1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: A Mess.....3 viruses

Discussion in 'Virus & Other Malware Removal' started by Roe727, Feb 5, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. Roe727

    Roe727 Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    1,016
    ok...but will this fix the problem with it starting in normal mode, because as of right now, it will not start in normal mode because of that error that I posted in my last posting????
     
  2. Roe727

    Roe727 Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    1,016
    Also....sorry...but is it ok to do all this in safemode????
     
  3. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    What error?
     
  4. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    I think the one in post #14 Mark.
     
  5. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    I thought those errors were while running l2mfix. :confused:
     
  6. Roe727

    Roe727 Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    1,016
    This error........that I wrote about:
    I have yet another error that is coming up
    C:\Windows\system32\cmd.exe
    killing explorer and rundll32.exe
    The system cannot find the file specified
    The system cannot fine the file specified
    could not find C:\Documents and settings\susan zweig\desktop\l2mfix\shell.reg
    Scanning first pass. Please wait.
    second pass scanning
    umonitor
    umonitor
    umonitor....and it just continues doing that
    second pass completed....

    The computer will not boot in regular mode.....only in safe mode because of it. :(
     
  7. Roe727

    Roe727 Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    1,016
    When I try to boot in regular mode that is coming up....can only boot in safe mode at the moment....
     
  8. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
  9. Roe727

    Roe727 Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    1,016
    ok...I'm not really sure what happened. I tried to do a system restore and it said it was unsuccessful, but when the error message came up, I closed it and it finished booting, so I'm in normal mode. I downloaded the Find it NT-2K-XP and I'm now looking at the screen I believe you were talking about. But it is taking forever and my eyes are tired. I don't know if it is going to give me the log, but I will e-mail you tomorrow and let you know and also if I get the other programs to run. If this one doesn't run.....do I still run the other ones?? Thank you for your help....I hope we get somewhere with this computer as I'm feeling a little bit pessimistic that we will get anywhere. (This screen has been sitting for 15 minutes already) BUT........Have a great night and we'll see what the morning brings.
     
  10. Roe727

    Roe727 Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    1,016
    wow, just as I sent that last e-mail it finished. Here it is:
    Warning! This utility will find legitimate files in addition to malware.
    Do not remove anything unless you are sure you know what you're doing.

    Find.bat is running from: C:\Documents and Settings\Susan Zweig\Desktop\Find It NT-2K-XP\Find It NT-2K-XP

    ------- System Files in System32 Directory -------

    Volume in drive C has no label.
    Volume Serial Number is 1833-DDD3

    Directory of C:\WINDOWS\System32

    02/06/2005 12:34 AM 846 Oval63H.j9q
    02/05/2005 05:47 PM 1,182 TBPS.ini
    02/02/2005 01:27 PM 475 uekxg.dll
    01/27/2005 01:26 AM 176,362 ueKxG.exe
    01/11/2005 09:13 AM 401,408 ??ool32.exe
    12/27/2004 09:04 PM <DIR> DLLCACHE
    09/22/2004 03:36 PM 499,722 Ozf42o.exe
    09/19/2004 11:23 AM 499,722 Ozg43o.exe
    09/18/2004 11:21 AM 499,722 Smf4ikZ.exe
    09/17/2004 12:19 PM 253,962 Yix4cp5B.exe
    09/17/2004 12:19 PM 253,962 BjlV9i.exe
    09/17/2004 12:19 PM 253,962 WgdSrmN3.exe
    09/17/2004 12:19 PM 253,962 MroU.exe
    09/17/2004 12:19 PM 253,962 MxjQzK.exe
    09/17/2004 12:19 PM 253,962 Wyl0J.exe
    09/17/2004 12:19 PM 499,722 QjxWV.exe
    09/17/2004 12:19 PM 499,722 Vqxt.exe
    09/17/2004 07:15 AM 499,722 Wkv9.exe
    09/16/2004 10:55 AM 512 Elr0i.a99
    09/14/2004 06:53 AM 499,722 Qmz8N.exe
    09/11/2004 06:52 AM 499,722 CqbFH.exe
    09/11/2004 06:52 AM 499,722 Zgl8.exe
    09/11/2004 06:52 AM 499,722 Cxe0K.exe
    09/10/2004 06:51 AM 253,962 GllF2b.exe
    09/10/2004 06:51 AM 253,962 HinEV5H.exe
    09/10/2004 06:51 AM 253,962 Grd3T.exe
    09/10/2004 06:51 AM 253,962 KedH.exe
    09/10/2004 06:51 AM 253,962 Xqeccx.exe
    09/10/2004 06:51 AM 253,962 Vqxu.exe
    01/12/2004 03:29 PM 1,020 ZlwJR.j5q
    01/11/2004 01:33 PM 1,104 Yfk8.ct6
    01/03/2004 02:19 PM 1,020 TafqW5mn.cvb
    01/02/2004 10:22 AM 1,104 SzepW5ln.cvb
    12/22/2003 09:55 AM 1,104 Kpg76.fez
    12/18/2003 06:25 PM 1,104 Qxcn74j.las
    12/17/2003 01:25 PM 1,020 WxfV9U5.uf3
    12/08/2003 02:48 PM 1,020 UbgrYPnp.exd
    12/08/2003 01:48 PM 1,020 Elq0i.a99
    11/18/2003 06:45 PM 1,020 Zgl8.du7
    11/17/2003 04:44 PM 1,020 Rydo84km.btz
    11/17/2003 03:44 PM 1,020 Cjo9g.x88
    11/17/2003 02:44 PM 1,020 Ahm8.ev7
    02/21/2003 03:07 AM <DIR> Microsoft
    41 File(s) 8,639,145 bytes
    2 Dir(s) 17,884,368,896 bytes free

    ------- Hidden Files in System32 Directory -------

    Volume in drive C has no label.
    Volume Serial Number is 1833-DDD3

    Directory of C:\WINDOWS\System32

    02/06/2005 12:34 AM 846 Oval63H.j9q
    02/02/2005 01:27 PM 475 uekxg.dll
    01/27/2005 01:28 AM 106 4qxntj.dll
    01/27/2005 01:26 AM 176,362 ueKxG.exe
    01/11/2005 09:13 AM 401,408 ??ool32.exe
    12/27/2004 09:04 PM <DIR> DLLCACHE
    11/11/2004 11:57 AM <DIR> vmss
    11/11/2004 11:56 AM <DIR> wsxsvc
    09/22/2004 03:36 PM 499,722 Ozf42o.exe
    09/19/2004 11:23 AM 499,722 Ozg43o.exe
    09/18/2004 11:21 AM 499,722 Smf4ikZ.exe
    09/17/2004 12:19 PM 253,962 Yix4cp5B.exe
    09/17/2004 12:19 PM 253,962 BjlV9i.exe
    09/17/2004 12:19 PM 253,962 WgdSrmN3.exe
    09/17/2004 12:19 PM 253,962 MroU.exe
    09/17/2004 12:19 PM 253,962 MxjQzK.exe
    09/17/2004 12:19 PM 253,962 Wyl0J.exe
    09/17/2004 12:19 PM 499,722 QjxWV.exe
    09/17/2004 12:19 PM 499,722 Vqxt.exe
    09/17/2004 07:15 AM 499,722 Wkv9.exe
    09/16/2004 10:55 AM 512 Elr0i.a99
    09/14/2004 06:53 AM 499,722 Qmz8N.exe
    09/11/2004 08:50 PM 24,064 Explorerz.exe
    09/11/2004 06:52 AM 499,722 CqbFH.exe
    09/11/2004 06:52 AM 499,722 Zgl8.exe
    09/11/2004 06:52 AM 499,722 Cxe0K.exe
    09/10/2004 06:51 AM 253,962 GllF2b.exe
    09/10/2004 06:51 AM 253,962 HinEV5H.exe
    09/10/2004 06:51 AM 253,962 Grd3T.exe
    09/10/2004 06:51 AM 253,962 KedH.exe
    09/10/2004 06:51 AM 253,962 Xqeccx.exe
    09/10/2004 06:51 AM 253,962 Vqxu.exe
    01/18/2004 09:03 PM 0 kyf.dat
    01/12/2004 03:29 PM 1,020 ZlwJR.j5q
    01/11/2004 01:33 PM 1,104 Yfk8.ct6
    01/03/2004 02:19 PM 1,020 TafqW5mn.cvb
    01/02/2004 10:22 AM 1,104 SzepW5ln.cvb
    12/22/2003 09:55 AM 1,104 Kpg76.fez
    12/18/2003 06:25 PM 1,104 Qxcn74j.las
    12/17/2003 01:25 PM 1,020 WxfV9U5.uf3
    12/08/2003 02:48 PM 1,020 UbgrYPnp.exd
    12/08/2003 01:48 PM 1,020 Elq0i.a99
    11/18/2003 06:45 PM 1,020 Zgl8.du7
    11/17/2003 04:44 PM 1,020 Rydo84km.btz
    11/17/2003 03:44 PM 1,020 Cjo9g.x88
    11/17/2003 02:44 PM 1,020 Ahm8.ev7
    09/03/2002 09:57 AM 488 WindowsLogon.manifest
    09/03/2002 09:57 AM 488 logonui.exe.manifest
    09/03/2002 09:57 AM 749 ncpa.cpl.manifest
    09/03/2002 09:57 AM 749 cdplayer.exe.manifest
    09/03/2002 09:57 AM 749 nwc.cpl.manifest
    09/03/2002 09:57 AM 749 sapi.cpl.manifest
    09/03/2002 09:57 AM 749 wuaucpl.cpl.manifest
    50 File(s) 8,666,854 bytes
    3 Dir(s) 17,884,364,800 bytes free

    ------------ Files Named "Guard" ---------------

    Volume in drive C has no label.
    Volume Serial Number is 1833-DDD3

    Directory of C:\WINDOWS\System32


    ------ Temp Files in System32 Directory ------

    Volume in drive C has no label.
    Volume Serial Number is 1833-DDD3

    Directory of C:\WINDOWS\System32

    10/25/2004 05:16 PM 94,208 nsu5CE.tmp
    08/04/2004 02:57 AM 2,105,344 SET6B6.tmp
    08/04/2004 02:56 AM 17,408 SET36C.tmp
    08/04/2004 02:56 AM 33,280 SET354.tmp
    08/04/2004 02:56 AM 502,272 SET5FC.tmp
    08/04/2004 02:56 AM 23,552 SET60B.tmp
    08/04/2004 02:56 AM 206,848 SET628.tmp
    08/04/2004 02:56 AM 56,832 SET2B5.tmp
    08/04/2004 02:56 AM 14,336 SET646.tmp
    08/04/2004 02:56 AM 14,336 SET64E.tmp
    08/04/2004 02:56 AM 57,856 SET65E.tmp
    08/04/2004 02:56 AM 29,696 SET396.tmp
    08/04/2004 02:56 AM 32,768 SET287.tmp
    08/04/2004 02:56 AM 502,272 SET6DE.tmp
    08/04/2004 02:56 AM 32,768 SET6F2.tmp
    08/04/2004 02:56 AM 23,552 SET6FB.tmp
    08/04/2004 02:56 AM 265,728 SET39C.tmp
    08/04/2004 02:56 AM 56,832 SET720.tmp
    08/04/2004 02:56 AM 206,848 SET72E.tmp
    08/04/2004 02:56 AM 14,336 SET757.tmp
    08/04/2004 02:56 AM 57,856 SET778.tmp
    08/04/2004 02:56 AM 33,280 SET7BF.tmp
    08/04/2004 02:56 AM 17,408 SET7D7.tmp
    08/04/2004 02:56 AM 29,696 SET801.tmp
    08/04/2004 02:56 AM 265,728 SET807.tmp
    08/04/2004 02:56 AM 502,272 SET191.tmp
    08/04/2004 02:56 AM 32,768 SET831.tmp
    08/04/2004 02:56 AM 56,832 SET862.tmp
    08/04/2004 02:56 AM 57,856 SET1F3.tmp
    08/04/2004 02:56 AM 33,280 SET928.tmp
    08/04/2004 02:56 AM 23,552 SET1A0.tmp
    08/04/2004 02:56 AM 17,408 SET940.tmp
    08/04/2004 02:56 AM 14,336 SET1E3.tmp
    08/04/2004 02:56 AM 29,696 SET96A.tmp
    08/04/2004 02:56 AM 265,728 SET970.tmp
    08/04/2004 02:56 AM 14,336 SET1DB.tmp
    08/04/2004 02:56 AM 206,848 SET1BD.tmp
    08/04/2004 02:56 AM 32,768 SET837.tmp
    08/04/2004 02:56 AM 69,632 SET6F4.tmp
    08/04/2004 02:56 AM 32,768 SET28C.tmp
    08/04/2004 02:56 AM 69,632 SET289.tmp
    08/04/2004 02:56 AM 69,632 SET834.tmp
    08/04/2004 02:56 AM 32,768 SET6F7.tmp
    08/04/2004 02:56 AM 77,312 SET761.tmp
    08/04/2004 02:56 AM 77,312 SET2F6.tmp
    08/04/2004 02:56 AM 77,312 SET8C7.tmp
    08/04/2004 02:56 AM 13,312 SET33E.tmp
    08/04/2004 02:56 AM 13,312 SET7A9.tmp
    08/04/2004 02:56 AM 13,312 SET912.tmp
    08/04/2004 02:56 AM 27,648 SET418.tmp
    08/04/2004 02:56 AM 6,144 SET875.tmp
    08/04/2004 02:56 AM 27,648 SET882.tmp
    08/04/2004 02:56 AM 27,648 SET9EB.tmp
    08/04/2004 02:56 AM 6,144 SET9DE.tmp
    08/04/2004 02:56 AM 6,144 SET40B.tmp
    08/04/2004 02:56 AM 5,632 SET435.tmp
    08/04/2004 02:56 AM 5,632 SETA03.tmp
    08/04/2004 02:56 AM 5,632 SET89A.tmp
    08/04/2004 02:56 AM 276,480 SET19F.tmp
    08/04/2004 02:56 AM 18,944 SET1A7.tmp
    08/04/2004 02:56 AM 218,624 SET1AD.tmp
    08/04/2004 02:56 AM 49,152 SET1A1.tmp
    08/04/2004 02:56 AM 713,216 SET1DA.tmp
    08/04/2004 02:56 AM 67,584 SET19E.tmp
    08/04/2004 02:56 AM 181,760 SET1D3.tmp
    08/04/2004 02:56 AM 656,384 SET193.tmp
    08/04/2004 02:56 AM 246,272 SET1D2.tmp
    08/04/2004 02:56 AM 45,568 SET1CF.tmp
    08/04/2004 02:56 AM 32,768 SET192.tmp
    08/04/2004 02:56 AM 176,128 SET190.tmp
    08/04/2004 02:56 AM 16,896 SET18E.tmp
    08/04/2004 02:56 AM 99,328 SET18D.tmp
    08/04/2004 02:56 AM 290,816 SET18C.tmp
    08/04/2004 02:56 AM 295,424 SET1CA.tmp
    08/04/2004 02:56 AM 53,760 SET18B.tmp
    08/04/2004 02:56 AM 385,536 SET1C9.tmp
    08/04/2004 02:56 AM 176,640 SET18A.tmp
    08/04/2004 02:56 AM 713,216 SET756.tmp
    08/04/2004 02:56 AM 181,760 SET74C.tmp
    08/04/2004 02:56 AM 246,272 SET74A.tmp
    08/04/2004 02:56 AM 45,568 SET747.tmp
    08/04/2004 02:56 AM 295,424 SET741.tmp
    08/04/2004 02:56 AM 385,536 SET740.tmp
    08/04/2004 02:56 AM 90,624 SET73B.tmp
    08/04/2004 02:56 AM 118,272 SET730.tmp
    08/04/2004 02:56 AM 172,032 SET188.tmp
    08/04/2004 02:56 AM 74,240 SET72D.tmp
    08/04/2004 02:56 AM 13,824 SET72C.tmp
    08/04/2004 02:56 AM 132,608 SET72B.tmp
    08/04/2004 02:56 AM 92,672 SET187.tmp
    08/04/2004 02:56 AM 37,888 SET71F.tmp
    08/04/2004 02:56 AM 601,088 SET71E.tmp
    08/04/2004 02:56 AM 90,624 SET1C5.tmp
    08/04/2004 02:56 AM 577,024 SET717.tmp
    08/04/2004 02:56 AM 174,592 SET1A3.tmp
    08/04/2004 02:56 AM 218,624 SET70D.tmp
    08/04/2004 02:56 AM 417,792 SET709.tmp
    08/04/2004 02:56 AM 18,944 SET706.tmp
    08/04/2004 02:56 AM 430,592 SET702.tmp
    08/04/2004 02:56 AM 174,592 SET700.tmp
    08/04/2004 02:56 AM 49,152 SET6FD.tmp
    08/04/2004 02:56 AM 264,192 SET172.tmp
    08/04/2004 02:56 AM 276,480 SET6FA.tmp
    08/04/2004 02:56 AM 118,272 SET1BE.tmp
    08/04/2004 02:56 AM 723,456 SET1B0.tmp
    08/04/2004 02:56 AM 67,584 SET6F3.tmp
    08/04/2004 02:56 AM 74,240 SET1BC.tmp
    08/04/2004 02:56 AM 656,384 SET6E0.tmp
    08/04/2004 02:56 AM 32,768 SET6DF.tmp
    08/04/2004 02:56 AM 13,824 SET1BB.tmp
    08/04/2004 02:56 AM 351,232 SETE1E.tmp
    08/04/2004 02:56 AM 19,968 SET16E.tmp
    08/04/2004 02:56 AM 132,608 SET1BA.tmp
    08/04/2004 02:56 AM 16,896 SET6DB.tmp
    08/04/2004 02:56 AM 99,328 SET6DA.tmp
    08/04/2004 02:56 AM 37,888 SET1B5.tmp
    08/04/2004 02:56 AM 290,816 SET6D9.tmp
    08/04/2004 02:56 AM 53,760 SET6D8.tmp
    08/04/2004 02:56 AM 176,640 SET6D7.tmp
    08/04/2004 02:56 AM 172,032 SET6D5.tmp
    08/04/2004 02:56 AM 92,672 SET6D4.tmp
    08/04/2004 02:56 AM 230,400 SET6D0.tmp
    08/04/2004 02:56 AM 19,968 SET167.tmp
    08/04/2004 02:56 AM 264,192 SET6B2.tmp
    08/04/2004 02:56 AM 82,944 SET6AF.tmp
    08/04/2004 02:56 AM 19,968 SET6AE.tmp
    08/04/2004 02:56 AM 19,968 SET6A6.tmp
    08/04/2004 02:56 AM 22,528 SET6A4.tmp
    08/04/2004 02:56 AM 18,432 SET6A1.tmp
    08/04/2004 02:56 AM 359,936 SET69A.tmp
    08/04/2004 02:56 AM 22,528 SET165.tmp
    08/04/2004 02:56 AM 18,432 SET163.tmp
    08/04/2004 02:56 AM 359,936 SET160.tmp
    08/04/2004 02:56 AM 723,456 SET715.tmp
    08/04/2004 02:56 AM 713,216 SET645.tmp
    08/04/2004 02:56 AM 181,760 SET63E.tmp
    08/04/2004 02:56 AM 246,272 SET63D.tmp
    08/04/2004 02:56 AM 45,568 SET63A.tmp
    08/04/2004 02:56 AM 295,424 SET635.tmp
    08/04/2004 02:56 AM 385,536 SET634.tmp
    08/04/2004 02:56 AM 90,624 SET630.tmp
    08/04/2004 02:56 AM 118,272 SET629.tmp
    08/04/2004 02:56 AM 351,232 SET13ED.tmp
    08/04/2004 02:56 AM 74,240 SET627.tmp
    08/04/2004 02:56 AM 13,824 SET626.tmp
    08/04/2004 02:56 AM 132,608 SET625.tmp
    08/04/2004 02:56 AM 37,888 SET620.tmp
    08/04/2004 02:56 AM 601,088 SET61F.tmp
    08/04/2004 02:56 AM 16,896 SET61E.tmp
    08/04/2004 02:56 AM 577,024 SET61C.tmp
    08/04/2004 02:56 AM 723,456 SET61B.tmp
    08/04/2004 02:56 AM 218,624 SET618.tmp
    08/04/2004 02:56 AM 18,944 SET612.tmp
    08/04/2004 02:56 AM 430,592 SET610.tmp
    08/04/2004 02:56 AM 174,592 SET60E.tmp
    08/04/2004 02:56 AM 49,152 SET60C.tmp
    08/04/2004 02:56 AM 601,088 SET1B4.tmp
    08/04/2004 02:56 AM 6,656 SET13DE.tmp
    08/04/2004 02:56 AM 276,480 SET60A.tmp
    08/04/2004 02:56 AM 67,584 SET609.tmp
    08/04/2004 02:56 AM 656,384 SET5FE.tmp
    08/04/2004 02:56 AM 32,768 SET5FD.tmp
    08/04/2004 02:56 AM 351,232 SET1284.tmp
    08/04/2004 02:56 AM 176,128 SET5FB.tmp
    08/04/2004 02:56 AM 16,896 SET5F9.tmp
    08/04/2004 02:56 AM 99,328 SET5F8.tmp
    08/04/2004 02:56 AM 290,816 SET5F7.tmp
    08/04/2004 02:56 AM 53,760 SET5F6.tmp
    08/04/2004 02:56 AM 176,640 SET5F5.tmp
    08/04/2004 02:56 AM 172,032 SET5F3.tmp
    08/04/2004 02:56 AM 92,672 SET5F2.tmp
    08/04/2004 02:56 AM 264,192 SET5DD.tmp
    08/04/2004 02:56 AM 82,944 SET5DA.tmp
    08/04/2004 02:56 AM 19,968 SET5D9.tmp
    08/04/2004 02:56 AM 19,968 SET5D2.tmp
    08/04/2004 02:56 AM 16,896 SET1B3.tmp
    08/04/2004 02:56 AM 22,528 SET5D0.tmp
    08/04/2004 02:56 AM 6,656 SET1275.tmp
    08/04/2004 02:56 AM 18,432 SET5CE.tmp
    08/04/2004 02:56 AM 359,936 SET5CB.tmp
    08/04/2004 02:56 AM 430,592 SET1A5.tmp
    08/04/2004 02:56 AM 82,944 SET16F.tmp
    08/04/2004 02:56 AM 6,656 SETE0F.tmp
    08/04/2004 02:56 AM 577,024 SET1B1.tmp
    08/04/2004 02:56 AM 16,896 SET71B.tmp
    08/04/2004 02:56 AM 176,128 SET6DD.tmp
    08/04/2004 02:56 AM 442,368 SET777.tmp
    08/04/2004 02:56 AM 34,816 SET1EA.tmp
    08/04/2004 02:56 AM 170,496 SET1ED.tmp
    08/04/2004 02:56 AM 180,800 SET1F0.tmp
    08/04/2004 02:56 AM 442,368 SET1F2.tmp
    08/04/2004 02:56 AM 74,752 SET1F4.tmp
    08/04/2004 02:56 AM 18,944 SET1F7.tmp
    08/04/2004 02:56 AM 134,656 SET204.tmp
    08/04/2004 02:56 AM 473,600 SET209.tmp
    08/04/2004 02:56 AM 65,536 SET20B.tmp
    08/04/2004 02:56 AM 25,088 SET20D.tmp
    08/04/2004 02:56 AM 8,384,000 SET20E.tmp
    08/04/2004 02:56 AM 121,856 SET1DE.tmp
    08/04/2004 02:56 AM 1,483,264 SET20F.tmp
    08/04/2004 02:56 AM 1,483,264 SET7A2.tmp
    08/04/2004 02:56 AM 8,384,000 SET7A0.tmp
    08/04/2004 02:56 AM 25,088 SET79E.tmp


    and more .....wouldn''t all fit
     
  11. Roe727

    Roe727 Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    1,016
    here's the rest:
    08/04/2004 02:56 AM 8,384,000 SET20E.tmp
    08/04/2004 02:56 AM 121,856 SET1DE.tmp
    08/04/2004 02:56 AM 1,483,264 SET20F.tmp
    08/04/2004 02:56 AM 1,483,264 SET7A2.tmp
    08/04/2004 02:56 AM 8,384,000 SET7A0.tmp
    08/04/2004 02:56 AM 25,088 SET79E.tmp
    08/04/2004 02:56 AM 65,536 SET799.tmp
    08/04/2004 02:56 AM 473,600 SET797.tmp
    08/04/2004 02:56 AM 151,552 SET796.tmp
    08/04/2004 02:56 AM 134,656 SET792.tmp
    08/04/2004 02:56 AM 18,944 SET780.tmp
    08/04/2004 02:56 AM 74,752 SET77A.tmp
    08/04/2004 02:56 AM 180,800 SET775.tmp
    08/04/2004 02:56 AM 170,496 SET772.tmp
    08/04/2004 02:56 AM 34,816 SET76F.tmp
    08/04/2004 02:56 AM 71,680 SET76E.tmp
    08/04/2004 02:56 AM 121,856 SET75A.tmp
    08/04/2004 02:56 AM 71,680 SET1E9.tmp
    08/04/2004 02:56 AM 1,483,264 SET67A.tmp
    08/04/2004 02:56 AM 8,384,000 SET679.tmp
    08/04/2004 02:56 AM 25,088 SET678.tmp
    08/04/2004 02:56 AM 65,536 SET676.tmp
    08/04/2004 02:56 AM 438,272 SET675.tmp
    08/04/2004 02:56 AM 473,600 SET674.tmp
    08/04/2004 02:56 AM 134,656 SET66F.tmp
    08/04/2004 02:56 AM 18,944 SET662.tmp
    08/04/2004 02:56 AM 74,752 SET65F.tmp
    08/04/2004 02:56 AM 442,368 SET65D.tmp
    08/04/2004 02:56 AM 180,800 SET65B.tmp
    08/04/2004 02:56 AM 170,496 SET658.tmp
    08/04/2004 02:56 AM 34,816 SET655.tmp
    08/04/2004 02:56 AM 71,680 SET654.tmp
    08/04/2004 02:56 AM 121,856 SET649.tmp
    08/04/2004 02:56 AM 6,656 SET217.tmp
    08/04/2004 02:56 AM 5,120 SET7A6.tmp
    08/04/2004 02:56 AM 140,288 SET212.tmp
    08/04/2004 02:56 AM 6,656 SET7AB.tmp
    08/04/2004 02:56 AM 38,912 SET7AC.tmp
    08/04/2004 02:56 AM 55,808 SET7B0.tmp
    08/04/2004 02:56 AM 18,944 SET7B1.tmp
    08/04/2004 02:56 AM 5,120 SET213.tmp
    08/04/2004 02:56 AM 190,976 SET7B9.tmp
    08/04/2004 02:56 AM 313,856 SET7BA.tmp
    08/04/2004 02:56 AM 180,224 SET7BB.tmp
    08/04/2004 02:56 AM 44,032 SET7C6.tmp
    08/04/2004 02:56 AM 395,776 SET7CC.tmp
    08/04/2004 02:56 AM 581,120 SET7CD.tmp
    08/04/2004 02:56 AM 431,616 SET7CE.tmp
    08/04/2004 02:56 AM 58,880 SET7D0.tmp
    08/04/2004 02:56 AM 38,912 SET218.tmp
    08/04/2004 02:56 AM 55,808 SET21C.tmp
    08/04/2004 02:56 AM 49,664 SET7D9.tmp
    08/04/2004 02:56 AM 245,248 SET874.tmp
    08/04/2004 02:56 AM 1,236,480 SET86F.tmp
    08/04/2004 02:56 AM 66,560 SET86C.tmp
    08/04/2004 02:56 AM 90,112 SET86B.tmp
    08/04/2004 02:56 AM 90,624 SET86A.tmp
    08/04/2004 02:56 AM 36,352 SET868.tmp
    08/04/2004 02:56 AM 17,920 SET866.tmp
    08/04/2004 02:56 AM 332,288 SET85F.tmp
    08/04/2004 02:56 AM 622,080 SET85E.tmp
    08/04/2004 02:56 AM 407,040 SET85B.tmp
    08/04/2004 02:56 AM 198,144 SET85A.tmp
    08/04/2004 02:56 AM 12,288 SET858.tmp
    08/04/2004 02:56 AM 1,708,032 SET855.tmp
    08/04/2004 02:56 AM 80,896 SET853.tmp
    08/04/2004 02:56 AM 245,760 SET852.tmp
    08/04/2004 02:56 AM 18,944 SET21D.tmp
    08/04/2004 02:56 AM 112,128 SET7E8.tmp
    08/04/2004 02:56 AM 206,336 SET7EA.tmp
    08/04/2004 02:56 AM 190,976 SET223.tmp
    08/04/2004 02:56 AM 313,856 SET224.tmp
    08/04/2004 02:56 AM 180,224 SET225.tmp
    08/04/2004 02:56 AM 44,032 SET22D.tmp
    08/04/2004 02:56 AM 248,832 SET851.tmp
    08/04/2004 02:56 AM 174,080 SET7EC.tmp
    08/04/2004 02:56 AM 69,632 SET7ED.tmp
    08/04/2004 02:56 AM 103,936 SET850.tmp
    08/04/2004 02:56 AM 245,248 SET72F.tmp
    08/04/2004 02:56 AM 395,776 SET233.tmp
    08/04/2004 02:56 AM 67,072 SET84C.tmp
    08/04/2004 02:56 AM 581,120 SET234.tmp
    08/04/2004 02:56 AM 431,616 SET235.tmp
    08/04/2004 02:56 AM 58,880 SET237.tmp
    08/04/2004 02:56 AM 1,236,480 SET72A.tmp
    08/04/2004 02:56 AM 66,560 SET728.tmp
    08/04/2004 02:56 AM 90,112 SET727.tmp
    08/04/2004 02:56 AM 245,248 SET2C4.tmp
    08/04/2004 02:56 AM 1,236,480 SET2BF.tmp
    08/04/2004 02:56 AM 66,560 SET2BD.tmp
    08/04/2004 02:56 AM 90,112 SET2BC.tmp
    08/04/2004 02:56 AM 90,624 SET2BB.tmp
    08/04/2004 02:56 AM 36,352 SET2B9.tmp
    08/04/2004 02:56 AM 17,920 SET2B8.tmp
    08/04/2004 02:56 AM 332,288 SET2B2.tmp
    08/04/2004 02:56 AM 43,520 SET844.tmp
    08/04/2004 02:56 AM 622,080 SET2B1.tmp
    08/04/2004 02:56 AM 118,784 SET843.tmp
    08/04/2004 02:56 AM 143,872 SET83E.tmp
    08/04/2004 02:56 AM 266,752 SET83C.tmp
    08/04/2004 02:56 AM 249,856 SET839.tmp
    08/04/2004 02:56 AM 16,384 SET838.tmp
    08/04/2004 02:56 AM 24,576 SET836.tmp
    08/04/2004 02:56 AM 407,040 SET2AE.tmp
    08/04/2004 02:56 AM 135,168 SET835.tmp
    08/04/2004 02:56 AM 106,496 SET830.tmp
    08/04/2004 02:56 AM 65,536 SET82F.tmp
    08/04/2004 02:56 AM 65,536 SET82E.tmp
    08/04/2004 02:56 AM 147,456 SET829.tmp
    08/04/2004 02:56 AM 120,832 SET822.tmp
    08/04/2004 02:56 AM 1,281,536 SET821.tmp
    08/04/2004 02:56 AM 15,360 SET80D.tmp
    08/04/2004 02:56 AM 17,408 SET808.tmp
    08/04/2004 02:56 AM 27,648 SET805.tmp
    08/04/2004 02:56 AM 140,288 SET67D.tmp
    08/04/2004 02:56 AM 5,120 SET67E.tmp
    08/04/2004 02:56 AM 6,656 SET682.tmp
    08/04/2004 02:56 AM 38,912 SET683.tmp
    08/04/2004 02:56 AM 55,808 SET687.tmp
    08/04/2004 02:56 AM 18,944 SET688.tmp
    08/04/2004 02:56 AM 190,976 SET68E.tmp
    08/04/2004 02:56 AM 313,856 SET68F.tmp
    08/04/2004 02:56 AM 180,224 SET690.tmp
    08/04/2004 02:56 AM 44,032 SET698.tmp
    08/04/2004 02:56 AM 198,144 SET2AD.tmp
    08/04/2004 02:56 AM 23,040 SET7FF.tmp
    08/04/2004 02:56 AM 395,776 SET69E.tmp
    08/04/2004 02:56 AM 581,120 SET69F.tmp
    08/04/2004 02:56 AM 431,616 SET6A0.tmp
    08/04/2004 02:56 AM 12,288 SET2AB.tmp
    08/04/2004 02:56 AM 58,880 SET6A2.tmp
    08/04/2004 02:56 AM 1,708,032 SET2A8.tmp
    08/04/2004 02:56 AM 80,896 SET2A6.tmp
    08/04/2004 02:56 AM 49,664 SET6A8.tmp
    08/04/2004 02:56 AM 245,760 SET2A5.tmp
    08/04/2004 02:56 AM 248,832 SET2A4.tmp
    08/04/2004 02:56 AM 103,936 SET2A3.tmp
    08/04/2004 02:56 AM 112,128 SET6B5.tmp
    08/04/2004 02:56 AM 67,072 SET29F.tmp
    08/04/2004 02:56 AM 206,336 SET6B7.tmp
    08/04/2004 02:56 AM 174,080 SET6B9.tmp
    08/04/2004 02:56 AM 69,632 SET6BA.tmp
    08/04/2004 02:56 AM 8,192 SET6BB.tmp
    08/04/2004 02:56 AM 1,435,648 SET6BD.tmp
    08/04/2004 02:56 AM 18,944 SET6C0.tmp
    08/04/2004 02:56 AM 34,304 SET6C7.tmp
    08/04/2004 02:56 AM 96,768 SET6C9.tmp
    08/04/2004 02:56 AM 23,040 SET6CA.tmp
    08/04/2004 02:56 AM 96,768 SET7FE.tmp
    08/04/2004 02:56 AM 27,648 SET6CD.tmp
    08/04/2004 02:56 AM 17,408 SET6CF.tmp
    08/04/2004 02:56 AM 43,520 SET299.tmp
    08/04/2004 02:56 AM 15,360 SET6D3.tmp
    08/04/2004 02:56 AM 118,784 SET298.tmp
    08/04/2004 02:56 AM 143,872 SET293.tmp
    08/04/2004 02:56 AM 266,752 SET291.tmp
    08/04/2004 02:56 AM 249,856 SET28E.tmp
    08/04/2004 02:56 AM 16,384 SET28D.tmp
    08/04/2004 02:56 AM 24,576 SET28B.tmp
    08/04/2004 02:56 AM 135,168 SET28A.tmp
    08/04/2004 02:56 AM 106,496 SET286.tmp
    08/04/2004 02:56 AM 65,536 SET285.tmp
    08/04/2004 02:56 AM 65,536 SET284.tmp
    08/04/2004 02:56 AM 34,304 SET7FC.tmp
    08/04/2004 02:56 AM 1,281,536 SET6E3.tmp
    08/04/2004 02:56 AM 147,456 SET6EA.tmp
    08/04/2004 02:56 AM 18,944 SET7F3.tmp
    08/04/2004 02:56 AM 1,435,648 SET7F0.tmp
    08/04/2004 02:56 AM 65,536 SET6EF.tmp
    08/04/2004 02:56 AM 65,536 SET6F0.tmp
    08/04/2004 02:56 AM 106,496 SET6F1.tmp
    08/04/2004 02:56 AM 8,192 SET7EE.tmp
    08/04/2004 02:56 AM 147,456 SET27F.tmp
    08/04/2004 02:56 AM 1,281,536 SET278.tmp
    08/04/2004 02:56 AM 135,168 SET6F5.tmp
    08/04/2004 02:56 AM 24,576 SET6F6.tmp
    08/04/2004 02:56 AM 83,456 SET276.tmp
    08/04/2004 02:56 AM 16,384 SET6F8.tmp
    08/04/2004 02:56 AM 249,856 SET6F9.tmp
    08/04/2004 02:56 AM 15,360 SET268.tmp
    08/04/2004 02:56 AM 17,408 SET264.tmp
    08/04/2004 02:56 AM 266,752 SET6FC.tmp
    08/04/2004 02:56 AM 27,648 SET262.tmp
    08/04/2004 02:56 AM 143,872 SET6FE.tmp
    08/04/2004 02:56 AM 23,040 SET25F.tmp
    08/04/2004 02:56 AM 96,768 SET25E.tmp
    08/04/2004 02:56 AM 118,784 SET703.tmp
    08/04/2004 02:56 AM 43,520 SET704.tmp
    08/04/2004 02:56 AM 34,304 SET25C.tmp
    08/04/2004 02:56 AM 18,944 SET255.tmp
    08/04/2004 02:56 AM 67,072 SET70A.tmp
    08/04/2004 02:56 AM 1,435,648 SET252.tmp
    08/04/2004 02:56 AM 103,936 SET70E.tmp
    08/04/2004 02:56 AM 248,832 SET70F.tmp
    08/04/2004 02:56 AM 245,760 SET710.tmp
    08/04/2004 02:56 AM 80,896 SET711.tmp
    08/04/2004 02:56 AM 1,708,032 SET713.tmp
    08/04/2004 02:56 AM 8,192 SET250.tmp
    08/04/2004 02:56 AM 12,288 SET716.tmp
    08/04/2004 02:56 AM 69,632 SET24F.tmp
    08/04/2004 02:56 AM 198,144 SET718.tmp
    08/04/2004 02:56 AM 407,040 SET719.tmp
    08/04/2004 02:56 AM 174,080 SET24E.tmp
    08/04/2004 02:56 AM 622,080 SET71C.tmp
    08/04/2004 02:56 AM 332,288 SET71D.tmp
    08/04/2004 02:56 AM 206,336 SET24C.tmp
    08/04/2004 02:56 AM 112,128 SET24A.tmp
    08/04/2004 02:56 AM 49,664 SET23D.tmp
    08/04/2004 02:56 AM 17,920 SET723.tmp
    08/04/2004 02:56 AM 36,352 SET724.tmp
    08/04/2004 02:56 AM 90,624 SET726.tmp
    08/04/2004 02:56 AM 140,288 SET7A5.tmp
    08/04/2004 02:56 AM 343,040 SET2CC.tmp
    08/04/2004 02:56 AM 413,696 SET2CD.tmp
    08/04/2004 02:56 AM 1,392,671 SET2CF.tmp
    08/04/2004 02:56 AM 115,712 SET2D3.tmp
    08/04/2004 02:56 AM 274,944 SET2D7.tmp
    08/04/2004 02:56 AM 30,208 SET2E3.tmp
    08/04/2004 02:56 AM 143,360 SET2E5.tmp
    08/04/2004 02:56 AM 44,032 SET2F1.tmp
    08/04/2004 02:56 AM 343,040 SET737.tmp
    08/04/2004 02:56 AM 159,232 SET2F2.tmp
    08/04/2004 02:56 AM 54,784 SET739.tmp
    08/04/2004 02:56 AM 1,392,671 SET73A.tmp
    08/04/2004 02:56 AM 4,608 SET2F4.tmp
    08/04/2004 02:56 AM 115,712 SET73E.tmp
    08/04/2004 02:56 AM 331,264 SET2F5.tmp
    08/04/2004 02:56 AM 6,656 SET2F8.tmp
    08/04/2004 02:56 AM 274,944 SET742.tmp
    08/04/2004 02:56 AM 2,804,224 SET2FA.tmp
    08/04/2004 02:56 AM 3,003,392 SET2FE.tmp
    08/04/2004 02:56 AM 994,304 SET302.tmp
    08/04/2004 02:56 AM 151,552 SET30E.tmp
    08/04/2004 02:56 AM 30,208 SET74E.tmp
    08/04/2004 02:56 AM 143,360 SET750.tmp
    08/04/2004 02:56 AM 120,832 SET886.tmp
    08/04/2004 02:56 AM 343,040 SET88A.tmp
    08/04/2004 02:56 AM 413,696 SET88B.tmp
    08/04/2004 02:56 AM 54,784 SET88C.tmp
    08/04/2004 02:56 AM 44,032 SET75C.tmp
    08/04/2004 02:56 AM 1,392,671 SET88D.tmp
    08/04/2004 02:56 AM 4,608 SET75F.tmp
    08/04/2004 02:56 AM 331,264 SET760.tmp
    08/04/2004 02:56 AM 413,696 SET738.tmp
    08/04/2004 02:56 AM 6,656 SET763.tmp
    08/04/2004 02:56 AM 2,804,224 SET765.tmp
    08/04/2004 02:56 AM 3,003,392 SET769.tmp
    08/04/2004 02:56 AM 994,304 SET76D.tmp
    08/04/2004 02:56 AM 115,712 SET892.tmp
    08/04/2004 02:56 AM 30,208 SET8AC.tmp
    08/04/2004 02:56 AM 143,360 SET8AE.tmp
    08/04/2004 02:56 AM 44,032 SET8C1.tmp
    08/04/2004 02:56 AM 159,232 SET8C2.tmp
    08/04/2004 02:56 AM 4,608 SET8C4.tmp
    08/04/2004 02:56 AM 331,264 SET8C6.tmp
    08/04/2004 02:56 AM 151,552 SET779.tmp
    08/04/2004 02:56 AM 6,656 SET8CA.tmp
    08/04/2004 02:56 AM 2,804,224 SET8CE.tmp
    08/04/2004 02:56 AM 448,512 SET8D0.tmp
    08/04/2004 02:56 AM 3,003,392 SET8D2.tmp
    08/04/2004 02:56 AM 994,304 SET8D6.tmp
    08/04/2004 02:56 AM 151,552 SET8E2.tmp
    08/04/2004 02:56 AM 120,832 SET2CA.tmp
    08/04/2004 02:56 AM 87,040 SET787.tmp
    08/04/2004 02:56 AM 59,904 SET788.tmp
    08/04/2004 02:56 AM 153,600 SET78E.tmp
    08/04/2004 02:56 AM 182,784 SET93A.tmp
    08/04/2004 02:56 AM 75,264 SET374.tmp
    08/04/2004 02:56 AM 450,560 SET92D.tmp
    08/04/2004 02:56 AM 24,576 SET403.tmp
    08/04/2004 02:56 AM 586,240 SET79A.tmp
    08/04/2004 02:56 AM 18,944 SET79C.tmp
    08/04/2004 02:56 AM 22,528 SET79D.tmp
    08/04/2004 02:56 AM 8,704 SET3FC.tmp
    08/04/2004 02:56 AM 1,028,096 SET79F.tmp
    08/04/2004 02:56 AM 266,240 SET3FA.tmp
    08/04/2004 02:56 AM 118,272 SET7A1.tmp
    08/04/2004 02:56 AM 148,480 SET3DC.tmp
    08/04/2004 02:56 AM 55,808 SET97F.tmp
    08/04/2004 02:56 AM 71,680 SET786.tmp
    08/04/2004 02:56 AM 57,344 SET781.tmp
    08/04/2004 02:56 AM 294,400 SET92A.tmp
    08/04/2004 02:56 AM 73,728 SET77F.tmp
    08/04/2004 02:56 AM 1,082,368 SET981.tmp
    08/04/2004 02:56 AM 36,864 SET77C.tmp
    08/04/2004 02:56 AM 11,264 SET38F.tmp
    08/04/2004 02:56 AM 18,944 SET7B3.tmp
    08/04/2004 02:56 AM 18,944 SET91C.tmp
    08/04/2004 02:56 AM 243,200 SET982.tmp
    08/04/2004 02:56 AM 344,064 SET395.tmp
    08/04/2004 02:56 AM 118,272 SET90A.tmp
    08/04/2004 02:56 AM 278,016 SET974.tmp
    08/04/2004 02:56 AM 294,400 SET7C1.tmp
    08/04/2004 02:56 AM 450,560 SET7C4.tmp
    08/04/2004 02:56 AM 1,028,096 SET908.tmp
    08/04/2004 02:56 AM 18,944 SET905.tmp
    08/04/2004 02:56 AM 586,240 SET903.tmp
    08/04/2004 02:56 AM 153,600 SET8F7.tmp
    08/04/2004 02:56 AM 23,040 SET983.tmp
    08/04/2004 02:56 AM 59,904 SET8F1.tmp
    08/04/2004 02:56 AM 182,784 SET7D1.tmp
    08/04/2004 02:56 AM 94,720 SET7D5.tmp
    08/04/2004 02:56 AM 45,568 SET3DB.tmp
    08/04/2004 02:56 AM 87,040 SET8F0.tmp
    08/04/2004 02:56 AM 75,264 SET7DF.tmp
    08/04/2004 02:56 AM 110,080 SET7E4.tmp
    08/04/2004 02:56 AM 71,680 SET8EF.tmp
    08/04/2004 02:56 AM 57,344 SET8EA.tmp
    08/04/2004 02:56 AM 94,720 SET36A.tmp
    08/04/2004 02:56 AM 75,264 SET948.tmp
    08/04/2004 02:56 AM 14,336 SET99B.tmp
    08/04/2004 02:56 AM 45,568 SET9AF.tmp
    08/04/2004 02:56 AM 36,864 SET8E5.tmp
    08/04/2004 02:56 AM 14,336 SET3C7.tmp
    08/04/2004 02:56 AM 11,264 SET7FA.tmp
    08/04/2004 02:56 AM 148,480 SET9B0.tmp
    08/04/2004 02:56 AM 266,240 SET9CE.tmp
    08/04/2004 02:56 AM 294,400 SET8E4.tmp
    08/04/2004 02:56 AM 344,064 SET800.tmp
    08/04/2004 02:56 AM 35,840 SET37A.tmp
    08/04/2004 02:56 AM 20,992 SET802.tmp
    08/04/2004 02:56 AM 8,704 SET9D0.tmp
    08/04/2004 02:56 AM 23,040 SET3AF.tmp
    08/04/2004 02:56 AM 110,080 SET94D.tmp
    08/04/2004 02:56 AM 278,016 SET80B.tmp
    08/04/2004 02:56 AM 11,264 SET963.tmp
    08/04/2004 02:56 AM 55,808 SET816.tmp
    08/04/2004 02:56 AM 1,082,368 SET818.tmp
    08/04/2004 02:56 AM 243,200 SET819.tmp
    08/04/2004 02:56 AM 23,040 SET81A.tmp
    08/04/2004 02:56 AM 344,064 SET969.tmp
    08/04/2004 02:56 AM 450,560 SET359.tmp
    08/04/2004 02:56 AM 294,400 SET356.tmp
    08/04/2004 02:56 AM 20,992 SET397.tmp
    08/04/2004 02:56 AM 20,992 SET96B.tmp
    08/04/2004 02:56 AM 110,080 SET379.tmp
    08/04/2004 02:56 AM 18,944 SET348.tmp
    08/04/2004 02:56 AM 118,272 SET336.tmp
    08/04/2004 02:56 AM 24,576 SET86E.tmp
    08/04/2004 02:56 AM 243,200 SET3AE.tmp
    08/04/2004 02:56 AM 14,336 SET832.tmp
    08/04/2004 02:56 AM 1,082,368 SET3AD.tmp
    08/04/2004 02:56 AM 1,028,096 SET334.tmp
    08/04/2004 02:56 AM 22,528 SET332.tmp
    08/04/2004 02:56 AM 55,808 SET3AB.tmp
    08/04/2004 02:56 AM 18,944 SET331.tmp
    08/04/2004 02:56 AM 8,704 SET867.tmp
    08/04/2004 02:56 AM 182,784 SET366.tmp
    08/04/2004 02:56 AM 586,240 SET32F.tmp
    08/04/2004 02:56 AM 266,240 SET865.tmp
    08/04/2004 02:56 AM 278,016 SET3A0.tmp
    08/04/2004 02:56 AM 45,568 SET846.tmp
    08/04/2004 02:56 AM 148,480 SET847.tmp
    08/04/2004 02:56 AM 640,000 SET9D5.tmp
    08/04/2004 02:56 AM 24,576 SET9D7.tmp
    08/04/2004 02:56 AM 153,600 SET323.tmp
    08/04/2004 02:56 AM 294,400 SET310.tmp
    08/04/2004 02:56 AM 36,864 SET311.tmp
    08/04/2004 02:56 AM 94,720 SET93E.tmp
    08/04/2004 02:56 AM 57,344 SET316.tmp
    08/04/2004 02:56 AM 71,680 SET31B.tmp
    08/04/2004 02:56 AM 87,040 SET31C.tmp
    08/04/2004 02:56 AM 59,904 SET31D.tmp
    08/04/2004 02:56 AM 326,656 SET9DF.tmp
    08/04/2004 02:56 AM 628,224 SET43E.tmp
    08/04/2004 02:56 AM 194,560 SET43B.tmp
    08/04/2004 02:56 AM 56,832 SETA1E.tmp
    08/04/2004 02:56 AM 501,248 SET433.tmp
    08/04/2004 02:56 AM 512,512 SET9E2.tmp
    08/04/2004 02:56 AM 28,672 SETA19.tmp
    08/04/2004 02:56 AM 57,856 SET42C.tmp
    08/04/2004 02:56 AM 42,496 SETA1F.tmp
    08/04/2004 02:56 AM 58,880 SETA23.tmp
    08/04/2004 02:56 AM 47,104 SET422.tmp
    08/04/2004 02:56 AM 62,464 SET421.tmp
    08/04/2004 02:56 AM 597,504 SET9E8.tmp
    08/04/2004 02:56 AM 326,656 SET876.tmp
    08/04/2004 02:56 AM 101,888 SET878.tmp
    08/04/2004 02:56 AM 512,512 SET879.tmp
    08/04/2004 02:56 AM 60,416 SET87A.tmp
    08/04/2004 02:56 AM 63,488 SET87B.tmp
    08/04/2004 02:56 AM 33,280 SET87D.tmp
    08/04/2004 02:56 AM 597,504 SET87F.tmp
    08/04/2004 02:56 AM 163,840 SET880.tmp
    08/04/2004 02:56 AM 126,976 SETA29.tmp
    08/04/2004 02:56 AM 1,251,840 SET884.tmp
    08/04/2004 02:56 AM 792,064 SET885.tmp
    08/04/2004 02:56 AM 47,104 SET9F2.tmp
    08/04/2004 02:56 AM 62,464 SET888.tmp
    08/04/2004 02:56 AM 47,104 SET889.tmp
    08/04/2004 02:56 AM 792,064 SET41D.tmp
    08/04/2004 02:56 AM 194,048 SET468.tmp
    08/04/2004 02:56 AM 101,888 SET466.tmp
    08/04/2004 02:56 AM 143,360 SET463.tmp
    08/04/2004 02:56 AM 57,856 SET891.tmp
    08/04/2004 02:56 AM 99,840 SET460.tmp
    08/04/2004 02:56 AM 501,248 SET898.tmp
    08/04/2004 02:56 AM 62,464 SET9F1.tmp
    08/04/2004 02:56 AM 792,064 SET9EE.tmp
    08/04/2004 02:56 AM 194,560 SET8A0.tmp
    08/04/2004 02:56 AM 628,224 SET8A3.tmp
    08/04/2004 02:56 AM 1,251,840 SET41C.tmp
    08/04/2004 02:56 AM 229,888 SET8A5.tmp
    08/04/2004 02:56 AM 84,480 SET8A7.tmp
    08/04/2004 02:56 AM 59,904 SET8A8.tmp
    08/04/2004 02:56 AM 1,016,832 SET8AA.tmp
    08/04/2004 02:56 AM 77,312 SET8AB.tmp
    08/04/2004 02:56 AM 126,976 SET45B.tmp
    08/04/2004 02:56 AM 58,880 SET455.tmp
    08/04/2004 02:56 AM 99,840 SETA2E.tmp
    08/04/2004 02:56 AM 28,672 SET8B0.tmp
    08/04/2004 02:56 AM 52,736 SET8B1.tmp
    08/04/2004 02:56 AM 56,832 SET8B5.tmp
    08/04/2004 02:56 AM 42,496 SET8B6.tmp
    08/04/2004 02:56 AM 1,251,840 SET9ED.tmp
    08/04/2004 02:56 AM 58,880 SET8BA.tmp
    08/04/2004 02:56 AM 126,976 SET8C0.tmp
    08/04/2004 02:56 AM 52,736 SETA1A.tmp
    08/04/2004 02:56 AM 42,496 SET451.tmp
    08/04/2004 02:56 AM 143,360 SETA31.tmp
    08/04/2004 02:56 AM 56,832 SET450.tmp
    08/04/2004 02:56 AM 99,840 SET8C5.tmp
    08/04/2004 02:56 AM 52,736 SET44C.tmp
    08/04/2004 02:56 AM 194,048 SETA36.tmp
    08/04/2004 02:56 AM 143,360 SET8C8.tmp
    08/04/2004 02:56 AM 28,672 SET44B.tmp
    08/04/2004 02:56 AM 101,888 SET8CB.tmp
    08/04/2004 02:56 AM 194,048 SET8CD.tmp
    08/04/2004 02:56 AM 84,992 SETA1B.tmp
    08/04/2004 02:56 AM 77,312 SET446.tmp
    08/04/2004 02:56 AM 163,840 SET9E9.tmp
    08/04/2004 02:56 AM 1,016,832 SET445.tmp
    08/04/2004 02:56 AM 59,904 SET443.tmp
    08/04/2004 02:56 AM 84,480 SET442.tmp
    08/04/2004 02:56 AM 77,312 SETA14.tmp
    08/04/2004 02:56 AM 63,488 SET9E4.tmp
    08/04/2004 02:56 AM 1,016,832 SETA13.tmp
    08/04/2004 02:56 AM 59,904 SETA11.tmp
    08/04/2004 02:56 AM 33,280 SET9E6.tmp
    08/04/2004 02:56 AM 60,416 SET9E3.tmp
    08/04/2004 02:56 AM 163,840 SET416.tmp
    08/04/2004 02:56 AM 597,504 SET415.tmp
    08/04/2004 02:56 AM 33,280 SET413.tmp
    08/04/2004 02:56 AM 57,856 SET9FA.tmp
    08/04/2004 02:56 AM 63,488 SET411.tmp
    08/04/2004 02:56 AM 60,416 SET410.tmp
    08/04/2004 02:56 AM 194,560 SETA09.tmp
    08/04/2004 02:56 AM 501,248 SETA01.tmp
    08/04/2004 02:56 AM 512,512 SET40F.tmp
    08/04/2004 02:56 AM 101,888 SET40E.tmp
    08/04/2004 02:56 AM 101,888 SETA34.tmp
    08/04/2004 02:56 AM 326,656 SET40C.tmp
    08/04/2004 02:56 AM 101,888 SET9E1.tmp
    08/04/2004 02:56 AM 229,888 SET440.tmp
    08/04/2004 02:56 AM 5,632 SET5EC.tmp
    08/04/2004 02:56 AM 5,632 SET181.tmp
    08/04/2004 02:56 AM 5,632 SET6CB.tmp
    08/04/2004 02:56 AM 549,376 SET7A3.tmp
    08/04/2004 02:56 AM 549,376 SET210.tmp
    08/04/2004 02:56 AM 549,376 SET67B.tmp
    08/04/2004 02:56 AM 12,288 SET280.tmp
    08/04/2004 02:56 AM 94,208 SET6EE.tmp
    08/04/2004 02:56 AM 94,208 SET283.tmp
    08/04/2004 02:56 AM 12,288 SET6EB.tmp
    08/04/2004 02:56 AM 12,288 SET82A.tmp
    08/04/2004 02:56 AM 94,208 SET82D.tmp
    08/04/2004 02:56 AM 20,480 SET751.tmp
    08/04/2004 02:56 AM 20,480 SET2E6.tmp
    08/04/2004 02:56 AM 48,128 SET8A4.tmp
    08/04/2004 02:56 AM 20,480 SET8AF.tmp
    08/04/2004 02:56 AM 48,128 SET74B.tmp
    08/04/2004 02:56 AM 48,128 SET2E0.tmp
    08/04/2004 02:56 AM 884,736 SET8C3.tmp
    08/04/2004 02:56 AM 884,736 SET2F3.tmp
    08/04/2004 02:56 AM 884,736 SET75E.tmp
    08/04/2004 02:56 AM 12,288 SET8E6.tmp
    08/04/2004 02:56 AM 12,288 SET312.tmp
    08/04/2004 02:56 AM 12,288 SET77D.tmp
    08/04/2004 02:56 AM 3,584 SET38C.tmp
    08/04/2004 02:56 AM 3,584 SET960.tmp
    08/04/2004 02:56 AM 3,584 SET7F7.tmp
    08/04/2004 02:56 AM 16,896 SET437.tmp
    08/04/2004 02:56 AM 16,896 SETA05.tmp
    08/04/2004 02:56 AM 16,896 SET89C.tmp
    08/04/2004 02:55 AM 63,488 SET447.tmp
    08/04/2004 02:55 AM 285,696 SET8B8.tmp
    08/04/2004 02:55 AM 285,696 SETA21.tmp
    08/04/2004 02:55 AM 285,696 SET453.tmp
    08/04/2004 12:31 AM 152,576 SET69D.tmp
    08/04/2004 12:31 AM 137,216 SET828.tmp
    08/04/2004 12:31 AM 152,576 SET7CB.tmp
    08/04/2004 12:31 AM 137,216 SET991.tmp
    08/04/2004 12:31 AM 152,576 SET232.tmp
    08/04/2004 12:31 AM 137,216 SET3BD.tmp
    08/04/2004 12:21 AM 90,112 SET65C.tmp
    08/04/2004 12:21 AM 90,112 SET1F1.tmp
    08/04/2004 12:21 AM 90,112 SET776.tmp
    08/04/2004 12:19 AM 1,351,168 SET8D1.tmp
    08/03/2004 11:56 PM 423,936 SET7B6.tmp
    07/07/2004 05:37 PM 2,803,712 SET404.tmp
    07/01/2004 05:08 PM 331,776 SET9B.tmp
    06/10/2004 02:51 PM 8,350,720 SETB5.tmp
    06/10/2004 02:51 PM 8,350,720 SET425.tmp
    06/10/2004 02:51 PM 8,350,720 SET1E.tmp
    06/08/2004 05:02 PM 306,688 SET14.tmp
    06/08/2004 05:02 PM 260,096 SET41E.tmp
    06/08/2004 05:02 PM 306,688 SET41B.tmp
    06/08/2004 05:02 PM 172,544 SET419.tmp
    06/08/2004 05:02 PM 260,096 SET17.tmp
    06/08/2004 05:02 PM 260,096 SETAA.tmp
    06/08/2004 05:02 PM 172,544 SETA7.tmp
    06/08/2004 05:02 PM 306,688 SETA8.tmp
    06/08/2004 05:02 PM 172,544 SET12.tmp
    04/16/2004 07:56 PM 676,864 SET427.tmp
    04/16/2004 07:56 PM 676,864 SET22.tmp
    04/16/2004 07:56 PM 676,864 SETB7.tmp
    04/08/2004 12:12 PM 406,528 SETB6.tmp
    08/29/2002 06:00 AM 2,577 CONFIG.TMP
    715 File(s) 222,518,574 bytes
    0 Dir(s) 17,884,299,264 bytes free

    ------------------ User Agent ----------------

    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{3D110ACA-32DB-48EE-8450-281FAD12E257}"=""


    ------------- Keys Under Notify -------------

    REGEDIT4

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"
     
  12. Roe727

    Roe727 Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    1,016
    Seill didn't fit... but this is all of that output--Notepad report....I'll run the others and send them along.
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001


    ------------- Locate.com Results -------------

    -------- Strings.exe Qoologic Results --------

    C:\WINDOWS\SYSTEM32\apopbz.dll: updates.qoologic.com
    C:\WINDOWS\SYSTEM32\pawaog.dll: updates.qoologic.com
    C:\WINDOWS\SYSTEM32\puwuog.dll: updates.qoologic.com
    C:\WINDOWS\SYSTEM32\puyuog.dll: updates.qoologic.com
    C:\WINDOWS\SYSTEM32\quzuwp.exe: updates.qoologic.com

    --------- Strings.exe Aspack Results ---------

    C:\WINDOWS\SYSTEM32\kaiary.exe: .aspack
    C:\WINDOWS\SYSTEM32\kuiury.exe: .aspack
    C:\WINDOWS\SYSTEM32\vuaubq.dat: .aspack
    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\ngugty.exe: .aspack

    -------------- HKLM Run Key ----------------
     
  13. Roe727

    Roe727 Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    1,016
    DLL Compare Log:
    * DLLCompare Log version(1.0.0.127)
    Files Found that Windows does not See or cannot Access
    *Not everything listed here means you are infected!
    ________________________________________________

    C:\WINDOWS\SYSTEM32\4qxntj.dll Thu Jan 27 2005 1:28:04a A..H. 106 0.10 K
    C:\WINDOWS\SYSTEM32\uekxg.dll Wed Feb 2 2005 1:27:22p ..SH. 475 0.46 K
    ________________________________________________

    1,314 items found: 1,314 files (2 H/S), 0 directories.
    Total of file sizes: 261,602,771 bytes 249.48 M

    Administrator Account = True

    --------------------End log---------------------


    AND ::
    vx2 Log:
    Log for VX2.BetterInternet File Finder (ALL)

    Files Found---

    Additional Files---

    Keys Under Notify---
    crypt32chain
    cryptnet
    cscdll
    ScCertProp
    Schedule
    sclgntfy
    SensLogn
    termsrv
    wlballoon


    Guardian Key--- is called:

    Guardian Key--- :

    User Agent String---
    {3D110ACA-32DB-48EE-8450-281FAD12E257}
     
  14. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    Please run a new Hijackthis log and post that so we can see where you stand now.
     
  15. Roe727

    Roe727 Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    1,016
    Ok...here is a new hijackThis file, keep in mind that this is an old version, but it is all that I can get to run right now.
    Logfile of HijackThis v1.98.2
    Scan saved at 7:13:12 AM, on 2/6/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\WINDOWS\System32\wfxsnt40.exe
    C:\WINDOWS\System32\nvdzzqrw.exe
    C:\WINDOWS\System32\EXPLORERZ.EXE
    C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
    C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
    C:\WINDOWS\System32\vmss\vmss.exe
    C:\documents and settings\susan zweig\local settings\temp\I4b.exe
    C:\documents and settings\susan zweig\local settings\temp\Tn.exe
    C:\WINDOWS\System32\winupdtl.exe
    C:\DOCUME~1\SUSANZ~1\LOCALS~1\Temp\ICD4.tmp\svcmm32.exe
    C:\WINDOWS\mmups.exe
    C:\Program Files\NaviSearch\bin\nls.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\jtnezabz.exe
    C:\Program Files\CSBB\CSv10P070.exe
    C:\documents and settings\susan zweig\local settings\temp\tlixFF.exe
    C:\Program Files\Gkusccw\Yaallcd.exe
    C:\WINDOWS\System32\kuiury.exe
    C:\Program Files\Bpt\bpt.exe
    C:\WINDOWS\System32\wys.exe
    C:\windows\system32\ueKxG.exe
    C:\windows\system32\4qXNTJ.exe
    C:\WINDOWS\newpop62.exe
    C:\WINDOWS\System32\ochv9i.exe
    C:\Program Files\AIM\aim.exe
    C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
    C:\WINDOWS\System32\nvueers.exe
    C:\WINDOWS\SYSTEM32\ueKxG.exe
    C:\WINDOWS\System32\??ool32.exe
    C:\Documents and Settings\Susan Zweig\Application Data\eetu.exe
    C:\WINDOWS\System32\prutnct.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\Program Files\AOL Companion\companion.exe
    C:\WINDOWS\System32\prutnct.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\Susan Zweig\Desktop\DllCompare.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    A:\VX2Finder.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\PROGRA~1\COMMON~1\tsa\ts2.exe
    C:\Program Files\BullsEye Network\bin\bargains.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=3
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmiracle.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=3
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O1 - Hosts: 69.20.16.183 ieautosearch
    O1 - Hosts: 69.20.16.183 ieautosearch
    O1 - Hosts: 69.20.16.183 ieautosearch
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
    O2 - BHO: Flash Enhancer - {7CD20E91-1F31-41da-8379-479EA31DF969} - c:\Program Files\XML\XML.dll
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
    O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
    O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Susan Zweig\Local Settings\Temp\gS2v.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
    O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
    O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [MS Decryption Software] C:\active.exe
    O4 - HKLM\..\Run: [aahhkmhebqj] C:\WINDOWS\System32\nvdzzqrw.exe
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Cxe0K.exe
    O4 - HKLM\..\Run: [Windows Explorer] EXPLORERZ.EXE
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
    O4 - HKLM\..\Run: [vmss] C:\WINDOWS\System32\vmss\vmss.exe
    O4 - HKLM\..\Run: [I4b] C:\documents and settings\susan zweig\local settings\temp\I4b.exe
    O4 - HKLM\..\Run: [Tn] C:\documents and settings\susan zweig\local settings\temp\Tn.exe
    O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe
    O4 - HKLM\..\Run: [USB controller] "C:\DOCUME~1\SUSANZ~1\LOCALS~1\Temp\ICD4.tmp\svcmm32.exe" /startup
    O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bptre.exe"
    O4 - HKLM\..\Run: [Xcpy1] "C:\Program Files\Common Files\Java\Xcpy1.exe"
    O4 - HKLM\..\Run: [mediamotor.exe] C:\WINDOWS\mmups.exe
    O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
    O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvvbe32.exe
    O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKLM\..\Run: [C:\WINDOWS\jtnezabz.exe] C:\WINDOWS\jtnezabz.exe
    O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
    O4 - HKLM\..\Run: [pmlduc] C:\WINDOWS\System32\pmlduc.exe
    O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
    O4 - HKLM\..\Run: [SStb.exe] SStb.exe
    O4 - HKLM\..\Run: [tlixFF] C:\documents and settings\susan zweig\local settings\temp\tlixFF.exe
    O4 - HKLM\..\Run: [DSgfKTf] C:\documents and settings\susan zweig\local settings\temp\DSgfKTf.exe
    O4 - HKLM\..\Run: [Okmwczw] C:\Program Files\Gkusccw\Yaallcd.exe
    O4 - HKLM\..\Run: [ssqb.exe] ssqb.exe
    O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\SUSANZ~1\LOCALS~1\Temp\27.exe\27.exe"
    O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
    O4 - HKLM\..\Run: [Spool] "C:\WINDOWS\System32\wys.exe" /startup
    O4 - HKLM\..\Run: [ueKxG.exe] c:\windows\system32\ueKxG.exe
    O4 - HKLM\..\Run: [4qXNTJ] C:\windows\system32\4qXNTJ.exe
    O4 - HKLM\..\Run: [popuppers] C:\WINDOWS\newpop62.exe
    O4 - HKLM\..\Run: [oF9U3ng] ochv9i.exe
    O4 - HKLM\..\Run: [second] C:\Documents and Settings\Susan Zweig\Desktop\l2mfix\second.bat
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
    O4 - HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
    O4 - HKCU\..\Run: [Zoq8RhMnV] nvueers.exe
    O4 - HKCU\..\Run: [Lbsefvo] C:\WINDOWS\System32\??ool32.exe
    O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Susan Zweig\Application Data\eetu.exe
    O4 - HKCU\..\Run: [prutnct] C:\WINDOWS\System32\prutnct.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\RunOnce: [Windows Explorer] EXPLORERZ.EXE
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE
    O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm244XXUS
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.popuppers.com
    O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-6.0.1.20/squelchies/squelchies-ob-assets.cab
    O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab
    O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
    O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://www.bargain-buddy.net/cashback/cab/installer_ICMEDIAX.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...56fa9d809633:a4835914695e3eeec245bc6f8b5fbb1c
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
    O16 - DPF: {2FD74BEC-AA17-49C0-A74E-3B20BE946496} - http://www.cursorzone.com/toolbar/files/czone_bundle_p2.cab
    O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywarelabs.com/DistID/2501031120/BundleOuter2501031120.EXE
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
    O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50043/QDow_AS2.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr_ext.cab
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/diamond.cab
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab
    O21 - SSODL: SARU - {FF5D8CC8-DE01-4964-89F1-648E43271415} - C:\WINDOWS\System32\mssaru.dll
    O21 - SSODL: WinTools - {ABEC834E-AD86-6496-9524-85347844E8DF} - C:\PROGRA~1\COMMON~1\ODBC.dll (file missing)Logfile of HijackThis v1.98.2
    Scan saved at 7:13:12 AM, on 2/6/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\WINDOWS\System32\wfxsnt40.exe
    C:\WINDOWS\System32\nvdzzqrw.exe
    C:\WINDOWS\System32\EXPLORERZ.EXE
    C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
    C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
    C:\WINDOWS\System32\vmss\vmss.exe
    C:\documents and settings\susan zweig\local settings\temp\I4b.exe
    C:\documents and settings\susan zweig\local settings\temp\Tn.exe
    C:\WINDOWS\System32\winupdtl.exe
    C:\DOCUME~1\SUSANZ~1\LOCALS~1\Temp\ICD4.tmp\svcmm32.exe
    C:\WINDOWS\mmups.exe
    C:\Program Files\NaviSearch\bin\nls.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\jtnezabz.exe
    C:\Program Files\CSBB\CSv10P070.exe
    C:\documents and settings\susan zweig\local settings\temp\tlixFF.exe
    C:\Program Files\Gkusccw\Yaallcd.exe
    C:\WINDOWS\System32\kuiury.exe
    C:\Program Files\Bpt\bpt.exe
    C:\WINDOWS\System32\wys.exe
    C:\windows\system32\ueKxG.exe
    C:\windows\system32\4qXNTJ.exe
    C:\WINDOWS\newpop62.exe
    C:\WINDOWS\System32\ochv9i.exe
    C:\Program Files\AIM\aim.exe
    C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
    C:\WINDOWS\System32\nvueers.exe
    C:\WINDOWS\SYSTEM32\ueKxG.exe
    C:\WINDOWS\System32\??ool32.exe
    C:\Documents and Settings\Susan Zweig\Application Data\eetu.exe
    C:\WINDOWS\System32\prutnct.exe
    C:\Program Files\America Online 9.0\aoltray.exe
    C:\Program Files\AOL Companion\companion.exe
    C:\WINDOWS\System32\prutnct.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\Susan Zweig\Desktop\DllCompare.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    A:\VX2Finder.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\PROGRA~1\COMMON~1\tsa\ts2.exe
    C:\Program Files\BullsEye Network\bin\bargains.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=3
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmiracle.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=3
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    O1 - Hosts: 69.20.16.183 ieautosearch
    O1 - Hosts: 69.20.16.183 ieautosearch
    O1 - Hosts: 69.20.16.183 ieautosearch
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
    O2 - BHO: Flash Enhancer - {7CD20E91-1F31-41da-8379-479EA31DF969} - c:\Program Files\XML\XML.dll
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
    O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
    O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - C:\Program Files\eSyndicate\esyn.dll
    O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Susan Zweig\Local Settings\Temp\gS2v.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
    O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
    O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [MS Decryption Software] C:\active.exe
    O4 - HKLM\..\Run: [aahhkmhebqj] C:\WINDOWS\System32\nvdzzqrw.exe
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Cxe0K.exe
    O4 - HKLM\..\Run: [Windows Explorer] EXPLORERZ.EXE
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
    O4 - HKLM\..\Run: [vmss] C:\WINDOWS\System32\vmss\vmss.exe
    O4 - HKLM\..\Run: [I4b] C:\documents and settings\susan zweig\local settings\temp\I4b.exe
    O4 - HKLM\..\Run: [Tn] C:\documents and settings\susan zweig\local settings\temp\Tn.exe
    O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe
    O4 - HKLM\..\Run: [USB controller] "C:\DOCUME~1\SUSANZ~1\LOCALS~1\Temp\ICD4.tmp\svcmm32.exe" /startup
    O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bptre.exe"
    O4 - HKLM\..\Run: [Xcpy1] "C:\Program Files\Common Files\Java\Xcpy1.exe"
    O4 - HKLM\..\Run: [mediamotor.exe] C:\WINDOWS\mmups.exe
    O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
    O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvvbe32.exe
    O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKLM\..\Run: [C:\WINDOWS\jtnezabz.exe] C:\WINDOWS\jtnezabz.exe
    O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
    O4 - HKLM\..\Run: [pmlduc] C:\WINDOWS\System32\pmlduc.exe
    O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
    O4 - HKLM\..\Run: [SStb.exe] SStb.exe
    O4 - HKLM\..\Run: [tlixFF] C:\documents and settings\susan zweig\local settings\temp\tlixFF.exe
    O4 - HKLM\..\Run: [DSgfKTf] C:\documents and settings\susan zweig\local settings\temp\DSgfKTf.exe
    O4 - HKLM\..\Run: [Okmwczw] C:\Program Files\Gkusccw\Yaallcd.exe
    O4 - HKLM\..\Run: [ssqb.exe] ssqb.exe
    O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\SUSANZ~1\LOCALS~1\Temp\27.exe\27.exe"
    O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
    O4 - HKLM\..\Run: [Spool] "C:\WINDOWS\System32\wys.exe" /startup
    O4 - HKLM\..\Run: [ueKxG.exe] c:\windows\system32\ueKxG.exe
    O4 - HKLM\..\Run: [4qXNTJ] C:\windows\system32\4qXNTJ.exe
    O4 - HKLM\..\Run: [popuppers] C:\WINDOWS\newpop62.exe
    O4 - HKLM\..\Run: [oF9U3ng] ochv9i.exe
    O4 - HKLM\..\Run: [second] C:\Documents and Settings\Susan Zweig\Desktop\l2mfix\second.bat
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
    O4 - HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
    O4 - HKCU\..\Run: [Zoq8RhMnV] nvueers.exe
    O4 - HKCU\..\Run: [Lbsefvo] C:\WINDOWS\System32\??ool32.exe
    O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Susan Zweig\Application Data\eetu.exe
    O4 - HKCU\..\Run: [prutnct] C:\WINDOWS\System32\prutnct.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\RunOnce: [Windows Explorer] EXPLORERZ.EXE
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE
    O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm244XXUS
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.popuppers.com
    O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-6.0.1.20/squelchies/squelchies-ob-assets.cab
    O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab
    O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
    O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://www.bargain-buddy.net/cashback/cab/installer_ICMEDIAX.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...56fa9d809633:a4835914695e3eeec245bc6f8b5fbb1c
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
    O16 - DPF: {2FD74BEC-AA17-49C0-A74E-3B20BE946496} - http://www.cursorzone.com/toolbar/files/czone_bundle_p2.cab
    O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywarelabs.com/DistID/2501031120/BundleOuter2501031120.EXE
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
    O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50043/QDow_AS2.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr_ext.cab
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/diamond.cab
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab
    O21 - SSODL: SARU - {FF5D8CC8-DE01-4964-89F1-648E43271415} - C:\WINDOWS\System32\mssaru.dll
    O21 - SSODL: WinTools - {ABEC834E-AD86-6496-9524-85347844E8DF} - C:\PROGRA~1\COMMON~1\ODBC.dll (file missing)
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/326954

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice