Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware disables all my security features [RESOLVED]

Started by August_H , Jun 26 2007 08:31 PM

This topic is locked

#1
August_H

Posted 26 June 2007 - 08:31 PM

Member

Member
19 posts

Hello GeeksToGo staff,

Thank you in advance for maintaining this terrific forum and for the hard work you put in. I have a malware problem that I think may challenge you.

Operational symptoms are advertising popups and slow performance. A lot of the popups are directed to URLs that start with "http://url.cpvfeed.com/cpv.jsp?"

The malware also disables Windows Security Center, turns off my firewall, and disables programs such as Spybot S&D and all of the AVG programs by deleting the main executable files. Any attempts to reinstall these programs fail because the exe files are deleted before the install completes. I finally got Spybot to run by renaming the main exe file after installing on another system and copying the renamed file over. It detected Smitfraud but could not remove it, either initially or upon restart. I do NOT have the usual Smitfraud symptoms of changed background screen, spyware warnings, etc.

Also, my machine now cannot be started in safe mode. The F8 routine brings up the menu allowing selection of safe mode, but selecting it causes the computer to reboot. It will only complete the start-up process in standard mode.

I have read the "You Must Read This..." message and done what I can of the instructions there, but that is not much because of the limitations above. SuperAntiSpyware installs and runs (in unsafe mode of course), but something makes the machine reboot in the middle of the scan. It finds no threats in the memory or registry scans, and crashes right after finding Trojan.Netmon.DNSChange in the file scan.

I cannot run Panda ActiveScan because something interferes with the ActiveX download. The machine returns an error when attempting the download and Panda just keeps waiting for the download to finish.

At least HijackThis works! Log below. Many thanks in advance for any help.

August H.

Logfile of HijackThis v1.99.1
Scan saved at 10:06:50 PM, on 6/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\August\My Documents\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/Home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape...nsearch200.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/Home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.zone.com/...edir.asp?code=2
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - d:\Program Files\FlashCapture\FCBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Steam] H:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [NBJ] "D:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: emule.exe.lnk = D:\Program Files\eMule\emule.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: Save F&lash with FlashCapture - res://d:\Program Files\FlashCapture\FCIEXT.dll/FCIEXT.htm
O8 - Extra context menu item: SnipeIt! eSnipe - http://www.esnipe.co...nipeItOpen3.asp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - d:\Program Files\FlashCapture\FCIEXT.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.westlaw.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://64.132.60.214/iNotes.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...n/GoogleNav.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.krollontr...m/edv/msrdp.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentra...oad/sonyctl.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC9BA9DA-7DF1-488E-92BC-BFD3B8FBC462}: NameServer = 192.168.1.1
O19 - User stylesheet: (file missing)
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe

#2
MoNsTeReNeRgY22

Posted 26 June 2007 - 11:15 PM

Member 2k

Member
2,539 posts

Hello and Welcome to Geeks to Go. :whistling:

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Please give me some time to analyze your log, and I will post back with instructions ASAP.

#3
MoNsTeReNeRgY22

Posted 27 June 2007 - 08:54 AM

Member 2k

Member
2,539 posts

Hello August_H,

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

1) Posted Image

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

2)Backing Up Your Registry

Go Here and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
Make sure that at least the first two check boxes are ticked
Press OK
Press YES to create the folder.

3)

Registry Modifications

Open Notepad, and copy the contents of the following box to a new file.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"hldrrr"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hldrrr"=-

[-HKEY_CURRENT_USER\Software\FirstRRRun]

Save it as fix.reg
Save as type: "All files"
Save it to your desktop.
It should look like this: Posted Image

Go to your desktop and double-click "fix.reg" and merge the infomation with the registry.
The above Registry file was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!
(In case you are unsure how to create a reg file, take a look here with screenshots.)

4)I see you have eMule installed on your system.
While the program itself is legal, most of the files downloaded with it are not.
Also, quite often the files can be infected with viruses, malware, and other undesirable applications.
I highly recommend uninstalling eMule, but this program is optional for you if you choose to want to keep it.
If you would like to remove it, please also remove the following ORANGE lines.
See HERE for details on P2P file sharing programs.

5)Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: emule.exe.lnk = D:\Program Files\eMule\emule.exe
O8 - Extra context menu item: SnipeIt! eSnipe - http://www.esnipe.co...nipeItOpen3.asp
O19 - User stylesheet: (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

6)Please download the OTMoveIt by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\hldrrr.exe
C:\Program Files\WinPop
D:\Program Files\eMule

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
Close OTMoveIt

(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)

Click the red Moveit! button.
Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

7)Download and Save Blacklight to your desktop (choose "I ACCEPT" then click "DOWNLOAD" on the website).

Double-click blbeta.exe then accept the agreement, click > "Scan" then > "Next".

You'll see a list of all items found. There will also be a log on your desktop with the name "fsbl.xxxxxxxxxxxxxx.log" (the xxxxxxxxxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

8)To get an Uninstall List from HijackThis:

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

In your next reply, please post the following
OTMoveIt Log
Fresh HJT Log
Blacklight Log
Uninstall List

#4
August_H

Posted 28 June 2007 - 08:08 PM

Member

Topic Starter
Member
19 posts

Thank you MoNsTeReNeRgY22, sorry for the delayed reply. A storm knocked out my power yesterday so I wasn't able to do this till tonight.

I followed all instructions including uninstalling eMule. The following are the requested logs.

OTMoveIt Log:

C:\WINDOWS\system32\hldrrr.exe moved successfully.
C:\Program Files\WinPop moved successfully.
Folder cleanup failed. D:\Program Files\eMule\Temp scheduled to be deleted on reboot.
D:\Program Files\eMule\skins moved successfully.
D:\Program Files\eMule\logs moved successfully.
Folder cleanup failed. D:\Program Files\eMule\Incoming scheduled to be deleted on reboot.
Folder cleanup failed. D:\Program Files\eMule\config scheduled to be deleted on reboot.
Folder cleanup failed. D:\Program Files\eMule scheduled to be deleted on reboot.

Created on 06/28/2007 21:43:44

* * * * *

Blacklight Log:

06/28/07 21:53:00 [Info]: BlackLight Engine 1.0.64 initialized
06/28/07 21:53:00 [Info]: OS: 5.1 build 2600 (Service Pack 2)
06/28/07 21:53:03 [Note]: 7019 4
06/28/07 21:53:03 [Note]: 7005 0
06/28/07 21:53:13 [Note]: 7006 0
06/28/07 21:53:13 [Note]: 7011 1308
06/28/07 21:53:13 [Note]: 7026 0
06/28/07 21:53:14 [Note]: 7026 0
06/28/07 21:53:14 [Note]: 7024 3
06/28/07 21:53:14 [Info]: Hidden process: C:\WINDOWS\system32\hldrrr.exe
06/28/07 21:53:25 [Note]: FSRAW library version 1.7.1022
06/28/07 21:56:26 [Note]: 2000 1012
06/28/07 21:56:26 [Note]: 2000 1012
06/28/07 21:56:26 [Note]: 2000 1012
06/28/07 21:56:26 [Note]: 2000 1012
06/28/07 21:56:26 [Note]: 2000 1012
06/28/07 21:56:26 [Note]: 2000 1012
06/28/07 21:56:26 [Note]: 2000 1012
06/28/07 21:56:26 [Note]: 2000 1012
06/28/07 21:56:26 [Note]: 2000 1012
06/28/07 21:56:26 [Note]: 2000 1012
06/28/07 21:56:26 [Note]: 2000 1012
06/28/07 21:56:26 [Note]: 2000 1012
06/28/07 21:56:28 [Note]: 10002 2
06/28/07 21:56:28 [Note]: 10002 2
06/28/07 21:56:28 [Note]: 7002 0
06/28/07 21:56:28 [Note]: 7003 1

* * * * *

Fresh HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:06:29 PM, on 6/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\August\My Documents\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/Home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape...nsearch200.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/Home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.zone.com/...edir.asp?code=2
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - d:\Program Files\FlashCapture\FCBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Steam] H:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [NBJ] "D:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: Save F&lash with FlashCapture - res://d:\Program Files\FlashCapture\FCIEXT.dll/FCIEXT.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - d:\Program Files\FlashCapture\FCIEXT.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.westlaw.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://64.132.60.214/iNotes.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...n/GoogleNav.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.krollontr...m/edv/msrdp.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentra...oad/sonyctl.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC9BA9DA-7DF1-488E-92BC-BFD3B8FBC462}: NameServer = 192.168.1.1
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe

* * * * *

HJT Uninstall List:

123 Free Solitaire
3ivx D4 4.5.1 (remove only)
AC3Filter (remove only)
Acrobat Key
Acrobat Key Demo
Ad-Aware SE Personal
Adobe Acrobat 6.0 Professional - English, Français, Deutsch
Adobe Download Manager 1.2 (Remove Only)
Adobe Illustrator CS
Adobe Reader for Pocket PC 2.0
Adobe Reader Japanese Fonts
Adobe SVG Viewer 3.0
Advanced PDF Password Recovery Pro
Advanced Text To Speech V3.60 Build 020122
AFPL Ghostscript 8.14
AFPL Ghostscript Fonts
AH_GrummanF3F_CFS2
Airfix Dogfighter
Alias
American Greetings CreataCard Select 6
AutoCAD DWG and DXF To PDF Converter v2.0
AVG Anti-Spyware 7.5
AVG Free Edition
Axis & Allies
Battle of Britain Memorial Flight
Big Technology CAD 2.1e
BIMP Lite 1.61
burnatonce
Canon Camera Support Core Library
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon S300
Canon Utilities EOS Capture 1.3
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
CFS2 - Western Canada & Alaska Airfields
Citrix ICA Web Client
cladDVD XP v1.3
Cobian Backup 6
ColorWasher 2.02b
Combat Mission Afrika Korps
CutePDF (Evaluation)
CutePDF Printer Setup
CutePDF Writer 2.2
DateCalcCE for Pocket PC
Dazzle MainActor v3.6
Dazzle MovieStar 5
Dazzle Photo Editor
DeductionPro 2006
DeepBurner v1.7.1.213
Deluxe Wills and Trusts
DigitalPrint 1.1
DiMAGE Scan ver 1.1
DivX Codec
DVD Complete
DVD Creation Station 200
DVD Shrink 3.2
DVDExpress
DVDMagic
DVgate
DynamicRange Workshop Plug-in v1.2
EA Network Play System
EA.com Matchup
EA.com Update
EAW Control
Empire Earth
Empire Earth - The Art of Conquest
End It All
EPSON Printer Software
ERUNT 1.1j
European Air War
Experience VAIO
Express Burn Uninstall
Express Rip Uninstall
F-16 MRF
Fighters Anthology
FirePower for Microsoft Combat Flight Simulator 3
FlashCapture v1.5
FLV Player 1.3.3
Focus Magic
Fraunhofer MP3 Codec Pro 1.263
Fx Video Converter
GC ANR Mission Pack
GC Battle for Europe Mission Pack
GC Spitfire Wing Mission Pack
Genuine Fractals PrintPro Trial
Google Toolbar for Internet Explorer
Half-Life® 2
Hauppauge WinTV2000
Heroes of the Pacific
HexDiff Version 2.51
HijackThis 1.99.1
HiNetRecorder
Hitman: Contracts
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP PhotoSmart Scanning Software
IL-2 Sturmovik: Forgotten Battles
IL-2 Sturmovik: Forgotten Battles AEP
IL2Mat (remove only)
IL2-MAT Manager
ImageStation
ImageStation Demo
ImageTool
ImgBurn (Remove Only)
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
James Bond 007: Nightfire
Java 2 Runtime Environment, SE v1.4.2_03
Just Flight Combat Aces - PCPilot
L&H TTS3000 British English
L&H TTS3000 Deutsch
L&H TTS3000 Italiano
Lame ACM MP3 Codec
Lernout & Hauspie TruVoice American English TTS Engine
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
LView Pro Evaluation Version
Macromedia Flash Player
Macromedia Flash Player 8
Mahjongg Master 5
Media Bar 3.2.12
Microsoft ActiveSync 3.7
Microsoft Combat Flight Simulator
Microsoft Combat Flight Simulator 2
Microsoft Combat Flight Simulator 3.0
Microsoft Crimson Skies
Microsoft Data Access Components KB870669
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Outlook 2002
Microsoft Plus! Windows CE, Handheld PC Edition 3.0
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Microsoft Web Publishing Wizard 1.52
Mig Alley 1.1
MilkShape 3D 1.6.4
mIRC
Motion JPEG Software Decoder
MovieShaker 3.3
Mozilla Firefox (2.0.0.4)
Music Visualizer Library 1.2
Need For Speed High Stakes
Nero Suite
Netscape (7.1)
New York Scenery
NHL 2002
No One Lives Forever - Game of the Year Edition
No One Lives Forever 2
Noiseware Professional Edition
Norton AntiVirus 2002
Norton Utilities 2002 for Windows
NVIDIA Display Driver
NVIDIA Drivers
Nvu 1.0
OnDVD
OpenMG Secure Module 3.0.01
Optimum Online net guide
OTE Plane Patch for Wings of War
OTE Texture Patch for Wings of War
Panzer General 3D
PDF Password Remover v2.2
Pdf995
PdfEdit995
PDFill Form Filler 2.0 with FREE PDF Writer and Tools
PDFill PDF Writer
PGIII Scorched Earth
PhotoPrinter 2000 Pro
PicoPlayer
PicoPlayer Demo
PicoPlayerSplashScreen
Picture Package
Picture Window Pro 3.5
PictureGear 5.1
Planemaker
Pocket RAR documentation
Pop-Up Stopper
Poser 5
POV-Ray for Windows v3.1
Power Retouche Pro
PowerDVD
PrimaScan 2400U
Progi's PFP_Tool
PTGui 6.0.1
Quicken 2002 New User Edition
QuickTime
Reader Drivers and Utilities
Real Alternative 1.45
RealJukebox
RealProducer Basic 8.5
Red Baron II
Rhinoceros 2.0 Evaluation
Rome - Total War™
Screenblast ACID 2.0
Screenblast Sound Forge 1.0a
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Sierra Utilities
SILENT HILL 3(TRIAL)
Skins n More 2.0
Smart Capture
Solitude for Windows
SonicStage 1.1.00
SonicStage CD-R Writing Module
Sony Certificate PCH
Sony DV Shared Library
Sony on Yahoo! Essentials
Sony USB Driver
Spybot - Search & Destroy 1.4
SpyHunter
Steam™
STHSDVD
SUPERAntiSpyware Free Edition
Support Actions Win2K,WinXP
SurfOffline (remove only)
Switch Uninstall
TaxCut 2003
TaxCut 2004
TaxCut Deluxe 2005
TaxCut Premium 2006
Terragen
Thief - Deadly Shadows
TopSpin
ubi.com
UnJPEG 1.0
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
URLToys For Perl SA (Remove only)
USB Card Reader
VAIO Action Setup
VAIO Brezza Wallpaper
VAIO Grid Wallpaper
VAIO Help & Support
VAIO Registration
VAIO Serenus Wallpaper
VAIO Support
Vampire - The Masquerade Bloodlines
VCDEasy v1.0.9
VFAPI Reader v1.04
VideoLAN VLC media player 0.8.5
View32
Viewpoint Media Player (Remove Only)
VisualFlow 2.1
VuePrint
WavePad Uninstall
Webcast
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WingMan Software
Wings of War
WinPcap 3.1 beta3
WinRAR archiver
WM Recorder + RM Recorder 10.1
WordPerfect Office 2002
X Codec Pack
XoftSpySE
XviD MPEG-4 Codec

* * * * *

Thanks again.

August H.

#5
August_H

Posted 29 June 2007 - 04:54 AM

Member

Topic Starter
Member
19 posts

Additional information. I ran a Trend Micro Housecall scan and it detected the following:

ADWARE_BESTOFFERS
TSPY_BAGLE.PAC
ADW_MEDIATICK.AE

Based on my googling, the second one is a Trojan assoicated with this HLDRRR.EXE that we are trying to get rid of. I guessing none of this is news to you, just thought I'd mention it.

Thanks again

August H.

#6
MoNsTeReNeRgY22

Posted 29 June 2007 - 01:43 PM

Member 2k

Member
2,539 posts

Hello again,
Well from your totalscan results
Best offers:You probably got from a P2P program(eMule) Panda should take care of it.
Bagle:Already knew about this one, also gonna run a tool to make sure its gone.
Media Ticket Is not malware, just adware that might give you pop ups. We wil fix that up with Panda also
1)Please double-click OTMoveIt.exe to run it.

Click the Clean up button
Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
Click NO to the reboot, and just delete the OTmove it program from your desktop

2)Please download BAGLEGUI from Here and save it to your desktop.

Double - Click the BAGLEGUI icon on your desktop
Click Accept
Then click the GO (Start Scan) button.
Let it remove anything it finds.
Then please post back the log it makes

Found in C:\resolve.log

3)Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report, a fresh HJT Log, and the resolve.log in your next reply

#7
August_H

Posted 30 June 2007 - 04:54 AM

Member

Topic Starter
Member
19 posts

Hi again,

Performed all of the above steps. Below are the resolve.log and the new HJT scan. I couldn't run ActiveScan, same as mentioned at top of thread. For some reason it won't download the ActiveX control. I get the window captured in the image below. It says "Click the bar above to start the download" but there is no bar above. That's probably because on earlier visits to Panda, I got the information bar about downloading the ActiveX control and selected "accept", but something seemed to interfere with the download and it never succeeded. So one time I selected "always accept from this site"; now I don't get the info bar but the download still doesn't succeed.

Posted Image

RESOLVE.LOG:

RESOLVE Version 1.07
Copyright © 2004, Sophos Plc, www.sophos.com

System disinfection for W32/Bagle

Data Version 1.13

System scan started at 23:11 on 29 June 2007

Checking for W32/Bagle in memory

Checking for files affected by W32/Bagle

Scanning C:

Error opening file C:\Documents and Settings\August\Application Data\Mozilla\Firefox\Profiles\5t75iqv1.default\cert8.db

Error opening file C:\Documents and Settings\August\Application Data\Mozilla\Firefox\Profiles\5t75iqv1.default\history.dat

Error opening file C:\Documents and Settings\August\Application Data\Mozilla\Firefox\Profiles\5t75iqv1.default\key3.db

Error opening file C:\Documents and Settings\August\Application Data\Mozilla\Firefox\Profiles\5t75iqv1.default\parent.lock

Error opening file C:\Documents and Settings\August\Application Data\Mozilla\Firefox\Profiles\5t75iqv1.default\search.sqlite

Error opening file C:\Documents and Settings\August\Application Data\Mozilla\Firefox\Profiles\5t75iqv1.default\urlclassifier2.sqlite

Error opening file C:\Documents and Settings\August\Cookies\index.dat

Error opening file C:\Documents and Settings\August\Favorites\Photography\?? videos.url

Error opening file C:\Documents and Settings\August\Favorites\???????? - Google Search.url

Error opening file C:\Documents and Settings\August\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

Error opening file C:\Documents and Settings\August\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

Error opening file C:\Documents and Settings\August\Local Settings\History\History.IE5\index.dat

Could not scan profile;sz=728x90;kch=2354152811;kbg=FFFFFF;kkw=2005+2006+amv+animation+anime+baby+band+boy+car+cat+comedy+commercial+concert+cool+crazy+cute+dance+episode+fantasy+fight+fi[1].js

Could not scan profile;sz=728x90;kch=2354152811;kbg=FFFFFF;kkw=2005+2006+amv+animation+anime+baby+band+boy+car+cat+comedy+commercial+concert+cool+crazy+cute+dance+episode+fantasy+fight+fi[1].js

Error opening file C:\Documents and Settings\August\Local Settings\Temporary Internet Files\Content.IE5\index.dat

Error opening file C:\Documents and Settings\August\NTUSER.DAT

Error opening file C:\Documents and Settings\August\ntuser.dat.LOG

Error opening file C:\Documents and Settings\August\Recent\Sweet Pictures Vol 03 ?? - ?? (Kawai Hikaru).avi.lnk

Error opening file C:\Documents and Settings\LocalService\Cookies\index.dat

Error opening file C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

Error opening file C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

Error opening file C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat

Error opening file C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat

Error opening file C:\Documents and Settings\LocalService\NTUSER.DAT

Error opening file C:\Documents and Settings\LocalService\ntuser.dat.LOG

Error opening file C:\Documents and Settings\NetworkService\Cookies\index.dat

Error opening file C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

Error opening file C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

Error opening file C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat

Error opening file C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat

Error opening file C:\Documents and Settings\NetworkService\NTUSER.DAT

Error opening file C:\Documents and Settings\NetworkService\ntuser.dat.LOG

Error opening file C:\hiberfil.sys

Error opening file C:\pagefile.sys

Error opening file C:\Program Files\Big Technology CAD\tutorial\????????? ??????? ?? ???????.htm

Error opening file C:\Program Files\Big Technology CAD\tutorial\????????? ??????? ?? ???????2.htm

Error opening file C:\Program Files\Big Technology CAD\tutorial\????????? ??????? ?? ???????3.htm

Error opening file C:\Program Files\Big Technology CAD\tutorial\????????? ??????? ?? ???????4.htm

Error opening file C:\Program Files\Big Technology CAD\tutorial\????????? ??????? ?? ???????5.htm

Error opening file C:\Program Files\Big Technology CAD\tutorial\????????? ??????? ?? ???????6.htm

Error opening file C:\Program Files\Big Technology CAD\tutorial\????????? ??????? ?? ???????7.htm

Error opening file C:\RECYCLER\NPROTECT\00000137.

Error opening file C:\RECYCLER\NPROTECT\00000139.

Error opening file C:\RECYCLER\NPROTECT\00000145.

Error opening file C:\RECYCLER\NPROTECT\00000154.

Error opening file C:\RECYCLER\NPROTECT\00000302.

Error opening file C:\RECYCLER\NPROTECT\00000303.

Error opening file C:\RECYCLER\NPROTECT\00000304.

Error opening file C:\RECYCLER\NPROTECT\00000305.

Error opening file C:\RECYCLER\NPROTECT\00000306.

Error opening file C:\RECYCLER\NPROTECT\00000307.

Error opening file C:\RECYCLER\NPROTECT\00000308.

Error opening file C:\RECYCLER\NPROTECT\00000309.

Error opening file C:\RECYCLER\NPROTECT\00000310.

Error opening file C:\RECYCLER\NPROTECT\00000311.

Error opening file C:\RECYCLER\NPROTECT\00000312.

Error opening file C:\RECYCLER\NPROTECT\00000313.

Error opening file C:\RECYCLER\NPROTECT\00000314.

Error opening file C:\RECYCLER\NPROTECT\00000315.

Error opening file C:\RECYCLER\NPROTECT\00000316.

Error opening file C:\RECYCLER\NPROTECT\00000317.

Error opening file C:\RECYCLER\NPROTECT\00000318.

Error opening file C:\RECYCLER\NPROTECT\00000319.

Error opening file C:\RECYCLER\NPROTECT\00000320.

Error opening file C:\RECYCLER\NPROTECT\00000321.

Error opening file C:\RECYCLER\NPROTECT\00000322.

Error opening file C:\RECYCLER\NPROTECT\00000323.

Error opening file C:\RECYCLER\NPROTECT\00000324.

Error opening file C:\RECYCLER\NPROTECT\00000325.

Error opening file C:\RECYCLER\NPROTECT\00000326.

Error opening file C:\RECYCLER\NPROTECT\00000327.

Error opening file C:\RECYCLER\NPROTECT\00000328.

Error opening file C:\RECYCLER\NPROTECT\00000329.

Error opening file C:\RECYCLER\NPROTECT\00000330.

Error opening file C:\RECYCLER\NPROTECT\00000331.

Error opening file C:\RECYCLER\NPROTECT\00000332.

Error opening file C:\RECYCLER\NPROTECT\00000333.

Error opening file C:\RECYCLER\NPROTECT\00000334.

Error opening file C:\RECYCLER\NPROTECT\00000335.

Error opening file C:\RECYCLER\NPROTECT\00000336.

Error opening file C:\RECYCLER\NPROTECT\00000337.

Error opening file C:\RECYCLER\NPROTECT\00000338.

Error opening file C:\RECYCLER\NPROTECT\00000339.

Error opening file C:\RECYCLER\NPROTECT\00000340.

Error opening file C:\RECYCLER\NPROTECT\00000341.

Error opening file C:\RECYCLER\NPROTECT\00000342.

Error opening file C:\RECYCLER\NPROTECT\00000343.

Error opening file C:\RECYCLER\NPROTECT\00000344.

Error opening file C:\RECYCLER\NPROTECT\00000345.

Error opening file C:\RECYCLER\NPROTECT\00000346.

Error opening file C:\RECYCLER\NPROTECT\00000347.

Error opening file C:\RECYCLER\NPROTECT\00000348.

Error opening file C:\RECYCLER\NPROTECT\00000349.

Error opening file C:\RECYCLER\NPROTECT\00000350.

Error opening file C:\RECYCLER\NPROTECT\00000351.

Error opening file C:\RECYCLER\NPROTECT\00000352.

Error opening file C:\RECYCLER\NPROTECT\00000353.

Error opening file C:\RECYCLER\NPROTECT\00000354.

Error opening file C:\RECYCLER\NPROTECT\00000355.

Error opening file C:\RECYCLER\NPROTECT\00000356.

Error opening file C:\RECYCLER\NPROTECT\00000357.

Error opening file C:\RECYCLER\NPROTECT\00000358.

Error opening file C:\RECYCLER\NPROTECT\00000359.

Error opening file C:\RECYCLER\NPROTECT\00000360.

Error opening file C:\RECYCLER\NPROTECT\00000425.

Error opening file C:\RECYCLER\NPROTECT\00000426.

Error opening file C:\RECYCLER\NPROTECT\00000461.

Error opening file C:\RECYCLER\NPROTECT\00000508.

Error opening file C:\RECYCLER\NPROTECT\00000509.

Error opening file C:\RECYCLER\NPROTECT\00000510.

Error opening file C:\RECYCLER\NPROTECT\00000511.

Error opening file C:\RECYCLER\NPROTECT\00000512.

Error opening file C:\RECYCLER\NPROTECT\00000513.

Error opening file C:\RECYCLER\NPROTECT\00000514.

Error opening file C:\RECYCLER\NPROTECT\00000515.

Error opening file C:\RECYCLER\NPROTECT\00000516.

Error opening file C:\RECYCLER\NPROTECT\00000517.

Error opening file C:\RECYCLER\NPROTECT\00000518.

Error opening file C:\RECYCLER\NPROTECT\00000519.

Error opening file C:\RECYCLER\NPROTECT\00000520.

Error opening file C:\RECYCLER\NPROTECT\00000521.

Error opening file C:\RECYCLER\NPROTECT\00000522.

Error opening file C:\RECYCLER\NPROTECT\00000523.

Error opening file C:\RECYCLER\NPROTECT\00000528.

Error opening file C:\RECYCLER\NPROTECT\00000532.

Error opening file C:\RECYCLER\NPROTECT\00000574.

Error opening file C:\RECYCLER\NPROTECT\00000643.

Error opening file C:\RECYCLER\NPROTECT\00000644.

Error opening file C:\RECYCLER\NPROTECT\00000645.

Error opening file C:\RECYCLER\NPROTECT\00000647.

Error opening file C:\RECYCLER\NPROTECT\00000648.

Error opening file C:\RECYCLER\NPROTECT\00000649.

Error opening file C:\RECYCLER\NPROTECT\00000650.

Error opening file C:\RECYCLER\NPROTECT\00000651.

Error opening file C:\RECYCLER\NPROTECT\00000652.

Error opening file C:\RECYCLER\NPROTECT\00000653.

Error opening file C:\RECYCLER\NPROTECT\00000654.

Error opening file C:\RECYCLER\NPROTECT\00000655.

Error opening file C:\RECYCLER\NPROTECT\00000656.

Error opening file C:\RECYCLER\NPROTECT\00000657.

Error opening file C:\RECYCLER\NPROTECT\00000659.

Error opening file C:\RECYCLER\NPROTECT\00000660.

Error opening file C:\RECYCLER\NPROTECT\00000661.

Error opening file C:\RECYCLER\NPROTECT\00000662.

Error opening file C:\RECYCLER\NPROTECT\00000738.

Error opening file C:\RECYCLER\NPROTECT\00000744.

Error opening file C:\RECYCLER\NPROTECT\00000777.

Error opening file C:\RECYCLER\NPROTECT\00000778.

Error opening file C:\RECYCLER\NPROTECT\00000779.

Error opening file C:\RECYCLER\NPROTECT\00000780.

Error opening file C:\RECYCLER\NPROTECT\00011387.

Error opening file C:\RECYCLER\NPROTECT\00011389.

Error opening file C:\RECYCLER\NPROTECT\00011418.

Error opening file C:\RECYCLER\NPROTECT\00011421.

Error opening file C:\RECYCLER\NPROTECT\00011434.

Error opening file C:\RECYCLER\NPROTECT\00011444.

Error opening file C:\RECYCLER\NPROTECT\00011460.

Error opening file C:\RECYCLER\NPROTECT\00011463.

Error opening file C:\RECYCLER\NPROTECT\00011598.

Error opening file C:\RECYCLER\NPROTECT\00019641.

Error opening file C:\RECYCLER\NPROTECT\00019642.

Error opening file C:\RECYCLER\NPROTECT\00019643.

Error opening file C:\RECYCLER\NPROTECT\00019644.

Error opening file C:\RECYCLER\NPROTECT\00019645.

Error opening file C:\RECYCLER\NPROTECT\00019646.

Error opening file C:\RECYCLER\NPROTECT\00019647.

Error opening file C:\RECYCLER\NPROTECT\00019648.

Error opening file C:\RECYCLER\NPROTECT\00019649.

Error opening file C:\RECYCLER\NPROTECT\00019650.

Error opening file C:\RECYCLER\NPROTECT\00019651.

Error opening file C:\RECYCLER\NPROTECT\00019652.

Error opening file C:\RECYCLER\NPROTECT\00019653.

Error opening file C:\RECYCLER\NPROTECT\00019654.

Error opening file C:\RECYCLER\NPROTECT\00019655.

Error opening file C:\RECYCLER\NPROTECT\00019656.

Error opening file C:\RECYCLER\NPROTECT\00019657.

Error opening file C:\RECYCLER\NPROTECT\00019658.

Error opening file C:\RECYCLER\NPROTECT\00019659.

Error opening file C:\RECYCLER\NPROTECT\00019660.

Error opening file C:\RECYCLER\NPROTECT\00019661.

Error opening file C:\RECYCLER\NPROTECT\00019662.

Error opening file C:\RECYCLER\NPROTECT\00019663.

Error opening file C:\RECYCLER\NPROTECT\00019664.

Error opening file C:\RECYCLER\NPROTECT\00019665.

Error opening file C:\RECYCLER\NPROTECT\00019666.

Error opening file C:\RECYCLER\NPROTECT\00019667.

Error opening file C:\RECYCLER\NPROTECT\00019668.

Error opening file C:\RECYCLER\NPROTECT\00019669.

Error opening file C:\RECYCLER\NPROTECT\00019670.

Error opening file C:\RECYCLER\NPROTECT\00019671.

Error opening file C:\RECYCLER\NPROTECT\00020318.

Error opening file C:\RECYCLER\NPROTECT\00020319.

Error opening file C:\RECYCLER\NPROTECT\00020501.

Error opening file C:\RECYCLER\NPROTECT\00020502.

Error opening file C:\RECYCLER\NPROTECT\00020503.

Error opening file C:\RECYCLER\NPROTECT\00020556.

Error opening file C:\RECYCLER\NPROTECT\00020570.

Error opening file C:\RECYCLER\NPROTECT\00020571.

Error opening file C:\RECYCLER\NPROTECT\00020572.

Error opening file C:\RECYCLER\NPROTECT\00020579.

Error opening file C:\RECYCLER\NPROTECT\00020580.

Error opening file C:\RECYCLER\NPROTECT\00020581.

Error opening file C:\RECYCLER\NPROTECT\00020582.

Error opening file C:\RECYCLER\NPROTECT\00020584.

Error opening file C:\RECYCLER\NPROTECT\00020585.

Error opening file C:\RECYCLER\NPROTECT\00020586.

Error opening file C:\RECYCLER\NPROTECT\00020588.

Error opening file C:\RECYCLER\NPROTECT\00020589.

Error opening file C:\RECYCLER\NPROTECT\00020590.

Error opening file C:\RECYCLER\NPROTECT\00020591.

Error opening file C:\RECYCLER\NPROTECT\00020738.

Error opening file C:\RECYCLER\NPROTECT\00021013.

Error opening file C:\RECYCLER\NPROTECT\00021014.

Error opening file C:\RECYCLER\NPROTECT\00021015.

Error opening file C:\RECYCLER\NPROTECT\00021023.

Error opening file C:\RECYCLER\NPROTECT\00021024.

Error opening file C:\RECYCLER\NPROTECT\00021025.

Error opening file C:\RECYCLER\NPROTECT\00021026.

Error opening file C:\RECYCLER\NPROTECT\00021027.

Error opening file C:\RECYCLER\NPROTECT\00021060.

Error opening file C:\RECYCLER\NPROTECT\00021079.

Error opening file C:\RECYCLER\NPROTECT\00021080.

Error opening file C:\RECYCLER\NPROTECT\00021081.

Error opening file C:\RECYCLER\NPROTECT\00021092.

Error opening file C:\RECYCLER\NPROTECT\00021098.

Error opening file C:\RECYCLER\NPROTECT\00021099.

Error opening file C:\RECYCLER\NPROTECT\00021100.

Error opening file C:\RECYCLER\NPROTECT\00021114.

Error opening file C:\RECYCLER\NPROTECT\00021186.

Error opening file C:\RECYCLER\NPROTECT\00021187.

Error opening file C:\RECYCLER\NPROTECT\00021188.

Error opening file C:\RECYCLER\NPROTECT\00021189.

Error opening file C:\RECYCLER\NPROTECT\00025009.

Error opening file C:\RECYCLER\NPROTECT\00025088.

Error opening file C:\RECYCLER\NPROTECT\00025107.

Error opening file C:\RECYCLER\NPROTECT\00025163.

Error opening file C:\RECYCLER\NPROTECT\00025164.

Error opening file C:\RECYCLER\NPROTECT\00025165.

Error opening file C:\RECYCLER\NPROTECT\00025166.

Error opening file C:\RECYCLER\NPROTECT\00025167.

Error opening file C:\RECYCLER\NPROTECT\00025168.

Error opening file C:\RECYCLER\NPROTECT\00025169.

Error opening file C:\RECYCLER\NPROTECT\00025170.

Error opening file C:\RECYCLER\NPROTECT\00025171.

Error opening file C:\RECYCLER\NPROTECT\00025172.

Error opening file C:\RECYCLER\NPROTECT\00025173.

Error opening file C:\RECYCLER\NPROTECT\00025174.

Error opening file C:\RECYCLER\NPROTECT\00025175.

Error opening file C:\RECYCLER\NPROTECT\00025176.

Error opening file C:\RECYCLER\NPROTECT\00025177.

Error opening file C:\RECYCLER\NPROTECT\00025178.

Error opening file C:\RECYCLER\NPROTECT\00025179.

Error opening file C:\RECYCLER\NPROTECT\00025180.

Error opening file C:\RECYCLER\NPROTECT\00025181.

Error opening file C:\RECYCLER\NPROTECT\00025182.

Error opening file C:\RECYCLER\NPROTECT\00025183.

Error opening file C:\RECYCLER\NPROTECT\00025184.

Error opening file C:\RECYCLER\NPROTECT\00025185.

Error opening file C:\RECYCLER\NPROTECT\00025186.

Error opening file C:\RECYCLER\NPROTECT\00025187.

Error opening file C:\RECYCLER\NPROTECT\00025188.

Error opening file C:\RECYCLER\NPROTECT\00025189.

Error opening file C:\RECYCLER\NPROTECT\00025190.

Error opening file C:\RECYCLER\NPROTECT\00025191.

Error opening file C:\RECYCLER\NPROTECT\00025192.

Error opening file C:\RECYCLER\NPROTECT\00025193.

Error opening file C:\RECYCLER\NPROTECT\00025194.

Error opening file C:\RECYCLER\NPROTECT\00025195.

Error opening file C:\RECYCLER\NPROTECT\00025196.

Error opening file C:\RECYCLER\NPROTECT\00025197.

Error opening file C:\RECYCLER\NPROTECT\00025198.

Error opening file C:\RECYCLER\NPROTECT\00025199.

Error opening file C:\RECYCLER\NPROTECT\00025200.

Error opening file C:\RECYCLER\NPROTECT\00025201.

Error opening file C:\RECYCLER\NPROTECT\00025202.

Error opening file C:\RECYCLER\NPROTECT\00025203.

Error opening file C:\RECYCLER\NPROTECT\00025204.

Error opening file C:\RECYCLER\NPROTECT\00025205.

Error opening file C:\RECYCLER\NPROTECT\00025206.

Error opening file C:\RECYCLER\NPROTECT\00025207.

Error opening file C:\RECYCLER\NPROTECT\00025208.

Error opening file C:\RECYCLER\NPROTECT\00025209.

Error opening file C:\RECYCLER\NPROTECT\00025210.

Error opening file C:\RECYCLER\NPROTECT\00025211.

Error opening file C:\RECYCLER\NPROTECT\00025212.

Error opening file C:\RECYCLER\NPROTECT\00025213.

Error opening file C:\RECYCLER\NPROTECT\00025214.

Error opening file C:\RECYCLER\NPROTECT\00025215.

Error opening file C:\RECYCLER\NPROTECT\00025216.

Error opening file C:\RECYCLER\NPROTECT\00025217.

Error opening file C:\RECYCLER\NPROTECT\00025218.

Error opening file C:\RECYCLER\NPROTECT\00025219.

Error opening file C:\RECYCLER\NPROTECT\00025220.

Error opening file C:\RECYCLER\NPROTECT\00025221.

Error opening file C:\RECYCLER\NPROTECT\00025222.

Error opening file C:\RECYCLER\NPROTECT\00025223.

Error opening file C:\RECYCLER\NPROTECT\00025224.

Error opening file C:\RECYCLER\NPROTECT\00025225.

Error opening file C:\RECYCLER\NPROTECT\00025226.

Error opening file C:\RECYCLER\NPROTECT\00025227.

Error opening file C:\RECYCLER\NPROTECT\00025228.

Error opening file C:\RECYCLER\NPROTECT\00025229.

Error opening file C:\RECYCLER\NPROTECT\00025230.

Error opening file C:\RECYCLER\NPROTECT\00025231.

Error opening file C:\RECYCLER\NPROTECT\00025232.

Error opening file C:\RECYCLER\NPROTECT\00025233.

Error opening file C:\RECYCLER\NPROTECT\00025234.

Error opening file C:\RECYCLER\NPROTECT\00025235.

Error opening file C:\RECYCLER\NPROTECT\00025236.

Error opening file C:\RECYCLER\NPROTECT\00025237.

Error opening file C:\RECYCLER\NPROTECT\00025238.

Error opening file C:\RECYCLER\NPROTECT\00025239.

Error opening file C:\RECYCLER\NPROTECT\00025240.

Error opening file C:\RECYCLER\NPROTECT\00025241.

Error opening file C:\RECYCLER\NPROTECT\00025242.

Error opening file C:\RECYCLER\NPROTECT\00025243.

Error opening file C:\RECYCLER\NPROTECT\00025244.

Error opening file C:\RECYCLER\NPROTECT\00025245.

Error opening file C:\RECYCLER\NPROTECT\00025246.

Error opening file C:\RECYCLER\NPROTECT\00025247.

Error opening file C:\RECYCLER\NPROTECT\00025248.

Error opening file C:\RECYCLER\NPROTECT\00025249.

Error opening file C:\RECYCLER\NPROTECT\00025250.

Error opening file C:\RECYCLER\NPROTECT\00025251.

Error opening file C:\RECYCLER\NPROTECT\00025252.

Error opening file C:\RECYCLER\NPROTECT\00025253.

Error opening file C:\RECYCLER\NPROTECT\00025267.

Error opening file C:\RECYCLER\NPROTECT\00025304.

Error opening file C:\RECYCLER\NPROTECT\00025391.

Error opening file C:\RECYCLER\NPROTECT\00025394.

Error opening file C:\RECYCLER\NPROTECT\00025525.

Error opening file C:\RECYCLER\NPROTECT\00025542.

Error opening file C:\RECYCLER\NPROTECT\00025655.

Error opening file C:\RECYCLER\NPROTECT\00025713.

Error opening file C:\RECYCLER\NPROTECT\00025746.

Error opening file C:\RECYCLER\NPROTECT\00025747.

Error opening file C:\RECYCLER\NPROTECT\00025748.

Error opening file C:\RECYCLER\NPROTECT\00025751.

Error opening file C:\RECYCLER\NPROTECT\00025752.

Error opening file C:\RECYCLER\NPROTECT\00025766.

Error opening file C:\RECYCLER\NPROTECT\00025803.

Error opening file C:\RECYCLER\NPROTECT\00025864.

Error opening file C:\RECYCLER\NPROTECT\00025865.

Error opening file C:\RECYCLER\NPROTECT\00025866.

Error opening file C:\RECYCLER\NPROTECT\00025867.

Error opening file C:\RECYCLER\NPROTECT\00025868.

Error opening file C:\RECYCLER\NPROTECT\00025870.

Error opening file C:\RECYCLER\NPROTECT\00025871.

Error opening file C:\RECYCLER\NPROTECT\00025918.

Error opening file C:\RECYCLER\NPROTECT\00025923.

Error opening file C:\RECYCLER\NPROTECT\00025926.

Error opening file C:\RECYCLER\NPROTECT\00026004.

Error opening file C:\RECYCLER\NPROTECT\00026070.

Error opening file C:\RECYCLER\NPROTECT\00026071.

Error opening file C:\RECYCLER\NPROTECT\00026072.

Error opening file C:\RECYCLER\NPROTECT\00032272.

Error opening file C:\RECYCLER\NPROTECT\00037351.

Error opening file C:\RECYCLER\NPROTECT\00037352.

Error opening file C:\RECYCLER\NPROTECT\00037353.

Error opening file C:\RECYCLER\NPROTECT\00037354.

Error opening file C:\RECYCLER\NPROTECT\00037355.

Error opening file C:\RECYCLER\NPROTECT\00037356.

Error opening file C:\RECYCLER\NPROTECT\00037357.

Error opening file C:\RECYCLER\NPROTECT\00037358.

Error opening file C:\RECYCLER\NPROTECT\00037359.

Error opening file C:\RECYCLER\NPROTECT\00037360.

Error opening file C:\RECYCLER\NPROTECT\00037361.

Error opening file C:\RECYCLER\NPROTECT\00037362.

Error opening file C:\RECYCLER\NPROTECT\00037363.

Error opening file C:\RECYCLER\NPROTECT\00037364.

Error opening file C:\RECYCLER\NPROTECT\00037365.

Error opening file C:\RECYCLER\NPROTECT\00037366.

Error opening file C:\RECYCLER\NPROTECT\00037367.

Error opening file C:\RECYCLER\NPROTECT\00037368.

Error opening file C:\RECYCLER\NPROTECT\00037369.

Error opening file C:\RECYCLER\NPROTECT\00037370.

Error opening file C:\RECYCLER\NPROTECT\00037371.

Error opening file C:\RECYCLER\NPROTECT\00037372.

Error opening file C:\RECYCLER\NPROTECT\00037373.

Error opening file C:\RECYCLER\NPROTECT\00037374.

Error opening file C:\RECYCLER\NPROTECT\00037375.

Error opening file C:\RECYCLER\NPROTECT\00037376.

Error opening file C:\RECYCLER\NPROTECT\00037377.

Error opening file C:\RECYCLER\NPROTECT\00037378.

Error opening file C:\RECYCLER\NPROTECT\00037379.

Error opening file C:\RECYCLER\NPROTECT\00037380.

Error opening file C:\RECYCLER\NPROTECT\00037381.

Error opening file C:\RECYCLER\NPROTECT\00037382.

Error opening file C:\RECYCLER\NPROTECT\00037383.

Error opening file C:\RECYCLER\NPROTECT\00037384.

Error opening file C:\RECYCLER\NPROTECT\00037385.

Error opening file C:\RECYCLER\NPROTECT\00037386.

Error opening file C:\RECYCLER\NPROTECT\00037387.

Error opening file C:\RECYCLER\NPROTECT\00037388.

Error opening file C:\RECYCLER\NPROTECT\00037389.

Error opening file C:\RECYCLER\NPROTECT\00037390.

Error opening file C:\RECYCLER\NPROTECT\00037391.

Error opening file C:\RECYCLER\NPROTECT\00037392.

Error opening file C:\RECYCLER\NPROTECT\00037393.

Error opening file C:\RECYCLER\NPROTECT\00037394.

Error opening file C:\RECYCLER\NPROTECT\00037395.

Error opening file C:\RECYCLER\NPROTECT\00037396.

Error opening file C:\RECYCLER\NPROTECT\00037397.

Error opening file C:\RECYCLER\NPROTECT\00037398.

Error opening file C:\RECYCLER\NPROTECT\00037399.

Error opening file C:\RECYCLER\NPROTECT\00037400.

Error opening file C:\RECYCLER\NPROTECT\00037401.

Error opening file C:\RECYCLER\NPROTECT\00037402.

Error opening file C:\RECYCLER\NPROTECT\00037403.

Error opening file C:\RECYCLER\NPROTECT\00037404.

Error opening file C:\RECYCLER\NPROTECT\00037405.

Error opening file C:\RECYCLER\NPROTECT\00037406.

Error opening file C:\RECYCLER\NPROTECT\00037407.

Error opening file C:\RECYCLER\NPROTECT\00037408.

Error opening file C:\RECYCLER\NPROTECT\00037409.

Error opening file C:\RECYCLER\NPROTECT\00037410.

Error opening file C:\RECYCLER\NPROTECT\00037411.

Error opening file C:\RECYCLER\NPROTECT\00037412.

Error opening file C:\RECYCLER\NPROTECT\00037413.

Error opening file C:\RECYCLER\NPROTECT\00037414.

Error opening file C:\RECYCLER\NPROTECT\00037415.

Error opening file C:\RECYCLER\NPROTECT\00037416.

Error opening file C:\RECYCLER\NPROTECT\00037417.

Error opening file C:\RECYCLER\NPROTECT\00037418.

Error opening file C:\RECYCLER\NPROTECT\00037419.

Error opening file C:\RECYCLER\NPROTECT\00037420.

Error opening file C:\RECYCLER\NPROTECT\00037421.

Error opening file C:\RECYCLER\NPROTECT\00037422.

Error opening file C:\RECYCLER\NPROTECT\00037423.

Error opening file C:\RECYCLER\NPROTECT\00037424.

Error opening file C:\RECYCLER\NPROTECT\00037425.

Error opening file C:\RECYCLER\NPROTECT\00037426.

Error opening file C:\RECYCLER\NPROTECT\00037427.

Error opening file C:\RECYCLER\NPROTECT\00037428.

Error opening file C:\RECYCLER\NPROTECT\00037429.

Error opening file C:\RECYCLER\NPROTECT\00037430.

Error opening file C:\RECYCLER\NPROTECT\00037431.

Error opening file C:\RECYCLER\NPROTECT\00037432.

Error opening file C:\RECYCLER\NPROTECT\00060988.

Error opening file C:\RECYCLER\NPROTECT\00061064.

Error opening file C:\RECYCLER\NPROTECT\00061261.

Error opening file C:\RECYCLER\NPROTECT\00061262.

Error opening file C:\RECYCLER\NPROTECT\00061263.

Error opening file C:\RECYCLER\NPROTECT\00061264.

Error opening file C:\RECYCLER\NPROTECT\00061265.

Error opening file C:\RECYCLER\NPROTECT\00061333.

Error opening file C:\RECYCLER\NPROTECT\00061404.

Error opening file C:\RECYCLER\NPROTECT\00061407.

Error opening file C:\RECYCLER\NPROTECT\00061409.

Error opening file C:\RECYCLER\NPROTECT\00061497.

Error opening file C:\RECYCLER\NPROTECT\00061499.

Error opening file C:\RECYCLER\NPROTECT\00061505.

Error opening file C:\RECYCLER\NPROTECT\00061513.

Error opening file C:\RECYCLER\NPROTECT\00062268.

Error opening file C:\RECYCLER\NPROTECT\00062269.

Error opening file C:\RECYCLER\NPROTECT\00062270.

Error opening file C:\RECYCLER\NPROTECT\00062271.

Error opening file C:\RECYCLER\NPROTECT\00062272.

Error opening file C:\RECYCLER\NPROTECT\00062273.

Error opening file C:\RECYCLER\NPROTECT\00062274.

Error opening file C:\RECYCLER\NPROTECT\00062275.

Error opening file C:\RECYCLER\NPROTECT\00062276.

Error opening file C:\RECYCLER\NPROTECT\00062277.

Error opening file C:\RECYCLER\NPROTECT\00062278.

Error opening file C:\RECYCLER\NPROTECT\00062279.

Error opening file C:\RECYCLER\NPROTECT\00062280.

Error opening file C:\RECYCLER\NPROTECT\00062281.

Error opening file C:\RECYCLER\NPROTECT\00062282.

Error opening file C:\RECYCLER\NPROTECT\00062506.

Error opening file C:\RECYCLER\NPROTECT\00062507.

Error opening file C:\RECYCLER\NPROTECT\00062508.

Error opening file C:\RECYCLER\NPROTECT\00062509.

Error opening file C:\RECYCLER\NPROTECT\00062510.

Error opening file C:\RECYCLER\NPROTECT\00062511.

Error opening file C:\RECYCLER\NPROTECT\00062512.

Error opening file C:\RECYCLER\NPROTECT\00062513.

Error opening file C:\RECYCLER\NPROTECT\00062514.

Error opening file C:\RECYCLER\NPROTECT\00062515.

Error opening file C:\RECYCLER\NPROTECT\00062516.

Error opening file C:\RECYCLER\NPROTECT\00062517.

Error opening file C:\RECYCLER\NPROTECT\00062518.

Error opening file C:\RECYCLER\NPROTECT\00062519.

Error opening file C:\RECYCLER\NPROTECT\00062520.

Error opening file C:\RECYCLER\NPROTECT\00062521.

Error opening file C:\RECYCLER\NPROTECT\00062522.

Error opening file C:\RECYCLER\NPROTECT\00062523.

Error opening file C:\RECYCLER\NPROTECT\00062524.

Error opening file C:\RECYCLER\NPROTECT\00062525.

Error opening file C:\RECYCLER\NPROTECT\00062526.

Error opening file C:\RECYCLER\NPROTECT\00062527.

Error opening file C:\RECYCLER\NPROTECT\00062528.

Error opening file C:\RECYCLER\NPROTECT\00062529.

Error opening file C:\RECYCLER\NPROTECT\00062530.

Error opening file C:\RECYCLER\NPROTECT\00062531.

Error opening file C:\RECYCLER\NPROTECT\00062532.

Error opening file C:\RECYCLER\NPROTECT\00062533.

Error opening file C:\RECYCLER\NPROTECT\00062534.

Error opening file C:\RECYCLER\NPROTECT\00062535.

Error opening file C:\RECYCLER\NPROTECT\00062536.

Error opening file C:\RECYCLER\NPROTECT\00062537.

Error opening file C:\RECYCLER\NPROTECT\00062538.

Error opening file C:\RECYCLER\NPROTECT\00062539.

Error opening file C:\RECYCLER\NPROTECT\00062540.

Error opening file C:\RECYCLER\NPROTECT\00062541.

Error opening file C:\RECYCLER\NPROTECT\00062542.

Error opening file C:\RECYCLER\NPROTECT\00062543.

Error opening file C:\RECYCLER\NPROTECT\00062544.

Error opening file C:\RECYCLER\NPROTECT\00062545.

Error opening file C:\RECYCLER\NPROTECT\00062546.

Error opening file C:\RECYCLER\NPROTECT\00062547.

Error opening file C:\RECYCLER\NPROTECT\00062548.

Error opening file C:\RECYCLER\NPROTECT\00062549.

Error opening file C:\RECYCLER\NPROTECT\00062550.

Error opening file C:\RECYCLER\NPROTECT\00062551.

Error opening file C:\RECYCLER\NPROTECT\00062552.

Error opening file C:\RECYCLER\NPROTECT\00062553.

Error opening file C:\RECYCLER\NPROTECT\00062554.

Error opening file C:\RECYCLER\NPROTECT\00062555.

Error opening file C:\RECYCLER\NPROTECT\00062556.

Error opening file C:\RECYCLER\NPROTECT\00062557.

Error opening file C:\RECYCLER\NPROTECT\00062558.

Error opening file C:\RECYCLER\NPROTECT\00062559.

Error opening file C:\RECYCLER\NPROTECT\00062560.

Error opening file C:\RECYCLER\NPROTECT\00062561.

Error opening file C:\RECYCLER\NPROTECT\00062562.

Error opening file C:\RECYCLER\NPROTECT\00062563.

Error opening file C:\RECYCLER\NPROTECT\00062564.

Error opening file C:\RECYCLER\NPROTECT\00062565.

Error opening file C:\RECYCLER\NPROTECT\00062566.

Error opening file C:\RECYCLER\NPROTECT\00062567.

Error opening file C:\RECYCLER\NPROTECT\00062568.

Error opening file C:\RECYCLER\NPROTECT\00062569.

Error opening file C:\RECYCLER\NPROTECT\00062570.

Error opening file C:\RECYCLER\NPROTECT\00062571.

Error opening file C:\RECYCLER\NPROTECT\00062572.

Error opening file C:\RECYCLER\NPROTECT\00062573.

Error opening file C:\RECYCLER\NPROTECT\00062574.

Error opening file C:\RECYCLER\NPROTECT\00062575.

Error opening file C:\RECYCLER\NPROTECT\00062576.

Error opening file C:\RECYCLER\NPROTECT\00062577.

Error opening file C:\RECYCLER\NPROTECT\00062578.

Error opening file C:\RECYCLER\NPROTECT\00062579.

Error opening file C:\RECYCLER\NPROTECT\00062580.

Error opening file C:\RECYCLER\NPROTECT\00062581.

Error opening file C:\RECYCLER\NPROTECT\00067992.

Error opening file C:\RECYCLER\NPROTECT\00068114.

Error opening file C:\RECYCLER\NPROTECT\00068115.

Error opening file C:\RECYCLER\NPROTECT\00068190.

Error opening file C:\RECYCLER\NPROTECT\00068191.

Error opening file C:\RECYCLER\NPROTECT\00068192.

Error opening file C:\RECYCLER\NPROTECT\00068193.

Error opening file C:\RECYCLER\NPROTECT\00075162.

Error opening file C:\RECYCLER\NPROTECT\00075163.

Error opening file C:\RECYCLER\NPROTECT\00089606.

Error opening file C:\RECYCLER\NPROTECT\00089630.

Error opening file C:\RECYCLER\NPROTECT\00089638.

Error opening file C:\RECYCLER\NPROTECT\00089962.

Error opening file C:\RECYCLER\NPROTECT\00089963.

Error opening file C:\RECYCLER\NPROTECT\00089964.

Error opening file C:\RECYCLER\NPROTECT\00089965.

Error opening file C:\RECYCLER\NPROTECT\00089966.

Error opening file C:\RECYCLER\NPROTECT\00089967.

Error opening file C:\RECYCLER\NPROTECT\00089968.

Error opening file C:\RECYCLER\NPROTECT\00089969.

Error opening file C:\RECYCLER\NPROTECT\00089970.

Error opening file C:\RECYCLER\NPROTECT\00090002.

Error opening file C:\RECYCLER\NPROTECT\00090003.

Error opening file C:\RECYCLER\NPROTECT\00090004.

Error opening file C:\RECYCLER\NPROTECT\00090005.

Error opening file C:\RECYCLER\NPROTECT\00090006.

Error opening file C:\RECYCLER\NPROTECT\00090007.

Error opening file C:\RECYCLER\NPROTECT\00090008.

Error opening file C:\RECYCLER\NPROTECT\00090009.

Error opening file C:\RECYCLER\NPROTECT\00102569.

Error opening file C:\RECYCLER\NPROTECT\00102570.

Error opening file C:\RECYCLER\NPROTECT\00102571.

Error opening file C:\RECYCLER\NPROTECT\00102572.

Error opening file C:\RECYCLER\NPROTECT\00102619.

Error opening file C:\RECYCLER\NPROTECT\00102620.

Error opening file C:\RECYCLER\NPROTECT\00102621.

Error opening file C:\RECYCLER\NPROTECT\00102685.

Error opening file C:\RECYCLER\NPROTECT\00102686.

Error opening file C:\RECYCLER\NPROTECT\00103452.

Error opening file C:\RECYCLER\NPROTECT\00103454.

Error opening file C:\RECYCLER\NPROTECT\00107452.

Error opening file C:\RECYCLER\NPROTECT\00107494.

Error opening file C:\RECYCLER\NPROTECT\00107495.

Error opening file C:\RECYCLER\NPROTECT\00107526.

Error opening file C:\RECYCLER\NPROTECT\00108027.

Error opening file C:\RECYCLER\NPROTECT\00108028.

Error opening file C:\RECYCLER\NPROTECT\00108029.

Error opening file C:\RECYCLER\NPROTECT\00108030.

Error opening file C:\RECYCLER\NPROTECT\00108031.

Error opening file C:\RECYCLER\NPROTECT\00108032.

Error opening file C:\RECYCLER\NPROTECT\00108033.

Error opening file C:\RECYCLER\NPROTECT\00108034.

Error opening file C:\RECYCLER\NPROTECT\00108035.

Error opening file C:\RECYCLER\NPROTECT\00108036.

Error opening file C:\RECYCLER\NPROTECT\00108037.

Error opening file C:\RECYCLER\NPROTECT\00108040.

Error opening file C:\RECYCLER\NPROTECT\00108225.

Error opening file C:\RECYCLER\NPROTECT\00108229.

Error opening file C:\RECYCLER\NPROTECT\00108257.

Error opening file C:\RECYCLER\NPROTECT\00108261.

Error opening file C:\RECYCLER\NPROTECT\00108357.

Error opening file C:\RECYCLER\NPROTECT\00109106.

Error opening file C:\RECYCLER\NPROTECT\00109110.

Error opening file C:\RECYCLER\NPROTECT\00109111.

Error opening file C:\RECYCLER\NPROTECT\00109115.

Error opening file C:\RECYCLER\NPROTECT\00109158.

Error opening file C:\RECYCLER\NPROTECT\00109159.

Error opening file C:\RECYCLER\NPROTECT\00109192.

Error opening file C:\RECYCLER\NPROTECT\00109288.

Error opening file C:\RECYCLER\NPROTECT\00109289.

Error opening file C:\RECYCLER\NPROTECT\00109290.

Error opening file C:\RECYCLER\NPROTECT\00109291.

Error opening file C:\RECYCLER\NPROTECT\00109292.

Error opening file C:\RECYCLER\NPROTECT\00109293.

Error opening file C:\RECYCLER\NPROTECT\00109294.

Error opening file C:\RECYCLER\NPROTECT\00109295.

Error opening file C:\RECYCLER\NPROTECT\00109296.

Error opening file C:\RECYCLER\NPROTECT\00109297.

Error opening file C:\RECYCLER\NPROTECT\00109298.

Error opening file C:\RECYCLER\NPROTECT\00109301.

Error opening file C:\RECYCLER\NPROTECT\00110079.

Error opening file C:\RECYCLER\NPROTECT\00110083.

Error opening file C:\RECYCLER\NPROTECT\00110179.

Error opening file C:\RECYCLER\NPROTECT\00117000.

Error opening file C:\RECYCLER\NPROTECT\00117001.

Error opening file C:\RECYCLER\NPROTECT\00117002.

Error opening file C:\RECYCLER\NPROTECT\00117003.

Error opening file C:\RECYCLER\NPROTECT\00117004.

Error opening file C:\RECYCLER\NPROTECT\00117005.

Error opening file C:\RECYCLER\NPROTECT\00117006.

Error opening file C:\RECYCLER\NPROTECT\00117007.

Error opening file C:\RECYCLER\NPROTECT\00117008.

Error opening file C:\RECYCLER\NPROTECT\00118561.

Error opening file C:\RECYCLER\NPROTECT\00118562.

Error opening file C:\RECYCLER\NPROTECT\00119088.

Error opening file C:\RECYCLER\NPROTECT\00119089.

Error opening file C:\RECYCLER\NPROTECT\00119090.

Error opening file C:\RECYCLER\NPROTECT\00119132.

Error opening file C:\RECYCLER\NPROTECT\00119147.

Error opening file C:\RECYCLER\NPROTECT\00119148.

Error opening file C:\RECYCLER\NPROTECT\00119149.

Error opening file C:\RECYCLER\NPROTECT\00119150.

Error opening file C:\RECYCLER\NPROTECT\00119151.

Error opening file C:\RECYCLER\NPROTECT\00119152.

Error opening file C:\RECYCLER\NPROTECT\00119153.

Error opening file C:\RECYCLER\NPROTECT\00119154.

Error opening file C:\RECYCLER\NPROTECT\00119155.

Error opening file C:\RECYCLER\NPROTECT\00119156.

Error opening file C:\RECYCLER\NPROTECT\00119222.

Error opening file C:\RECYCLER\NPROTECT\00119223.

Error opening file C:\RECYCLER\NPROTECT\00119256.

Error opening file C:\RECYCLER\NPROTECT\00119257.

Error opening file C:\RECYCLER\NPROTECT\00119258.

Error opening file C:\RECYCLER\NPROTECT\00119259.

Error opening file C:\RECYCLER\NPROTECT\00119260.

Error opening file C:\RECYCLER\NPROTECT\00119273.

Error opening file C:\RECYCLER\NPROTECT\00119352.

Error opening file C:\RECYCLER\NPROTECT\00119366.

Error opening file C:\RECYCLER\NPROTECT\00119367.

Error opening file C:\RECYCLER\NPROTECT\00119389.

Error opening file C:\RECYCLER\NPROTECT\00119390.

Error opening file C:\RECYCLER\NPROTECT\00119393.

Error opening file C:\RECYCLER\NPROTECT\00119394.

Error opening file C:\RECYCLER\NPROTECT\00119395.

Error opening file C:\RECYCLER\NPROTECT\00119396.

Error opening file C:\RECYCLER\NPROTECT\00119397.

Error opening file C:\RECYCLER\NPROTECT\00119401.

Error opening file C:\RECYCLER\NPROTECT\00119402.

Error opening file C:\RECYCLER\NPROTECT\00119403.

Error opening file C:\RECYCLER\NPROTECT\00119404.

Error opening file C:\RECYCLER\NPROTECT\00119405.

Error opening file C:\RECYCLER\NPROTECT\00119427.

Error opening file C:\RECYCLER\NPROTECT\00119445.

Error opening file C:\RECYCLER\NPROTECT\00119458.

Error opening file C:\RECYCLER\NPROTECT\00119471.

Error opening file C:\RECYCLER\NPROTECT\00119497.

Error opening file C:\RECYCLER\NPROTECT\00119520.

Error opening file C:\RECYCLER\NPROTECT\00119521.

Error opening file C:\RECYCLER\NPROTECT\00119522.

Error opening file C:\RECYCLER\NPROTECT\00119523.

Error opening file C:\RECYCLER\NPROTECT\00123166.

Error opening file C:\RECYCLER\NPROTECT\00123167.

Error opening file C:\RECYCLER\NPROTECT\00123194.

Error opening file C:\RECYCLER\NPROTECT\00123195.

Error opening file C:\RECYCLER\NPROTECT\00123196.

Error opening file C:\RECYCLER\NPROTECT\00123197.

Error opening file C:\RECYCLER\NPROTECT\00123198.

Error opening file C:\RECYCLER\NPROTECT\00123199.

Error opening file C:\RECYCLER\NPROTECT\00123200.

Error opening file C:\RECYCLER\NPROTECT\00123201.

Error opening file C:\RECYCLER\NPROTECT\00123202.

Error opening file C:\RECYCLER\NPROTECT\00123203.

Error opening file C:\RECYCLER\NPROTECT\00123204.

Error opening file C:\RECYCLER\NPROTECT\00123205.

Error opening file C:\RECYCLER\NPROTECT\00123206.

Error opening file C:\RECYCLER\NPROTECT\00123207.

Error opening file C:\RECYCLER\NPROTECT\00123208.

Error opening file C:\RECYCLER\NPROTECT\00123209.

Error opening file C:\RECYCLER\NPROTECT\00123210.

Error opening file C:\RECYCLER\NPROTECT\00123211.

Error opening file C:\RECYCLER\NPROTECT\00123255.

Error opening file C:\RECYCLER\NPROTECT\00123256.

Error opening file C:\RECYCLER\NPROTECT\00123257.

Error opening file C:\RECYCLER\NPROTECT\00123258.

Error opening file C:\RECYCLER\NPROTECT\00123259.

Error opening file C:\RECYCLER\NPROTECT\00123260.

Error opening file C:\RECYCLER\NPROTECT\00123267.

Error opening file C:\RECYCLER\NPROTECT\00123303.

Error opening file C:\RECYCLER\NPROTECT\00123304.

Error opening file C:\RECYCLER\NPROTECT\00123305.

Error opening file C:\RECYCLER\NPROTECT\00123306.

Error opening file C:\RECYCLER\NPROTECT\00123307.

Error opening file C:\RECYCLER\NPROTECT\00123308.

Error opening file C:\RECYCLER\NPROTECT\00123309.

Error opening file C:\RECYCLER\NPROTECT\00123310.

Error opening file C:\RECYCLER\NPROTECT\00123311.

Error opening file C:\RECYCLER\NPROTECT\00123390.

Error opening file C:\RECYCLER\NPROTECT\00123524.

Error opening file C:\RECYCLER\NPROTECT\00123549.

Error opening file C:\RECYCLER\NPROTECT\00123550.

Error opening file C:\RECYCLER\NPROTECT\00123551.

Error opening file C:\RECYCLER\NPROTECT\00123552.

Error opening file C:\RECYCLER\NPROTECT\00123553.

Error opening file C:\RECYCLER\NPROTECT\00123554.

Error opening file C:\RECYCLER\NPROTECT\00123555.

Error opening file C:\RECYCLER\NPROTECT\00123556.

Error opening file C:\RECYCLER\NPROTECT\00123557.

Error opening file C:\RECYCLER\NPROTECT\00123558.

Error opening file C:\RECYCLER\NPROTECT\00123559.

Error opening file C:\RECYCLER\NPROTECT\00123560.

Error opening file C:\RECYCLER\NPROTECT\00123561.

Error opening file C:\RECYCLER\NPROTECT\00123562.

Error opening file C:\RECYCLER\NPROTECT\00123563.

Error opening file C:\RECYCLER\NPROTECT\00123564.

Error opening file C:\RECYCLER\NPROTECT\00123565.

Error opening file C:\RECYCLER\NPROTECT\00123566.

Error opening file C:\RECYCLER\NPROTECT\00123567.

Error opening file C:\RECYCLER\NPROTECT\00123568.

Error opening file C:\RECYCLER\NPROTECT\00123569.

Error opening file C:\RECYCLER\NPROTECT\00123570.

Error opening file C:\RECYCLER\NPROTECT\00123571.

Error opening file C:\RECYCLER\NPROTECT\00123572.

Error opening file C:\RECYCLER\NPROTECT\00123573.

Error opening file C:\RECYCLER\NPROTECT\00123574.

Error opening file C:\RECYCLER\NPROTECT\00123575.

Error opening file C:\RECYCLER\NPROTECT\00123576.

Error opening file C:\RECYCLER\NPROTECT\00123577.

Error opening file C:\RECYCLER\NPROTECT\00123578.

Error opening file C:\RECYCLER\NPROTECT\00123579.

Error opening file C:\RECYCLER\NPROTECT\00123580.

Error opening file C:\RECYCLER\NPROTECT\00123581.

Error opening file C:\RECYCLER\NPROTECT\00123582.

Error opening file C:\RECYCLER\NPROTECT\00123583.

Error opening file C:\RECYCLER\NPROTECT\00123584.

Error opening file C:\RECYCLER\NPROTECT\00123585.

Error opening file C:\RECYCLER\NPROTECT\00123586.

Error opening file C:\RECYCLER\NPROTECT\00123587.

Error opening file C:\RECYCLER\NPROTECT\00123588.

Error opening file C:\RECYCLER\NPROTECT\00123589.

Error opening file C:\RECYCLER\NPROTECT\00123590.

Error opening file C:\RECYCLER\NPROTECT\00123591.

Error opening file C:\RECYCLER\NPROTECT\00123592.

Error opening file C:\RECYCLER\NPROTECT\00123593.

Error opening file C:\RECYCLER\NPROTECT\00123594.

Error opening file C:\RECYCLER\NPROTECT\00123595.

Error opening file C:\RECYCLER\NPROTECT\00123596.

Error opening file C:\RECYCLER\NPROTECT\00123597.

Error opening file C:\RECYCLER\NPROTECT\00123598.

Error opening file C:\RECYCLER\NPROTECT\00123599.

Error opening file C:\RECYCLER\NPROTECT\00123600.

Error opening file C:\RECYCLER\NPROTECT\00123601.

Error opening file C:\RECYCLER\NPROTECT\00123602.

Error opening file C:\RECYCLER\NPROTECT\00123603.

Error opening file C:\RECYCLER\NPROTECT\00123604.

Error opening file C:\RECYCLER\NPROTECT\00123605.

Error opening file C:\RECYCLER\NPROTECT\00123606.

Error opening file C:\RECYCLER\NPROTECT\00123607.

Error opening file C:\RECYCLER\NPROTECT\00123608.

Error opening file C:\RECYCLER\NPROTECT\00123609.

Error opening file C:\RECYCLER\NPROTECT\00123610.

Error opening file C:\RECYCLER\NPROTECT\00123611.

Error opening file C:\RECYCLER\NPROTECT\00123612.

Error opening file C:\RECYCLER\NPROTECT\00123613.

Error opening file C:\RECYCLER\NPROTECT\00123614.

Error opening file C:\RECYCLER\NPROTECT\00123615.

Error opening file C:\RECYCLER\NPROTECT\00123616.

Error opening file C:\RECYCLER\NPROTECT\00124812.

Error opening file C:\RECYCLER\NPROTECT\00124813.

Error opening file C:\RECYCLER\NPROTECT\00124814.

Error opening file C:\RECYCLER\NPROTECT\00124829.

Error opening file C:\RECYCLER\NPROTECT\00128538.

Error opening file C:\RECYCLER\NPROTECT\00128539.

Error opening file C:\RECYCLER\NPROTECT\00128540.

Error opening file C:\RECYCLER\NPROTECT\00128541.

Error opening file C:\RECYCLER\NPROTECT\00128542.

Error opening file C:\RECYCLER\NPROTECT\00128543.

Error opening file C:\RECYCLER\NPROTECT\00128544.

Error opening file C:\RECYCLER\NPROTECT\00128545.

Error opening file C:\RECYCLER\NPROTECT\00128546.

Error opening file C:\RECYCLER\NPROTECT\00128547.

Error opening file C:\RECYCLER\NPROTECT\00128548.

Error opening file C:\RECYCLER\NPROTECT\00128569.

Error opening file C:\RECYCLER\NPROTECT\00128570.

Error opening file C:\RECYCLER\NPROTECT\00128571.

Error opening file C:\RECYCLER\NPROTECT\00128572.

Error opening file C:\RECYCLER\NPROTECT\00128573.

Error opening file C:\RECYCLER\NPROTECT\00128574.

Error opening file C:\RECYCLER\NPROTECT\00128575.

(Log continued next post.)

Edited by August_H, 30 June 2007 - 05:19 AM.

#8
August_H

Posted 30 June 2007 - 05:21 AM

Member

Topic Starter
Member
19 posts

RESOLVE.LOG continued:

Error opening file C:\RECYCLER\NPROTECT\00128576.

Error opening file C:\RECYCLER\NPROTECT\00128577.

Error opening file C:\RECYCLER\NPROTECT\00128578.

Error opening file C:\RECYCLER\NPROTECT\00128579.

Error opening file C:\RECYCLER\NPROTECT\00128580.

Error opening file C:\RECYCLER\NPROTECT\00128581.

Error opening file C:\RECYCLER\NPROTECT\00128582.

Error opening file C:\RECYCLER\NPROTECT\00128583.

Error opening file C:\RECYCLER\NPROTECT\00128584.

Error opening file C:\RECYCLER\NPROTECT\00128585.

Error opening file C:\RECYCLER\NPROTECT\00128586.

Error opening file C:\RECYCLER\NPROTECT\00128587.

Error opening file C:\RECYCLER\NPROTECT\00128588.

Error opening file C:\RECYCLER\NPROTECT\00128589.

Error opening file C:\RECYCLER\NPROTECT\00128590.

Error opening file C:\RECYCLER\NPROTECT\00128591.

Error opening file C:\RECYCLER\NPROTECT\00128592.

Error opening file C:\RECYCLER\NPROTECT\00128593.

Error opening file C:\RECYCLER\NPROTECT\00128781.

Error opening file C:\RECYCLER\NPROTECT\00128907.

Error opening file C:\RECYCLER\NPROTECT\00130815.

Error opening file C:\RECYCLER\NPROTECT\00132806.

Error opening file C:\RECYCLER\NPROTECT\00132808.

Error opening file C:\RECYCLER\NPROTECT\00132810.

Error opening file C:\RECYCLER\NPROTECT\00132811.

Error opening file C:\RECYCLER\NPROTECT\00132812.

Error opening file C:\RECYCLER\NPROTECT\00132815.

Error opening file C:\RECYCLER\NPROTECT\00132825.

Error opening file C:\RECYCLER\NPROTECT\00132826.

Error opening file C:\RECYCLER\NPROTECT\00132842.

Error opening file C:\RECYCLER\NPROTECT\00132843.

Error opening file C:\RECYCLER\NPROTECT\00132844.

Error opening file C:\RECYCLER\NPROTECT\00132861.

Error opening file C:\RECYCLER\NPROTECT\00132862.

Error opening file C:\RECYCLER\NPROTECT\00132863.

Error opening file C:\RECYCLER\NPROTECT\00132864.

Error opening file C:\RECYCLER\NPROTECT\00132865.

Error opening file C:\RECYCLER\NPROTECT\00133027.

Error opening file C:\RECYCLER\NPROTECT\00133086.

Error opening file C:\RECYCLER\NPROTECT\00133087.

Error opening file C:\RECYCLER\NPROTECT\00133088.

Error opening file C:\RECYCLER\NPROTECT\00133089.

Error opening file C:\RECYCLER\NPROTECT\00133090.

Error opening file C:\RECYCLER\NPROTECT\00133091.

Error opening file C:\RECYCLER\NPROTECT\00133092.

Error opening file C:\RECYCLER\NPROTECT\00133093.

Error opening file C:\RECYCLER\NPROTECT\00133094.

Error opening file C:\RECYCLER\NPROTECT\00133102.

Error opening file C:\RECYCLER\NPROTECT\00133103.

Error opening file C:\RECYCLER\NPROTECT\00133104.

Error opening file C:\RECYCLER\NPROTECT\00133105.

Error opening file C:\RECYCLER\NPROTECT\00133106.

Error opening file C:\RECYCLER\NPROTECT\00133107.

Error opening file C:\RECYCLER\NPROTECT\00133108.

Error opening file C:\RECYCLER\NPROTECT\00133109.

Error opening file C:\RECYCLER\NPROTECT\00133110.

Error opening file C:\RECYCLER\NPROTECT\00133111.

Error opening file C:\RECYCLER\NPROTECT\00133112.

Error opening file C:\RECYCLER\NPROTECT\00133113.

Error opening file C:\RECYCLER\NPROTECT\00133114.

Error opening file C:\RECYCLER\NPROTECT\00133115.

Error opening file C:\RECYCLER\NPROTECT\00133116.

Error opening file C:\RECYCLER\NPROTECT\00133117.

Error opening file C:\RECYCLER\NPROTECT\00133118.

Error opening file C:\RECYCLER\NPROTECT\00133119.

Error opening file C:\RECYCLER\NPROTECT\00133120.

Error opening file C:\RECYCLER\NPROTECT\00133121.

Error opening file C:\RECYCLER\NPROTECT\00133122.

Error opening file C:\RECYCLER\NPROTECT\00133123.

Error opening file C:\RECYCLER\NPROTECT\00133124.

Error opening file C:\RECYCLER\NPROTECT\00133125.

Error opening file C:\RECYCLER\NPROTECT\00133126.

Error opening file C:\RECYCLER\NPROTECT\00133127.

Error opening file C:\RECYCLER\NPROTECT\00133128.

Error opening file C:\RECYCLER\NPROTECT\00133129.

Error opening file C:\RECYCLER\NPROTECT\00133130.

Error opening file C:\RECYCLER\NPROTECT\00133131.

Error opening file C:\RECYCLER\NPROTECT\00133158.

Error opening file C:\RECYCLER\NPROTECT\00136169.

Error opening file C:\RECYCLER\NPROTECT\00136170.

Error opening file C:\RECYCLER\NPROTECT\00136171.

Error opening file C:\RECYCLER\NPROTECT\00136172.

Error opening file C:\RECYCLER\NPROTECT\00136173.

Error opening file C:\RECYCLER\NPROTECT\00136174.

Error opening file C:\RECYCLER\NPROTECT\00136175.

Error opening file C:\RECYCLER\NPROTECT\00136176.

Error opening file C:\RECYCLER\NPROTECT\00136547.

Error opening file C:\RECYCLER\NPROTECT\00136548.

Error opening file C:\RECYCLER\NPROTECT\00137725.

Error opening file C:\RECYCLER\NPROTECT\00137726.

Error opening file C:\RECYCLER\NPROTECT\00137727.

Error opening file C:\RECYCLER\NPROTECT\00137728.

Error opening file C:\RECYCLER\NPROTECT\00137751.

Error opening file C:\RECYCLER\NPROTECT\00137781.

Error opening file C:\RECYCLER\NPROTECT\00141655.

Error opening file C:\RECYCLER\NPROTECT\00141657.

Error opening file C:\RECYCLER\NPROTECT\00141658.

Error opening file C:\RECYCLER\NPROTECT\00141659.

Error opening file C:\RECYCLER\NPROTECT\00141771.

Error opening file C:\RECYCLER\NPROTECT\00141772.

Error opening file C:\RECYCLER\NPROTECT\00141773.

Error opening file C:\RECYCLER\NPROTECT\00141774.

Error opening file C:\RECYCLER\NPROTECT\00141775.

Error opening file C:\RECYCLER\NPROTECT\00141776.

Error opening file C:\RECYCLER\NPROTECT\00141777.

Error opening file C:\RECYCLER\NPROTECT\00141778.

Error opening file C:\RECYCLER\NPROTECT\00141779.

Error opening file C:\RECYCLER\NPROTECT\00141780.

Error opening file C:\RECYCLER\NPROTECT\00141781.

Error opening file C:\RECYCLER\NPROTECT\00141782.

Error opening file C:\RECYCLER\NPROTECT\00141783.

Error opening file C:\RECYCLER\NPROTECT\00141784.

Error opening file C:\RECYCLER\NPROTECT\00141785.

Error opening file C:\RECYCLER\NPROTECT\00141786.

Error opening file C:\RECYCLER\NPROTECT\00141787.

Error opening file C:\RECYCLER\NPROTECT\00141788.

Error opening file C:\RECYCLER\NPROTECT\00141789.

Error opening file C:\RECYCLER\NPROTECT\00141790.

Error opening file C:\RECYCLER\NPROTECT\00141791.

Error opening file C:\RECYCLER\NPROTECT\00141792.

Error opening file C:\RECYCLER\NPROTECT\00141793.

Error opening file C:\RECYCLER\NPROTECT\00141794.

Error opening file C:\RECYCLER\NPROTECT\00141795.

Error opening file C:\RECYCLER\NPROTECT\00141796.

Error opening file C:\RECYCLER\NPROTECT\00141797.

Error opening file C:\RECYCLER\NPROTECT\00141798.

Error opening file C:\RECYCLER\NPROTECT\00141799.

Error opening file C:\RECYCLER\NPROTECT\00141800.

Error opening file C:\RECYCLER\NPROTECT\00141801.

Error opening file C:\RECYCLER\NPROTECT\00141802.

Error opening file C:\RECYCLER\NPROTECT\00141803.

Error opening file C:\RECYCLER\NPROTECT\00141804.

Error opening file C:\RECYCLER\NPROTECT\00141805.

Error opening file C:\RECYCLER\NPROTECT\00141806.

Error opening file C:\RECYCLER\NPROTECT\00141807.

Error opening file C:\RECYCLER\NPROTECT\00141808.

Error opening file C:\RECYCLER\NPROTECT\00141809.

Error opening file C:\RECYCLER\NPROTECT\00141810.

Error opening file C:\RECYCLER\NPROTECT\00141811.

Error opening file C:\RECYCLER\NPROTECT\00141812.

Error opening file C:\RECYCLER\NPROTECT\00141813.

Error opening file C:\RECYCLER\NPROTECT\00141814.

Error opening file C:\RECYCLER\NPROTECT\00141815.

Error opening file C:\RECYCLER\NPROTECT\00141816.

Error opening file C:\RECYCLER\NPROTECT\00141817.

Error opening file C:\RECYCLER\NPROTECT\00141818.

Error opening file C:\RECYCLER\NPROTECT\00141819.

Error opening file C:\RECYCLER\NPROTECT\00141820.

Error opening file C:\RECYCLER\NPROTECT\00141821.

Error opening file C:\RECYCLER\NPROTECT\00141880.

Error opening file C:\RECYCLER\NPROTECT\00141881.

Error opening file C:\RECYCLER\NPROTECT\00141882.

Error opening file C:\RECYCLER\NPROTECT\00141883.

Error opening file C:\RECYCLER\NPROTECT\00141886.

Error opening file C:\RECYCLER\NPROTECT\00144025.

Error opening file C:\RECYCLER\NPROTECT\00144029.

Error opening file C:\RECYCLER\NPROTECT\00144165.

Error opening file C:\RECYCLER\NPROTECT\00144166.

Error opening file C:\RECYCLER\NPROTECT\00146601.

Error opening file C:\RECYCLER\NPROTECT\00146991.

Error opening file C:\RECYCLER\NPROTECT\00146993.

Error opening file C:\RECYCLER\NPROTECT\00146994.

Error opening file C:\RECYCLER\NPROTECT\00146995.

Error opening file C:\RECYCLER\NPROTECT\00147020.

Error opening file C:\RECYCLER\NPROTECT\00147052.

Error opening file C:\RECYCLER\NPROTECT\00147053.

Error opening file C:\RECYCLER\NPROTECT\00147054.

Error opening file C:\RECYCLER\NPROTECT\00147055.

Error opening file C:\RECYCLER\NPROTECT\00147056.

Error opening file C:\RECYCLER\NPROTECT\00147057.

Error opening file C:\RECYCLER\NPROTECT\00147058.

Error opening file C:\RECYCLER\NPROTECT\00147059.

Error opening file C:\RECYCLER\NPROTECT\00147104.

Error opening file C:\RECYCLER\NPROTECT\00147107.

Error opening file C:\RECYCLER\NPROTECT\00147111.

Error opening file C:\RECYCLER\NPROTECT\00147112.

Error opening file C:\RECYCLER\NPROTECT\00147113.

Error opening file C:\RECYCLER\NPROTECT\00147117.

Error opening file C:\RECYCLER\NPROTECT\00147118.

Error opening file C:\RECYCLER\NPROTECT\00147119.

Error opening file C:\RECYCLER\NPROTECT\00147120.

Error opening file C:\RECYCLER\NPROTECT\00147121.

Error opening file C:\RECYCLER\NPROTECT\00147122.

Error opening file C:\RECYCLER\NPROTECT\00147123.

Error opening file C:\RECYCLER\NPROTECT\00147124.

Error opening file C:\RECYCLER\NPROTECT\00147125.

Error opening file C:\RECYCLER\NPROTECT\00147126.

Error opening file C:\RECYCLER\NPROTECT\00147136.

Error opening file C:\RECYCLER\NPROTECT\00147155.

Error opening file C:\RECYCLER\NPROTECT\00147184.

Error opening file C:\RECYCLER\NPROTECT\00147192.

Error opening file C:\RECYCLER\NPROTECT\00147193.

Error opening file C:\RECYCLER\NPROTECT\00147194.

Error opening file C:\RECYCLER\NPROTECT\00147195.

Error opening file C:\RECYCLER\NPROTECT\00147224.

Error opening file C:\RECYCLER\NPROTECT\00147748.

Error opening file C:\RECYCLER\NPROTECT\00149254.

Error opening file C:\RECYCLER\NPROTECT\00149334.

Error opening file C:\RECYCLER\NPROTECT\00149350.

Error opening file C:\RECYCLER\NPROTECT\00149367.

Error opening file C:\RECYCLER\NPROTECT\00149368.

Error opening file C:\RECYCLER\NPROTECT\00150122.

Error opening file C:\RECYCLER\NPROTECT\00150123.

Error opening file C:\RECYCLER\NPROTECT\00150128.

Error opening file C:\RECYCLER\NPROTECT\00150162.

Error opening file C:\RECYCLER\NPROTECT\00150163.

Error opening file C:\RECYCLER\NPROTECT\00150171.

Error opening file C:\RECYCLER\NPROTECT\00150172.

Error opening file C:\RECYCLER\NPROTECT\00150173.

Error opening file C:\RECYCLER\NPROTECT\00150174.

Error opening file C:\RECYCLER\NPROTECT\00150199.

Error opening file C:\RECYCLER\NPROTECT\00150216.

Error opening file C:\RECYCLER\NPROTECT\00150239.

Error opening file C:\RECYCLER\NPROTECT\00150261.

Error opening file C:\RECYCLER\NPROTECT\00150278.

Error opening file C:\RECYCLER\NPROTECT\00150298.

Error opening file C:\RECYCLER\NPROTECT\00150322.

Error opening file C:\RECYCLER\NPROTECT\00150330.

Error opening file C:\RECYCLER\NPROTECT\00150350.

Error opening file C:\RECYCLER\NPROTECT\00150413.

Error opening file C:\RECYCLER\NPROTECT\00150488.

Error opening file C:\RECYCLER\NPROTECT\00150515.

Error opening file C:\RECYCLER\NPROTECT\00150716.

Error opening file C:\RECYCLER\NPROTECT\00150717.

Error opening file C:\RECYCLER\NPROTECT\00155528.

Error opening file C:\RECYCLER\NPROTECT\00161371.

Error opening file C:\RECYCLER\NPROTECT\00161379.

Error opening file C:\RECYCLER\NPROTECT\00161394.

Error opening file C:\resolve.log

Error opening file C:\WINDOWS\$NtUninstallQ307271$\spuninst\spuninst.exe

Error opening file C:\WINDOWS\$NtUninstallQ307271$\spuninst\spuninst.inf

Error opening file C:\WINDOWS\$NtUninstallQ307271$\usbuhci.sys

Error opening file C:\WINDOWS\$NtUninstallQ308677$\spuninst\spuninst.exe

Error opening file C:\WINDOWS\$NtUninstallQ308677$\spuninst\spuninst.inf

Error opening file C:\WINDOWS\$NtUninstallQ308677$\userenv.dll

Error opening file C:\WINDOWS\$NtUninstallQ311889$\spuninst\spuninst.exe

Error opening file C:\WINDOWS\$NtUninstallQ311889$\spuninst\spuninst.inf

Error opening file C:\WINDOWS\$NtUninstallQ311889$\termsrv.dll

Error opening file C:\WINDOWS\$NtUninstallQ312368$\spuninst\spuninst.exe

Error opening file C:\WINDOWS\$NtUninstallQ312368$\spuninst\spuninst.inf

Error opening file C:\WINDOWS\$NtUninstallQ312368$\syssetup.dll

Error opening file C:\WINDOWS\$_hpcst$.hpc

Error opening file C:\WINDOWS\Debug\PASSWD.LOG

Error opening file C:\WINDOWS\SchedLgU.Txt

Error opening file C:\WINDOWS\Sti_Trace.log

Error opening file C:\WINDOWS\system32\config\AppEvent.Evt

Error opening file C:\WINDOWS\system32\config\default

Error opening file C:\WINDOWS\system32\config\default.LOG

Error opening file C:\WINDOWS\system32\config\Internet.evt

Error opening file C:\WINDOWS\system32\config\SAM

Error opening file C:\WINDOWS\system32\config\SAM.LOG

Error opening file C:\WINDOWS\system32\config\SecEvent.Evt

Error opening file C:\WINDOWS\system32\config\SECURITY

Error opening file C:\WINDOWS\system32\config\SECURITY.LOG

Error opening file C:\WINDOWS\system32\config\software

Error opening file C:\WINDOWS\system32\config\software.LOG

Error opening file C:\WINDOWS\system32\config\SysEvent.Evt

Error opening file C:\WINDOWS\system32\config\system

Error opening file C:\WINDOWS\system32\config\system.LOG

Error opening file C:\WINDOWS\system32\drivers\core.cache.dsk

Error opening file C:\WINDOWS\system32\drivers\core.sys

Error opening file C:\WINDOWS\system32\h323log.txt

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA

Error opening file C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP

Error opening file C:\WINDOWS\wiadebug.log

Error opening file C:\WINDOWS\wiaservc.log

Scanning D:

Error opening file D:\Dreams\ipvr\CCS???????.txt

Checking for registry keys affected by W32/Bagle

Deleted registry key HKCU\software\datetime4

System scan finished at 00:26 on 30 June 2007

Processes found : 0
Processes terminated or disinfected : 0
Registry keys affected : 1
Registry keys changed : 1
Files found : 0
Files deleted : 0

* * * * *

New HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 7:17:46 AM, on 6/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\August\My Documents\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/Home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.zone.com/...edir.asp?code=2
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - d:\Program Files\FlashCapture\FCBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Steam] H:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [NBJ] "D:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - d:\Program Files\FlashCapture\FCIEXT.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://64.132.60.214/iNotes.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...n/GoogleNav.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.krollontr...m/edv/msrdp.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentra...oad/sonyctl.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC9BA9DA-7DF1-488E-92BC-BFD3B8FBC462}: NameServer = 192.168.1.1
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe

* * * * *

Thanks again.

August H.

#9
MoNsTeReNeRgY22

Posted 30 June 2007 - 12:06 PM

Member 2k

Member
2,539 posts

Well since Panda didn't work, lets try another one.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

#10
August_H

Posted 30 June 2007 - 03:39 PM

Member

Topic Starter
Member
19 posts

Kaspersky doesn't work either. It downloads the ActiveX component and gives me the dialog box where I click "Install." Then it returns to the main window with the bar still moving back and forth under "Initialize Kaspersky Online Scanner (downloading and installing Kaspersky Online Scanner ActiveX from the server into your computer)". I never get to the "Update Kaspersky Anti-Virus Databases" step or to click "Next." After several minutes it brings up an error message that says "Failed to load Kaspersky Online Scanner ActiveX control! You must have administrative rights on this computer; you also must have the IE security settings to the Medium level." (both of those conditions are true) and forces me to exit.

Know any others?

#11
MoNsTeReNeRgY22

Posted 30 June 2007 - 04:46 PM

Member 2k

Member
2,539 posts

Well Active X doesnt want to cooperate with us, so lets try running a java based scan.

TrendMicro™ HouseCall Java Scan

Please go HERE to run the Trend Micro™ HouseCall Scan.
Click Scan now. It's free!
Read and put a Check next to Yes I accept the terms of use.
Click the Launching HouseCall>> button.
Under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
You may receive a Security Warning about the TrendMicro Java applet, click YES.
Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
Please be patient while it installs, updates, and scans your system.
Once the scan is complete, it will take you to the summary page.
Under Cleanup options, choose clean all detected infections automatically.
Click the Clean now>> button.
If anything was found you may be prompted to run the scan again, you can just close the browser window.

#12
August_H

Posted 01 July 2007 - 05:26 AM

Member

Topic Starter
Member
19 posts

Okay, ran HouseCall. Since it doesn't generate a log, I have cut and pasted the contents of its Results tab for you.

POSSIBLE_MLWR-1
4 Infections

Transfering more information about this malware...
General information about this type of malware.
There is currently no more information available for this malware...
General information about this type of malware.
This is the Trend Micro detection for suspicious files that manifest behavior and characteristics similar to PE_DETNAT.D. It can also ...
Aliasnames: No Alias Found
Platform: Not specified
First occurence: Not specified
General risk rate Very lowLowMediumHigh
General information about this type of malware.

This is the Trend Micro detection for suspicious files that manifest behavior and characteristics similar to PE_DETNAT.D. It can also be used by other spyware such as BKDR_HUPIGON and TROJ_VANTI variants.

To view descriptions of PE_DETNAT.D and variants of BKDR_HUPIGON and TROJ_VANTI, refer to the following links:

* PE_DETNAT.D
* BKDR_HUPIGON
* TROJ_VANTI

If your Trend Micro product detects a file under this detection name, do not execute the file, or delete it immediately especially if it came from an untrusted or an unknown source (e.g., a Web site of doubtful nature). However, if you have reason to believe that the detected file is non-malicious, you can submit a sample for analysis. Detailed analysis will be done on submitted samples, and corresponding removal instructions will be provided, if necessary.

To submit files, please refer to the Solution section.

Some infections of this malware could not be removed automatically! You can manually select "Remove" and perform another "cleanup" to try and solve this problem.
Alternatively, you may click here to receive detailed instructions on how to remove these infections manually.
Cleanup options Clean all detected Infections automatically
Select an individual action for each detected infection.
Infected operating systemChecking this line will take no action on the infection Checking this column will clean the infectionWarning: Checking this column will delete the infection (e.g. the infected file) from your hard disk.Files infected by this malwareThis will display all the files infected by the above malware.ReasonThis column indicates the reason why cleanup failed.The system denied access to the fileThe current pattern does not support cleanup

Files infected by this malware:

false true C:\WINDOWS\exefld\14648140.exe
false true C:\WINDOWS\exefld\191250.exe
false true C:\WINDOWS\exefld\219109.exe
false true C:\WINDOWS\exefld\29111500.exe

[HouseCall thinks it deleted them all.]

WORM_BAGLE.IP
20 Infections

Transfering more information about this malware...
General information about this type of malware.
There is currently no more information available for this malware...
General information about this type of malware.
Aliasnames: Email-Worm.Win32.Bagle.ae, W32/Bagle.gen!Sality, W32.Beagle.DS@mm, W32/Sality.L, Infection: W32/Sality.AC, Mal/HckPk-A, Worm:Win32/Bagle.AS@mm
Platform: Not specified
First occurence: Not specified
General risk rate Very lowLowMediumHigh
General information about this type of malware.

Some infections of this malware could not be removed automatically! You can manually select "Remove" and perform another "cleanup" to try and solve this problem.
Alternatively, you may click here to receive detailed instructions on how to remove these infections manually.
Cleanup options Clean all detected Infections automatically
Select an individual action for each detected infection.
Infected operating systemChecking this line will take no action on the infection Checking this column will clean the infectionWarning: Checking this column will delete the infection (e.g. the infected file) from your hard disk.Files infected by this malwareThis will display all the files infected by the above malware.ReasonThis column indicates the reason why cleanup failed.The system denied access to the fileThe current pattern does not support cleanup
TITLE_OF_MALWARE
0 Infections

Transfering more information about this malware...
General information about this type of malware.
There is currently no more information available for this malware...
General information about this type of malware.
Aliasnames: no more aliase names known
Platform: Not specified
First occurence: Not specified
General risk rate Very lowLowMediumHigh
General information about this type of malware.

Some infections of this malware could not be removed automatically! You can manually select "Remove" and perform another "cleanup" to try and solve this problem.
Alternatively, you may click here to receive detailed instructions on how to remove these infections manually.
Cleanup options Clean all detected Infections automatically
Select an individual action for each detected infection.
Infected operating systemChecking this line will take no action on the infection Checking this column will clean the infectionWarning: Checking this column will delete the infection (e.g. the infected file) from your hard disk.Files infected by this malwareThis will display all the files infected by the above malware.ReasonThis column indicates the reason why cleanup failed.The system denied access to the fileThe current pattern does not support cleanup
Detected signatures
EICAR signature
0 Signatures
The detected signature is not a security risk; it is designed to test antivirus scanners. The listed files are not infected. They only contain the EICAR signature.
Take no action on signatures on the machineDelete signatures. Warning! Deleting this column will remove all associated signature files.EICAR filesThis will display all file paths of the above signatureReasonno accessnot supported
Detected grayware/spyware

Note: Complete removal of the grayware listed below failed! If you require general hints and tips to solve the problem, please click here. Grayware specific information is available from the relevant grayware section.

Files infected by this malware:

false true C:\WINDOWS\exefld\14659328.exe
false true C:\WINDOWS\exefld\14666140.exe
false true C:\WINDOWS\exefld\14667031.exe
false true C:\WINDOWS\exefld\15175781.exe
false true C:\WINDOWS\exefld\15181468.exe
false true C:\WINDOWS\exefld\181250.exe
false true C:\WINDOWS\exefld\194046.exe
false true C:\WINDOWS\exefld\202281.exe
false true C:\WINDOWS\exefld\203328.exe
false true C:\WINDOWS\exefld\2042781.exe
false true C:\WINDOWS\exefld\2066000.exe
false true C:\WINDOWS\exefld\219750.exe
false true C:\WINDOWS\exefld\225140.exe
false true C:\WINDOWS\exefld\225265.exe
false true C:\WINDOWS\exefld\29087906.exe
false true C:\WINDOWS\exefld\29096765.exe
false true C:\WINDOWS\exefld\29096781.exe
false true C:\WINDOWS\exefld\431750.exe
false true C:\WINDOWS\exefld\682031.exe
false true C:\WINDOWS\exefld\711843.exe

[Again, HouseCall thinks it deleted them.]

ADW_MEDIATICK.AE
1 Infections

Transfering information about this grayware/spyware...
General information about this type of grayware/spyware.
There is currently no more information available for this grayware/spyware...
General information about this type of grayware/spyware.
Adware is software that displays advertising banners on Web browsers such as Internet Explorer and Mozilla. While not categorized as malware, many users consider adware invasive. Adware progra...
Aliasnames: no more aliase names known
Platform: Not specified
First occurence: Not specified
General risk rate Very lowLowMediumHigh
General information about this type of grayware/spyware.

Adware is software that displays advertising banners on Web browsers such as Internet Explorer and Mozilla. While not categorized as malware, many users consider adware invasive. Adware programs often create unwanted effects on a system, such as annoying popup ads and, in some instances, the degradation in either network connection or system performance.

Adware programs are typically installed as separate programs that are bundled with certain free software. Many users inadvertently agree to installing adware by accepting the End User License Agreement (EULA) on the free software.

Adware are also often installed in tandem with spyware programs. Both programs feed off of each other's functionalities - spyware programs profile users' Internet behavior, while adware programs display targeted ads that correspond to the gathered user profiles.

Some infections of this grayware/spyware could not be removed automatically!
Click here to receive instructions on how to remove this type of infection manually.
Cleanup options Clean all detected infections automatically
Select an individual action for each detected infection
Files infected by this grayware/spywareSelecting this line will take no action on the infection Selecting this column will clean the infectionWarning: Selecting this column will delete the infection (e.g. the infected file) from your hard diskFiles infected by this grayware/spywareThis will display all the files infected by the above grayware/malware.ReasonThis column indicates the reason why cleanup failed.The system denied access to the fileThe current pattern does not support cleanup

Files infected by this greyware/spyware:

false true C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe

[Deleted]

ADW_SOFTOMATE.EZ
1 Infections

Transfering information about this grayware/spyware...
General information about this type of grayware/spyware.
There is currently no more information available for this grayware/spyware...
General information about this type of grayware/spyware.
Adware is software that displays advertising banners on Web browsers such as Internet Explorer and Mozilla. While not categorized as malware, many users consider adware invasive. Adware progra...
Aliasnames: no more aliase names known
Platform: Not specified
First occurence: Not specified
General risk rate Very lowLowMediumHigh
General information about this type of grayware/spyware.

Adware is software that displays advertising banners on Web browsers such as Internet Explorer and Mozilla. While not categorized as malware, many users consider adware invasive. Adware programs often create unwanted effects on a system, such as annoying popup ads and, in some instances, the degradation in either network connection or system performance.

Adware programs are typically installed as separate programs that are bundled with certain free software. Many users inadvertently agree to installing adware by accepting the End User License Agreement (EULA) on the free software.

Adware are also often installed in tandem with spyware programs. Both programs feed off of each other's functionalities - spyware programs profile users' Internet behavior, while adware programs display targeted ads that correspond to the gathered user profiles.

Some infections of this grayware/spyware could not be removed automatically!
Click here to receive instructions on how to remove this type of infection manually.
Cleanup options Clean all detected infections automatically
Select an individual action for each detected infection
Files infected by this grayware/spywareSelecting this line will take no action on the infection Selecting this column will clean the infectionWarning: Selecting this column will delete the infection (e.g. the infected file) from your hard diskFiles infected by this grayware/spywareThis will display all the files infected by the above grayware/malware.ReasonThis column indicates the reason why cleanup failed.The system denied access to the fileThe current pattern does not support cleanup

Files infected by this greyware:

false true C:\WINDOWS\b136.exe

[Deleted]

TITLE_OF_GRAYWARE
0 Infections

Transfering information about this grayware/spyware...
General information about this type of grayware/spyware.
There is currently no more information available for this grayware/spyware...
General information about this type of grayware/spyware.
Aliasnames: no more aliase names known
Platform: Not specified
First occurence: Not specified
General risk rate Very lowLowMediumHigh
General information about this type of grayware/spyware.

Some infections of this grayware/spyware could not be removed automatically!
Click here to receive instructions on how to remove this type of infection manually.
Cleanup options Clean all detected infections automatically
Select an individual action for each detected infection
Files infected by this grayware/spywareSelecting this line will take no action on the infection Selecting this column will clean the infectionWarning: Selecting this column will delete the infection (e.g. the infected file) from your hard diskFiles infected by this grayware/spywareThis will display all the files infected by the above grayware/malware.ReasonThis column indicates the reason why cleanup failed.The system denied access to the fileThe current pattern does not support cleanup
HTTP cookies
0 Detected
Cookies are generally used to save user-specific data from Internet transactions with a Web server via a browser. The cookies listed below are "profiling cookies" that are only used to monitor your Internet usage.
Cleanup options Remove all detected cookies
Select individual action for each detected cookie
Keep this cookieRemove this cookieCookiesThe cookies displayed here are classified as potentially malicious.ReasonThis column indicates the reason why cleanup failed.The system denied access to the cookieThe current pattern does not support removal
Detected vulnerabilities

(MS07-027) Cumulative Security Update for Internet Explorer (931768)

Transfering more information about this vulnerability...
An error occured while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update replaces the following update which also addresses several vulnerabilities in Internet Explorer:

Cumulative Security Update for Interne...

More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Windows Vista
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Windows Vista x64 Edition
Microsoft Windows Server 2003 x64 Edition Service Pack 1
Malware exploiting this vulnerability: unknown

This update replaces the following update which also addresses several vulnerabilities in Internet Explorer:

Cumulative Security Update for Internet Explorer (928090)

It addresses the following vulnerabilities:

* COM Object Instantiation Memory Corruption Vulnerability
* Uninitialized Memory Corruption Vulnerability
* Property Memory Corruption Vulnerability
* HMTL Objects Memory Corruption Vulnerabilities
* Arbitrary File Rewrite Vulnerability

Note that these vulnerabilities are exploited on the affected system only if the target user actually visits the Web site containing the exploit. Remote malicious users that have successfully exploited these vulnerabilities may gain complete control of the affected system. Users are advised against clicking on malicious links and attachments.
More information about this vulnerability and its elimination.

* * * * *

Currently running HouseCall again to see if it catches anything after cleaning. Will post that next reply.

August H.

#13
MoNsTeReNeRgY22

Posted 01 July 2007 - 04:01 PM

Member 2k

Member
2,539 posts

Please download the OTMoveIt by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\exefld

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
Close OTMoveIt

(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)

Click the red Moveit! button.
Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum. Please also post a fresh HJT Log. Thanks

--------------------------------------------------------------------------------------------------------------------

Also, I would like you to run another Scan just to make sure everything is gone.
TrendMicro™ HouseCall Java Scan

Please go HERE to run the Trend Micro™ HouseCall Scan.
Click Scan now. It's free!
Read and put a Check next to Yes I accept the terms of use.
Click the Launching HouseCall>> button.
Under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
You may receive a Security Warning about the TrendMicro Java applet, click YES.
Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
Please be patient while it installs, updates, and scans your system.
Once the scan is complete, it will take you to the summary page.
Under Cleanup options, choose clean all detected infections automatically.
Click the Clean now>> button.
If anything was found you may be prompted to run the scan again, you can just close the browser window.

Please post back the OTMoveIt Log, House Call results, and a fresh HJT Log

#14
August_H

Posted 02 July 2007 - 05:14 AM

Member

Topic Starter
Member
19 posts

OTMoveIt Log: Sorry, I forgot to copy and paste the results screen, but it said the directory was moved successfully.

* * * * *

HouseCall Results:

ADWARE_COMMANDDESKTOP
1 Infections

Transfering information about this grayware/spyware...
General information about this type of grayware/spyware.
There is currently no more information available for this grayware/spyware...
General information about this type of grayware/spyware.
This adware generates pop-up advertisements. It creates a Windows service. It runs every time the computer is turned on by modifying the Run key of the syst...
Aliasnames: Adware-Isearch (NAI), Trojan-Downloader.Win32.Small.buy (KAV)
Platform: Not specified
First occurence: Not specified
General risk rate Very lowLowMediumHigh
General information about this type of grayware/spyware.

This adware generates pop-up advertisements.

It creates a Windows service. It runs every time the computer is turned on by modifying the Run key of the system registry.

It has the ability to retrieve and install additional adware or spyware on your computer.

Some infections of this grayware/spyware could not be removed automatically!
Click here to receive instructions on how to remove this type of infection manually.
Cleanup options Clean all detected infections automatically
Select an individual action for each detected infection
Files infected by this grayware/spywareSelecting this line will take no action on the infection Selecting this column will clean the infectionWarning: Selecting this column will delete the infection (e.g. the infected file) from your hard diskFiles infected by this grayware/spywareThis will display all the files infected by the above grayware/malware.ReasonThis column indicates the reason why cleanup failed.The system denied access to the fileThe current pattern does not support cleanup

ADW_MEDIATICK.AE
1 Infections

Transfering information about this grayware/spyware...
General information about this type of grayware/spyware.
There is currently no more information available for this grayware/spyware...
General information about this type of grayware/spyware.
Adware is software that displays advertising banners on Web browsers such as Internet Explorer and Mozilla. While not categorized as malware, many users consider adware invasive. Adware progra...
Aliasnames: no more aliase names known
Platform: Not specified
First occurence: Not specified
General risk rate Very lowLowMediumHigh
General information about this type of grayware/spyware.

Adware is software that displays advertising banners on Web browsers such as Internet Explorer and Mozilla. While not categorized as malware, many users consider adware invasive. Adware programs often create unwanted effects on a system, such as annoying popup ads and, in some instances, the degradation in either network connection or system performance.

Adware programs are typically installed as separate programs that are bundled with certain free software. Many users inadvertently agree to installing adware by accepting the End User License Agreement (EULA) on the free software.

Adware are also often installed in tandem with spyware programs. Both programs feed off of each other's functionalities - spyware programs profile users' Internet behavior, while adware programs display targeted ads that correspond to the gathered user profiles.

Some infections of this grayware/spyware could not be removed automatically!
Click here to receive instructions on how to remove this type of infection manually.
Cleanup options Clean all detected infections automatically
Select an individual action for each detected infection
Files infected by this grayware/spywareSelecting this line will take no action on the infection Selecting this column will clean the infectionWarning: Selecting this column will delete the infection (e.g. the infected file) from your hard diskFiles infected by this grayware/spywareThis will display all the files infected by the above grayware/malware.ReasonThis column indicates the reason why cleanup failed.The system denied access to the fileThe current pattern does not support cleanup

Files infected by this grayware/spyware:
false true C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe

HTTP cookies
16 Detected
Cookies are generally used to save user-specific data from Internet transactions with a Web server via a browser. The cookies listed below are "profiling cookies" that are only used to monitor your Internet usage.
Cleanup options Remove all detected cookies
Select individual action for each detected cookie
Keep this cookieRemove this cookieCookiesThe cookies displayed here are classified as potentially malicious.ReasonThis column indicates the reason why cleanup failed.The system denied access to the cookieThe current pattern does not support removal

true false [Windows XP]::Cookie_2o7
true false [Windows XP]::Cookie_Hitbox
true false [Windows XP]::Cookie_BurstNet
true false [Windows XP]::Cookie_StatCounter
true false [Windows XP]::Cookie_YieldManager
true false [Windows XP]::Cookie_Indiads
true false [Windows XP]::Cookie_DoubleClick
true false [Windows XP]::Cookie_Questionmarket
true false [Windows XP]::Cookie_SpecificClick
true false [Windows XP]::Cookie_RealMedia
true false [Windows XP]::Cookie_BlueStreak
true false [Windows XP]::Cookie_Profiling
true false [Windows XP]::Cookie_FastClick
true false [Windows XP]::Cookie_Overture
true false [Windows XP]::Cookie_Atdmt
true false [Windows XP]::Cookie_Advertising

Detected vulnerabilities

(MS07-027) Cumulative Security Update for Internet Explorer (931768)

Transfering more information about this vulnerability...
An error occured while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update replaces the following update which also addresses several vulnerabilities in Internet Explorer:

Cumulative Security Update for Interne...

More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Windows Vista
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Windows Vista x64 Edition
Microsoft Windows Server 2003 x64 Edition Service Pack 1
Malware exploiting this vulnerability: unknown

This update replaces the following update which also addresses several vulnerabilities in Internet Explorer:

Cumulative Security Update for Internet Explorer (928090)

It addresses the following vulnerabilities:

* COM Object Instantiation Memory Corruption Vulnerability
* Uninitialized Memory Corruption Vulnerability
* Property Memory Corruption Vulnerability
* HMTL Objects Memory Corruption Vulnerabilities
* Arbitrary File Rewrite Vulnerability

Note that these vulnerabilities are exploited on the affected system only if the target user actually visits the Web site containing the exploit. Remote malicious users that have successfully exploited these vulnerabilities may gain complete control of the affected system. Users are advised against clicking on malicious links and attachments.
More information about this vulnerability and its elimination.

[HouseCall said that it was able to remove Command Desktop and the cookies but not MediaTick.]

* * * * *

Fresh HJT Scan:

Logfile of HijackThis v1.99.1
Scan saved at 7:11:56 AM, on 7/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Documents and Settings\August\My Documents\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/Home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.zone.com/...edir.asp?code=2
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - d:\Program Files\FlashCapture\FCBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Steam] H:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [NBJ] "D:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - d:\Program Files\FlashCapture\FCIEXT.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://64.132.60.214/iNotes.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...n/GoogleNav.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.krollontr...m/edv/msrdp.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentra...oad/sonyctl.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC9BA9DA-7DF1-488E-92BC-BFD3B8FBC462}: NameServer = 192.168.1.1
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe

Thanks yet again.

August H.

#15
MoNsTeReNeRgY22

Posted 02 July 2007 - 02:38 PM

Member 2k

Member
2,539 posts

Hey August_H,

Please double-click OTMoveIt.exe to run it.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
Close OTMoveIt

(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)

Click the red Moveit! button.
Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum along with a fresh HJT Log. Thanks