Author Topic: Avast stopped working, virus? (Read 93385 times)

mauserme · « **Reply #15 on:** August 14, 2007, 04:52:11 AM »

In addition to what Oldman suggested about showing hidden files and folders you could un-hide Protected Operating System Files as well. Both options are in Start>Control Panel>Folder Options>View.

Then see if you can post the Blacklight log.

CharleyO · « **Reply #16 on:** August 14, 2007, 06:22:46 AM »

***

Quote from: BJS on August 14, 2007, 03:36:33 AM

CharleyO,
I am running in Windows XP. I am going run the programs that mauserme suggested.

Thanks...

No problem, BJS ... mauserme certainly knows more about this than I do.

I asked about the OS because with XP, you should have that repair option of avast available.

***

BJS · « **Reply #17 on:** August 14, 2007, 05:43:11 PM »

Yes, I have show hidden files under folder options but I still can't view c-windows-ratmn.exe the closest is the regisisty editor file.

I also checked to see if I could manually open the ashsimp.exe or ashsimp2.exe but they were not listed under the alwil folder.

The funny thing is when I tried to reinstall Avast, the ashsimp.exe and the ashsimp2.exe showed up for about 4 seconds but dissappered while I was looking at it. It loos as though they were renamed. I could see that at first they were exe files.

mauserme · « **Reply #18 on:** August 14, 2007, 07:42:21 PM »

Please download OTMoveIt by OldTimer. Save it to your desktop but don't use it yet.

Now download ComboFix from Here or Here to your Desktop.
Double click combofix.exe and follow the prompts.
When finished post the log it produces.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Next, move HijackThis to it own folder (c:\hjt\ would be fine) scan and save a log, and post the new log after running the ComboFix scan.

Also attach (or post) the BlackLight log that should be saved in the same folder with the blacklight executable as fslb<date&time>.log.

When you ran BlackLight did you possibly use the expert parameter from the command line version or click "Show All Processes" in the Graphical Internface version? Or was it a standard scan?

BJS · « **Reply #19 on:** August 14, 2007, 08:32:05 PM »

Here is the combofix results. I need to split it because the post is too long. I will put the HIjackthis in a new folder now and run it and post the results.

ComboFix 07-08-14.4 - "Ben" 2007-08-14 12:04:49.1 - NTFS x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.68 [GMT -6:00]
C:\WINDOWS\system32\chkdsk.exe not present

ADS removed - C:\WINDOWS\system32\ntoskrnl.exe: The system cannot find the file specified.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Ben\APPLIC~1.\hidires\rosa.sys
C:\DOCUME~1\Ben\Desktop.\internet explorer.lnk
C:\Program Files\ql
C:\Program Files\ql\~ql_log.txt
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\wintems.exe

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_ROSA
-------\rosa

((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))

2007-08-14 12:00   51,200   --a------   C:\WINDOWS\nircmd.exe
2007-08-13 20:13   54,452   --a------   C:\WINDOWS\system32\drivers\pci32.sys
2007-08-11 20:59   <DIR>   d--h-----   C:\WINDOWS\PIF
2007-08-11 20:33   99,713   --a------   C:\WINDOWS\system32\trusted.exe
2007-08-11 20:33   <DIR>   d--------   C:\WINDOWS\exefnd
2007-08-11 20:12   <DIR>   d--------   C:\Program Files\SCRABBLE
2007-08-11 13:54   <DIR>   d--------   C:\Program Files\Kyodai
2007-08-11 13:02   <DIR>   d--------   C:\DOCUME~1\Ben\APPLIC~1\GameHouse
2007-08-11 13:02   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9
2007-08-10 22:15   <DIR>   d-a------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-10 22:15   <DIR>   d--------   C:\DOCUME~1\Ben\APPLIC~1\SpinTop
2007-08-08 15:01   <DIR>   d--------   C:\DOCUME~1\Ben\APPLIC~1\OpenOffice.org2
2007-08-08 14:57   <DIR>   d--------   C:\Program Files\OpenOffice.org 2.2
2007-07-14 12:29   <DIR>   d--------   C:\hindsight
2007-07-14 12:26   <DIR>   d--------   C:\DOCUME~1\Ben\.SunDownloadManager
2007-07-14 11:26   <DIR>   d--------   C:\dmbenc9
2007-07-14 11:25   450,560   --a------   C:\WINDOWS\system32\HHActiveX.dll
2007-07-14 11:25   32,768   --a------   C:\WINDOWS\system32\DZPROG32.exe
2007-07-14 11:25   131,072   --a------   C:\WINDOWS\system32\DZIP32.dll
2007-07-14 11:25   110,592   --a------   C:\WINDOWS\system32\DUNZIP32.dll
2007-07-14 11:25   <DIR>   d--------   C:\dmb9

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-11 21:32   ---------   d--------   C:\Program Files\eMule
2007-08-10 11:03   ---------   d--------   C:\Program Files\SP2 Connection Patcher
2007-07-27 16:07   783224   --a------   C:\WINDOWS\system32\aswBoot.exe
2007-07-27 16:02   94416   --a--c---   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-27 16:02   92848   --a--c---   C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-27 16:00   23152   --a--c---   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 15:59   42912   --a--c---   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 15:58   26624   --a--c---   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 15:57   95608   --a--c---   C:\WINDOWS\system32\AVASTSS.scr
2007-07-24 19:51   ---------   d--------   C:\DOCUME~1\Ben\APPLIC~1\Image Zone Express
2007-07-17 07:30   ---------   d--------   C:\Program Files\Picasa2
2007-07-15 23:41   73216   --a------   C:\WINDOWS\ST6UNST.EXE
2007-07-15 23:41   249856   ---------   C:\WINDOWS\Setup1.exe
2007-07-14 08:53   ---------   d--------   C:\Program Files\Last.fm
2007-06-24 16:35   ---------   d--------   C:\Program Files\RL-Software
2007-05-16 09:12   86528   --a--c---   C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 09:12   85504   --a--c---   C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 09:12   683520   --a--c---   C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 09:12   683520   -----c---   C:\WINDOWS\system32\inetcomm.dll
2007-05-16 09:12   510976   --a--c---   C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 09:12   1314816   --a--c---   C:\WINDOWS\system32\dllcache\msoe.dll
2006-12-02 12:05   774144   --a--c---   C:\Program Files\RngInterstitial.dll
2001-11-23 06:08   712704   --a--c---   C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2005-05-13 23:12:00   217,073   -csha-r   C:\WINDOWS\meta4.exe
2005-10-24 17:13:58   66,560   -csha-r   C:\WINDOWS\MOTA113.exe
2005-07-14 18:31:20   27,648   -csha-r   C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 21:32:28   616,448   -csha-r   C:\WINDOWS\system32\cygwin1.dll
2005-06-22 04:37:42   45,568   -csha-r   C:\WINDOWS\system32\cygz.dll
2006-05-03 09:06:54   163,328   -csh--r   C:\WINDOWS\system32\flvDX.dll
2004-01-25 06:00:00   70,656   -csha-r   C:\WINDOWS\system32\i420vfw.dll
2007-02-21 10:47:16   31,232   -csh--r   C:\WINDOWS\system32\msfDX.dll
2005-02-28 19:16:22   240,128   -csha-r   C:\WINDOWS\system32\x.264.exe
2004-01-25 06:00:00   70,656   -csha-r   C:\WINDOWS\system32\yv12vfw.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

BJS · « **Reply #20 on:** August 14, 2007, 08:33:04 PM »

part two of the combofix file

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-08-30 16:37]
"SiSUSBRG"="C:\WINDOWS\sisUSBrg.exe" [2002-04-25 18:06]
"SiS KHooker"="C:\WINDOWS\System32\khooker.exe" [2002-01-25 03:30]
"ratmn"="C:\WINDOWS\ratmn.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18]
"Cmaudio"="cmicnfg.cpl" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 17:15]
"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 03:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 20:39]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-27 15:22]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

C:\Documents and Settings\Ben\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2007-05-11 03:06:32]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-11 00:29:22]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 11:40:44]
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-07-01 22:17:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"=1 (0x1)

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# L"h'þ9Óœð3rÅWC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# L"h'þ9Óœð3rÅWC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\miftufo.exe

R1 pci32;Derkz864;\??\C:\WINDOWS\system32\drivers\pci32.sys
R1 srosa;Megadrv3;\??\C:\WINDOWS\system32\drivers\srosa.sys
S3 JL2001;Telemax WebCam WC-50;C:\WINDOWS\system32\Drivers\videocap.sys
S3 snpstd2;GE 98067 MiniCam Pro;C:\WINDOWS\system32\DRIVERS\snpstd2.sys
S4 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys

Contents of the 'Scheduled Tasks' folder
2007-08-09 04:40:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-14 15:07:36 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D432F9D3-12B8-43E7-97CB-0D48E3DE9774}.job - C:\WINDOWS\system32\msfeedssync.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-14 12:19:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\drivers\hidr.exe

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"german.exe"="C:\\WINDOWS\\system32\\wintems.exe"

Completion time: 2007-08-14 12:22:08 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-14 12:21

--- E O F ---

BJS · « **Reply #21 on:** August 14, 2007, 08:43:21 PM »

Here is the hijackthis file run after the combofix

Logfile of HijackThis v1.99.1
Scan saved at 12:42:10 PM, on 14/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\System32\khooker.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://ca.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://ca.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://ca.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [ratmn] C:\WINDOWS\ratmn.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.mysask.com
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

BJS · « **Reply #22 on:** August 14, 2007, 09:35:45 PM »

Here is the Blacklight log. I didn't use the command line version. I just clicked on scan. Also, I pretty much opened all the files under folder options. I still can't view the c:windows ratmn.exe file.

There is something new to report though. Once I ran the combofix, the red shield icon of windows security alert gave me a warning that the antivirus program I use (Avast) was out of date. I still cannot run Avast though because it is still telling me that the exe file has been moved or changed.

08/14/07 13:09:55 [Info]: BlackLight Engine 1.0.64 initialized
08/14/07 13:09:55 [Info]: OS: 5.1 build 2600 (Service Pack 2)
08/14/07 13:09:55 [Note]: 7019 4
08/14/07 13:09:55 [Note]: 7005 0
08/14/07 13:09:56 [Note]: 7006 0
08/14/07 13:09:56 [Note]: 7011 1868
08/14/07 13:09:57 [Note]: 7026 0
08/14/07 13:09:57 [Note]: 7026 0
08/14/07 13:10:00 [Note]: FSRAW library version 1.7.1022
08/14/07 13:10:05 [Note]: 10002 2
08/14/07 13:10:05 [Note]: 10002 2
08/14/07 13:12:51 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\empty.txt
08/14/07 13:12:51 [Note]: 10002 3
08/14/07 13:12:51 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\filters.xml
08/14/07 13:12:51 [Note]: 10002 3
08/14/07 13:12:51 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\news.png
08/14/07 13:12:51 [Note]: 10002 3
08/14/07 13:12:51 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\paint.png
08/14/07 13:12:51 [Note]: 10002 3
08/14/07 13:12:51 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\profiles\blank.txt
08/14/07 13:12:51 [Note]: 10002 3
08/14/07 13:12:51 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\sample1.jpg
08/14/07 13:12:51 [Note]: 10002 3
08/14/07 13:12:51 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\sample2.jpg
08/14/07 13:12:51 [Note]: 10002 3
08/14/07 13:12:51 [Note]: 10002 2
08/14/07 13:12:51 [Note]: 10002 2
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\activity_speaker_states.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_bot.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_bot.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_left.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_left.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_right.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_right.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_top.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_top.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\button_chevron_down.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\button_chevron_up.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\capbuttons.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\columnheads.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\combo.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\combo_arrow.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\connect_chunkyanim.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\dark_connect_chunkyanim.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\dialbtn_pad.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\donotdisturb.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\games_close.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\grabbie.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\grabbie.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\groupboxedge.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\headerbg.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\icons_tbar_disabled.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\icons_tbar_hot.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\icons_tbar_normal.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\indigo.xml
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\itabs.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menubar.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menubar_states.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menuitem.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menusearchbar.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menu_bg.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menu_scroll.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menu_sep.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\mute_states.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\pab_abook_off.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\pab_abook_on.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\pab_add1.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\pab_mlist1_off.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\pab_mlist1_on.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\photoshare_slider.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\photoshare_slider_tray.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_vbg.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_vhandle.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_buttons.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_griph.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_gripv.bmp
08/14/07 13:13:37 [Note]: 10002 3

BJS · « **Reply #23 on:** August 14, 2007, 09:37:49 PM »

blacklight part 2

08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_hbg.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\search_bang.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\silver_bg.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\slotborder.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\slotborder_we.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\slot_empty_bg.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\statusbar.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_bot.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_bot.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_left.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_left.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_right.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_right.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_top.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_top.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_capbuttons.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_vert.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_up.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_h.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_down.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_horz.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_left.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_right.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_v.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\triangletray.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\checkbox.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_hhandle.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\statusgrabber.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\toolbarbuttons.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\typedown.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_10.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\up_down.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\up_down_arrow.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\up_down_h.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\up_down_h_arrow.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_3.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_7.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_4.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_8.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_5.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_9.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_2.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_6.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_tbar_hold.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_tbar.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_tbar_incoming.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\Voice_Circle.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_callbtn.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_ctrls.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_0.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_1.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\preview_indigo.jpg
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\preview_indigo_intl.jpg
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\progressbar.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\pushbuttons.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\radio.bmp

BJS · « **Reply #24 on:** August 14, 2007, 09:40:32 PM »

blacklight log part 3

08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\subhdrbg.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\subhdrbg_cls.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\subhdrbg_cls_hover.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\subhdrbg_hover.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\sys_menu.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tabs.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tabs_standard.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tab_border.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tbar_sep.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\title.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\title_down.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\title_hover.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\title_up.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_11.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_lights.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_ringer.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_bot.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_bot.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_left.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_left.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_right.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_right.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_top.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_top.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\button_chevron_down.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\button_chevron_up.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\capbuttons.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\columnheads.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\combo.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\combo_arrow.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\dialbtn_pad.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\donotdisturb.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\games_close.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\grabbie.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\grabbie.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\groupboxedge.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\headerbg.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\icons_tbar_disabled.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\icons_tbar_hot.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\icons_tbar_normal.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\itabs.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\maverick.xml
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menubar.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menubar_states.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menuitem.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menusearchbar.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menu_bg.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menu_scroll.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menu_sep.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\pab_abook_off.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\pab_abook_on.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\pab_add1.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\pab_mlist1_off.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\pab_mlist1_on.bmp

BJS · « **Reply #25 on:** August 14, 2007, 09:43:00 PM »

Part 4

08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\pab_mlist1_on.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\photoshare_slider.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\photoshare_slider_tray.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\preview_mavblue.jpg
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\preview_mavblue_intl.jpg
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\progressbar.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\pushbuttons.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\radio.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_vbg.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_hhandle.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_vhandle.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_buttons.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_griph.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_gripv.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_hbg.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\search_bang.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\silver_bg.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\slotborder.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\slotborder_we.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\slot_empty_bg.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\statusbar.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\statusgrabber.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\subhdrbg.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\subhdrbg_cls.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\subhdrbg_cls_hover.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\subhdrbg_hover.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\sys_menu.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tabs.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tabs_standard.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tab_border.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tbar_bg.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\title.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\title_down.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\title_hover.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\title_up.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\toolbarbuttons.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_bot.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_bot.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_left.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_left.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_right.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_right.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_top.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_top.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_capbuttons.bmp

BJS · « **Reply #26 on:** August 14, 2007, 09:44:01 PM »

part 5

08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_vert.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_up.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_h.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_down.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_horz.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_left.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_right.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_v.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\triangletray.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\checkbox.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tbar_sep.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\typedown.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_11.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\up_down.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\up_down_arrow.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\up_down_h.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\up_down_h_arrow.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_3.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_7.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_4.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_8.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_5.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_9.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_2.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_6.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_tbar_hold.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_tbar.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_tbar_incoming.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_callbtn.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_ctrls.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_0.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_1.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_10.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_lights.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_ringer.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:38 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\preview_classic_msgr.jpg
08/14/07 13:13:38 [Note]: 10002 3
08/14/07 13:13:38 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\npYState.dll
08/14/07 13:13:38 [Note]: 10002 3
08/14/07 13:13:38 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\YAlertCenter.dll
08/14/07 13:13:38 [Note]: 10002 3
08/14/07 13:13:38 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\YbSkin2.dll
08/14/07 13:13:38 [Note]: 10002 3
08/14/07 13:13:38 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\YbSkinSelect.dll
08/14/07 13:13:38 [Note]: 10002 3
08/14/07 13:13:38 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\YbSkinSelectRes.dll

BJS · « **Reply #27 on:** August 14, 2007, 09:46:15 PM »

last blacklight log post

08/14/07 13:13:38 [Note]: 10002 3
08/14/07 13:13:38 [Note]: 10002 2
08/14/07 13:13:38 [Note]: 10002 2
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 2
08/14/07 13:13:43 [Note]: 10002 2
08/14/07 13:21:10 [Info]: Hidden file: c:\WINDOWS\ime\shared\imlang.dll
08/14/07 13:21:10 [Note]: 10002 3
08/14/07 13:21:10 [Info]: Hidden file: c:\WINDOWS\ime\shared\res\PADRS404.DLL
08/14/07 13:21:10 [Note]: 10002 3
08/14/07 13:21:10 [Info]: Hidden file: c:\WINDOWS\ime\shared\res\padrs804.dll
08/14/07 13:21:10 [Note]: 10002 3
08/14/07 13:21:10 [Note]: 10002 2
08/14/07 13:21:10 [Note]: 10002 2
08/14/07 13:22:26 [Info]: Hidden file: c:\WINDOWS\system32\drivers\srosa.sys
08/14/07 13:22:26 [Note]: 10002 2
08/14/07 13:22:26 [Info]: Hidden file: c:\WINDOWS\system32\drivers\hidr.exe
08/14/07 13:22:26 [Note]: 10002 2
08/14/07 13:23:58 [Note]: 2000 1012
08/14/07 13:27:24 [Note]: 7007 0

mauserme · « **Reply #28 on:** August 14, 2007, 10:51:26 PM »

ComboFix got rid of some of the root kits and their friends, but we still have a few things to take care of.

Double-click OTMoveIt.exe to run it. Copy the file path below to the clipboard by highlighting it and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\trusted.exe
c:\WINDOWS\system32\drivers\srosa.sys
c:\WINDOWS\system32\drivers\hidr.exe

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next response. Its OK if some of the files are not found.
Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Now open HJT and click to Do a System Scan Only. When the scan is complete place a check mark next to these lines

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll (file missing)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [ratmn] C:\WINDOWS\ratmn.exe

O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe (file missing)

O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

Close all other windows, including your browser, and click Fix Checked.

After completing all of the above post fresh ComboFix and HJT logs, then see if you can reinstall avast!

Some of this malware downloaded the evening of 11 August, about the same time as the Scrabble ActiveX that is in your HJT log. Is Scrabble (and some other games) the program you referred to in your initial post when you first noticed the problems?

BJS · « **Reply #29 on:** August 15, 2007, 12:33:16 AM »

Here is the results when I ran the moveit program

C:\WINDOWS\system32\trusted.exe moved successfully.
c:\WINDOWS\system32\drivers\srosa.sys moved successfully.
c:\WINDOWS\system32\drivers\hidr.exe moved successfully.

Created on 08/14/2007 16:29:05

Now I will follow the directions for the hijack log. I am pretty good at following directions but to tell you the truth all this is WAYYY beyond me!

Author Topic: Avast stopped working, virus? (Read 93385 times)

mauserme

Re: Avast stopped working, virus?

CharleyO

Re: Avast stopped working, virus?

BJS

Re: Avast stopped working, virus?

mauserme

Re: Avast stopped working, virus?

BJS

Re: Avast stopped working, virus?

BJS

Re: Avast stopped working, virus?

BJS

Re: Avast stopped working, virus?

BJS

Re: Avast stopped working, virus?

BJS

Re: Avast stopped working, virus?

BJS

Re: Avast stopped working, virus?

BJS

Re: Avast stopped working, virus?

BJS

Re: Avast stopped working, virus?

BJS

Re: Avast stopped working, virus?

mauserme

Re: Avast stopped working, virus?

BJS

Re: Avast stopped working, virus?