Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help, web browser being redirected, unable to run spybot.


  • Please log in to reply
9 replies to this topic

#1 albertj

albertj

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 21 June 2009 - 08:48 PM

Hi, hoping someone can help.
I found earlier this week that my internet browser would redirect me to random pages everytime i searched for something.
Im certain i must have got a virus. McAfee didnt register any intursions, but i installed and managed to run Malwarebytes (after having to rename the file to do so) and found 38 infections. i attempted to run spybot s&d. but have been unsuccessful. I've run malwarebytes twice since and found five more infections, but after the last one a blue screen appears when i attemp to turn on the computer forcing me to restart. The browser still seems to be infected. I've also recently ran CCleaner.

Im using IE7 on windows xp home edition.

Im hoping someone can help. Thank you.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:05 PM

Posted 21 June 2009 - 09:52 PM

Hello can you post a scan log from Malwarebytes(MBAM)??
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Please tell us the BLue Screen error message.


Next run ATF and SAS:If you can't log on noermally to download it. Boot to safe mode. See instructions below. But select Safe Mode with Netwirking.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 albertj

albertj
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 21 June 2009 - 10:58 PM

Here is the malware bytes scan log from the original scan.

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3

20/06/2009 11:23:07 PM
mbam-log-2009-06-20 (23-23-07).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 313974
Time elapsed: 53 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 33
Registry Values Infected: 8
Registry Data Items Infected: 9
Folders Infected: 15
Files Infected: 78

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\MSIVXapkpomtyqljobcuyxertlexjkoxopbci.dll (Spyware.Agent) -> Delete on reboot.
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\rxresult.rxresultfilter (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rxresult.rxresultfilter.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ub.ub (Adware.WordsOnWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ub.ub.1 (Adware.WordsOnWeb) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2ab289ae-4b90-4281-b2ae-1f4bb034b647} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6cd-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0d1-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494d0d1-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0494d0d1-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0d2-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0d3-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0d5-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0d7-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0494d0db-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494d0db-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00000000-15d9-4736-ab29-131578a45f2b} (Adware.WordsOnWeb) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b4a78d29-52b1-4a7b-bac0-1471bedf9836} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\starware337 (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntiVirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\starware337 (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879fa4-4790-461c-a1cc-4ec4de4ca483} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{59879fa4-4790-461c-a1cc-4ec4de4ca483} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00000000-15d9-4736-ab29-131578a45f2b} (Adware.WordsOnWeb) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sys1b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sys1b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ANTIVirus (Rogue.SystemAntiVirus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdzeg.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.84,85.255.112.80 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6251f49d-205d-420f-8b03-6a83d331ee0f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.84,85.255.112.80 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.84,85.255.112.80 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6251f49d-205d-420f-8b03-6a83d331ee0f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.84,85.255.112.80 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.84,85.255.112.80 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6251f49d-205d-420f-8b03-6a83d331ee0f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.84,85.255.112.80 -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\Starware337 (Adware.Starware) -> Quarantined and deleted successfully.
c:\program files\starware337\bin (Adware.Starware) -> Quarantined and deleted successfully.
c:\program files\starware337\icons (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\Starware337 (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\buttons (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\contexts (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\images (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\MyWay (Adware.MyWay) -> Delete on reboot.
c:\program files\MyWay\myBar (Adware.MyWay) -> Delete on reboot.
c:\program files\MyWay\myBar\1.bin (Adware.MyWay) -> Delete on reboot.
c:\program files\MyWay\myBar\Cache (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\History (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Settings (Adware.MyWay) -> Quarantined and deleted successfully.

Files Infected:
\\?\globalroot\systemroot\system32\MSIVXapkpomtyqljobcuyxertlexjkoxopbci.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\starware337\brand.bmp (Adware.Starware) -> Quarantined and deleted successfully.
c:\program files\starware337\Starware337Config.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\program files\starware337\Starware337Uninstall.exe (Adware.Starware) -> Quarantined and deleted successfully.
c:\program files\starware337\icons\star_16.ico (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\buttons\epiRSS.bmp (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\buttons\epiRSS.png (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\buttons\epiSearch.bmp (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\buttons\epiSearch.png (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\buttons\starware_toolbar_icon.bmp (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\contexts\related.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\images\walertXP.bmp (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\simpleupdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\simpleupdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\simpleupdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\simpleupdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\simpleupdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\starware337\simpleupdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
c:\program files\pchealthcenter\0.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\pchealthcenter\1.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\pchealthcenter\2.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\pchealthcenter\3.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\pchealthcenter\sex1.ico (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\pchealthcenter\sex2.ico (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\1.bin\NPMYWAY.DLL (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\1.bin\PARTNER.BMP (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\1.bin\PARTNER.DAT (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\1.bin\PARTNER2.DAT (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\1.bin\PARTNER3.DAT (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\1.bin\PARTNER4.DAT (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\1.bin\PARTNER5.DAT (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\1.bin\PARTNER6.DAT (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\0001A2B3 (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\00020B12 (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\0002C598 (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\00055E25 (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\000B1826 (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\001513A1 (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\001F98FD (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\001F9A83 (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\00218481 (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\00327329 (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\003F7C71 (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\005ECA7A (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\00657052.bin (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\0065714C.bin (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\00657217.bin (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\0084CDAE (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\00E1A707 (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\01768A04 (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\02384F1F (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\0C874B71 (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Cache\files.ini (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\History\search (Adware.MyWay) -> Quarantined and deleted successfully.
c:\program files\MyWay\myBar\Settings\prevcfg.htm (Adware.MyWay) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sex1.ico (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sex2.ico (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\efmifont.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> Delete on reboot.






I managed to download and run ATF but any time i attempt to run SAS (in safe mode or regular mode) a window comes up saying "Super anti spyware free addition has encountered a problem and needs to close"

I've restarted the computer a couple of times now without seeing the blue screen error message but if i do again i will imediatly post it.

thanks

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:05 PM

Posted 22 June 2009 - 10:45 AM

Ok we are making headway. run part1 of this next.
Next Please install RootRepeal

Go HERE, and download RootRepeal.zip to your Desktop.
Tutorial with images ,if needed >> L@@K.
Unzip that,(7-zip tool if needed) and then click RootRepeal.exe to open the scanner.
Next click on the Report tab, now click on Scan. A Window will open asking what to include in the scan. Check all of the below and then click OK.

Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services


Now you'll be asked which drive to scan. Check C: and click OK again and the scan will start. Please be patient as the scan runs. When the scan has finished, click on Save Report.
Name the log RootRepeal.txt and save it to your Documents folder (it should automatically save it there).
Please copy and paste that into your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 albertj

albertj
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 22 June 2009 - 10:34 PM

Thank you again for your assistance.
We were able to now run SUPERAntiSpyware.
Here are the logs from SUPERAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/22/2009 at 07:39 PM

Application Version : 4.26.1004

Core Rules Database Version : 3950
Trace Rules Database Version: 1892

Scan type : Complete Scan
Total Scan Time : 01:14:50

Memory items scanned : 289
Memory threats detected : 0
Registry items scanned : 7681
Registry threats detected : 59
File items scanned : 27253
File threats detected : 75

Adware.MyWay
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
HKCR\MyWayToolBar.NetscapeShutdown
HKCR\MyWayToolBar.NetscapeShutdown\CLSID
HKCR\MyWayToolBar.NetscapeShutdown\CurVer
HKCR\MyWayToolBar.NetscapeShutdown.1
HKCR\MyWayToolBar.NetscapeShutdown.1\CLSID
HKCR\MyWayToolBar.NetscapeStartup
HKCR\MyWayToolBar.NetscapeStartup\CLSID
HKCR\MyWayToolBar.NetscapeStartup\CurVer
HKCR\MyWayToolBar.NetscapeStartup.1
HKCR\MyWayToolBar.NetscapeStartup.1\CLSID
HKCR\MyWayToolBar.SettingsPlugin
HKCR\MyWayToolBar.SettingsPlugin\CLSID
HKCR\MyWayToolBar.SettingsPlugin\CurVer
HKCR\MyWayToolBar.SettingsPlugin.1
HKCR\MyWayToolBar.SettingsPlugin.1\CLSID
HKLM\Software\MyWay
HKLM\Software\MyWay\myBar
HKLM\Software\MyWay\myBar#Dir
HKLM\Software\MyWay\myBar#ShzmCurInstall
HKLM\Software\MyWay\myBar#pid
HKLM\Software\MyWay\myBar#strings
HKLM\Software\MyWay\myBar#CurInstall
HKLM\Software\MyWay\myBar#sr
HKLM\Software\MyWay\myBar#pl
HKLM\Software\MyWay\myBar#Id
HKLM\Software\MyWay\myBar#Build
HKLM\Software\MyWay\myBar#CacheDir
HKLM\Software\MyWay\myBar#HistoryDir
HKLM\Software\MyWay\myBar#Visible
HKLM\Software\MyWay\myBar#Maximized
HKLM\Software\MyWay\myBar#SettingsDir
HKLM\Software\MyWay\myBar#ConfigRevision
HKLM\Software\MyWay\myBar#ConfigRevisionURL
HKLM\Software\MyWay\myBar#ConfigDateStamp
HKLM\Software\MyWay\myBar\partner
HKLM\Software\MyWay\myBar\partner#bitmap
HKLM\Software\MyWay\myBar\partner#name
HKLM\Software\MyWay\myBar\partner#test
HKLM\Software\MyWay\myBar\partner#PM-Home
HKLM\Software\MyWay\myBar\partner#PM-Points
HKLM\Software\MyWay\myBar\partner#PM-Redeem
HKLM\Software\MyWay\myBar\partner#PM-Wallet
HKLM\Software\MyWay\myBar\partner#PM-Settings
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#UrlInfoAbout

Adware.RX Toolbar
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}
HKU\S-1-5-21-932561546-1358772127-3472507195-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}

Rogue.AntiVirus 2008
HKU\S-1-5-21-932561546-1358772127-3472507195-1005\Software\Microsoft\Windows\CurrentVersion\Run#Antivirus [ C:\Program Files\VAV\vav.exe ]

Adware.Tracking Cookie
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@ad.yieldmanager[1].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@ad.yieldmanager[3].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@ads.bleepingcomputer[1].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@adserver.adtechus[1].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@advertising[1].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@apmebf[1].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@atdmt[1].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@bluestreak[1].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@casalemedia[2].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@clickbank[1].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@clicksor[2].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@collective-media[1].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@content.yieldmanager.edgesuite[1].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@content.yieldmanager[2].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@content.yieldmanager[3].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@doubleclick[1].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@doubleclick[2].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@ehg-ctv.hitbox[2].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@enhance[2].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@linksynergy[1].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@media.fastclick[2].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@media6degrees[2].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@mediaplex[1].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@myroitracking[1].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@overture[1].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@partypoker[2].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@revsci[1].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@richmedia.yahoo[1].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@richmedia.yahoo[2].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@server.iad.liveperson[1].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@server.iad.liveperson[3].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@statse.webtrendslive[1].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@stopzilla[2].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@technoratimedia[1].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@www.stopzilla[1].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@xml.trafficengine[1].txt
C:\Documents and Settings\Albert\AppData\Roaming\Microsoft\Windows\Cookies\albert@xml.trafficengine[2].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@2o7[1].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@adrevolver[2].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@ads.pointroll[1].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@ads.soft32[2].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@adserver.softwareonline[1].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@airmilesrewardprogram.112.2o7[1].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@atdmt[2].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@atwola[1].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@bluestreak[1].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@clickbank[1].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@contentcatalog.hotbar[1].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@counter7.sextracker[1].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@cts.metricsdirect[2].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@data.coremetrics[1].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@doubleclick[1].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@ehg-seca.hitbox[2].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@fastclick[2].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@hertz.122.2o7[1].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@hitbox[2].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@insightexpressai[2].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@kontera[2].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@login.tracking101[2].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@media.adrevolver[1].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@media.licenseacquisition[2].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@mediaplex[1].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@northwestairlines.112.2o7[1].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@overture[1].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@rotator.adjuggler[1].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@sextracker[1].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@statse.webtrendslive[2].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@tacoda[1].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@windowsmedia[1].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@www.atrafficseeker[1].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@www.googleadservices[2].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@xxxcounter[1].txt
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Cookies\albert_vanden_boer@zedo[1].txt

Trace.Known Threat Sources
C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\0KF3HU8V\content_licenseacquisition_org[1].htm









Attached are the logs for RootRepeal:




ROOTREPEAL © AD, 2007-2009
==================================================
Scan Time: 2009/06/22 20:43
Program Version: Version 1.3.0.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF3D49000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79BF000 Size: 8192 File Visible: No Signed: -
Status: -

Name: MSIVXvdbbmudpuigipfwosswvjbpjwbftqlho.sys
Image Path: C:\WINDOWS\system32\drivers\MSIVXvdbbmudpuigipfwosswvjbpjwbftqlho.sys
Address: 0xF3FF7000 Size: 188416 File Visible: - Signed: -
Status: Hidden from Windows API!

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB8D0B000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Avenger\MSIVXcount
Status: Invisible to the Windows API!

Path: C:\Avenger\MSIVXcount-ren-268
Status: Invisible to the Windows API!

Path: C:\Avenger\MSIVXcount-ren-458
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\MSIVXapkpomtyqljobcuyxertlexjkoxopbci.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\MSIVXcount
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\MSIVXivwilamxiprqhkwntmdwykmomrbqoqjn.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 015.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 016.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 017.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 018.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 019.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 020.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 021.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 022.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 023.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 024.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 025.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 026.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 027.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 028.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 030.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 031.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 032.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 033.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 034.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 035.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 036.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 037.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 038.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 010.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 011.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 012.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 013.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 014.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 006.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 007.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 008.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 009.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2004 01 New Orleans\Picture 029.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-04 New York\DSCF0006.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-04 New York\DSCF0015.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-04 New York\DSCF0016.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-04 New York\DSCF0017.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-04 New York\DSCF0018.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-04 New York\DSCF0019.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-04 New York\DSCF0020.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-04 New York\DSCF0007.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-04 New York\DSCF0008.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-04 New York\DSCF0009.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-04 New York\DSCF0010.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-04 New York\DSCF0011.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-04 New York\DSCF0012.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-04 New York\DSCF0013.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-04 New York\DSCF0014.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-05 Colton\DSCF0001.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-05 Colton\DSCF0002.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-05 Colton\DSCF0003.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-05 Colton\DSCF0004.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-05 Colton\DSCF0006.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 033.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 036.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 037.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 038.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 039.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 040.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 041.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 042.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 043.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 044.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 045.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 046.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 047.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 048.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 049.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 050.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 051.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 009.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 011.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 012.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 014.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 026.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 013.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 021.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 001.jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\My Pictures\2005-06-18, 50 Anniversary\50 Anniversary 2005 004.jpg
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\drivers\MSIVXvdbbmudpuigipfwosswvjbpjwbftqlho.sys
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\0KF3HU8V\rections;MN=93206400;wm=o;city=richmond;st=va;dma=richmond-petersburg;co=usa;zip=23250;distancebucket=2;distance=119;rm=1;!c=d-jav;sz=728x90;tile=1;dcove=d;ord=64240990[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\0KF3HU8V\rections;MN=93206400;wm=o;city=richmond;st=va;dma=richmond-petersburg;co=usa;zip=23250;distancebucket=2;distance=112;rm=1;!c=d-jav;sz=728x90;tile=1;dcove=d;ord=64061553[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\5OB0HLVD\irections;MN=93206400;wm=o;city=ashland;st=va;dma=richmond-petersburg;co=usa;zip=23005;distancebucket=2;distance=129;rm=1;!c=d-jav;sz=728x90;tile=1;dcove=d;ord=60740709[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\8CA5TO629CAL8W8QNCA2FS6YUCA2UCZ35CALSEONCCA715VTCCAWEB5ZECAI025ZFCA81FJUKCA47COYECATBNJWKCA1RLUJWCAI9I61BCAW76Y5OCAR8HXGNCAA9RYOACA6F3C4HCAFYU1ZVCAM4LR1ECAY353F3CAT2G3FQ
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\9CA9WPC58CA0RLFLFCAPTDDDGCA7JKHF1CA6L64UNCAXGTOSPCAFM23S8CAXML2DBCAXCKPM3CAELBA8YCAS7TJVSCA48GLJOCAKGJI81CAPWAZE9CATSTG1OCA3W49QNCA4DBQ2KCAWIOB4ACAHRC4MPCAB2P88TCANZK4HS
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\3CAIEN1E7CAG3JQV9CAYU8XA5CAZE391GCAF3IMV3CAVUWAG2CA88DOQ9CAM79213CABIU80OCACUPPQHCA3YRIAWCA0Q17G9CA836KTICAPT9CQNCA9WWEZCCAQQOWSOCAWE7VOMCATCSMBJCA6H91FLCA8LCQO6CAWGTUGF
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\LCAHH60EECAP5N871CAPO7JKCCAJAL21HCA612EFZCARJC9SQCA492C3QCAA6SQTACA7UZOX0CAV3TIRACAO9QZWSCASXXBIPCAVJ6KE9CAXAOKMQCARHPCFGCAQ1TOPUCA33AMYUCAPXGMY8CA4C3JDECAHJANKZCA7P5K37
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\ZCA06D19XCAWTKNLBCAVG1WXPCAS8J31FCAZACJ1QCAVZ4ACJCABON2P0CAR6KUO6CAUWUU3ECA0JGHNLCA32H05RCASXO50GCALJTT2ZCAOMXWE0CAJQK8MGCATXTE73CAH13RPJCALCE8Z1CAA1VJOVCA5T25WQCAW915QT
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\FCA7RZM94CABPXOV8CATWWBDKCAIRP3YACA79BCQXCA9MZ391CAEK2EHDCAIYQPJBCAAB19IDCANX4A3JCA8U4A4VCAWQQKWNCAHU3COPCA8PA76ZCAT7HP43CABEW32DCAG20LSOCA3AAK0TCA3DR0QYCAZH2N30CAYZSCLL
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\FCAUKJW7FCAXIMTNACAK6QJQFCAGGJK81CA0N0CD8CAVS0W0UCAEDAMN7CAN73JUACARBDN16CAL6X64SCASUOEGZCA323P7ZCAP7YHZ8CADU15OLCAI87984CA5UGM4WCA1WKD33CA7HEELECA3WL3JGCAAXKMHMCAHB0KCR
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\4CA4SYCI0CA62DXDLCAQLPYQ6CAN3PBSJCAO8RABGCA7RLYBDCAT6ZTVXCA8EQDNOCARB3RSGCA6N6JI7CACI1MJSCAUNXJC4CAE7UWECCAJZYZCRCA4ZF8W5CAR4JMY5CAF0E05VCA18KB84CAAGOMEBCAG7491JCA3H1X45
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\4CAIV1ZSOCAMFPWAZCA6X3W25CAQZGSI6CAD4JFQ8CA1MIOGACAYJ88P4CAJO5W09CA9STW63CARKKW33CAV3MVVLCANNND9VCAQP5HS1CAOGDFB1CAS0AK4QCAWL1CAHCAJP8QC4CAPND28PCA2NUZA0CAYEFUGLCAZO37X5
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\XCADQCE32CAKOY3GLCAN7M5NMCA0F2HVRCA3XKR9VCAK1965LCAMOO69UCAP0JSSECAPOJXVGCA6ZNN80CAUYLIYZCA0RP254CA09KAWOCACEORVACAT349WOCAM9677OCAKQPO2UCAKM2Z2MCAF83SY7CAZT2RQZCABP4BNO
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\XCAWI2UGXCA5ERC5ACALB0UHPCAI8C4DACA2GRKOICANX3H29CANA8Q8YCA69O6TKCA88M03ACA35FMWFCA0O2EO0CAN3XEK7CABKVAVDCA95UI1RCAHKK8H2CA1YJ8WOCACQ6BTDCA2BLO9RCANGEZKOCA78U98ECA6F7DZI
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\YCAK6Z7X3CA7G4WPBCAICVBBMCANPTTQ4CAYOMCAJCAZ8WPJ0CASUWGJBCAI5S0VFCAS7QDKMCAQ7QH8FCAN6N7KGCABW9U21CAL52X3PCA617JKQCAZLYKQJCAHWEDW1CAUIC6COCAQ8C36TCALNY8G0CA6Q7R85CAL4NLPQ
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\ICA3GZO7MCAIVCD5WCAUHC314CAPQEI4HCA36287KCA3ZUXR9CA6A2HD0CAT7XGPWCAEQTQ3PCA5Y4CICCAOTJPLJCATE16YPCAJ8UX4YCAW1UMCDCAB2IU2ZCA3Y3LZNCAN875CHCAARWRWRCA3MEQ7FCA8PWJZBCAMUPK5U
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\JCA51WJN0CAJTWMIECA7RA267CA8SZPPQCA3ZMMP2CARW343KCA473QQVCAFPMZQ8CAFG492SCAK2IJM4CAAD2ARMCAXUYX3ZCA74MHW1CAJMOCKGCANTYIAUCAWXW8LRCAR2B01PCABKZCIZCAZ5O8H5CACAR7EFCAQ487PO
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\JCAVOMUXUCAKE7HYUCAY7JCOVCA2B7FIZCAS20Q94CAS52151CAQ4126JCAR7BQ5ZCARHDZH9CAZJHB1KCAF9EH7CCALWTMN6CA2I7WODCAMKP4ELCAIZ9GAKCAKKRMMBCA6NQH8HCAFDHNVYCAAOOQL3CAU7D0UECAV32ZYN
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\VCATFGZAPCA64PHLPCA7RGY58CA4F0914CAM4RBSQCAL30DT2CA0U8CSACAONB6MDCAQEGMJFCA4TWQKFCA2ER39JCAK9WNL9CAREM1EVCA4BV0UQCA1IFXBBCAVFAL2CCA70VL9OCAJ7E119CA3Y2GW5CAD79B9OCAXA2J7B
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\PCAZJ0CG3CAZVFDBPCAEHRVEWCAXD0KZQCAI7JU9PCAEY6M4DCAHX40IVCA00YLBQCA15U3F1CAYRNDYCCAB65MWMCAU0ZB45CARR59MACAXISJWECAMKQLZ8CABYE62VCAT4LELCCAX8QQOWCADHZCZMCA6B4XSUCAAFOYVU
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\CCA03RIX0CAM4CQL0CAYKPXU4CACZQELBCADTUSM0CAFYGLEICAAWAV4PCA3U99W3CADOY23RCAG9GNXYCA1MZCD9CAUBSH42CAIEQF41CAN9R9GJCAFB7O1ACAH3X673CA6NT9K4CAXREB9JCA8H39WZCABNL48WCA0X0OM4
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\ECA80R9YZCAMFCACNCAY1EFKUCAH2EWX8CAD9QW7HCAG9FVPKCAHATGM4CAL9OC24CA61CRK9CAY32651CARGDSL6CAAJS20CCAZA6OK7CA9STKQHCA2IUTZSCA9USL97CAAA4Z5FCAS5GSWLCAJE8BOICA4E3MYACAA0O9HI
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\ECAZ86D1RCAEY206WCAPARLAQCA9D2H8DCAHN3BA9CA25N6UTCAGNCU58CAUE625VCA2KBKNGCA4R0CQ5CAY3N2J5CA93UHENCA9L0S7ICA7VXQC2CAXD3LZ1CADORP9HCALK60UWCA7K8ZSLCAB093F0CA3Q9WZDCA86UC8T
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\6CATG8YR6CAHRI6UICAB62060CAVTJAG6CAW5TRTRCAO5OZ1MCAHDRITMCAJG0B4SCAZFRF1ZCA2GKSFGCAC5LV23CABNX2WVCA3XKM8YCAHCO38BCADF4STYCAO2CR8OCAPO1EK9CAE3ISAHCAU2WC53CAEOOSQXCAAEOHLH
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\PCAYXE3T3CASWY93QCACKDV6FCAHK6J19CAU36TD9CAHZAVJ7CAYEEBB8CAHUYEARCAAVNIHQCA3A4GXVCAR3TIHHCAJMNM2QCAJAMU3ICA91ED4JCAVZZW4DCABH8638CAACAUI8CADUWCIRCAED1BFUCALPZGX0CA2L09ID
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\BCASYGZIACAOWHU0BCACIM3MWCA8TS8BACADZ6MD1CANEC98RCA8H89THCALW33F1CAUZRV3NCAZCAZJKCA64KZQZCAKY3F4ACAWRGQLICAX3JR3NCAF167GRCA5ODQ4HCA8R3L1NCA8GQUNUCAHVQT08CAVGRBCJCA93JXUY
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\KCA4Z37EPCADK6EICCABSYMFVCAC95OQQCAXZBZVDCASI3FBJCA5NJD0FCAL8L5CMCAH1WK06CASAOTM7CAD05LBKCAPMS5TSCAGEQL3PCAYPA5HQCAN5SL15CAP8F3A4CAFFXOVYCAJ78HNACAOIRC8VCA2C9E3ICAF0F1XA
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\ZCA62REM3CAVR6H93CA4J117NCA12I94OCADMPK63CAKXQCVDCAJ8MN6MCASG9CKGCAD4IDDZCAP5VMPSCA10IBVECA3XEJOCCAJK3MFCCAMOPKGXCA9K8I2GCAIVKTOJCAZEF1WGCA154Y8HCALWV8WECADRXCVSCAKB02UH
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\YCAT3TBLWCA052J3RCAKYU9XPCAV0W53KCA23FAGUCAT3EKJOCABZA0D6CA4GDK9PCA9SFQUQCAMBF3G7CAAH93ZJCALQ7RVKCAC80TAFCA9HHMX9CA1DIV2CCADLQ7HYCAX2XA6FCA7EEHVECASTXZRECAOAJOX1CA291JB7
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\ZCA4MNE12CAI7QSPMCAEI4UIMCAI5AWPGCAL1SFGJCA03Z9WRCAJR6O3FCAHY4E8KCALAKYLLCA1RT17WCAUWZET5CANPY5MKCA8TBUL4CAAQFNR2CACPIH9FCA1CLYABCA063X19CAW8649PCAXORZXMCAETO8ASCAST18KM
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\NCA1IYK35CAP3E9EHCAPVVMCECA5D0ULTCAR3L9SLCAKUR8UICAAE53GECAEYPV5NCAHJ1Z7KCAD5NS8JCA0SH6HGCAWSQWRNCAA46KNYCAS9D7DPCAEP0PD3CAD89LDKCA8U6MXCCAFLDC2HCAO12S7TCACH7B34CA0EI0I7
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\WCA0MSZKCCAT5OXR1CATTY02LCAIQ3OK0CA3UUM1ICAP3PTP5CANJVDC3CAYNKA7QCAU0T638CA587N3NCA5ZY9LECART5G99CANLKLGVCA6VQ25ICA98A8KXCA5OT8XVCAINSJP4CALEDEG8CAS0DWPJCAI8W01HCAYKWXBZ
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\WCA3KQBVSCAIL9XR0CAL9KEOMCAC8244OCABMY4HNCADQAC2GCAHRMSWOCA65HYFDCAAF1BQBCAEAQWNNCADH1QLHCAZF0WUECAU8SP8WCAIXJFKCCAV95DT2CAX8B9KDCAF4H0KCCAECNGR5CAWWGAJYCA4LOKN0CAYD2R92
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\DCASAW25CCA2FJ8ZLCA4QSHKGCACM13ZRCAZ2FD3PCA0GN4DKCA45BC9JCAJ7FIUZCANHKW1QCAIJ4L23CAJEFGKRCAUC7377CAQ9OVFWCA83YLOECAJW2YA6CA6S1OHQCAMF8D0ECA5M5PF7CA6US4UCCAVEQ4O5CA4SIUQ3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\BCAEP727DCA87SASZCA1HUPI2CA6N0UC0CAPFKDIWCAHGJJE6CAQTFHIQCA4T3X5DCAJUUXWPCA3BV2NECATUZO4PCASAP57BCALHF2KQCA76X6H7CAWXP2IICANJ9ZTLCAA2XMUPCAIZ7QDOCA1EM7VACAJEY9JXCATJ1CNW
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\7U9KEM34\0CAUQ5P1TCA96KFX9CAZW7GV5CA7LJ9NNCAFIKXU6CAFB7OJKCAZ2QFJMCAO5VBW1CAEMCBFBCAWYPWH2CAR1KQWGCAB5EYM6CA9B1PMHCA8PR720CAX0NNIECARHXFFVCA4KFXFKCASADJUUCA4XIFIACASHFZZOCAJFVD8V
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\YSLL5IK8\1CA3KMYNFCAREGCSZCA4QUKNDCAXRRPR2CAIFQDKHCAGZF3QSCA4SJD3UCAUTX8QCCA4Z42MWCAZBY474CAET3R1CCAV4DJTVCA1QUY00CA7ZTU56CAXNI5K3CADN3YY6CARWA33XCAR8LT12CAADETESCAULJ9SKCAXZU046
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\YSLL5IK8\5CARHUQZFCA1P6MSZCARDEUN3CAQZMF75CAWO8TVTCAZ8PWWJCA15I2TGCA2BZGBKCA6QTEHRCA41UN4ZCAPXBWXOCAMD0PFMCA28R7ZMCAPB5FY8CAX3I80CCA7GQ257CAYQYXSKCABU54QDCAVWRCSBCA0B5S0UCA0X74UG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\YSLL5IK8\ACAMZGJM1CAL7H21CCA07PD5ZCA5SA3U7CAIG3B5BCANU0PYQCA2JK3EZCAK8F2TICAC1PU0ICARUW8V9CALT9IVUCAHK3YN1CAJKPZOUCA12XY4ACADKDIYFCAXQQASUCA81Z96VCADT4U4JCANAP8YPCAWOD9RQCAEQQK2R
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\YSLL5IK8\WCA4ZCLPTCAZDIVZ1CAGBX7ZCCASLFT7MCAP2DBWVCAVB0CDWCAK7ASUFCA0U26IVCANX3XT8CANKKV65CABY01U9CATHATCZCA3W4ECLCAELODBFCASJ1Z2RCASN0FXYCADC47D6CAPEKL6SCAK64CQ1CAF13L8ECAOJYBKZ
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\YSLL5IK8\GCAXRBSCUCATG4ZYZCA1RNQG1CADIUKXBCAL4HFNRCA5XJNJMCAV59NBBCAOEESWDCAH4F7OSCAVG5U3SCAB51RKKCA2ER5SACA0OQAXPCAJ1RF1PCAP59P7ICAOXLPBWCAPLSB9KCAZYE0IVCAGD2L9FCARATSQCCAK1LG8Z
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\YSLL5IK8\WCARTS4NECAPB4A4QCANGR073CAVP4PKLCAEHWELVCATQIS46CAJKQC9XCATGN4I6CA6B62VCCAUPTTL3CAXTIS9CCAO0ZXWYCAKE3TMLCAEE61VMCA8YCSGACA6WLR4HCASWCI2WCA2JU3AACAWJH355CAGR7R1MCAOUQ3E9
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\YSLL5IK8\KCAE3T3JXCATLPJCHCA896UZ8CAEBJ2LOCAY22OQCCAEGB6FGCARJBH5MCAHF2E3QCAG43TS7CA7UE04BCABR0ZZCCA1V1U22CA32X9RHCAA8D8IICAPNWRSMCA9BIBNACAXH5N2YCAOJJ166CAFAB1XUCAFL3AN9CAIM37X7
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\YSLL5IK8\1CAWZYFTICARXO7SWCAD7KV1OCADKYEW1CAZVC48SCAHKX4PKCAQ09JPJCA7AZP8ACASMR1PYCAWM4CVVCAZJWS20CAQCILDCCA4MFB1DCA0KTPX7CA4CVC85CA24TQOHCAN30URLCAXQ0MT3CAAUGSYSCA1JVL6ZCASUQ79U
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\YSLL5IK8\QCATL9HQ8CAB1RWZDCANTE3EMCA2YS48PCAH8YRODCAZTJQMVCA6CLHVACA852NCJCAOWJ4MPCAKFZH3UCA3QB329CARAKNKHCAERSNGCCAIW9OEKCAH6BSLXCAOP8CAUCA57YIW2CASBLNZUCAE4ELWPCA9CY1JNCAK4FCT4
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\YSLL5IK8\VCA9WGQV8CAPA1093CAB5EZ5CCAYRELR0CABAKLR2CAADF127CAP6C2TOCAGPRRB4CA2ESUJBCACM9R26CAOSZMCGCAP1A7UTCAJYLYLFCAGOX2PACA2NGV0LCAUF5P7HCAKSPUX1CAFC0NAICAP4KFJDCAAKABFRCAKN3TRF
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\YSLL5IK8\0CA1GIO4QCAKF8GT5CAFJ2A0RCAGQTT81CANIFSD1CAV1QSBFCAQVPT0SCADS2D68CAAOXV85CAGYRAWNCAZ4D7ACCAPFQ3Z5CAY1PPXFCA1VXAHHCA359PQRCAFLIF6BCA3AB8EZCAT82XW1CA5PK835CAMSMVZLCALD4T12
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\YSLL5IK8\FCAOZM0T1CASX77EBCAEDJ0ZICACTD3KQCAMWNESKCA4CBX5DCA0TA5NECAJY2ZQCCA6FL0Q9CA4GF5M2CAYKM2MNCALI72Y0CA4JRYTLCACRT8JRCA9QFMKXCASFXLACCA2CWIVHCAFPTHPPCAN31OXHCAG9Z9WFCARADYFH
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\YSLL5IK8\UCAFORUDMCAUV2QOTCAXWV0Z1CAWW20ZXCAHJONWICA84E204CAPISTWVCA34IML1CANFW573CAIJ1MUZCAG4QQ7HCAVWA6OWCADKXSHSCAZY6JZRCAYUKXQ0CAHU1UDECAEZW1RTCA5EF824CA3XREDLCAUDUKX1CAIMCIIH
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\YSLL5IK8\GCA2JD2MZCAGI0FVGCA2Z050ICAMPZ75ICAZHL2KTCAVPYXWGCAC4C72TCAZV8GKJCA6MYUXFCABV3OA8CALAKH48CAO4PO21CA23A7ZNCA3MKR4ECA8IRJ3RCARL0ZQ1CAQD9Q4UCAAI9L7SCAQE9WWVCA2SVQ69CA40TTE6
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\YSLL5IK8\HCAZ9M7YUCA7GW3AYCA2B6SO7CAVQNSHFCAK6LKHLCABOATTNCA14CG8PCAJZT87NCAUV1UP8CAKEZLSGCA4J41VJCA1YJBLVCAWUNQ0MCAG1R6LCCACR9873CAQ36I18CAYBKP1KCA35XBD5CA04Q272CAYVJHT1CATBJOMM
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\YSLL5IK8\OCA2R1BVNCA2MDX0ICAYXTAWFCARK4P8UCARGHEVPCAK9A696CA38WU45CAOOBU2ICA20MJRKCAD2QC82CAX0RXMMCATXTTB6CA7AL4ALCACOU6E7CAKSEJX1CA74A0FPCA1WFVQQCAOIZ8TECA09F6PSCAGKCC1WCAX09SF3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\YSLL5IK8\OCAZXLGGICAGOQXHGCAOBEO9HCA4ZSZOBCAFPVBPXCA6WT2BGCAC1JS9QCAW5S363CA6OZ75QCAWLTGEDCAMYD8YGCAORIOCACASKDE89CA20Y3NHCAKILXF4CAPDRV8TCAOE3C0BCAKFK7YMCANGF0ARCATDZET4CAJ6A4B9
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\YSLL5IK8\CCANC2ZNWCAQ3V57ECAKVQBB5CA4YAY3TCA6S2XK0CAQCMT2XCALRLOICCAC0QJG2CAGCN5Z1CA0N0BC7CAN1RMXWCAP3OPCTCA882AJDCAS22PI4CAYXN5WDCAR4X491CA6GN5C5CA9QRWYSCANL48Q9CAII12SACA75O8V2
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Albert Vanden Boer.V-C28BE8541BD74\Local Settings\Temp\Temporary Internet Files\Content.IE5\YSLLSSDT
-------------------
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xf3eafdf0

Hidden Services
-------------------
Service Name: MSIVXserv.sys
Image Path: C:\WINDOWS\system32\drivers\MSIVXvdbbmudpuigipfwosswvjbpjwbftqlho.sys

==EOF==


(Thanks again for your assistance:)

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:05 PM

Posted 22 June 2009 - 11:03 PM

You're welcome albertj and you are doing great.

Now the next step...

Rerun Rootrepeal. After the scan completes, go to the files tab and find these files:

C:\WINDOWS\system32\drivers\MSIVXvdbbmudpuigipfwosswvjbpjwbftqlho.sys
C:\Avenger\MSIVXcount
C:\Avenger\MSIVXcount-ren-268
C:\Avenger\MSIVXcount-ren-458
C:\WINDOWS\system32\MSIVXapkpomtyqljobcuyxertlexjkoxopbci.dll
C:\WINDOWS\system32\MSIVXcount
C:\WINDOWS\system32\MSIVXivwilamxiprqhkwntmdwykmomrbqoqjn.dll


Then use your mouse to highlight it in the Rootrepeal window.
Next right mouse click on it and select *wipe file* option only.
Then immediately reboot the computer.


Next run MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


how we running now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 albertj

albertj
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 24 June 2009 - 12:01 AM

Thanks again.
I ran Rootrepeal and wiped the files as indicated.
I than ran MBAM and the log file is attached:




Malwarebytes' Anti-Malware 1.38
Database version: 2327
Windows 5.1.2600 Service Pack 3

23/06/2009 10:37:46 PM
mbam-log-2009-06-23 (22-37-46).txt

Scan type: Quick Scan
Objects scanned: 150803
Time elapsed: 2 hour(s), 19 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Joshua\local settings\temporary internet files\Content.IE5\0FJZ9PRG\FreePorn-Movies[1].exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MSIVXapkpomtyqljobcuyxertlexjkoxopbci.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MSIVXivwilamxiprqhkwntmdwykmomrbqoqjn.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\MSIVXvdbbmudpuigipfwosswvjbpjwbftqlho.sys (Trojan.Agent) -> Quarantined and deleted successfully.



The computer appeares to be running 100% better. the speed has increased dramastically and the internet browser is not redirecting to random pages. We will continue to monitor it for the next couple of days.
We will keep you posted.
Thanks again, We really appreciated all the help you are providing.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:05 PM

Posted 24 June 2009 - 01:39 PM

You're welcome.. just update and do another Quick MBAM scan to see if it returns all 0's..

If so then..Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 albertj

albertj
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 24 June 2009 - 07:56 PM

Thanks again,
We noticed two problems but we are not shure if they are related.

1.
When turning off the computer or restarting it (at the end of windows shut down a popup appears. it says
The instruction at 0x0012e7e0 Referanced Memory at 0x7c809ad0
The Memory cannot be written
Click OK to terminate the program
Click cancell to debug the brogram

I clicked cancell several times but it still appears about 75% of the reboot or shutdown times.

2.
On start up the kekboard or mouse or both will not work.
To get them to work we have to power down and restart the computer
This happens aproximetly 50% of the time on startup.

Any sugestions.

Now I am going to do another MBAM, creat a new restore point and disk cleanup

Thanks

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:05 PM

Posted 24 June 2009 - 08:35 PM

Hello If you have a 3rd party keyboard /mouse reinstall the software.
How much Ram is on the PC? Or your page/swap file may be too small.
Left click on My Computer - select Properties - Go to the Advanced Tab to the right
>and click on it - In the performance section ; click on advanced options - In the
>lower box you will see Virtual Memory - Increase the size ( 400 min and 2000 Max
>) click on set - You will have to reboot your system

You should actually ask this again in the XP forum as they know this better than I.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users