Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

a.exe (PopRock?), b.exe, c.exe, d.exe, msa.exe


  • This topic is locked This topic is locked
4 replies to this topic

#1 JCARegal

JCARegal

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Glasgow, Scotland
  • Local time:09:33 PM

Posted 03 November 2009 - 11:42 AM

actually managed to delete the file b.exe but everything else is being detected by Security task manager and autoruns.

Here is the DDS log:

DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 16:25:58.48 on 03/11/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.510.59 [GMT 0:00]

AV: avast! antivirus 4.8.1351 [VPS 091103-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: F-Secure Anti-Virus 2006 6.12 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Security Task Manager\taskman.exe
C:\DOCUME~1\OWNER~1.CAT\LOCALS~1\Temp\Rar$EX00.343\autoruns.exe
C:\WINDOWS\msb.exe
C:\Documents and Settings\Owner.CATMACHINE\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\msfeedssync.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://uk.yahoo.com
mSearch Page =
uInternet Settings,ProxyServer = http=BPSPopupCookieShield:8100
uInternet Settings,ProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\cooliris.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [iLike] c:\program files\ilike\1.2.16\ilikesidebar.exe /checkforupdate
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\owner~1.cat\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d9050\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
IE: StumbleUpon: &Blog This - StumbleUponIEBar.dll/blogimage
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll
Trusted Zone: bebo.com
Trusted Zone: stumbleupon.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} - hxxp://musicmix.messenger.msn.com/Medialogic.CAB
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://www.cooliris.com/shared/plinstll.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.cat\applic~1\mozilla\firefox\profiles\n24zqgc9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\owner.catmachine\application data\mozilla\firefox\profiles\n24zqgc9.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\owner.catmachine\application data\mozilla\firefox\profiles\n24zqgc9.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-8 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-8 20560]
S2 gupdate1ca2edddacd7fd2;Google Update Service (gupdate1ca2edddacd7fd2);c:\program files\google\update\GoogleUpdate.exe [2009-9-6 133104]
S2 spydetector;spydetector;\??\c:\program files\spyware process detector\spydetector.sys --> c:\program files\spyware process detector\spydetector.sys [?]
S3 iMSPQMn;iMSPQMn;\??\c:\docume~1\owner~1.cat\locals~1\temp\imspqmn.sys --> c:\docume~1\owner~1.cat\locals~1\temp\iMSPQMn.sys [?]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);c:\windows\system32\drivers\SE2Fbus.sys [2006-5-1 61600]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;c:\windows\system32\drivers\SE2Fmdfl.sys [2006-5-1 9360]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;c:\windows\system32\drivers\SE2Fmdm.sys [2006-5-1 97184]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE2Fmgmt.sys [2006-5-1 88688]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);c:\windows\system32\drivers\se2Fnd5.sys [2006-5-1 18704]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;c:\windows\system32\drivers\SE2Fobex.sys [2006-5-1 86560]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);c:\windows\system32\drivers\se2Funic.sys [2006-5-1 90800]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-11-03 16:20:11 169472 ----a-w- c:\windows\msb.exe
2009-11-03 15:54:25 0 d-----w- c:\docume~1\alluse~1.win\applic~1\SecTaskMan
2009-11-03 15:54:21 0 d-----w- c:\program files\Security Task Manager
2009-11-03 15:37:42 169472 ----a-w- c:\windows\msa.exe
2009-11-03 15:24:08 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2009-11-03 15:24:08 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2009-11-03 15:23:45 0 d-----w- c:\program files\Xilisoft
2009-11-03 15:06:17 0 d-----w- c:\program files\Aiseesoft Studio
2009-11-03 13:17:42 0 d-----w- c:\program files\uTorrent
2009-11-03 13:17:18 0 d-----w- c:\docume~1\owner~1.cat\applic~1\uTorrent
2009-10-29 17:09:58 0 d-----w- c:\program files\KingsIsle Entertainment
2009-10-22 10:17:45 0 d-----w- c:\docume~1\owner~1.cat\applic~1\Deckadance
2009-10-21 20:53:30 0 d-----w- c:\program files\ASIO4ALL v2
2009-10-21 20:14:48 1554944 ----a-w- c:\windows\system32\vorbis.acm
2009-10-21 20:14:12 0 d-----w- c:\program files\VstPlugins
2009-10-21 20:11:10 0 d-----w- c:\program files\Image-Line
2009-10-21 19:51:33 0 d-----w- c:\docume~1\owner~1.cat\applic~1\Ableton
2009-10-21 19:51:33 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Ableton
2009-10-21 19:50:30 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2009-10-21 19:50:29 368640 ----a-w- c:\windows\system32\ReWire.dll
2009-10-21 19:50:03 0 d-----w- c:\program files\Ableton
2009-10-21 17:06:39 0 d-----w- c:\program files\Steinberg
2009-10-21 15:47:28 0 d-----w- c:\program files\Outsim
2009-10-19 16:12:39 0 d-----w- c:\program files\PicLensIE
2009-10-18 21:23:23 0 d-----w- c:\program files\common files\DivX Shared
2009-10-09 12:26:38 0 d-----w- c:\program files\Ubi Soft
2009-10-09 12:22:26 0 d-----w- c:\program files\Red Storm Entertainment
2009-10-08 21:57:52 115016 ----a-w- c:\windows\system32\MSINET.OCX
2009-10-08 21:57:49 69632 ----a-w- c:\windows\system32\xmltok.dll
2009-10-08 21:57:49 36864 ----a-w- c:\windows\system32\xmlparse.dll
2009-10-08 21:57:49 35840 ----a-w- c:\windows\system32\comdlg32.oca
2009-10-08 21:57:49 29184 ----a-w- c:\windows\system32\MSINET.oca
2009-10-08 21:57:49 26096 ----a-w- c:\windows\system32\xmlinst.exe
2009-10-08 21:57:49 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-10-06 17:41:15 0 d-----w- c:\program files\EA GAMES
2009-10-06 14:24:10 0 d-sh--w- c:\documents and settings\owner.catmachine\UserData

==================== Find3M ====================

2009-10-03 10:15:08 33600 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-02 15:25:11 38 ----a-w- c:\documents and settings\owner.catmachine\jagex_runescape_preferences.dat
2009-10-02 15:01:28 45 ----a-w- c:\documents and settings\owner.catmachine\jagex_runescape_preferences2.dat
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-28 18:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-11 18:16:47 131584 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-08-11 17:59:43 37200 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-08-11 17:53:48 471040 ----a-w- c:\windows\balloon_lady.scr
2009-08-11 17:53:39 12288 ----a-w- c:\windows\impborl.dll
2009-08-06 18:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 18:23:46 215920 ----a-w- c:\windows\system32\muweb.dll

============= FINISH: 16:26:53.34 ===============






EDIT: forgot the rootrepeal scan file:



ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/03 16:30
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEF625000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8C62000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE0D6000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\windows\schedlgu.txt
Status: Allocation size mismatch (API: 32768, Raw: 232)

Path: C:\Documents and Settings\Owner.CATMACHINE\Cookies\owner@ad.yieldmanager[2].txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner.CATMACHINE\Cookies\owner@ad.yieldmanager[1].txt
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner.CATMACHINE\Application Data\uTorrent\resume.dat
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Application Data\uTorrent\resume.dat.old
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temp\~DF2555.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temp\~DF256A.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\e8e166b4d11ba81e52b514a0b2161909[2].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\ef4786243b73eb0f8ed92214608f4033[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\122453911114477858876241660200298964924[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\24603d31e4b83d7437cf3c0b78a39337[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\0068742401117674204606939850932760693621[7].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\0068742401117674204606939850932760693621[8].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\0068742401117674204606939850932760693621[9].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\120x600_4_1_BC_MSN_002[1].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\st[2]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\st[3]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\switcher_fireworks_FC_120x600[1].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\95772086698625886825752395610431918362[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\api[4].xml
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\flashwrite_1_2[1].js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\icon_120x600Tag[1].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\iframe3[2].htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\iframe3[3].htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\imp[1]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\i[1].js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\triples_160x600[1].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\triples_300x250[3].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\triples_300x250[4].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\blt[2].js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\ckhdlr[1].js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\convert[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\convert[2].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\convert[3].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\convert[4].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\48ddb671a9a89007e124b51c1be58373[1].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\4e085e5e6f2943812f81adcfb1a44f5b[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\79e5134967d6e196fd1c0cd56d545100[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\8caf0d3fd487ff852010aff5283e022d[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\72890ad[1].html
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\90996OJ8\iframe3[4].htm
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\00100595126755572688827251072153109256944[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\71d1597766679556bfef4b2b315f2cd0[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\89e1c3375a15ed93920a6a3b4d67a7f9[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\e8e166b4d11ba81e52b514a0b2161909[1].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\e8e166b4d11ba81e52b514a0b2161909[2].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\e9da26bdbf394d38a806c78ff0b1d709[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\f45d530b820e021f6cdfa6ed562dccd4[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\hit[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\hit[2].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\03a72dcb457cf11856d5bfa6dad8d6b8[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\04162793f0ec7085c111ae3e07104018[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\05a6c8dd0d3b7b3861575f812ff33566[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\160600ad[1].html
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\B3327153;sz=120x600;ord=189809851[1].htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\b3c4322c14d6cadd31889a3d627c6930[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\B4035679[1].htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\iframe2[1].js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\iframe3[1].htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\iframe3[2].htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\iframe3[3].htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\imp[1]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\imp[2]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\imp[3]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\Michelle_300x250_MSN_v3_002[1].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\p[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\p[2].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\triples_160x600[2].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\18df6c434228b22c43f62268951c71e2[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\1x1pixel[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\39e19bd68a13ba1ebf275f8026ef7eab[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\476dae5eaac5169188c51a9e03ef2ce0[1].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\0068742401117674204606939850932760693621[5].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\0068742401117674204606939850932760693621[6].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\9837155931968811312233354261941640212[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\api[6].xml
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\N57D8BX3\32844562057586367526634130538692238088[1].jpg
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\c92b6516e22b38720692c482e25f597d[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\carbanner728x90[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\cb38d4a8ecc47a91119ec86a52535bf2[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\error[1]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\ERR[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\ff2[2].htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\120x600_DFS_XMAS2009_191009_ht[1].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\160600ad[1].html
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\1e6d9163b00540a7a0f040cd68762dd6[1].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\20531_TM_COMBI_Nov_09_120x600[1].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\239979aedb51dbec332ef3ba25060eb2[2].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\29089_120x600_FCR_02_1_[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\0068742401117674204606939850932760693621[6].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\01[1].htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\780b3613b82fb39b818efba0ba9feca9[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\ad0fb1564d172066e0178b60fbc8424d[1].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\api[10].xml
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\api[8].xml
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\api[9].xml
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\PrepareCodes[1].htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\st[1]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\466be686ab48a35ee5483c674151e3a5[1].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\476dae5eaac5169188c51a9e03ef2ce0[1].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\476dae5eaac5169188c51a9e03ef2ce0[2].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\64246269425884128108500859513221719188[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\728x90_5_1_MSN[1].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\hit[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\i1[1].js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\iframe3[1].htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\iframe3[2].htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\iframe3[3].htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\imp[2]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\ING_728x90_safe_3p2[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\i[1].js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\MonkeyPoke[1].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\NOV912_728x90_en_pool[1].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\72890ad[1].html
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\WFH82PRL\iframe3[5].htm
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\geolocation=London[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\hit[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\iframe3[4].htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\iframe3[5].htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\0068742401117674204606939850932760693621[6].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\0068742401117674204606939850932760693621[7].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\0068742401117674204606939850932760693621[8].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\0068742401117674204606939850932760693621[9].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\sc10_502x212_0708ext[1].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\st[1]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\st[2]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\st[3]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\dm_iframe[1].js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\clickTAG[1].htm
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\5532b726027f4a78ea97cb17dcd33e94[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\5bfe3dd5d9889941da6aca53fc1b3b9c[1].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\87449783011056992244549988544023502302[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\8ec959952d294049f356f52dffdaf860[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\8fdb1a8fde8cdd06f1365726b9c464e3[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\01[2].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\05e4e5308e9dbf7b657f4b92a15418b7[1].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\0702209a9c3852c3464c255fc7ed664b[1].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\102_74535255[1].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\148826081789531392233277504104536877031[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\160600ad[2].html
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\22b19ef067403316ab3b4d2fb9445c40[1].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\24608364e68cbf188039de00dd406380[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\283d24879b9c2b9f44d2761de88c70ac[1].jpg
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\300x250_DFS_XMAS2009_221009_ht[1].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\imp[1]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\imp[2]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\lang[1].js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\triples_728x90[1].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\warning[1]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner.CATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\ZVJTC7N9\zmpfc[1].js
Status: Could not get file information SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef7006b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef700574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef700a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef70014c

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef70064e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef70008c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef7000f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef70076e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef70072e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef7008ae

==EOF==



shall look into other ways of trying to get rid of them too

JCARegal :(

Attached Files


Edited by JCARegal, 03 November 2009 - 11:54 AM.

Be happy while you're living, for you're a long time dead.
I'll be very impressed if you can pronounce Milngavie the proper way and you're not from Scotland...
Posted Image

BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:33 PM

Posted 09 November 2009 - 02:32 AM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 JCARegal

JCARegal
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Glasgow, Scotland
  • Local time:09:33 PM

Posted 10 November 2009 - 07:50 AM

Hi Syler thanks for replying. I think I managed to get rid of the "virus" but here are the logs anyways.

Attached Files

  • Attached File  info.txt   22.25KB   1 downloads
  • Attached File  log.txt   37.08KB   2 downloads

Be happy while you're living, for you're a long time dead.
I'll be very impressed if you can pronounce Milngavie the proper way and you're not from Scotland...
Posted Image

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:33 PM

Posted 10 November 2009 - 04:36 PM

Hi JCARegal,

I don't see much wrong in your logs just a few bits that can be cleaned up.


We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    msconfig

  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 17.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please post back here with the following logs:
  • OTListIt.txt
  • Extra.txt
  • Kaspersky report
Thanks

unite.jpg


#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:33 PM

Posted 15 November 2009 - 06:34 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users