jhtcct

Please help me remove this....

18 posts in this topic

I ran spybot and it found click.giftload and it's really messed up my computer. Someone please help me to remove it.

Here is my dds file:

DDS (Ver_11-03-05.01) - NTFSx86

Run by Connie Tinnel at 19:57:22.86 on Thu 04/21/2011

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.1768 [GMT -5:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Connie Tinnel\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uSearch Page = hxxp://www.live.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

{555d4d79-4bd2-4094-a395-cfc534424a05}

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [Monitor] *DISABLED*"c:\program files\leapfrog\leapfrog connect\Monitor.exe"

mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236133604281

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\connie~1\applic~1\mozilla\firefox\profiles\xx110jbh.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - component: c:\documents and settings\connie tinnel\application data\mozilla\firefox\profiles\xx110jbh.default\extensions\{22119944-ed35-4ab1-910b-e619ea06a115}\components\rfproxy_31.dll

FF - component: c:\documents and settings\connie tinnel\application data\mozilla\firefox\profiles\xx110jbh.default\extensions\firefox@kidzui.com\platform\winnt_x86-msvc\components\WinKiosk.dll

FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\documents and settings\connie tinnel\application data\facebook\npfbplugin_1_0_1.dll

FF - plugin: c:\documents and settings\connie tinnel\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\connie tinnel\local settings\application data\yahoo!\browserplus\2.8.1\plugins\npybrowserplus_2.8.1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg8\Firefox

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: AVG Security Toolbar em:version=6.010.006.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg8\toolbar\firefox\avg@igeared

FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox

FF - Ext: KidZui: firefox@kidzui.com - %profile%\extensions\firefox@kidzui.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - %profile%\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-18 64288]

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-4 59240]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-16 11608]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-7 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-7 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-7 108552]

R1 RapportCerberus_25973;RapportCerberus_25973;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\25973\RapportCerberus_25973.sys [2011-4-17 57144]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-4 169320]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-12-28 98392]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-16 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-16 185089]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-7 297752]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-16 56816]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2010-4-30 38144]

R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2009-2-24 8960]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 2146496]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-4 767208]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-2-24 110080]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [2010-10-26 517448]

S3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [2010-4-30 238848]

S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2009-2-24 11264]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-2-26 18560]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15232]

S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2009-2-24 16640]

.

=============== Created Last 30 ================

.

2011-04-22 00:20:39 -------- d-----w- c:\docume~1\connie~1\applic~1\Malwarebytes

2011-04-22 00:20:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-22 00:20:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-04-22 00:20:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-22 00:20:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-21 05:12:16 -------- d-----w- c:\docume~1\connie~1\locals~1\applic~1\Trusteer

2011-04-21 01:31:17 -------- d-----w- c:\windows\system32\NtmsData

2011-04-18 02:04:15 -------- d-----w- c:\program files\Carbonite

2011-04-18 02:04:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Carbonite

2011-04-17 18:41:32 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-04-17 18:41:32 -------- d-----w- c:\windows\system32\wbem\Repository

.

==================== Find3M ====================

.

2011-04-20 05:23:07 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-03-01 16:32:02 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2011-02-17 11:44:16 389120 ----a-w- c:\windows\system32\html.iec

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

.

============= FINISH: 19:59:10.57 ===============

Here is my malwarebytes log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6416

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

4/21/2011 7:42:56 PM

mbam-log-2011-04-21 (19-42-56).txt

Scan type: Quick scan

Objects scanned: 179812

Time elapsed: 5 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Attach.zip

Share this post


Link to post
Share on other sites

Hi and welcome to Malwarebytes.

I notice that you are using more than one antivirus program (AVG, Antivir, and Lavasoft). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Share this post


Link to post
Share on other sites

Okay, the combofix.txt is:

ComboFix 11-04-21.02 - Connie Tinnel 04/21/2011 21:42:42.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2298 [GMT -5:00]

Running from: c:\documents and settings\Connie Tinnel\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Connie Tinnel\Application Data\.#

.

.

((((((((((((((((((((((((( Files Created from 2011-03-22 to 2011-04-22 )))))))))))))))))))))))))))))))

.

.

2011-04-21 15:06 . 2011-04-21 15:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-04-21 05:12 . 2011-04-21 05:12 -------- d-----w- c:\documents and settings\Connie Tinnel\Local Settings\Application Data\Trusteer

2011-04-21 01:31 . 2011-04-21 23:59 -------- d-----w- c:\windows\system32\NtmsData

2011-04-20 18:58 . 2011-04-20 18:58 -------- d-----w- c:\program files\ERUNT

2011-04-18 05:36 . 2011-04-18 05:36 -------- d-sh--w- c:\documents and settings\NetworkService\UserData

2011-04-18 02:04 . 2011-04-18 02:04 -------- d-----w- c:\program files\Carbonite

2011-04-18 02:04 . 2011-04-18 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Carbonite

2011-04-17 18:41 . 2011-04-17 18:41 -------- d-----w- c:\windows\system32\wbem\Repository

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-01 16:32 . 2011-03-01 16:32 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2011-02-17 11:44 . 2008-04-25 16:16 389120 ----a-w- c:\windows\system32\html.iec

2011-02-09 13:53 . 2008-04-25 16:16 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2008-04-25 16:16 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-02 07:58 . 2008-04-25 21:26 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2008-04-25 21:26 677888 ----a-w- c:\windows\system32\mstsc.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2011-03-04 01:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2011-03-04 01:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2011-03-04 01:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless G USB Adapter Client Utility.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G USB Adapter Client Utility.lnk

backup=c:\windows\pss\Belkin Wireless G USB Adapter Client Utility.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Connie Tinnel^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\documents and settings\Connie Tinnel\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8169Diag]

2008-02-26 22:15 909312 ----a-w- c:\program files\Realtek\Diagnostics Utility\8169Diag.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2008-08-18 22:19 57344 ----a-w- c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]

2009-03-19 17:57 615696 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

2009-05-21 16:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2008-03-11 18:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-12-11 03:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2008-10-24 15:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-10-29 02:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]

2010-11-19 19:38 193880 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2008-12-03 04:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2008-11-10 18:27 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/18/2009 1:29 AM 64288]

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [10/4/2010 12:43 AM 59240]

R1 RapportCerberus_25973;RapportCerberus_25973;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys [4/17/2011 2:57 PM 57144]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/4/2010 12:43 AM 169320]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [12/28/2010 2:25 AM 98392]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/16/2009 5:21 PM 108289]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [4/30/2010 5:51 PM 38144]

R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2/24/2009 6:10 PM 8960]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10/4/2010 12:43 AM 767208]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2/24/2009 8:00 PM 110080]

S3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [4/30/2010 5:51 PM 238848]

S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2/24/2009 6:10 PM 11264]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2/26/2008 8:33 PM 18560]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2/24/2009 6:10 PM 16640]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-21 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-07-18 20:31]

.

2011-04-21 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-07-18 20:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

FF - ProfilePath - c:\documents and settings\Connie Tinnel\Application Data\Mozilla\Firefox\Profiles\xx110jbh.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\Siber Systems\AI RoboForm\Firefox

FF - Ext: KidZui: firefox@kidzui.com - %profile%\extensions\firefox@kidzui.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - %profile%\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKLM-Run-Monitor - *DISABLED*c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-21 21:49

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(776)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'lsass.exe'(836)

c:\windows\system32\WININET.dll

.

Completion time: 2011-04-21 21:52:56

ComboFix-quarantined-files.txt 2011-04-22 02:52

.

Pre-Run: 100,155,117,568 bytes free

Post-Run: 100,596,666,368 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 5F9EEEF04F71B16A02F1138F4D558E73

The new dds file is:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Connie Tinnel at 21:56:30.25 on Thu 04/21/2011

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2128 [GMT -5:00]

.

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Connie Tinnel\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

{555d4d79-4bd2-4094-a395-cfc534424a05}

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236133604281

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\connie~1\applic~1\mozilla\firefox\profiles\xx110jbh.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - component: c:\documents and settings\connie tinnel\application data\mozilla\firefox\profiles\xx110jbh.default\extensions\{22119944-ed35-4ab1-910b-e619ea06a115}\components\rfproxy_31.dll

FF - component: c:\documents and settings\connie tinnel\application data\mozilla\firefox\profiles\xx110jbh.default\extensions\firefox@kidzui.com\platform\winnt_x86-msvc\components\WinKiosk.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox

FF - Ext: KidZui: firefox@kidzui.com - %profile%\extensions\firefox@kidzui.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - %profile%\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-18 64288]

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-4 59240]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-16 11608]

R1 RapportCerberus_25973;RapportCerberus_25973;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\25973\RapportCerberus_25973.sys [2011-4-17 57144]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-4 169320]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-12-28 98392]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-16 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-16 185089]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-16 56816]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2010-4-30 38144]

R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2009-2-24 8960]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-4 767208]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-2-24 110080]

S3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [2010-4-30 238848]

S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2009-2-24 11264]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-2-26 18560]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]

S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2009-2-24 16640]

.

=============== Created Last 30 ================

.

2011-04-22 02:40:52 -------- d-sha-r- C:\cmdcons

2011-04-22 02:37:15 98816 ----a-w- c:\windows\sed.exe

2011-04-22 02:37:15 89088 ----a-w- c:\windows\MBR.exe

2011-04-22 02:37:15 256512 ----a-w- c:\windows\PEV.exe

2011-04-22 02:37:15 161792 ----a-w- c:\windows\SWREG.exe

2011-04-22 02:03:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\avg8

2011-04-22 00:20:39 -------- d-----w- c:\docume~1\connie~1\applic~1\Malwarebytes

2011-04-22 00:20:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-22 00:20:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-04-22 00:20:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-22 00:20:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-21 05:12:16 -------- d-----w- c:\docume~1\connie~1\locals~1\applic~1\Trusteer

2011-04-21 01:31:17 -------- d-----w- c:\windows\system32\NtmsData

2011-04-18 02:04:15 -------- d-----w- c:\program files\Carbonite

2011-04-18 02:04:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Carbonite

2011-04-17 18:41:32 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-04-17 18:41:32 -------- d-----w- c:\windows\system32\wbem\Repository

.

==================== Find3M ====================

.

2011-03-01 16:32:02 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2011-02-17 11:44:16 389120 ----a-w- c:\windows\system32\html.iec

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

.

============= FINISH: 21:58:20.03 ===============

Share this post


Link to post
Share on other sites

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Share this post


Link to post
Share on other sites

My dh bought a new hard drive and we are currently using the new one. He is out of town this week but this weekend I'll have him reconnect the old hard drive and I'll do the procedures that you mentioned and post the logs. Thanks so much.

Share this post


Link to post
Share on other sites

Thank you for your help with this!!

Ok first is the log from ESET:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17096 (vista_gdr.110211-1830)

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=34edcf89b9628a44876ac3a9db22168a

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-04-30 08:21:11

# local_time=2011-04-30 03:21:11 (-0600, Central Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1797 16775125 100 100 0 78136263 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=123596

# found=0

# cleaned=0

# scan_time=4775

Next is the information from Security Check:

Results of screen317's Security Check version 0.99.10

Windows XP Service Pack 3

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Avira AntiVir Personal - Free Antivirus

ESET Online Scanner v3

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 20

Out of date Java installed!

Adobe Flash Player 10.2.152.32

Adobe Reader 9.1

Out of date Adobe Reader installed!

Mozilla Firefox (3.6.9) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````End of Log````````````

It still took me 3 times to restart without the blue screen. The first time I got it all the way up it would not open any thing ie. Mozilla, IE, etc. I tried to do a restart and nothing happened. Waited 5 minutes then powered off. The 4th time is when I was able to follow your suggestions.

Share this post


Link to post
Share on other sites

Hi,

What does the text of the blue screen say, exactly?

Share this post


Link to post
Share on other sites

Hi,

What does the text of the blue screen say, exactly?

Share this post


Link to post
Share on other sites

The normal Dr Watson blue screen, this is the "short" version. :)

A problem has be detected...

Check for Virus

Run CHKDSK /F

Technical info

Stop: 0x0000007B (0cBA4C7524, 0x00000034, 0x00000000, 0x00000000)

Is that what you need? I can write all of the screen out if needed.

Thanks

Share this post


Link to post
Share on other sites

Hi,

Click Start --> Run, enter cmd.exe, and press Enter

In the black box that appears, enter this command exactly as shown:

chkdsk>"%userprofile%\desktop\chkdsk.txt"

Press Enter.

When it finishes, open chkdsk.txt on your Desktop and post its contents here.

-screen317

Share this post


Link to post
Share on other sites

Hi,

Click Start --> Run, enter cmd.exe, and press Enter

In the black box that appears, enter this command exactly as shown:

chkdsk>"%userprofile%\desktop\chkdsk.txt"

Press Enter.

When it finishes, open chkdsk.txt on your Desktop and post its contents here.

-screen317

Share this post


Link to post
Share on other sites

Chris,

Here is the Text file:

The type of the file system is NTFS.

Volume label is OS.

WARNING! F parameter not specified.

Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...

0 percent completed.

1 percent completed.

2 percent completed.

3 percent completed.

4 percent completed.

5 percent completed.

6 percent completed.

7 percent completed.

8 percent completed.

9 percent completed.

10 percent completed.

11 percent completed.

12 percent completed.

13 percent completed.

14 percent completed.

15 percent completed.

16 percent completed.

17 percent completed.

18 percent completed.

19 percent completed.

20 percent completed.

21 percent completed.

22 percent completed.

23 percent completed.

24 percent completed.

25 percent completed.

26 percent completed.

27 percent completed.

28 percent completed.

29 percent completed.

30 percent completed.

31 percent completed.

32 percent completed.

33 percent completed.

34 percent completed.

35 percent completed.

36 percent completed.

37 percent completed.

38 percent completed.

39 percent completed.

40 percent completed.

41 percent completed.

42 percent completed.

43 percent completed.

44 percent completed.

45 percent completed.

46 percent completed.

47 percent completed.

48 percent completed.

49 percent completed.

50 percent completed.

51 percent completed.

52 percent completed.

53 percent completed.

54 percent completed.

55 percent completed.

56 percent completed.

57 percent completed.

58 percent completed.

59 percent completed.

60 percent completed.

61 percent completed.

62 percent completed.

63 percent completed.

64 percent completed.

65 percent completed.

66 percent completed.

67 percent completed.

68 percent completed.

69 percent completed.

70 percent completed.

71 percent completed.

72 percent completed.

73 percent completed.

74 percent completed.

75 percent completed.

76 percent completed.

77 percent completed.

78 percent completed.

79 percent completed.

80 percent completed.

81 percent completed.

82 percent completed.

83 percent completed.

84 percent completed.

85 percent completed.

86 percent completed.

87 percent completed.

88 percent completed.

89 percent completed.

90 percent completed.

91 percent completed.

92 percent completed.

93 percent completed.

94 percent completed.

95 percent completed.

96 percent completed.

97 percent completed.

98 percent completed.

99 percent completed.

100 percent completed.

File verification completed.

CHKDSK is verifying indexes (stage 2 of 3)...

0 percent completed.

1 percent completed.

2 percent completed.

3 percent completed.

4 percent completed.

5 percent completed.

6 percent completed.

7 percent completed.

8 percent completed.

9 percent completed.

10 percent completed.

11 percent completed.

12 percent completed.

13 percent completed.

14 percent completed.

15 percent completed.

16 percent completed.

17 percent completed.

18 percent completed.

19 percent completed.

20 percent completed.

21 percent completed.

22 percent completed.

23 percent completed.

24 percent completed.

25 percent completed.

26 percent completed.

27 percent completed.

28 percent completed.

29 percent completed.

30 percent completed.

31 percent completed.

32 percent completed.

33 percent completed.

34 percent completed.

35 percent completed.

36 percent completed.

37 percent completed.

38 percent completed.

39 percent completed.

40 percent completed.

41 percent completed.

42 percent completed.

43 percent completed.

44 percent completed.

45 percent completed.

46 percent completed.

47 percent completed.

48 percent completed.

49 percent completed.

50 percent completed.

51 percent completed.

52 percent completed.

53 percent completed.

54 percent completed.

55 percent completed.

56 percent completed.

Deleting index entry SY3DBE~1.TXT in index $I30 of file 233.

Deleting index entry SY4919~1.TXT in index $I30 of file 233.

Deleting index entry SY5289~1.TXT in index $I30 of file 233.

Deleting index entry SY58AE~1.TXT in index $I30 of file 233.

Deleting index entry SY6238~1.TXT in index $I30 of file 233.

Deleting index entry SY91B5~1.TXT in index $I30 of file 233.

Deleting index entry SY932D~1.TXT in index $I30 of file 233.

Deleting index entry SYBAEF~1.TXT in index $I30 of file 233.

Deleting index entry SYDFA4~1.TXT in index $I30 of file 233.

Deleting index entry SYF195~1.TXT in index $I30 of file 233.

Deleting index entry SYF4DE~1.TXT in index $I30 of file 233.

Deleting index entry system@ad.yieldmanager[1].txt in index $I30 of file 233.

Deleting index entry system@adblade[1].txt in index $I30 of file 233.

Deleting index entry system@al0toffamouse-links[2].txt in index $I30 of file 233.

Deleting index entry system@blinkx[2].txt in index $I30 of file 233.

Deleting index entry system@businessfind[1].txt in index $I30 of file 233.

Deleting index entry system@contextweb[1].txt in index $I30 of file 233.

Deleting index entry system@interclick[2].txt in index $I30 of file 233.

Deleting index entry system@invitemedia[2].txt in index $I30 of file 233.

Deleting index entry system@pixel.rubiconproject[2].txt in index $I30 of file 233.

Deleting index entry system@rubiconproject[2].txt in index $I30 of file 233.

Deleting index entry system@scorecardresearch[2].txt in index $I30 of file 233.

57 percent completed.

58 percent completed.

59 percent completed.

60 percent completed.

61 percent completed.

62 percent completed.

63 percent completed.

64 percent completed.

65 percent completed.

66 percent completed.

67 percent completed.

68 percent completed.

69 percent completed.

70 percent completed.

71 percent completed.

72 percent completed.

73 percent completed.

74 percent completed.

75 percent completed.

76 percent completed.

77 percent completed.

78 percent completed.

79 percent completed.

80 percent completed.

Deleting index entry blinkxPlayerSkin1.sol in index $I30 of file 79425.

Deleting index entry BLINKX~1.SOL in index $I30 of file 79425.

Deleting index entry 07.2[1].gif in index $I30 of file 79527.

Deleting index entry 072_1_~1.GIF in index $I30 of file 79527.

Deleting index entry 11201[1].jpg in index $I30 of file 79527.

Deleting index entry 11201_~1.JPG in index $I30 of file 79527.

Deleting index entry 1x1_Image[1].gif in index $I30 of file 79527.

Deleting index entry 1X1_IM~1.GIF in index $I30 of file 79527.

Deleting index entry 26271-15[3].js in index $I30 of file 79527.

Deleting index entry 28e5489a6f7966d376209edd2e82a806c2abede1[1].jpg in index $I30 of file 79527.

Deleting index entry 28E548~1.JPG in index $I30 of file 79527.

Deleting index entry 43.2[1].gif in index $I30 of file 79527.

Deleting index entry 432_1_~1.GIF in index $I30 of file 79527.

Deleting index entry 5632361128_d775d24bdb_s[1].jpg in index $I30 of file 79527.

Deleting index entry 563236~1.JPG in index $I30 of file 79527.

Deleting index entry ArrowRight4[1].png in index $I30 of file 79527.

Deleting index entry ARROWR~1.PNG in index $I30 of file 79527.

Deleting index entry bh[1].gif in index $I30 of file 79527.

Deleting index entry BH_1_~1.GIF in index $I30 of file 79527.

Deleting index entry bootstrap[1].js in index $I30 of file 79527.

Deleting index entry BOOTST~1.JS in index $I30 of file 79527.

Deleting index entry bt-go[1].gif in index $I30 of file 79527.

Deleting index entry BT-GO_~1.GIF in index $I30 of file 79527.

Deleting index entry btg=cm.ent_m;btg=cm.rl_gen;btg=cm.fam_l;btg=cm.music_m;btg=ti.aal;btg=dx.16;btg=mm.ab5;btg=mm.ae5;btg=mm.af1;btg=mm.am1;btg=mm.at5;btg=mm.da2;btg=ex[1].xml in index $I30 of file 79527.

Deleting index entry BTG_CM~2.XML in index $I30 of file 79527.

Deleting index entry caption[1].js in index $I30 of file 79527.

Deleting index entry CAPTIO~1.JS in index $I30 of file 79527.

Deleting index entry checkBrowser[1].htm in index $I30 of file 79527.

Deleting index entry CHECKB~1.HTM in index $I30 of file 79527.

Deleting index entry crossdomain[2].xml in index $I30 of file 79527.

Deleting index entry CROSSD~2.XML in index $I30 of file 79527.

Deleting index entry data_sync[1].htm in index $I30 of file 79527.

Deleting index entry DATA_S~1.HTM in index $I30 of file 79527.

Deleting index entry e;playlistsafe=true;rand=76839;sessionstart=landingpage;safefilter=off;playlistpos=3;page=category;playlisteverythree=false;playtimes=0;prero;~cs=o[1].gif in index $I30 of file 79527.

Deleting index entry effects[1].js in index $I30 of file 79527.

Deleting index entry EFFECT~1.JS in index $I30 of file 79527.

Deleting index entry eO-e82WSkz5-ZInR1NU4ixKESoaGXTAnI7x4DHQhXE0qJtPf2HAqWsx_uvSYYM1DuH3EHU7fd-ERy3WGelc7CA[1].htm in index $I30 of file 79527.

Deleting index entry EO-E82~1.HTM in index $I30 of file 79527.

Deleting index entry E_PLAY~1.GIF in index $I30 of file 79527.

Deleting index entry fw-nonplayer-banner[2].htm in index $I30 of file 79527.

Deleting index entry FW-NON~2.HTM in index $I30 of file 79527.

Deleting index entry headerSearchBackground[1].gif in index $I30 of file 79527.

Deleting index entry HEADER~1.GIF in index $I30 of file 79527.

Deleting index entry homebody-bg[1].gif in index $I30 of file 79527.

Deleting index entry HOMEBO~1.GIF in index $I30 of file 79527.

Deleting index entry index10[1].htm in index $I30 of file 79527.

Deleting index entry INDEX1~1.HTM in index $I30 of file 79527.

Deleting index entry like[1].htm in index $I30 of file 79527.

Deleting index entry LIKE_1~1.HTM in index $I30 of file 79527.

Deleting index entry loader[2].swf in index $I30 of file 79527.

Deleting index entry LOADER~2.SWF in index $I30 of file 79527.

Deleting index entry obert_02[1].jpg in index $I30 of file 79527.

Deleting index entry OBERT_~1.JPG in index $I30 of file 79527.

Deleting index entry prodimg[1] in index $I30 of file 79527.

Deleting index entry PRODIM~1 in index $I30 of file 79527.

Deleting index entry QuickSearch[1].js in index $I30 of file 79527.

Deleting index entry QUICKS~1.JS in index $I30 of file 79527.

Deleting index entry tap[7].gif in index $I30 of file 79527.

Deleting index entry TAP_7_~1.GIF in index $I30 of file 79527.

Deleting index entry winner4[1].jpg in index $I30 of file 79527.

Deleting index entry WINNER~1.JPG in index $I30 of file 79527.

Deleting index entry younghollywood_logo_255[1].png in index $I30 of file 79527.

Deleting index entry YOUNGH~1.PNG in index $I30 of file 79527.

Deleting index entry 12080[1].jpg in index $I30 of file 79562.

Deleting index entry 12080_~1.JPG in index $I30 of file 79562.

Deleting index entry 1794343947_dpmp4hi_0[1].mp4 in index $I30 of file 79562.

Deleting index entry 179434~1.MP4 in index $I30 of file 79562.

Deleting index entry 2090[1].jpg in index $I30 of file 79562.

Deleting index entry 2090_1~1.JPG in index $I30 of file 79562.

Deleting index entry 26271-2[2].js in index $I30 of file 79562.

Deleting index entry 26582A~1.JS in index $I30 of file 79562.

Deleting index entry 3472[1].jpg in index $I30 of file 79562.

Deleting index entry 3472_1~1.JPG in index $I30 of file 79562.

Deleting index entry 5683703313_4beb99bff5_s[1].jpg in index $I30 of file 79562.

Deleting index entry 568370~1.JPG in index $I30 of file 79562.

Deleting index entry 8149[1].jpg in index $I30 of file 79562.

Deleting index entry 8149_1~1.JPG in index $I30 of file 79562.

Deleting index entry adhoc[3].xml in index $I30 of file 79562.

Deleting index entry ADHOC_~3.XML in index $I30 of file 79562.

Deleting index entry banner300x250[1].htm in index $I30 of file 79562.

Deleting index entry BANNER~1.HTM in index $I30 of file 79562.

Deleting index entry bh[1].gif in index $I30 of file 79562.

Deleting index entry BH_1_~1.GIF in index $I30 of file 79562.

Deleting index entry common[1].js in index $I30 of file 79562.

Deleting index entry COMMON~1.JS in index $I30 of file 79562.

Deleting index entry CRC2D2~1.XML in index $I30 of file 79562.

Deleting index entry crossdomain[8].xml in index $I30 of file 79562.

Deleting index entry dc58d310f54412e2430c3748abdd391f306014ac[1].jpg in index $I30 of file 79562.

Deleting index entry DC58D3~1.JPG in index $I30 of file 79562.

Deleting index entry demos[1].css in index $I30 of file 79562.

Deleting index entry DEMOS_~1.CSS in index $I30 of file 79562.

Deleting index entry footer[1].jpg in index $I30 of file 79562.

Deleting index entry FOOTER~1.JPG in index $I30 of file 79562.

Deleting index entry fw-nonplayer-banner[1].htm in index $I30 of file 79562.

Deleting index entry fw-nonplayer-banner[2].htm in index $I30 of file 79562.

Deleting index entry FW-NON~1.HTM in index $I30 of file 79562.

Deleting index entry FW-NON~2.HTM in index $I30 of file 79562.

Deleting index entry geoip[1].htm in index $I30 of file 79562.

Deleting index entry GEOIP_~1.HTM in index $I30 of file 79562.

Deleting index entry getconfig[1].xml in index $I30 of file 79562.

Deleting index entry GETCON~1.XML in index $I30 of file 79562.

Deleting index entry iframe[1].htm in index $I30 of file 79562.

Deleting index entry IFRAME~2.HTM in index $I30 of file 79562.

Deleting index entry makeTemplate[1].htm in index $I30 of file 79562.

Deleting index entry MAKETE~1.HTM in index $I30 of file 79562.

Deleting index entry ortsbo_stylesheet[1].css in index $I30 of file 79562.

Deleting index entry ORTSBO~1.CSS in index $I30 of file 79562.

Deleting index entry proxy[1].htm in index $I30 of file 79562.

Deleting index entry PROXY_~1.HTM in index $I30 of file 79562.

Deleting index entry results[1].htm in index $I30 of file 79562.

Deleting index entry RESULT~1.HTM in index $I30 of file 79562.

Deleting index entry sidebar_adbox_outline[1].jpg in index $I30 of file 79562.

Deleting index entry SIDEBA~1.JPG in index $I30 of file 79562.

Deleting index entry S_dxvIdYJ4E[1].css in index $I30 of file 79562.

Deleting index entry S_DXVI~1.CSS in index $I30 of file 79562.

Deleting index entry tap[7].gif in index $I30 of file 79562.

Deleting index entry TAP_7_~1.GIF in index $I30 of file 79562.

Deleting index entry winner2[1].jpg in index $I30 of file 79562.

Deleting index entry winner3[1].jpg in index $I30 of file 79562.

Deleting index entry WINNER~1.JPG in index $I30 of file 79562.

Deleting index entry WINNER~2.JPG in index $I30 of file 79562.

Deleting index entry 1773[1].jpg in index $I30 of file 79579.

Deleting index entry 1773_1~1.JPG in index $I30 of file 79579.

Deleting index entry 1794343943_dpmp4lo_0[1].mp4 in index $I30 of file 79579.

Deleting index entry 179434~1.MP4 in index $I30 of file 79579.

Deleting index entry 26271-15[3].js in index $I30 of file 79579.

Deleting index entry 26271-~4.JS in index $I30 of file 79579.

Deleting index entry 29163[1].jpg in index $I30 of file 79579.

Deleting index entry 29163_~1.JPG in index $I30 of file 79579.

Deleting index entry 4458[1].jpg in index $I30 of file 79579.

Deleting index entry 4458_1~1.JPG in index $I30 of file 79579.

Deleting index entry 4989[1].jpg in index $I30 of file 79579.

Deleting index entry 4989_1~1.JPG in index $I30 of file 79579.

Deleting index entry 59.1[1].gif in index $I30 of file 79579.

Deleting index entry 591_1_~1.GIF in index $I30 of file 79579.

Deleting index entry 662[1].jpg in index $I30 of file 79579.

Deleting index entry 662_1_~1.JPG in index $I30 of file 79579.

Deleting index entry adhoc[2].xml in index $I30 of file 79579.

Deleting index entry adhoc[3].xml in index $I30 of file 79579.

Deleting index entry ADHOC_~2.XML in index $I30 of file 79579.

Deleting index entry ADHOC_~3.XML in index $I30 of file 79579.

Deleting index entry ads[1] in index $I30 of file 79579.

Deleting index entry ADS_1_~1 in index $I30 of file 79579.

Deleting index entry arrow[2].gif in index $I30 of file 79579.

Deleting index entry ARROW_~1.GIF in index $I30 of file 79579.

Deleting index entry b6b07589d76c009b1371fbf5d33c8bca2ff4b0dd[3].jpg in index $I30 of file 79579.

Deleting index entry B6B075~3.JPG in index $I30 of file 79579.

Deleting index entry bpix[1].gif in index $I30 of file 79579.

Deleting index entry BPIX_1~1.GIF in index $I30 of file 79579.

Deleting index entry controls[1].js in index $I30 of file 79579.

Deleting index entry CONTRO~1.JS in index $I30 of file 79579.

Deleting index entry crossdomain[1].xml in index $I30 of file 79579.

Deleting index entry CROSSD~1.XML in index $I30 of file 79579.

Deleting index entry en_US[1] in index $I30 of file 79579.

Deleting index entry EN_US_~1 in index $I30 of file 79579.

Deleting index entry footer_bg_v1[1].jpg in index $I30 of file 79579.

Deleting index entry FOOTER~1.JPG in index $I30 of file 79579.

Deleting index entry fw-nonplayer-banner[3].htm in index $I30 of file 79579.

Deleting index entry FW-NON~3.HTM in index $I30 of file 79579.

Deleting index entry gamesweaseltv_mevio_com[1].htm in index $I30 of file 79579.

Deleting index entry GAMESW~1.HTM in index $I30 of file 79579.

Deleting index entry header[2].jpg in index $I30 of file 79579.

Deleting index entry HEADER~2.JPG in index $I30 of file 79579.

Deleting index entry jquery.theme[1].css in index $I30 of file 79579.

Deleting index entry jquery.thickbox[1].css in index $I30 of file 79579.

Deleting index entry JQUERY~1.CSS in index $I30 of file 79579.

Deleting index entry JQUERY~2.CSS in index $I30 of file 79579.

Deleting index entry jump1[1].htm in index $I30 of file 79579.

Deleting index entry JUMP1_~1.HTM in index $I30 of file 79579.

Deleting index entry launch_silverlight[1].jpg in index $I30 of file 79579.

Deleting index entry LAUNCH~1.JPG in index $I30 of file 79579.

Deleting index entry NE2DE1~1 in index $I30 of file 79579.

Deleting index entry news;adlocation=site_above_results;dcopt=ist;campaign=;page=category;kw=blinkx;pid=10;sz=300x250;;source=site;t=;tile=3;ord=5221602326355828[1] in index $I30 of file 79579.

Deleting index entry news;adlocation=site_above_results;dcopt=ist;campaign=;page=category;kw=blinkx;pid=10;sz=300x250;;source=site;t=;tile=3;ord=6824623235882074[1] in index $I30 of file 79579.

Deleting index entry news;adlocation=site_below_header;dcopt=ist;campaign=;page=category;kw=blinkx;pid=10;sz=728x90,728x91;;source=site;t=;tile=1;ord=6824623235882074[1] in index $I30 of file 79579.

Deleting index entry NEWS_A~3 in index $I30 of file 79579.

Deleting index entry NEWS_A~4 in index $I30 of file 79579.

Deleting index entry prodimg[1] in index $I30 of file 79579.

Deleting index entry PRODIM~1 in index $I30 of file 79579.

Deleting index entry rateBtn[1].jpg in index $I30 of file 79579.

Deleting index entry RATEBT~1.JPG in index $I30 of file 79579.

Deleting index entry soc02[2].png in index $I30 of file 79579.

Deleting index entry SOC02_~2.PNG in index $I30 of file 79579.

Deleting index entry statsnew[1].xml in index $I30 of file 79579.

Deleting index entry STATSN~1.XML in index $I30 of file 79579.

Deleting index entry tbredir[1].htm in index $I30 of file 79579.

Deleting index entry TBREDI~1.HTM in index $I30 of file 79579.

Deleting index entry transparent[1].gif in index $I30 of file 79579.

Deleting index entry TRANSP~1.GIF in index $I30 of file 79579.

Deleting index entry ui.core[1].css in index $I30 of file 79579.

Deleting index entry UICORE~1.CSS in index $I30 of file 79579.

Deleting index entry 0d255467a252a80c4e44f87bf228b2b2cad29ad9[1].jpg in index $I30 of file 79642.

Deleting index entry 0D2554~1.JPG in index $I30 of file 79642.

Deleting index entry 12619[1].jpg in index $I30 of file 79642.

Deleting index entry 12619_~1.JPG in index $I30 of file 79642.

81 percent completed.

Deleting index entry 26271-15[2].js in index $I30 of file 79642.

Deleting index entry 26271-~3.JS in index $I30 of file 79642.

Deleting index entry adhoc[1].xml in index $I30 of file 79642.

Deleting index entry ADHOC_~1.XML in index $I30 of file 79642.

Deleting index entry ads[1] in index $I30 of file 79642.

Deleting index entry ADS_1_~1 in index $I30 of file 79642.

Deleting index entry checkBrowser[1].htm in index $I30 of file 79642.

Deleting index entry CHECKB~1.HTM in index $I30 of file 79642.

Deleting index entry convpixel[1].jpg in index $I30 of file 79642.

Deleting index entry CONVPI~1.JPG in index $I30 of file 79642.

Deleting index entry eba76b89c2f2775d6f84bc382cb194af7e4e8fbc[2].jpg in index $I30 of file 79642.

Deleting index entry EBA76B~2.JPG in index $I30 of file 79642.

Deleting index entry fw-nonplayer-banner[1].htm in index $I30 of file 79642.

Deleting index entry FW-NON~1.HTM in index $I30 of file 79642.

Deleting index entry getconfig[1].xml in index $I30 of file 79642.

Deleting index entry GETCON~1.XML in index $I30 of file 79642.

Deleting index entry home2[1].css in index $I30 of file 79642.

Deleting index entry home2[1].jsz in index $I30 of file 79642.

Deleting index entry HOME2_~1.CSS in index $I30 of file 79642.

Deleting index entry HOME2_~1.JSZ in index $I30 of file 79642.

Deleting index entry home[1].css in index $I30 of file 79642.

Deleting index entry HOME_1~1.CSS in index $I30 of file 79642.

Deleting index entry index_123_box[1].jpg in index $I30 of file 79642.

Deleting index entry INDEX_~1.JPG in index $I30 of file 79642.

Deleting index entry johnny-knoxville[1].htm in index $I30 of file 79642.

Deleting index entry JOHNNY~1.HTM in index $I30 of file 79642.

Deleting index entry makeTemplate[1].htm in index $I30 of file 79642.

Deleting index entry MAKETE~1.HTM in index $I30 of file 79642.

Deleting index entry MC_vast2[1].swf in index $I30 of file 79642.

Deleting index entry MC_VAS~1.SWF in index $I30 of file 79642.

Deleting index entry musicplayer[1].js in index $I30 of file 79642.

Deleting index entry MUSICP~1.JS in index $I30 of file 79642.

Deleting index entry news;adlocation=site_below_player;dcopt=ist;campaign=;page=category;kw=blinkx;pid=10;sz=468x62,300x251;;source=site;t=;tile=2;ord=4438648591851742[1] in index $I30 of file 79642.

Deleting index entry news;adlocation=site_below_player;dcopt=ist;campaign=;page=category;kw=blinkx;pid=10;sz=468x62,300x251;;source=site;t=;tile=2;ord=5221602326355828[1] in index $I30 of file 79642.

Deleting index entry news;adlocation=site_below_player;dcopt=ist;campaign=;page=category;kw=blinkx;pid=10;sz=468x62,300x251;;source=site;t=;tile=2;ord=6824623235882074[1] in index $I30 of file 79642.

Deleting index entry NEWS_A~1 in index $I30 of file 79642.

Deleting index entry NEWS_A~2 in index $I30 of file 79642.

Deleting index entry NEWS_A~3 in index $I30 of file 79642.

Deleting index entry PROG_BIZ_GainTheBusiness_CTA2_300x250[1].gif in index $I30 of file 79642.

Deleting index entry PROG_B~1.GIF in index $I30 of file 79642.

Deleting index entry RE098B~1.HTM in index $I30 of file 79642.

Deleting index entry results[9].htm in index $I30 of file 79642.

Deleting index entry soc01[1].png in index $I30 of file 79642.

Deleting index entry SOC01_~1.PNG in index $I30 of file 79642.

Deleting index entry statsnew[2].xml in index $I30 of file 79642.

Deleting index entry STATSN~2.XML in index $I30 of file 79642.

Deleting index entry style[1].css in index $I30 of file 79642.

Deleting index entry STYLE_~1.CSS in index $I30 of file 79642.

Deleting index entry winner4[1].jpg in index $I30 of file 79642.

Deleting index entry WINNER~1.JPG in index $I30 of file 79642.

Deleting index entry ziffdavis-dest[1].htm in index $I30 of file 79642.

Deleting index entry ZIFFDA~1.HTM in index $I30 of file 79642.

82 percent completed.

83 percent completed.

84 percent completed.

85 percent completed.

86 percent completed.

87 percent completed.

88 percent completed.

89 percent completed.

90 percent completed.

91 percent completed.

92 percent completed.

93 percent completed.

94 percent completed.

95 percent completed.

96 percent completed.

Deleting index entry 01[1].htm in index $I30 of file 119655.

Deleting index entry 01_1_~1.HTM in index $I30 of file 119655.

Deleting index entry 11418[1].jpg in index $I30 of file 119655.

Deleting index entry 11418_~1.JPG in index $I30 of file 119655.

Deleting index entry 1794343943_dpmp4hi_0[1].mp4 in index $I30 of file 119655.

Deleting index entry 179434~1.MP4 in index $I30 of file 119655.

Deleting index entry 1795084605_dpmp4lo_0[1].mp4 in index $I30 of file 119655.

Deleting index entry 179508~1.MP4 in index $I30 of file 119655.

Deleting index entry 18657[1].gif in index $I30 of file 119655.

Deleting index entry 18657_~1.GIF in index $I30 of file 119655.

Deleting index entry 26271-2[1].js in index $I30 of file 119655.

Deleting index entry 26271-~2.JS in index $I30 of file 119655.

Deleting index entry 2F%252Fgamesweaseltv.mevio[1].com%252F%253Futm_campaign%253D088aeb_561937_260909_113996_4355_481_40616%2526utm_source%253D088aeb%2526utm_medium%253D088aeb in index $I30 of file 119655.

Deleting index entry 2F%252~2.CO~ in index $I30 of file 119655.

Deleting index entry 44143148_18984302001_Victoria-sSecret-still[1].jpg in index $I30 of file 119655.

Deleting index entry 44143148_35157914001_BTARobDyrdek-still[1].jpg in index $I30 of file 119655.

Deleting index entry 441431~1.JPG in index $I30 of file 119655.

Deleting index entry 441431~2.JPG in index $I30 of file 119655.

Deleting index entry 483317MattLanter670x320[1].jpg in index $I30 of file 119655.

Deleting index entry 483317~1.JPG in index $I30 of file 119655.

Deleting index entry 5689964577_0668b7a7ac_m[1].jpg in index $I30 of file 119655.

Deleting index entry 568996~1.JPG in index $I30 of file 119655.

Deleting index entry 66.3[1].gif in index $I30 of file 119655.

Deleting index entry 663_1_~1.GIF in index $I30 of file 119655.

Deleting index entry 71.1[1].gif in index $I30 of file 119655.

Deleting index entry 711_1_~1.GIF in index $I30 of file 119655.

Deleting index entry 774308TravisPastrana670X320[1].jpg in index $I30 of file 119655.

Deleting index entry 774308~1.JPG in index $I30 of file 119655.

Deleting index entry 86.2[1].gif in index $I30 of file 119655.

Deleting index entry 862_1_~1.GIF in index $I30 of file 119655.

Deleting index entry abe506872146a572ec53fc224421b675ec50c012[1].jpg in index $I30 of file 119655.

Deleting index entry ABE506~1.JPG in index $I30 of file 119655.

Deleting index entry adhoc[1].xml in index $I30 of file 119655.

Deleting index entry ADHOC_~1.XML in index $I30 of file 119655.

Deleting index entry adimage[2].gif in index $I30 of file 119655.

Deleting index entry adimage[3].gif in index $I30 of file 119655.

Deleting index entry ADIMAG~2.GIF in index $I30 of file 119655.

Deleting index entry ADIMAG~3.GIF in index $I30 of file 119655.

Deleting index entry ads[2] in index $I30 of file 119655.

Deleting index entry ADS_2_~1 in index $I30 of file 119655.

Deleting index entry clickheat[1].js in index $I30 of file 119655.

Deleting index entry CLICKH~1.JS in index $I30 of file 119655.

Deleting index entry effects[1].js in index $I30 of file 119655.

Deleting index entry EFFECT~1.JS in index $I30 of file 119655.

Deleting index entry EV3045~1.FL~ in index $I30 of file 119655.

Deleting index entry EV3E35~1.FL~ in index $I30 of file 119655.

Deleting index entry event[8].flow in index $I30 of file 119655.

Deleting index entry event[9].flow in index $I30 of file 119655.

Deleting index entry gadgethovel[1].jpg in index $I30 of file 119655.

Deleting index entry GADGET~1.JPG in index $I30 of file 119655.

Deleting index entry image[1].png in index $I30 of file 119655.

Deleting index entry IMAGE_~1.PNG in index $I30 of file 119655.

Deleting index entry indexpage94[1].htm in index $I30 of file 119655.

Deleting index entry INDEXP~1.HTM in index $I30 of file 119655.

Deleting index entry index_chat_services[1].jpg in index $I30 of file 119655.

Deleting index entry INDEX_~1.JPG in index $I30 of file 119655.

Deleting index entry JQDDE8~1.JS in index $I30 of file 119655.

Deleting index entry jquery.ui[1].js in index $I30 of file 119655.

Deleting index entry kidscastuk-us-e[1].jpg in index $I30 of file 119655.

Deleting index entry KIDSCA~1.JPG in index $I30 of file 119655.

Deleting index entry loadingAnimation[1].gif in index $I30 of file 119655.

Deleting index entry LOADIN~1.GIF in index $I30 of file 119655.

Deleting index entry logo-dotellall-ie6[1].png in index $I30 of file 119655.

Deleting index entry LOGO-D~1.PNG in index $I30 of file 119655.

Deleting index entry modal[1].css in index $I30 of file 119655.

Deleting index entry MODAL_~1.CSS in index $I30 of file 119655.

Deleting index entry news;adlocation=site_above_results;dcopt=ist;campaign=;page=category;kw=blinkx;pid=10;sz=300x250;;source=site;t=;tile=3;ord=4438648591851742[1] in index $I30 of file 119655.

Deleting index entry news;adlocation=site_below_header;dcopt=ist;campaign=;page=category;kw=blinkx;pid=10;sz=728x90,728x91;;source=site;t=;tile=1;ord=5221602326355828[1] in index $I30 of file 119655.

Deleting index entry news;adlocation=site_below_player;dcopt=ist;campaign=;page=category;kw=blinkx;pid=10;sz=468x62,300x251;;source=site;t=;tile=2;ord=7059323621941949[1] in index $I30 of file 119655.

Deleting index entry NEWS_A~2 in index $I30 of file 119655.

Deleting index entry NEWS_A~3 in index $I30 of file 119655.

Deleting index entry NEWS_A~4 in index $I30 of file 119655.

Deleting index entry niftyplayer[1].swf in index $I30 of file 119655.

Deleting index entry NIFTYP~1.SWF in index $I30 of file 119655.

Deleting index entry proxy[1].htm in index $I30 of file 119655.

Deleting index entry PROXY_~1.HTM in index $I30 of file 119655.

Deleting index entry rd_p[1].htm in index $I30 of file 119655.

Deleting index entry RD_P_1~1.HTM in index $I30 of file 119655.

Deleting index entry statsnew[1].xml in index $I30 of file 119655.

Deleting index entry STATSN~1.XML in index $I30 of file 119655.

Deleting index entry style[1].css in index $I30 of file 119655.

Deleting index entry STYLE_~1.CSS in index $I30 of file 119655.

Deleting index entry theabsolutepeach-us-e[1].jpg in index $I30 of file 119655.

Deleting index entry THEABS~1.JPG in index $I30 of file 119655.

Deleting index entry tweet_buttonCARY73X7.htm in index $I30 of file 119655.

Deleting index entry TWF9E4~1.HTM in index $I30 of file 119655.

Deleting index entry xd_receiver[2].htm in index $I30 of file 119655.

Deleting index entry XD_REC~2.HTM in index $I30 of file 119655.

Deleting index entry zdgeneric_noarts_v1[1].js in index $I30 of file 119655.

Deleting index entry ZDGENE~1.JS in index $I30 of file 119655.

Deleting index entry 0633416278[1].htm in index $I30 of file 119656.

Deleting index entry 063341~1.HTM in index $I30 of file 119656.

Deleting index entry 20036[1].jpg in index $I30 of file 119656.

Deleting index entry 20036_~1.JPG in index $I30 of file 119656.

Deleting index entry 2429[1].jpg in index $I30 of file 119656.

Deleting index entry 2429_1~1.JPG in index $I30 of file 119656.

Deleting index entry 26270-2[3].js in index $I30 of file 119656.

Deleting index entry 26270-~3.JS in index $I30 of file 119656.

Deleting index entry 2857634163[1].htm in index $I30 of file 119656.

Deleting index entry 285763~1.HTM in index $I30 of file 119656.

Deleting index entry 3efc3d33df884c27b352f195affdd98c93fe0a32[1].jpg in index $I30 of file 119656.

Deleting index entry 3EFC3D~1.JPG in index $I30 of file 119656.

Deleting index entry 41.2[1].gif in index $I30 of file 119656.

Deleting index entry 412_1_~1.GIF in index $I30 of file 119656.

Deleting index entry 5690539104_74fde8cf8f_s[1].jpg in index $I30 of file 119656.

Deleting index entry 569053~1.JPG in index $I30 of file 119656.

Deleting index entry 89.1[1].gif in index $I30 of file 119656.

Deleting index entry 891_1_~1.GIF in index $I30 of file 119656.

Deleting index entry ads[1].htm in index $I30 of file 119656.

Deleting index entry ads[2] in index $I30 of file 119656.

Deleting index entry ads[2].js in index $I30 of file 119656.

Deleting index entry ADS_1_~1.HTM in index $I30 of file 119656.

Deleting index entry ADS_2_~1 in index $I30 of file 119656.

Deleting index entry ADS_2_~1.JS in index $I30 of file 119656.

Deleting index entry ad[1].gif in index $I30 of file 119656.

Deleting index entry AD_1_~1.GIF in index $I30 of file 119656.

Deleting index entry ajs[1].php in index $I30 of file 119656.

Deleting index entry AJS_1_~1.PHP in index $I30 of file 119656.

Deleting index entry all[1].js in index $I30 of file 119656.

Deleting index entry ALL_1_~1.JS in index $I30 of file 119656.

Deleting index entry amgdgt[1].js in index $I30 of file 119656.

Deleting index entry AMGDGT~1.JS in index $I30 of file 119656.

Deleting index entry b394b4b644845918dfc3e6ea48d027c5553da117[1].jpg in index $I30 of file 119656.

Deleting index entry B394B4~1.JPG in index $I30 of file 119656.

Deleting index entry click[1].htm in index $I30 of file 119656.

Deleting index entry click[3].htm in index $I30 of file 119656.

Deleting index entry CLICK_~1.HTM in index $I30 of file 119656.

Deleting index entry CLICK_~3.HTM in index $I30 of file 119656.

Deleting index entry CRC6D2~1.XML in index $I30 of file 119656.

Deleting index entry crossdomain[9].xml in index $I30 of file 119656.

Deleting index entry deals_button[1].jpg in index $I30 of file 119656.

Deleting index entry DEALS_~1.JPG in index $I30 of file 119656.

Deleting index entry derekthebanditssoundrepublicelectronicdancemusic-us-e[1].jpg in index $I30 of file 119656.

Deleting index entry DEREKT~1.JPG in index $I30 of file 119656.

Deleting index entry dpx[1].gif in index $I30 of file 119656.

Deleting index entry DPX_1_~1.GIF in index $I30 of file 119656.

Deleting index entry fmr[1].js in index $I30 of file 119656.

Deleting index entry FMR_1_~1.JS in index $I30 of file 119656.

Deleting index entry iframe[1] in index $I30 of file 119656.

Deleting index entry iframe[2].htm in index $I30 of file 119656.

Deleting index entry IFRAME~1 in index $I30 of file 119656.

Deleting index entry IFRAME~2.HTM in index $I30 of file 119656.

Deleting index entry imgad[4].jpg in index $I30 of file 119656.

Deleting index entry IMGAD_~4.JPG in index $I30 of file 119656.

Deleting index entry launch_btn[1].png in index $I30 of file 119656.

Deleting index entry LAUNCH~1.PNG in index $I30 of file 119656.

Deleting index entry mevio-m-neverback-24x24[1].gif in index $I30 of file 119656.

Deleting index entry MEVIO-~1.GIF in index $I30 of file 119656.

Deleting index entry prespain_728[1].swf in index $I30 of file 119656.

Deleting index entry PRESPA~1.SWF in index $I30 of file 119656.

Deleting index entry prodimg[1] in index $I30 of file 119656.

Deleting index entry PRODIM~1 in index $I30 of file 119656.

Deleting index entry prototype[1].js in index $I30 of file 119656.

Deleting index entry PROTOT~1.JS in index $I30 of file 119656.

Deleting index entry RE018B~1.HTM in index $I30 of file 119656.

Deleting index entry RE0D7B~1.HTM in index $I30 of file 119656.

Deleting index entry results[1].js in index $I30 of file 119656.

Deleting index entry results[6].htm in index $I30 of file 119656.

Deleting index entry results[7].htm in index $I30 of file 119656.

Deleting index entry RESULT~1.JS in index $I30 of file 119656.

Deleting index entry suggestSearch[1].htm in index $I30 of file 119656.

Deleting index entry SUGGES~1.HTM in index $I30 of file 119656.

Deleting index entry tap[7].gif in index $I30 of file 119656.

Deleting index entry TAP_7_~1.GIF in index $I30 of file 119656.

97 percent completed.

Deleting index entry utils[1].js in index $I30 of file 119656.

Deleting index entry UTILS_~1.JS in index $I30 of file 119656.

Deleting index entry winner2[1].jpg in index $I30 of file 119656.

Deleting index entry WINNER~1.JPG in index $I30 of file 119656.

Deleting index entry wm-land[1].htm in index $I30 of file 119656.

Deleting index entry WM-LAN~1.HTM in index $I30 of file 119656.

Deleting index entry 04a463c55dcd581e697451d41e89ed265252ac17[1].jpg in index $I30 of file 119659.

Deleting index entry 04A463~1.JPG in index $I30 of file 119659.

Deleting index entry 1263742765@x15[1] in index $I30 of file 119659.

Deleting index entry 126374~1 in index $I30 of file 119659.

Deleting index entry 1279[1].jpg in index $I30 of file 119659.

Deleting index entry 1279_1~1.JPG in index $I30 of file 119659.

Deleting index entry 18292[1].jpg in index $I30 of file 119659.

Deleting index entry 18292_~1.JPG in index $I30 of file 119659.

Deleting index entry 26270-2[2].js in index $I30 of file 119659.

Deleting index entry 26270-~2.JS in index $I30 of file 119659.

Deleting index entry 441360MaxWinkler670x320[1].jpg in index $I30 of file 119659.

Deleting index entry 441360~1.JPG in index $I30 of file 119659.

Deleting index entry adimage[1].gif in index $I30 of file 119659.

Deleting index entry ADIMAG~1.GIF in index $I30 of file 119659.

Deleting index entry ads[1] in index $I30 of file 119659.

Deleting index entry ADS_1_~1 in index $I30 of file 119659.

Deleting index entry backcookie[1].js in index $I30 of file 119659.

Deleting index entry BACKCO~1.JS in index $I30 of file 119659.

Deleting index entry banner728x90[1].htm in index $I30 of file 119659.

Deleting index entry BANNER~1.HTM in index $I30 of file 119659.

Deleting index entry bar[1].jpg in index $I30 of file 119659.

Deleting index entry BAR_1_~1.JPG in index $I30 of file 119659.

Deleting index entry bullet[1] in index $I30 of file 119659.

Deleting index entry BULLET~1 in index $I30 of file 119659.

Deleting index entry d42a0f3988585d4b408af098770d83a8189ed615[1].jpg in index $I30 of file 119659.

Deleting index entry D42A0F~1.JPG in index $I30 of file 119659.

Deleting index entry data_sync[1].htm in index $I30 of file 119659.

Deleting index entry DATA_S~1.HTM in index $I30 of file 119659.

Deleting index entry ecpCmrvFebs[1].js in index $I30 of file 119659.

Deleting index entry ECPCMR~1.JS in index $I30 of file 119659.

Deleting index entry everythingblah-us-e[1].png in index $I30 of file 119659.

Deleting index entry EVERYT~1.PNG in index $I30 of file 119659.

Deleting index entry fw-nonplayer-banner[2].htm in index $I30 of file 119659.

Deleting index entry FW-NON~2.HTM in index $I30 of file 119659.

Deleting index entry getconfig[1].xml in index $I30 of file 119659.

Deleting index entry GETCON~1.XML in index $I30 of file 119659.

Deleting index entry header_v1[1].jpg in index $I30 of file 119659.

Deleting index entry HEADER~1.JPG in index $I30 of file 119659.

Deleting index entry home[1].jpg in index $I30 of file 119659.

Deleting index entry HOME_1~1.JPG in index $I30 of file 119659.

Deleting index entry iframe[2] in index $I30 of file 119659.

Deleting index entry IFRAME~2 in index $I30 of file 119659.

Deleting index entry index_chat_123[1].jpg in index $I30 of file 119659.

Deleting index entry INDEX_~1.JPG in index $I30 of file 119659.

Deleting index entry JQ0E7B~1.JS in index $I30 of file 119659.

Deleting index entry JQ3B1C~1.JS in index $I30 of file 119659.

Deleting index entry jquery.cycle.all.min[1].js in index $I30 of file 119659.

Deleting index entry jquery.thickbox[1].js in index $I30 of file 119659.

Deleting index entry modal[1].js in index $I30 of file 119659.

Deleting index entry MODAL_~1.JS in index $I30 of file 119659.

Deleting index entry prodimg[1] in index $I30 of file 119659.

Deleting index entry PRODIM~1 in index $I30 of file 119659.

Deleting index entry S4RgCezpKLl[1].js in index $I30 of file 119659.

Deleting index entry S4RGCE~1.JS in index $I30 of file 119659.

Deleting index entry search[2].htm in index $I30 of file 119659.

Deleting index entry SEARCH~2.HTM in index $I30 of file 119659.

Deleting index entry set[1].gif in index $I30 of file 119659.

Deleting index entry SET_1_~1.GIF in index $I30 of file 119659.

Deleting index entry show_ads[3].js in index $I30 of file 119659.

Deleting index entry show_ads_impl[1].js in index $I30 of file 119659.

Deleting index entry SHOW_A~2.JS in index $I30 of file 119659.

Deleting index entry SHOW_A~3.JS in index $I30 of file 119659.

Deleting index entry slice_02[1].jpg in index $I30 of file 119659.

Deleting index entry SLICE_~1.JPG in index $I30 of file 119659.

Deleting index entry stars[1].png in index $I30 of file 119659.

Deleting index entry STARS_~1.PNG in index $I30 of file 119659.

Deleting index entry style[2].css in index $I30 of file 119659.

Deleting index entry style[3].css in index $I30 of file 119659.

Deleting index entry STYLE_~2.CSS in index $I30 of file 119659.

Deleting index entry STYLE_~3.CSS in index $I30 of file 119659.

Deleting index entry ui.tabs[1].css in index $I30 of file 119659.

Deleting index entry UITABS~1.CSS in index $I30 of file 119659.

Deleting index entry up_back[1].gif in index $I30 of file 119659.

Deleting index entry UP_BAC~1.GIF in index $I30 of file 119659.

Deleting index entry winner3[1].jpg in index $I30 of file 119659.

Deleting index entry WINNER~1.JPG in index $I30 of file 119659.

Deleting index entry ybLogo[1].jpg in index $I30 of file 119659.

Deleting index entry YBLOGO~1.JPG in index $I30 of file 119659.

Deleting index entry 01[1].htm in index $I30 of file 119666.

Deleting index entry 01_1_~1.HTM in index $I30 of file 119666.

Deleting index entry 149893CriminalMinds670x320[1].jpg in index $I30 of file 119666.

Deleting index entry 149893~1.JPG in index $I30 of file 119666.

Deleting index entry 18650[1].jpg in index $I30 of file 119666.

Deleting index entry 18650_~1.JPG in index $I30 of file 119666.

Deleting index entry 223675LadyGaga670x320[1].jpg in index $I30 of file 119666.

Deleting index entry 223675~1.JPG in index $I30 of file 119666.

Deleting index entry 26270-2[1].js in index $I30 of file 119666.

Deleting index entry 26270-~1.JS in index $I30 of file 119666.

Deleting index entry 9eb89aef14a82357f61e8401668b2852b67e396c[1].jpg in index $I30 of file 119666.

Deleting index entry 9EB89A~1.JPG in index $I30 of file 119666.

Deleting index entry A%252F%252Fgamesweaseltv.mevio[1].com%252F%253Futm_campaign%253D088aeb_561937_260910_113990_40542_40616%2526utm_source%253D088aeb%2526utm_medium%253D088aeb in index $I30 of file 119666.

Deleting index entry A%252F%252Fgamesweaseltv.mevio[2].com%252F%253Futm_campaign%253D088aeb_561937_260910_113990_40542_40616%2526utm_source%253D088aeb%2526utm_medium%253D088aeb in index $I30 of file 119666.

Deleting index entry A%252F~1.CO~ in index $I30 of file 119666.

Deleting index entry A%252F~2.CO~ in index $I30 of file 119666.

Deleting index entry aceUAC[1].js in index $I30 of file 119666.

Deleting index entry ACEUAC~1.JS in index $I30 of file 119666.

Deleting index entry adimage[1].gif in index $I30 of file 119666.

Deleting index entry ADIMAG~1.GIF in index $I30 of file 119666.

Deleting index entry ads[3] in index $I30 of file 119666.

Deleting index entry ADS_3_~1 in index $I30 of file 119666.

Deleting index entry bh[1].gif in index $I30 of file 119666.

Deleting index entry BH_1_~1.GIF in index $I30 of file 119666.

Deleting index entry bluebg[1].gif in index $I30 of file 119666.

Deleting index entry BLUEBG~1.GIF in index $I30 of file 119666.

Deleting index entry ca[1] in index $I30 of file 119666.

Deleting index entry CA_1_~1 in index $I30 of file 119666.

Deleting index entry convpixel[3].jpg in index $I30 of file 119666.

Deleting index entry CONVPI~3.JPG in index $I30 of file 119666.

Deleting index entry email[1].png in index $I30 of file 119666.

Deleting index entry EMAIL_~1.PNG in index $I30 of file 119666.

Deleting index entry fo[1].js in index $I30 of file 119666.

Deleting index entry FO_1_~1.JS in index $I30 of file 119666.

Deleting index entry gamesweaseltv_mevio_com[1].htm in index $I30 of file 119666.

Deleting index entry GAMESW~1.HTM in index $I30 of file 119666.

Deleting index entry globalPixel[1].htm in index $I30 of file 119666.

Deleting index entry GLOBAL~1.HTM in index $I30 of file 119666.

Deleting index entry graphics[1].js in index $I30 of file 119666.

Deleting index entry GRAPHI~1.JS in index $I30 of file 119666.

Deleting index entry ie7[1].css in index $I30 of file 119666.

Deleting index entry IE7_1_~1.CSS in index $I30 of file 119666.

Deleting index entry johnny-knoxville[1].htm in index $I30 of file 119666.

Deleting index entry JOHNNY~1.HTM in index $I30 of file 119666.

Deleting index entry JQFC09~1.JS in index $I30 of file 119666.

Deleting index entry jquery[2].js in index $I30 of file 119666.

Deleting index entry jump1[3].htm in index $I30 of file 119666.

Deleting index entry JUMP1_~3.HTM in index $I30 of file 119666.

Deleting index entry LO61B1~1.HTM in index $I30 of file 119666.

Deleting index entry login_status[4].htm in index $I30 of file 119666.

Deleting index entry logo-100[1].gif in index $I30 of file 119666.

Deleting index entry LOGO-1~1.GIF in index $I30 of file 119666.

Deleting index entry min_utils[1].js in index $I30 of file 119666.

Deleting index entry MIN_UT~1.JS in index $I30 of file 119666.

Deleting index entry mootools[1].js in index $I30 of file 119666.

Deleting index entry MOOTOO~1.JS in index $I30 of file 119666.

Deleting index entry news;adlocation=site_above_results;dcopt=ist;campaign=;page=category;kw=blinkx;pid=10;sz=300x250;;source=site;t=;tile=3;ord=7059323621941949[1] in index $I30 of file 119666.

Deleting index entry news;adlocation=site_below_header;dcopt=ist;campaign=;page=category;kw=blinkx;pid=10;sz=728x90,728x91;;source=site;t=;tile=1;ord=4438648591851742[1] in index $I30 of file 119666.

Deleting index entry NEWS_A~2 in index $I30 of file 119666.

Deleting index entry NEWS_A~3 in index $I30 of file 119666.

Deleting index entry pixel[2].gif in index $I30 of file 119666.

Deleting index entry PIXEL_~2.GIF in index $I30 of file 119666.

Deleting index entry prodimg[1] in index $I30 of file 119666.

Deleting index entry prodimg[2] in index $I30 of file 119666.

Deleting index entry prodimg[3] in index $I30 of file 119666.

Deleting index entry PRODIM~1 in index $I30 of file 119666.

Deleting index entry PRODIM~2 in index $I30 of file 119666.

Deleting index entry PRODIM~3 in index $I30 of file 119666.

Deleting index entry rm1957[1].htm in index $I30 of file 119666.

Deleting index entry RM1957~1.HTM in index $I30 of file 119666.

Deleting index entry rubicon_imp[1].gif in index $I30 of file 119666.

Deleting index entry RUBICO~1.GIF in index $I30 of file 119666.

Deleting index entry stats[1].htm in index $I30 of file 119666.

Deleting index entry STATS_~1.HTM in index $I30 of file 119666.

Deleting index entry style3[1].css in index $I30 of file 119666.

Deleting index entry STYLE3~1.CSS in index $I30 of file 119666.

Deleting index entry survey2[1].mp3 in index $I30 of file 119666.

Deleting index entry SURVEY~1.MP3 in index $I30 of file 119666.

Deleting index entry ui.all[1].css in index $I30 of file 119666.

Deleting index entry ui.base[1].css in index $I30 of file 119666.

Deleting index entry ui.theme[1].css in index $I30 of file 119666.

Deleting index entry UIALL_~1.CSS in index $I30 of file 119666.

Deleting index entry UIBASE~1.CSS in index $I30 of file 119666.

Deleting index entry UITHEM~1.CSS in index $I30 of file 119666.

98 percent completed.

99 percent completed.

100 percent completed.

100 percent completed.

Index verification completed.

Errors found. CHKDSK cannot continue in read-only mode.

Let me know what to try next, thanks Jon

Share this post


Link to post
Share on other sites

Hi,

Now enter this command in cmd.exe:

chkdsk /f>"%userprofile%\desktop\chkdsk.txt2"

When it completes, open chkdsk2.txt on your Desktop.

Share this post


Link to post
Share on other sites

Hi,

Now enter this command in cmd.exe:

chkdsk /f>"%userprofile%\desktop\chkdsk.txt2"

When it completes, open chkdsk2.txt on your Desktop.

Share this post


Link to post
Share on other sites

Chris,

Sorry for the delay we had email issues with yahoo. I copied and pasted the command and here are the results.

The type of the file system is NTFS.

Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another

process. Would you like to schedule this volume to be

checked the next time the system restarts? (Y/N)

Chkdsk cannot run because the volume is in use by another

process. Would you like to schedule this volume to be

checked the next time the system restarts? (Y/N) y

This volume will be checked the next time the system restarts.

The pc did complete the chksk and then booted to the desktop. Let me know what to do next.

Thanks, Jon

Share this post


Link to post
Share on other sites

Now please repeat the steps in Post #11. Post the contents of the log that is produced.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.