\Documents and Settings\Jim\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.londinivm...action=withdraw
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.100
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [EazyScheduler] F:\Program Files\Eazy-Ware\ezSched.exe
O4 - HKLM\..\Run: [siService.exe] "F:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"
O4 - HKLM\..\Run: [PaperPort PTD] F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] F:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [WinampAgent] F:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AO_Shutdown] F:\1stDir32\Program\AO_Shutdown.exe
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [THGuard] "F:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CardMinder] F:\Program Files\PFU\ScanSnap!\CardMinder\CardLauncher.exe
O4 - HKLM\..\Run: [Pdfquickview] F:\Program Files\PFU\ScanSnap!\PDF Thumbnail View\pdfquickview.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\VALVE\\Steam.exe -silent
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adviser Office Taskbar.lnk = F:\1stDir32\Program\Taskbar.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: ScanSnap! Monitor.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0089F6EE-ED54-11D5-B0E7-00508B014C1D} (ExWebClientUtils Class) - http://exweb.exchang...ies/texInfo.CAB
O16 - DPF: {034DA761-EDB7-11D7-A20A-000802318089} (EWGPHI.desInput) - http://exweb.exchang...ries/EWGPHI.CAB
O16 - DPF: {090EC279-1378-44B7-B521-888980212E7E} (Complist3 Class) - http://exweb.exchang...ebCListCtl3.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {0F026C11-5A66-4C2B-87B5-88DDEBAE72A1} (ComponentOne FlexGrid 8.0 (Light)) - https://www.aequoson...ex/vsFlex8l.ocx
O16 - DPF: {2F6A847E-2EC2-11D3-AE1B-00508B014C1D} (Parser Class) - http://exweb.exchang...s/XMLParser.CAB
O16 - DPF: {500A5CC4-0334-11D5-87AD-0050DAC7511B} (GES.DesSSMain) - file://D:\CAB\GES.CAB
O16 - DPF: {511835FF-EDC9-11D7-A20A-000802318089} (EWGWholeLife.desInput) - http://exweb.exchang...WGWholeLife.CAB
O16 - DPF: {59A910DE-EE9A-11D7-A20A-000802318089} (EWGCombinedTerm.desInput) - http://exweb.exchang...rmAssurance.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122574157265
O16 - DPF: {735932BD-8729-11D5-8F19-0008C7E9C2C6} (RIMA For Windows NT) - file://D:\CAB\rimant.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E95B0CA-EB6F-11D3-979B-00508B64538B} (VersionInfo.clsVersionInfo) - file://D:\CAB\VersionInfo.cab
O16 - DPF: {A32DBCA3-4BFD-11D3-B9E4-008048FCE443} (Complist Class) - file://D:\CAB\eXwebCListCtl.cab
O16 - DPF: {A6339C32-3F93-11D5-8EB7-0008C7E9C2C6} (Pensions.clsPensionBusinessLogic) - file://D:\CAB\pensions.cab
O16 - DPF: {A74D724A-AB17-11D2-A96A-006097E20477} (eXwebUtils.HTMLUtils) - http://exweb.exchang.../eXwebUtils.CAB
O16 - DPF: {A9F86998-BB62-11D2-A988-006097E20477} (eXwebUtils.clsVersionInfo) - file://D:\CAB\eXwebUtils.cab
O16 - DPF: {A9F869B2-BB62-11D2-A988-006097E20477} (eXwebOccList.clsVersionInfo) - file://D:\CAB\eXwebOcc.cab
O16 - DPF: {A9F869C0-BB62-11D2-A988-006097E20477} (PHIHelpText.clsVersionInfo) - file://D:\CAB\PHIHelpText.cab
O16 - DPF: {A9F869CE-BB62-11D2-A988-006097E20477} (PHIToolTips.clsVersionInfo) - file://D:\CAB\PHIToolTips.cab
O16 - DPF: {AB5ED3AE-DE26-11D3-AD7A-0050044495F0} (WholeLife.clsVersionInfo) - file://D:\CAB\wholelife.cab
O16 - DPF: {ABF92614-EBA5-11D3-A315-006008134E84} (Annuities.dsrMain) - file://D:\CAB\ann_GD.cab
O16 - DPF: {B539A417-0C5E-11D4-97CF-00508B64538B} (Bonds.GLBI030) - file://D:\CAB\Bonds.cab
O16 - DPF: {B5805B24-2D86-11D0-ADA6-00400520799C} (ProtoView Calendar Control) - file://D:\CAB\pvcalctl.cab
O16 - DPF: {BC954BAD-872A-11D5-8F19-0008C7E9C2C6} (RIMA For Windows 9x) - file://D:\CAB\rima9x.cab
O16 - DPF: {C2A91890-0BBD-11D4-833E-0008C78A797E} (CTP Goal Proposal Update) - file://D:\CAB\GoalUpdate.CAB
O16 - DPF: {CC696B63-4159-11D0-BDCB-0020A90B183A} (ProtoView Date Control) - file://D:\CAB\pvdate2.cab
O16 - DPF: {DB1F08C5-F410-11D3-A316-006008134E84} (CombinedTerm.desUserDefaultsGrid) - file://D:\CAB\TermAssurance.cab
O16 - DPF: {DBA9E4A1-885A-11D3-8919-0050049D81F4} (TexPHIDS.dsrPHIInput) - file://D:\CAB\TexPHIDS.cab
O16 - DPF: {DDECE2F5-AF1F-44E7-B37F-96B6630F5C60} (PrintComponent.clsVersionInfo) - http://exweb.exchang...es/printdll.CAB
O16 - DPF: {E5CFA957-1CD1-11D2-85AD-006097B42E68} (TEXCList.ctlCompanyList) - file://D:\CAB\eXwebCList.cab
O16 - DPF: {E7FF5332-854E-11D2-A952-006097E20477} (eXwebOccList.clsOccRes) - http://exweb.exchang...es/eXwebOcc.CAB
O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} (ProtoView DataTable Control 7.0 (OLEDB)) - file://D:\CAB\pvdt70.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OUD - Sysinternals - www.sysinternals.com - F:\DOCUME~1\Jim\LOCALS~1\Temp\OUD.exe

Log of AproposFix v1

************

Running from directory:
F:\Documents and Settings\Jim\Desktop\aproposfix

************

Registry entries found:

[HKEY_LOCAL_MACHINE\Software\C6ignAFtZSmm]
@="Z2zErG\\LMMLMMNM7Cz 39DLMMLeOMvhmcnvrMDJDE:7SRM.C3G:CDMG3.\\:DDCNDJD"
"Device"="\\\\.\\mrabios"
"DriverPath"="F:\\WINDOWS\\system32\\drivers\\vidcessr.sys"
"DriverName"="AhatSvc"
"HideUninstallerName"="F:\\Program Files\\Movenger\\nvdptsvc.exe"
"UninstallerPath"="F:\\WINDOWS\\system32\\uxtkbdhu.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{75D947F8-1157-414C-966A-A6F583740E69}"
"UninstallerParams"="/CTUN"
"HDll"="F:\\WINDOWS\\system32\\mslpcups.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.con...onbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{X31e8d69-a425-5832-66fc-0a35dabea97f}"
"PageFiltering"=dword:00000001
"ClientName"="F:\\Program Files\\Movenger\\cickctrs.exe"

************

Removing hidden service:
Service AhatSvc removed.

Removing hidden folder:
Deletion of folder Movenger succeeded!

Deleting files:

Deletion of file F:\WINDOWS\system32\drivers\vidcessr.sys succeeded!
Deletion of file F:\WINDOWS\system32\pendyctl.exe succeeded!
Deletion of file F:\WINDOWS\system32\mslpcups.dll succeeded!
Deletion of file F:\WINDOWS\system32\uxtkbdhu.exe succeeded!

Backing up files:
Done!

Removing registry entries:

REGEDIT4

[-HKEY_CURRENT_USER\Software\C6ignAFtZSmm]
[-HKEY_LOCAL_MACHINE\Software\C6ignAFtZSmm]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{75D947F8-1157-414C-966A-A6F583740E69}]

Done!

Finished!

#9
Armodeluxe

Posted 03 December 2005 - 07:33 PM

Member 2k

Retired Staff
2,744 posts

Looks like we cleaned the rootkit infection.. :tazz:

Everything looks good, do you have any problems left now?

#10
Rocketdoctor

Posted 04 December 2005 - 02:16 AM

New Member

Topic Starter
Member
9 posts

Nope, no problems at the moment! Looking good.

Many thanks for your help.

#11
Armodeluxe

Posted 04 December 2005 - 08:20 AM

Member 2k

Retired Staff
2,744 posts

Now let's reset your restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Please take the following into consideration to maintain a clean computer.

Now you should go get a firewall. Don't rely on the Windows firewall as it monitors only incoming traffic. Pick one of these, they are all free.
Kerio
Zonealarm
Sygate

I'll also recommend you to install a monitoring software which will monitor certain areas on your computer and will place alerts when those are being modified. One such software I'll recommend is Prevx, but it's for advanced users as the messages it displays can be hard to decipher. One other similar but more user friendly software is Winpatrol. Both are free programs.
Winpatrol
Prevx

Visit Windows Update regularly to get the latest security updates.You can also enable automatic updates.Your antivirus software and antispyware programs should also be updated regularly. Make a habit of running scans on a timely basis. Be careful about what you download, scan every file before clicking on it.

Additional programs to consider:

Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.Restricts the actions of potentially unwanted sites in Internet Explorer.
Spywareguard An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!
IE/Spyad
Adds a list of malicious sites to your Restricted Sites Zone.
Firefox An alternate browser safer than IE

A good article to read:
So how did I get infected in the first place?

Regards,

Armodeluxe

#12
Rocketdoctor

Posted 08 December 2005 - 09:51 AM

New Member

Topic Starter
Member
9 posts

All done.

#13
Armodeluxe

Posted 09 December 2005 - 11:44 AM

Member 2k

Retired Staff
2,744 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.