Avast stopped working, virus?

Viruses and worms
21

part two of the combofix file

Note empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe”
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00]
“SNPSTD2”=“C:\WINDOWS\vsnpstd2.exe” [2004-08-30 16:37]
“SiSUSBRG”=“C:\WINDOWS\sisUSBrg.exe” [2002-04-25 18:06]
“SiS KHooker”=“C:\WINDOWS\System32\khooker.exe” [2002-01-25 03:30]
“ratmn”=“C:\WINDOWS\ratmn.exe”
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2005-12-15 11:18]
“Cmaudio”=“cmicnfg.cpl”
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-05-11 03:06]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-02-16 10:54]
“Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe” [2007-06-15 17:15]
“NeroCheck”=“C:\WINDOWS\System32\NeroCheck.exe” [2001-07-09 03:50]
“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [2006-10-30 09:36]
“BearShare”=“C:\Program Files\BearShare\BearShare.exe”

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:56]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-07-18 20:39]
“Yahoo! Pager”=“C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe” [2007-03-27 15:22]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 10:24]
“BitTorrent”=“C:\Program Files\BitTorrent\bittorrent.exe”

C:\Documents and Settings\Ben\Start Menu\Programs\Startup
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2007-05-11 03:06:32]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-11 00:29:22]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 11:40:44]
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-07-01 22:17:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
“NoResolveSearch”=1 (0x1)

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@=“Driver Group”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@=“Service”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E967-E325-11CE-BFC1-08002BE10318}]
@=“DiskDrive”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@=“Hdc”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@=“Keyboard”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@=“Mouse”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@=“System”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@=“Volume”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# L"h’þ9Óœð3rÅWC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# L"h’þ9Óœð3rÅWC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# L"h’þ9Óœð3rÅWC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# L"h’þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\miftufo.exe

R1 pci32;Derkz864;??\C:\WINDOWS\system32\drivers\pci32.sys
R1 srosa;Megadrv3;??\C:\WINDOWS\system32\drivers\srosa.sys
S3 JL2001;Telemax WebCam WC-50;C:\WINDOWS\system32\Drivers\videocap.sys
S3 snpstd2;GE 98067 MiniCam Pro;C:\WINDOWS\system32\DRIVERS\snpstd2.sys
S4 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys

Contents of the ‘Scheduled Tasks’ folder
2007-08-09 04:40:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-14 15:07:36 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D432F9D3-12B8-43E7-97CB-0D48E3DE9774}.job - C:\WINDOWS\system32\msfeedssync.exe

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-14 12:19:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\drivers\hidr.exe

scan completed successfully
hidden files: 2

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“german.exe”=“C:\WINDOWS\system32\wintems.exe”

Completion time: 2007-08-14 12:22:08 - machine was rebooted
C:\ComboFix-quarantined-files.txt … 2007-08-14 12:21

--- E O F ---
22

Here is the hijackthis file run after the combofix

Logfile of HijackThis v1.99.1
Scan saved at 12:42:10 PM, on 14/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\System32\khooker.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://ca.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://ca.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://ca.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”
O4 - HKLM..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM..\Run: [ratmn] C:\WINDOWS\ratmn.exe
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [BearShare] “C:\Program Files\BearShare\BearShare.exe” /pause
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU..\Run: [Yahoo! Pager] “C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE” -quiet
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [BitTorrent] “C:\Program Files\BitTorrent\bittorrent.exe” --force_start_minimized
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.mysask.com
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

23

Here is the Blacklight log. I didn’t use the command line version. I just clicked on scan. Also, I pretty much opened all the files under folder options. I still can’t view the c:windows ratmn.exe file.

There is something new to report though. Once I ran the combofix, the red shield icon of windows security alert gave me a warning that the antivirus program I use (Avast) was out of date. I still cannot run Avast though because it is still telling me that the exe file has been moved or changed.

08/14/07 13:09:55 [Info]: BlackLight Engine 1.0.64 initialized
08/14/07 13:09:55 [Info]: OS: 5.1 build 2600 (Service Pack 2)
08/14/07 13:09:55 [Note]: 7019 4
08/14/07 13:09:55 [Note]: 7005 0
08/14/07 13:09:56 [Note]: 7006 0
08/14/07 13:09:56 [Note]: 7011 1868
08/14/07 13:09:57 [Note]: 7026 0
08/14/07 13:09:57 [Note]: 7026 0
08/14/07 13:10:00 [Note]: FSRAW library version 1.7.1022
08/14/07 13:10:05 [Note]: 10002 2
08/14/07 13:10:05 [Note]: 10002 2
08/14/07 13:12:51 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\empty.txt
08/14/07 13:12:51 [Note]: 10002 3
08/14/07 13:12:51 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\filters.xml
08/14/07 13:12:51 [Note]: 10002 3
08/14/07 13:12:51 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\news.png
08/14/07 13:12:51 [Note]: 10002 3
08/14/07 13:12:51 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\paint.png
08/14/07 13:12:51 [Note]: 10002 3
08/14/07 13:12:51 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\profiles\blank.txt
08/14/07 13:12:51 [Note]: 10002 3
08/14/07 13:12:51 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\sample1.jpg
08/14/07 13:12:51 [Note]: 10002 3
08/14/07 13:12:51 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\sample2.jpg
08/14/07 13:12:51 [Note]: 10002 3
08/14/07 13:12:51 [Note]: 10002 2
08/14/07 13:12:51 [Note]: 10002 2
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\activity_speaker_states.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_bot.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_bot.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_left.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_left.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_right.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_right.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_top.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_top.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\button_chevron_down.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\button_chevron_up.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\capbuttons.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\columnheads.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\combo.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\combo_arrow.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\connect_chunkyanim.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\dark_connect_chunkyanim.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\dialbtn_pad.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\donotdisturb.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\games_close.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\grabbie.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\grabbie.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\groupboxedge.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\headerbg.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\icons_tbar_disabled.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\icons_tbar_hot.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\icons_tbar_normal.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\indigo.xml
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\itabs.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menubar.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menubar_states.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menuitem.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menusearchbar.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menu_bg.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menu_scroll.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\menu_sep.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\mute_states.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\pab_abook_off.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\pab_abook_on.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\pab_add1.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\pab_mlist1_off.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\pab_mlist1_on.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\photoshare_slider.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\photoshare_slider_tray.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_vbg.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_vhandle.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_buttons.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_griph.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_gripv.bmp
08/14/07 13:13:37 [Note]: 10002 3

24

blacklight part 2

08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_hbg.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\search_bang.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\silver_bg.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\slotborder.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\slotborder_we.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\slot_empty_bg.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\statusbar.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_bot.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_bot.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_left.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_left.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_right.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_right.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_top.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_top.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_capbuttons.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_vert.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_up.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_h.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_down.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_horz.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_left.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_right.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_v.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\triangletray.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\checkbox.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_hhandle.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\statusgrabber.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\toolbarbuttons.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\typedown.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_10.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\up_down.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\up_down_arrow.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\up_down_h.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\up_down_h_arrow.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_3.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_7.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_4.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_8.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_5.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_9.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_2.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_6.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_tbar_hold.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_tbar.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_tbar_incoming.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\Voice_Circle.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_callbtn.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_ctrls.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_0.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_1.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\preview_indigo.jpg
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\preview_indigo_intl.jpg
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\progressbar.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\pushbuttons.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\radio.bmp

25

blacklight log part 3

08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\subhdrbg.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\subhdrbg_cls.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\subhdrbg_cls_hover.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\subhdrbg_hover.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\sys_menu.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tabs.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tabs_standard.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tab_border.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\tbar_sep.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\title.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\title_down.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\title_hover.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\title_up.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_11.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_lights.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_ringer.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_bot.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_bot.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_left.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_left.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_right.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_right.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_top.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_top.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\button_chevron_down.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\button_chevron_up.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\capbuttons.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\columnheads.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\combo.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\combo_arrow.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\dialbtn_pad.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\donotdisturb.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\games_close.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\grabbie.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\grabbie.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\groupboxedge.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\headerbg.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\icons_tbar_disabled.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\icons_tbar_hot.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\icons_tbar_normal.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\itabs.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\maverick.xml
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menubar.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menubar_states.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menuitem.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menusearchbar.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menu_bg.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menu_scroll.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\menu_sep.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\pab_abook_off.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\pab_abook_on.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\pab_add1.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\pab_mlist1_off.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\pab_mlist1_on.bmp

26

Part 4

08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\pab_mlist1_on.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\photoshare_slider.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\photoshare_slider_tray.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\preview_mavblue.jpg
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\preview_mavblue_intl.jpg
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\progressbar.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\pushbuttons.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\radio.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_vbg.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_hhandle.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_vhandle.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_buttons.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_griph.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_gripv.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_hbg.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\search_bang.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\silver_bg.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\slotborder.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\slotborder_we.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\slot_empty_bg.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\statusbar.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\statusgrabber.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\subhdrbg.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\subhdrbg_cls.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\subhdrbg_cls_hover.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\subhdrbg_hover.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\sys_menu.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tabs.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tabs_standard.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tab_border.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tbar_bg.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\title.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\title_down.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\title_hover.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\title_up.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\toolbarbuttons.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_bot.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_bot.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_left.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_left.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_right.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_right.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_top.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_top.rgn
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_capbuttons.bmp

27

part 5

08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_vert.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_up.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_h.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_down.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_horz.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_left.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_right.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_v.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\triangletray.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\checkbox.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\tbar_sep.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\typedown.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_11.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\up_down.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\up_down_arrow.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\up_down_h.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\up_down_h_arrow.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_3.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_7.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_4.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_8.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_5.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_9.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_2.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_6.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_tbar_hold.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_tbar.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_tbar_incoming.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_callbtn.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_ctrls.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_0.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_1.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_10.png
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_lights.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:37 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_ringer.bmp
08/14/07 13:13:37 [Note]: 10002 3
08/14/07 13:13:38 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\Graphics\preview_classic_msgr.jpg
08/14/07 13:13:38 [Note]: 10002 3
08/14/07 13:13:38 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\npYState.dll
08/14/07 13:13:38 [Note]: 10002 3
08/14/07 13:13:38 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\YAlertCenter.dll
08/14/07 13:13:38 [Note]: 10002 3
08/14/07 13:13:38 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\YbSkin2.dll
08/14/07 13:13:38 [Note]: 10002 3
08/14/07 13:13:38 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\YbSkinSelect.dll
08/14/07 13:13:38 [Note]: 10002 3
08/14/07 13:13:38 [Info]: Hidden file: c:\Program Files\Yahoo!\Shared\YbSkinSelectRes.dll

28

last blacklight log post

08/14/07 13:13:38 [Note]: 10002 3
08/14/07 13:13:38 [Note]: 10002 2
08/14/07 13:13:38 [Note]: 10002 2
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 3
08/14/07 13:13:43 [Note]: 10002 2
08/14/07 13:13:43 [Note]: 10002 2
08/14/07 13:21:10 [Info]: Hidden file: c:\WINDOWS\ime\shared\imlang.dll
08/14/07 13:21:10 [Note]: 10002 3
08/14/07 13:21:10 [Info]: Hidden file: c:\WINDOWS\ime\shared\res\PADRS404.DLL
08/14/07 13:21:10 [Note]: 10002 3
08/14/07 13:21:10 [Info]: Hidden file: c:\WINDOWS\ime\shared\res\padrs804.dll
08/14/07 13:21:10 [Note]: 10002 3
08/14/07 13:21:10 [Note]: 10002 2
08/14/07 13:21:10 [Note]: 10002 2
08/14/07 13:22:26 [Info]: Hidden file: c:\WINDOWS\system32\drivers\srosa.sys
08/14/07 13:22:26 [Note]: 10002 2
08/14/07 13:22:26 [Info]: Hidden file: c:\WINDOWS\system32\drivers\hidr.exe
08/14/07 13:22:26 [Note]: 10002 2
08/14/07 13:23:58 [Note]: 2000 1012
08/14/07 13:27:24 [Note]: 7007 0

29

ComboFix got rid of some of the root kits and their friends, but we still have a few things to take care of.

Double-click OTMoveIt.exe to run it. Copy the file path below to the clipboard by highlighting it and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\trusted.exe
c:\WINDOWS\system32\drivers\srosa.sys
c:\WINDOWS\system32\drivers\hidr.exe

Return to OTMoveIt, right click on the “Paste List of Files/Folders to be moved” window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next response. Its OK if some of the files are not found.
Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Now open HJT and click to Do a System Scan Only. When the scan is complete place a check mark next to these lines

[b]R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll (file missing)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM..\Run: [ratmn] C:\WINDOWS\ratmn.exe

O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe (file missing)

O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)[/b]

Close all other windows, including your browser, and click Fix Checked.

After completing all of the above post fresh ComboFix and HJT logs, then see if you can reinstall avast!

Some of this malware downloaded the evening of 11 August, about the same time as the Scrabble ActiveX that is in your HJT log. Is Scrabble (and some other games) the program you referred to in your initial post when you first noticed the problems?

30

Here is the results when I ran the moveit program

C:\WINDOWS\system32\trusted.exe moved successfully.
c:\WINDOWS\system32\drivers\srosa.sys moved successfully.
c:\WINDOWS\system32\drivers\hidr.exe moved successfully.

Created on 08/14/2007 16:29:05

Now I will follow the directions for the hijack log. I am pretty good at following directions but to tell you the truth all this is WAYYY beyond me! :wink:

31

Yes, around the time I was downloading scrabble program is when I had the problem. That is what lead me to believe it was a virus.

Now I have another problem (I am on my computer now, not my wifes PC who has the problem)

I followed your directions and placed the checkmarks next to the lines and clicked fix.

I rebooted the system and now Windows only loads halfway and then stops (the blue moving line just stops after 8 - 10 seconds. I tried safemode but that didn’t work. We don’t have the original XP program (it was a used PC)

I think we are close but now I can’t get by the windows load up page! ???

32

First a little explanation of what we’ve done, then some thoughts on what happened and what we can try to fix the boot problem.

ComboFix does many things: First it very specifically targets certain malware and puts those files it identifies in quarantine. It did this with the files listed in the “Other Deletions” section of the log you posted.

It also lists files recently created with the idea that it cannot have signatures for every new variant of the malware it targets. This list must be manually analyzed which is what led me to have you delete trusted.exe.

Another function is a rootkit check which led to deletion of srosa.sys and hidr.exe (I should have included another file in this list of deletions but neglected to include it in the list - we would have picked this up with the second ComboFix run). The two we deleted here also appear at the very end of the BlackLight log.

All of the things we deleted are related to a rootkitted version of a bagle trojan that was responsible for killing avast! (rootkit is a term for a program that hides another program), a couple of backdoor trojans, and some spyware.

With one exception the lines we fixed in HijackThis were all registry entries referring to files that were were already gone. I did this for tidiness - to make it easier to review subsequent logs and just to make things run better. The single exception was this line

O4 - HKLM..\Run: [ratmn] C:\WINDOWS\ratmn.exe

Removing this line by “fixing” it simply prevents ratmn.exe from loading when your computer starts. We did not delete the file yet. I have not been able to identify this file which in itself makes it suspicious. It is most definitely not a Windows system file and, since you cannot find it when looking manually, appears to be one of the files the remaining rootkit may be hiding. I would still like to scan it at Virus Total before deletion.

I think the boot problem is caused by something, probably malware, corrupting your operating system. This can be seen in the very first lines of the ComboFix log

C:\WINDOWS\system32\chkdsk.exe not present

ADS removed - C:\WINDOWS\system32\ntoskrnl.exe: The system cannot find the file specified.

Although the computer can boot without chkdsk.exe it cannot boot without ntoskrnl.exe. ComboFix did not remove these files - it reported their absence. I am somewhat surprised the computer made it though the previous boot.

In order to fix this we need to replace ntoskrnl.exe and I think we may be able to use any XP installation disk to accomplish this. Is your computer XP, and do you have the Windows disk for it?

33

I do follow what you are saying but unfortuntaly :cry: my PC (which also has XP) was built by someone and they did load XP for me but not the software. I do not have any XP discs at all. I did bring this up to my wife once (that we should get a copy of XP just in case).

Now we need it…

So is there a way to circumvent by the load page? In safe mode it just keeps recycling over and over prompting me to choose a safe mode version or “last successful” something.

BTW, my computer also has Avast and (before the loading problem) I compared the folders. I have the exe files for Avast but my wifes computer does not.

34

If one of the options is Last Known Good Configuration (or similar wording) you can try that.

Is it possible to get a Windows CD from the person who built you computer? You should have been given one.

This version of bagle kills avast! and other antivirus programs. The files will continue to disappear until it is gone.

35

Yes, I tried Last Known Good Configuration but to no avail. The person who built my PC is long gone, I am not sure why he did not at least give me a copy. I might be able to get a copy but we are new to the area. I will try though…when I do I will post again.

Thanks again, I know we are close!

36

Give me some time to think about this - there must be a way …

37

What do you think about this? Can I download it to disc and use it?

http://www.softpedia.com/progDownload/Boot-Editor-Download-1721.html

38

I downloaded the ntoskrnl.exe file from driverguide.com. Can I put that on disc? ???

39

I spent the last hour or so reading up on this. It seems an xp disk is required so the recovery councel can be accessed. From there the neccessary repair can be made. It looks like any xp disk will work.

I don’t think putting the file on a cd will help, 'cause windows will be looking for an xp disk. But I leave that for others to comment on.

If there was some way to get to the command promt, it may be posible to copy/replace the file.

These are just thoughts not suggestions. I’m sure others with more experience with xp will be along shortly.

The only real suggestion is try to find beg, borrow, steal an xp disk.

40

Yeah, that’s kinda what I thought…I’ll find one I’m sure. My wife has freinds not too far away that might have a copy. This will be my quest this week…I feel like Sir Galahad now…