Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt Log File (please Help!)


  • Please log in to reply
10 replies to this topic

#1 Synergy

Synergy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 22 October 2007 - 10:52 AM

I think I have a few virus' on my computer :-\. I know for a fact I have/had Trojan Horse Backdoor.Small.53.U I also believe there is a win32.webdir.b in there.

any help would be appreciated!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:34 AM, on 10/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Common Files\AOL\1171311642\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html?p=DS
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1171311642\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU "C:\WINDOWS\TEMP\E_S99.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BEF2DED-9E16-4E05-9BE6-E85BD1B784C5}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{F60B6EA2-72F8-4429-97ED-22C9C3A6F163}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.196 85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.196 85.255.112.118
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9424 bytes

Edited by Synergy, 22 October 2007 - 10:57 AM.


BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 24 October 2007 - 04:20 PM

Hi Synergy and Welcome to the Bleeping Computer!


Please download FixWareout from one of these mirrors:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
http://downloads.subratam.org/Fixwareout.exe


Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt)


After posting report.txt,Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#3 Synergy

Synergy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 24 October 2007 - 09:28 PM

report from
FixWareout:


Username "Ronald Boatwright" - 10/24/2007 22:20:51 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.113.196 85.255.112.118" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1BEF2DED-9E16-4E05-9BE6-E85BD1B784C5}
"nameserver"="85.255.113.196,85.255.112.118" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F60B6EA2-72F8-4429-97ED-22C9C3A6F163}
"nameserver"="85.255.113.196,85.255.112.118" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2810EB22-763D-4D0C-9450-64BBD1758685}
"DhcpNameServer"="85.255.113.196,85.255.112.118" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"Dell Photo AIO Printer 922"="\"C:\\Program Files\\Dell Photo AIO Printer 922\\dlbtbmgr.exe\""
"DLBTCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\DLBTtime.dll,_RunDLLEntry@16"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1171311642\\ee\\AOLSoftware.exe"
"EPSON Stylus CX6000 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIBIA.EXE /FU \"C:\\WINDOWS\\TEMP\\E_S99.tmp\" /EF \"HKLM\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\SIMPLE~1\\PHOTOS~1\\data\\xtras\\mssysmgr.exe"
"BitTorrent DNA"="\"C:\\Program Files\\BitTorrent_DNA\\dna.exe\""
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

#4 Synergy

Synergy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 24 October 2007 - 09:41 PM

combo fix log:

ComboFix 07-10-23.2 - Ronald Boatwright 2007-10-24 22:29:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.217 [GMT -4:00]
Running from: C:\Documents and Settings\Ronald Boatwright\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bszip.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-25 to 2007-10-25 )))))))))))))))))))))))))))))))
.

2007-10-24 22:28 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-22 13:09 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-10-22 12:15 <DIR> d-------- C:\Program Files\Advanced Spyware Remover
2007-10-22 11:57 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-10-22 11:10 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-21 22:44 <DIR> d-------- C:\Documents and Settings\Ronald Boatwright\Application Data\AVG7
2007-10-21 22:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-20 19:08 43,520 --a------ C:\WINDOWS\SYSTEM32\CmdLineExt03.dll
2007-10-20 18:48 <DIR> d-------- C:\Program Files\Thief - Deadly Shadows
2007-10-20 18:35 23,510,720 -r-hs---- C:\dotnetfx.exe
2007-10-20 18:35 53,248 -r-hs---- C:\Interop.Shell32.dll
2007-10-20 11:40 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-10-18 14:27 <DIR> d-------- C:\Program Files\VideoLAN
2007-10-17 19:12 <DIR> d-------- C:\Program Files\iTunes
2007-10-17 19:12 <DIR> d-------- C:\Program Files\iPod
2007-10-10 20:53 <DIR> d-------- C:\Program Files\AVI Codec Pack
2007-10-10 20:52 <DIR> d-------- C:\WINDOWS\SYSTEM32\quicktime
2007-10-09 22:58 <DIR> d-------- C:\Program Files\AIM6
2007-10-09 22:48 <DIR> d-------- C:\Documents and Settings\Ronald Boatwright\Application Data\acccore
2007-10-09 16:34 <DIR> d-------- C:\Documents and Settings\Ronald Boatwright\.housecall6.6
2007-10-09 16:29 584,192 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
2007-10-07 12:41 <DIR> d-------- C:\Documents and Settings\Ronald Boatwright\Application Data\Propellerhead Software
2007-10-07 12:41 233,472 --a------ C:\WINDOWS\SYSTEM32\REX Shared Library.dll
2007-10-07 12:41 225,280 --a------ C:\WINDOWS\SYSTEM32\ReWire.dll
2007-10-07 12:26 <DIR> d-------- C:\Program Files\Propellerhead
2007-10-07 02:35 <DIR> d-------- C:\Documents and Settings\Ronald Boatwright\Application Data\Azureus
2007-10-07 02:33 <DIR> d-------- C:\Program Files\Azureus
2007-10-07 02:08 685,816 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys
2007-10-07 01:57 <DIR> d-------- C:\Program Files\BitTorrent_DNA
2007-10-07 01:57 <DIR> d-------- C:\Program Files\BitTorrent
2007-10-07 01:57 <DIR> d-------- C:\Documents and Settings\Ronald Boatwright\Application Data\BitTorrent DNA
2007-10-07 01:57 <DIR> d-------- C:\Documents and Settings\Ronald Boatwright\Application Data\BitTorrent
2007-10-05 21:58 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-10-05 21:56 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-10-05 21:56 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-24 15:51 --------- d-----w C:\Program Files\Soulseek
2007-10-22 16:09 --------- d-----w C:\Program Files\ABBYY FineReader 5.0 Sprint
2007-10-22 15:09 --------- d-----w C:\Program Files\Modem On Hold
2007-10-22 15:08 --------- d-----w C:\Program Files\Modem Helper
2007-10-22 15:08 --------- d-----w C:\Program Files\DivX
2007-10-22 03:39 --------- d-----w C:\Program Files\America Online 9.0
2007-10-21 22:08 --------- d-----w C:\Program Files\SymNetDrv
2007-10-20 22:45 --------- d-----w C:\Program Files\QuickTime
2007-10-20 22:45 --------- d-----w C:\Program Files\Picasa2
2007-10-20 22:44 --------- d-----w C:\Program Files\Microsoft Plus! Photo Story 2 LE
2007-10-20 22:44 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2007-10-20 22:44 --------- d-----w C:\Program Files\Google
2007-10-20 22:44 --------- d-----w C:\Program Files\DellSupport
2007-10-20 22:44 --------- d-----w C:\Program Files\Dell Photo AIO Printer 922
2007-10-20 22:44 --------- d-----w C:\Program Files\Apple Software Update
2007-10-20 22:44 --------- d-----w C:\Program Files\AOL Companion
2007-10-20 22:44 --------- d-----w C:\Program Files\AOD
2007-10-20 22:42 --------- d-----w C:\Program Files\Common Files\Motive
2007-10-20 22:42 --------- d-----w C:\Program Files\Common Files\aolshare
2007-10-20 22:42 --------- d-----w C:\Program Files\Common Files\AOL
2007-10-20 22:16 --------- d-----w C:\Program Files\Symantec
2007-10-20 22:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-20 14:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-20 00:20 --------- d--h--r C:\Documents and Settings\Ronald Boatwright\Application Data\yahoo!
2007-10-20 00:19 --------- d-----w C:\Documents and Settings\Ronald Boatwright\Application Data\Shareaza
2007-10-18 18:27 --------- d-----w C:\Documents and Settings\Ronald Boatwright\Application Data\Apple Computer
2007-10-10 02:52 --------- d-----w C:\Program Files\AIM
2007-10-10 02:52 --------- d-----w C:\Documents and Settings\Ronald Boatwright\Application Data\Aim
2007-10-06 23:06 --------- d-----w C:\Program Files\Real
2007-09-12 00:28 --------- d-----w C:\Documents and Settings\Ronald Boatwright\Application Data\AdobeUM
2007-09-08 02:08 --------- d-----w C:\Program Files\Common Files\Apple
2007-09-05 23:24 --------- d-----w C:\Documents and Settings\Ronald Boatwright\Application Data\Sonic
2007-09-05 23:15 --------- d-----w C:\Documents and Settings\Deborah Boatwright\Application Data\Viewpoint
2007-09-05 22:14 --------- d-----w C:\Documents and Settings\Deborah Boatwright\Application Data\Jasc Software Inc
2007-09-05 21:51 --------- d-----w C:\Documents and Settings\Deborah Boatwright\Application Data\GTek
2007-09-05 21:49 --------- d-----w C:\Documents and Settings\Deborah Boatwright\Application Data\AOL
2007-09-04 15:50 --------- d-----w C:\Program Files\Lavasoft
2007-09-04 15:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-04 15:34 --------- d-----w C:\Documents and Settings\Ronald Boatwright\Application Data\Talkback
2007-09-03 07:18 --------- d-----w C:\Documents and Settings\Ronald Boatwright\Application Data\Lavasoft
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86C510E9-97EF-4749-914F-0280247BE3A6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 15:36]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 17:41]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2005-02-04 19:32]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50]
"HostManager"="C:\Program Files\Common Files\AOL\1171311642\ee\AOLSoftware.exe" [2006-09-25 20:52]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-22 12:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe" [2005-01-21 20:04]
"BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-10-07 01:57]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-09-29 16:22]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

R1 vcdrom;Virtual CD-ROM Device Driver;\??\C:\WINDOWS\SYSTEM32\DRIVERS\VCdRom.sys
R3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
AutoRun\command - Z:\panel.exe -SecondCD

.
Contents of the 'Scheduled Tasks' folder
"2007-10-23 12:00:00 C:\WINDOWS\Tasks\Ad-Aware SE Personal.job"
- C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
"2007-10-24 22:08:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-24 22:36:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-24 22:38:44 - machine was rebooted
.
--- E O F ---




hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:50 PM, on 10/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1171311642\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html?p=DS
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {86C510E9-97EF-4749-914F-0280247BE3A6} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1171311642\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8666 bytes

#5 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 25 October 2007 - 02:45 AM

That looks better! :thumbsup:


Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

O2 - BHO: (no name) - {86C510E9-97EF-4749-914F-0280247BE3A6} - (no file)

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


If you dont use it and didnt install it,go to Add\Remove Programs and Remove "MyWay Search Assistant"


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please make sure any Internet Browsers are Closed before running the ATF Cleaner.



Restart the machine and Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.


#6 Synergy

Synergy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 25 October 2007 - 09:22 AM

Scanning Report
Thursday, October 25, 2007 09:15:36 - 10:07:33
Computer name: D3FQRS71
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 0 malware found

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 31927
System: 4489
Not scanned: 5
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 0
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{5651BF2C-662D-4655-823C-892782A4C526}.BIN

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure AVP: 7.0.171, 2007-10-25
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0597-150-72
F-Secure Libra: 2.4.2, 2007-10-24
F-Secure Orion: 1.2.37, 2007-10-25
F-Secure Pegasus: 1.19.0, 2007-09-18
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Use Advanced heuristics







thanks mate!!!! i can tell my computer is much, MUCH faster!!! and no more of those pesky redirecting link things lol!!


thanks so much! :blink: :thumbsup:

#7 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 25 October 2007 - 10:54 AM

Good deal,glad we are doing something right! :thumbsup:


Please post an uninstall list,
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file.
  • When you press Save button a notepad will open with the contents of that file.
  • Simply copy and paste the contents of that notepad into this topic please.

If you dont mind,run another scan over the machine at Panda.
http://www.nanoscan.com/as/v1/principal.aspx

Save the report at the end and post it in the next reply please.

#8 Synergy

Synergy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 25 October 2007 - 12:06 PM

Ad-Aware 2007
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player Plugin
Adobe Reader 6.0.1
Adobe Shockwave Player
Advanced Spyware Remover Free Edition
AIM 6
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
AVG 7.5
AVI Codec Pack
BroadJump Client Foundation
Dell Driver Reset Tool
Dell Photo AIO Printer 922
Dell Picture Studio v3.0
Dell Resource CD
DellSupport
DivX Content Uploader
DivX Web Player
EPSON CX6000 Series User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX6000 Scanner Driver Update
Google Earth
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 8 Dell Edition
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Kaspersky Online Scanner
Learn2 Player (Uninstall Only)
Macromedia Flash Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (2.0.0.8)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch® Jukebox
PhotoShow Express
Picasa 2
QuickBooks Simple Start Special Edition
QuickTime
RealPlayer Basic
Reason 3.0.4
Rhapsody Player Engine
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SoulSeek Client 156c
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
WinRAR archiver
WordPerfect Office 12
Yahoo! Internet Mail
Yahoo! Toolbar

#9 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 25 October 2007 - 12:30 PM

If you dont like all the toolbars,you can uninstall those along with all ViewPoint entries,these for the most part are totally worthless and uneeded.

Adobe Acrobat - Reader 6.0.2 Update<-- Uninstall

Adobe Reader 6.0.1<-- Up to version 8,please uninstall and update to latest version

Adobe Shockwave Player<-- Make sure its the latest version.

Advanced Spyware Remover Free Edition<-- Never heard of it before.

QuickTime<-- Make sure its the latest version.

RealPlayer Basic<-- Make sure its the latest version.


Post Panda results when you get ready. :thumbsup:

#10 Synergy

Synergy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 25 October 2007 - 01:35 PM

panda:


Scan details
High danger level (0)

Medium danger level (4)
Trj/Worthsearc... Virus Latent Hide + Info
C:\System Volume Informat...DBF8F}\RP482\A0023116.exe
Trj/Worthsearc... Virus Latent Hide + Info
C:\System Volume Informat...DBF8F}\RP482\A0023115.exe
Trj/Worthsearc... Virus Latent Hide + Info
C:\System Volume Informat...DBF8F}\RP482\A0023281.exe
C:\System Volume Informat...DBF8F}\RP482\A0023279.exe
C:\System Volume Informat...DBF8F}\RP482\A0023358.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023176.exe
C:\System Volume Informat...DBF8F}\RP482\A0023488.exe
C:\System Volume Informat...DBF8F}\RP482\A0023250.exe
C:\System Volume Informat...DBF8F}\RP482\A0023562.exe
C:\System Volume Informat...DBF8F}\RP482\A0023248.exe
C:\System Volume Informat...DBF8F}\RP482\A0023327.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023385.exe
C:\System Volume Informat...DBF8F}\RP482\A0023145.exe
C:\System Volume Informat...DBF8F}\RP482\A0023457.exe
C:\System Volume Informat...DBF8F}\RP482\A0023217.exe
C:\System Volume Informat...DBF8F}\RP482\A0023426.exe
C:\System Volume Informat...DBF8F}\RP482\A0023500.exe
C:\System Volume Informat...DBF8F}\RP482\A0023593.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023490.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023604.exe
C:\System Volume Informat...DBF8F}\RP482\A0023531.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023587.exe
C:\System Volume Informat...DBF8F}\RP482\A0023529.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023354.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023172.exe
C:\System Volume Informat...DBF8F}\RP482\A0023484.exe
C:\System Volume Informat...DBF8F}\RP482\A0023244.exe
C:\System Volume Informat...DBF8F}\RP482\A0023556.exe
C:\System Volume Informat...DBF8F}\RP482\A0023323.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023381.exe
C:\System Volume Informat...DBF8F}\RP482\A0023141.exe
C:\System Volume Informat...DBF8F}\RP482\A0023379.exe
C:\System Volume Informat...DBF8F}\RP482\A0023139.exe
C:\System Volume Informat...DBF8F}\RP482\A0023453.exe
C:\System Volume Informat...DBF8F}\RP482\A0023213.exe
C:\System Volume Informat...DBF8F}\RP482\A0023350.exe
C:\System Volume Informat...DBF8F}\RP482\A0023348.exe
C:\System Volume Informat...DBF8F}\RP482\A0023422.exe
C:\System Volume Informat...DBF8F}\RP482\A0023275.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023317.exe
C:\System Volume Informat...DBF8F}\RP480\A0023096.exe
C:\System Volume Informat...DBF8F}\RP482\A0023600.exe
C:\System Volume Informat...DBF8F}\RP482\A0023197.exe
C:\System Volume Informat...DBF8F}\RP482\A0023271.exe
C:\System Volume Informat...DBF8F}\RP482\A0023583.exe
C:\System Volume Informat...DBF8F}\RP482\A0023525.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023269.exe
C:\System Volume Informat...DBF8F}\RP482\A0023166.exe
C:\System Volume Informat...DBF8F}\RP482\A0023480.exe
C:\System Volume Informat...DBF8F}\RP482\A0023478.exe
C:\System Volume Informat...DBF8F}\RP482\A0023240.exe
C:\System Volume Informat...DBF8F}\RP482\A0023552.exe
C:\System Volume Informat...DBF8F}\RP482\A0023238.exe
C:\System Volume Informat...DBF8F}\RP482\A0023375.exe
C:\System Volume Informat...DBF8F}\RP482\A0023135.exe
C:\System Volume Informat...DBF8F}\RP482\A0023447.exe
C:\System Volume Informat...DBF8F}\RP482\A0023521.exe
C:\System Volume Informat...DBF8F}\RP482\A0023207.exe
C:\System Volume Informat...DBF8F}\RP482\A0023519.exe
C:\System Volume Informat...DBF8F}\RP482\A0023344.exe
C:\System Volume Informat...DBF8F}\RP482\A0023416.exe
C:\System Volume Informat...DBF8F}\RP482\A0023313.exe
C:\System Volume Informat...DBF8F}\RP482\A0023296.exe
C:\System Volume Informat...DBF8F}\RP482\A0023193.exe
C:\System Volume Informat...DBF8F}\RP482\A0023265.exe
C:\System Volume Informat...DBF8F}\RP482\A0023577.exe
C:\System Volume Informat...DBF8F}\RP482\A0023162.exe
C:\System Volume Informat...DBF8F}\RP482\A0023474.exe
C:\System Volume Informat...DBF8F}\RP482\A0023234.exe
C:\System Volume Informat...DBF8F}\RP482\A0023546.exe
C:\System Volume Informat...DBF8F}\RP482\A0023371.exe
C:\System Volume Informat...DBF8F}\RP482\A0023369.exe
C:\System Volume Informat...DBF8F}\RP482\A0023131.exe
C:\System Volume Informat...DBF8F}\RP480\A0022637.exe
C:\System Volume Informat...DBF8F}\RP482\A0023129.exe
C:\System Volume Informat...DBF8F}\RP482\A0023443.exe
C:\System Volume Informat...DBF8F}\RP482\A0023203.exe
C:\System Volume Informat...DBF8F}\RP482\A0023515.exe
C:\System Volume Informat...DBF8F}\RP482\A0023340.exe
C:\System Volume Informat...DBF8F}\RP482\A0023338.exe
C:\System Volume Informat...DBF8F}\RP482\A0023412.exe
C:\System Volume Informat...DBF8F}\RP482\A0023307.exe
C:\System Volume Informat...DBF8F}\RP482\A0023292.exe
C:\System Volume Informat...DBF8F}\RP482\A0023187.exe
C:\System Volume Informat...DBF8F}\RP482\A0023499.exe
C:\System Volume Informat...DBF8F}\RP482\A0023261.exe
C:\System Volume Informat...DBF8F}\RP482\A0023573.exe
C:\System Volume Informat...DBF8F}\RP482\A0023259.exe
C:\System Volume Informat...DBF8F}\RP482\A0023396.exe
C:\System Volume Informat...DBF8F}\RP482\A0023156.exe
C:\System Volume Informat...DBF8F}\RP482\A0023470.exe
C:\System Volume Informat...DBF8F}\RP482\A0023468.exe
C:\System Volume Informat...DBF8F}\RP482\A0023230.exe
C:\System Volume Informat...DBF8F}\RP482\A0023542.exe
C:\System Volume Informat...DBF8F}\RP482\A0023228.exe
C:\System Volume Informat...DBF8F}\RP482\A0023365.exe
C:\System Volume Informat...DBF8F}\RP482\A0023125.exe
C:\System Volume Informat...DBF8F}\RP482\A0023437.exe
C:\System Volume Informat...DBF8F}\RP482\A0023511.exe
C:\System Volume Informat...DBF8F}\RP482\A0023509.exe
C:\System Volume Informat...DBF8F}\RP482\A0023334.exe
C:\System Volume Informat...DBF8F}\RP482\A0023406.exe
C:\System Volume Informat...DBF8F}\RP482\A0023303.exe
C:\System Volume Informat...DBF8F}\RP482\A0023615.exe
C:\System Volume Informat...DBF8F}\RP482\A0023286.exe
C:\System Volume Informat...DBF8F}\RP482\A0023598.exe
C:\System Volume Informat...DBF8F}\RP482\A0023183.exe
C:\System Volume Informat...DBF8F}\RP482\A0023495.exe
C:\System Volume Informat...DBF8F}\RP482\A0023255.exe
C:\System Volume Informat...DBF8F}\RP482\A0023567.exe
C:\System Volume Informat...DBF8F}\RP482\A0023392.exe
C:\System Volume Informat...DBF8F}\RP482\A0023152.exe
C:\System Volume Informat...DBF8F}\RP482\A0023464.exe
C:\System Volume Informat...DBF8F}\RP482\A0023224.exe
C:\System Volume Informat...DBF8F}\RP482\A0023536.exe
C:\System Volume Informat...DBF8F}\RP482\A0023121.exe
C:\System Volume Informat...DBF8F}\RP482\A0023433.exe
C:\System Volume Informat...DBF8F}\RP482\A0023505.exe
C:\System Volume Informat...DBF8F}\RP482\A0023402.exe
C:\System Volume Informat...DBF8F}\RP482\A0023611.exe
C:\System Volume Informat...DBF8F}\RP482\A0023609.exe
C:\System Volume Informat...DBF8F}\RP482\A0023282.exe
C:\System Volume Informat...DBF8F}\RP482\A0023361.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023359.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023491.exe
C:\System Volume Informat...DBF8F}\RP482\A0023177.exe
C:\System Volume Informat...DBF8F}\RP482\A0023489.exe
C:\System Volume Informat...DBF8F}\RP482\A0023251.exe
C:\System Volume Informat...DBF8F}\RP482\A0023563.exe
C:\System Volume Informat...DBF8F}\RP482\A0023330.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023249.exe
C:\System Volume Informat...DBF8F}\RP482\A0023328.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023386.exe
C:\System Volume Informat...DBF8F}\RP482\A0023146.exe
C:\System Volume Informat...DBF8F}\RP482\A0023460.exe
C:\System Volume Informat...DBF8F}\RP482\A0023220.exe
C:\System Volume Informat...DBF8F}\RP482\A0023532.exe
C:\System Volume Informat...DBF8F}\RP482\A0023218.exe
C:\System Volume Informat...DBF8F}\RP482\A0023427.exe
C:\System Volume Informat...DBF8F}\RP482\A0023501.exe
C:\System Volume Informat...DBF8F}\RP482\A0023594.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023605.exe
C:\System Volume Informat...DBF8F}\RP482\A0023458.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023590.exe
C:\System Volume Informat...DBF8F}\RP482\A0023588.exe
C:\System Volume Informat...DBF8F}\RP482\A0023355.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023173.exe
C:\System Volume Informat...DBF8F}\RP482\A0023485.exe
C:\System Volume Informat...DBF8F}\RP482\A0023245.exe
C:\System Volume Informat...DBF8F}\RP482\A0023557.exe
C:\System Volume Informat...DBF8F}\RP482\A0023324.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023382.exe
C:\System Volume Informat...DBF8F}\RP482\A0023142.exe
C:\System Volume Informat...DBF8F}\RP482\A0023454.exe
C:\System Volume Informat...DBF8F}\RP482\A0023214.exe
C:\System Volume Informat...DBF8F}\RP482\A0023351.exe
C:\System Volume Informat...DBF8F}\RP482\A0023349.exe
C:\System Volume Informat...DBF8F}\RP482\A0023423.exe
C:\System Volume Informat...DBF8F}\RP482\A0023276.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023318.exe
C:\System Volume Informat...DBF8F}\RP480\A0023097.exe
C:\System Volume Informat...DBF8F}\RP482\A0023601.exe
C:\System Volume Informat...DBF8F}\RP482\A0023198.exe
C:\System Volume Informat...DBF8F}\RP482\A0023272.exe
C:\System Volume Informat...DBF8F}\RP482\A0023584.exe
C:\System Volume Informat...DBF8F}\RP482\A0023526.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023167.exe
C:\System Volume Informat...DBF8F}\RP482\A0023481.exe
C:\System Volume Informat...DBF8F}\RP482\A0023479.exe
C:\System Volume Informat...DBF8F}\RP482\A0023241.exe
C:\System Volume Informat...DBF8F}\RP482\A0023553.exe
C:\System Volume Informat...DBF8F}\RP482\A0023239.exe
C:\System Volume Informat...DBF8F}\RP482\A0023320.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023376.exe
C:\System Volume Informat...DBF8F}\RP482\A0023136.exe
C:\System Volume Informat...DBF8F}\RP482\A0023450.exe
C:\System Volume Informat...DBF8F}\RP482\A0023448.exe
C:\System Volume Informat...DBF8F}\RP482\A0023210.exe
C:\System Volume Informat...DBF8F}\RP482\A0023522.exe
C:\System Volume Informat...DBF8F}\RP482\A0023208.exe
C:\System Volume Informat...DBF8F}\RP482\A0023345.exe
C:\System Volume Informat...DBF8F}\RP482\A0023417.exe
C:\System Volume Informat...DBF8F}\RP482\A0023314.exe
C:\System Volume Informat...DBF8F}\RP482\A0023297.exe
C:\System Volume Informat...DBF8F}\RP482\A0023194.exe
C:\System Volume Informat...DBF8F}\RP482\A0023580.exe
C:\System Volume Informat...DBF8F}\RP482\A0023266.exe
C:\System Volume Informat...DBF8F}\RP482\A0023578.exe
C:\System Volume Informat...DBF8F}\RP482\A0023163.exe
C:\System Volume Informat...DBF8F}\RP482\A0023475.exe
C:\System Volume Informat...DBF8F}\RP482\A0023235.exe
C:\System Volume Informat...DBF8F}\RP482\A0023547.exe
C:\System Volume Informat...DBF8F}\RP482\A0023372.exe
C:\System Volume Informat...DBF8F}\RP480\A0022640.exe
C:\System Volume Informat...DBF8F}\RP482\A0023132.exe
C:\System Volume Informat...DBF8F}\RP482\A0023444.exe
C:\System Volume Informat...DBF8F}\RP482\A0023204.exe
C:\System Volume Informat...DBF8F}\RP482\A0023516.exe
C:\System Volume Informat...DBF8F}\RP482\A0023341.exe
C:\System Volume Informat...DBF8F}\RP482\A0023339.exe
C:\System Volume Informat...DBF8F}\RP482\A0023413.exe
C:\System Volume Informat...DBF8F}\RP482\A0023310.exe
C:\System Volume Informat...DBF8F}\RP482\A0023308.exe
C:\System Volume Informat...DBF8F}\RP482\A0023293.exe
C:\System Volume Informat...DBF8F}\RP482\A0023190.exe
C:\System Volume Informat...DBF8F}\RP482\A0023188.exe
C:\System Volume Informat...DBF8F}\RP482\A0023262.exe
C:\System Volume Informat...DBF8F}\RP482\A0023574.exe
C:\System Volume Informat...DBF8F}\RP482\A0023397.exe
C:\System Volume Informat...DBF8F}\RP482\A0023157.exe
C:\System Volume Informat...DBF8F}\RP482\A0023471.exe
C:\System Volume Informat...DBF8F}\RP482\A0023231.exe
C:\System Volume Informat...DBF8F}\RP482\A0023543.exe
C:\System Volume Informat...DBF8F}\RP482\A0023229.exe
C:\System Volume Informat...DBF8F}\RP482\A0023366.exe
C:\System Volume Informat...DBF8F}\RP482\A0023440.exe
C:\System Volume Informat...DBF8F}\RP482\A0023200.exe
C:\System Volume Informat...DBF8F}\RP482\A0023438.exe
C:\System Volume Informat...DBF8F}\RP482\A0023512.exe
C:\System Volume Informat...DBF8F}\RP482\A0023335.exe
C:\System Volume Informat...DBF8F}\RP482\A0023407.exe
C:\System Volume Informat...DBF8F}\RP482\A0023304.exe
C:\System Volume Informat...DBF8F}\RP482\A0023616.exe
C:\System Volume Informat...DBF8F}\RP482\A0023469.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023599.exe
C:\System Volume Informat...DBF8F}\RP482\A0023126.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023184.exe
C:\System Volume Informat...DBF8F}\RP482\A0023496.exe
C:\System Volume Informat...DBF8F}\RP482\A0023570.exe
C:\System Volume Informat...DBF8F}\RP482\A0023256.exe
C:\System Volume Informat...DBF8F}\RP482\A0023568.exe
C:\System Volume Informat...DBF8F}\RP482\A0023393.exe
C:\System Volume Informat...DBF8F}\RP482\A0023153.exe
C:\System Volume Informat...DBF8F}\RP482\A0023225.exe
C:\System Volume Informat...DBF8F}\RP482\A0023537.exe
C:\System Volume Informat...DBF8F}\RP482\A0023362.exe
C:\System Volume Informat...DBF8F}\RP482\A0023434.exe
C:\System Volume Informat...DBF8F}\RP482\A0023506.exe
C:\System Volume Informat...DBF8F}\RP482\A0023287.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023403.exe
C:\System Volume Informat...DBF8F}\RP482\A0023300.exe
C:\System Volume Informat...DBF8F}\RP482\A0023612.exe
C:\System Volume Informat...DBF8F}\RP482\A0023465.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023283.exe
C:\System Volume Informat...DBF8F}\RP482\A0023180.exe
C:\System Volume Informat...DBF8F}\RP482\A0023492.exe
C:\System Volume Informat...DBF8F}\RP482\A0023178.exe
C:\System Volume Informat...DBF8F}\RP482\A0023252.exe
C:\System Volume Informat...DBF8F}\RP482\A0023564.exe
C:\System Volume Informat...DBF8F}\RP482\A0023331.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023329.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023387.exe
C:\System Volume Informat...DBF8F}\RP482\A0023147.exe
C:\System Volume Informat...DBF8F}\RP482\A0023461.exe
C:\System Volume Informat...DBF8F}\RP482\A0023459.exe
C:\System Volume Informat...DBF8F}\RP482\A0023221.exe
C:\System Volume Informat...DBF8F}\RP482\A0023533.exe
C:\System Volume Informat...DBF8F}\RP482\A0023219.exe
C:\System Volume Informat...DBF8F}\RP482\A0023430.exe
C:\System Volume Informat...DBF8F}\RP482\A0023428.exe
C:\System Volume Informat...DBF8F}\RP482\A0023502.exe
C:\System Volume Informat...DBF8F}\RP482\A0023595.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023606.exe
C:\System Volume Informat...DBF8F}\RP482\A0023591.exe
C:\System Volume Informat...DBF8F}\RP482\A0023589.exe
C:\System Volume Informat...DBF8F}\RP482\A0023356.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023174.exe
C:\System Volume Informat...DBF8F}\RP482\A0023486.exe
C:\System Volume Informat...DBF8F}\RP482\A0023560.exe
C:\System Volume Informat...DBF8F}\RP482\A0023246.exe
C:\System Volume Informat...DBF8F}\RP482\A0023558.exe
C:\System Volume Informat...DBF8F}\RP482\A0023325.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023383.exe
C:\System Volume Informat...DBF8F}\RP482\A0023143.exe
C:\System Volume Informat...DBF8F}\RP482\A0023455.exe
C:\System Volume Informat...DBF8F}\RP482\A0023215.exe
C:\System Volume Informat...DBF8F}\RP482\A0023352.exe
C:\System Volume Informat...DBF8F}\RP482\A0023424.exe
C:\System Volume Informat...DBF8F}\RP482\A0023277.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023602.exe
C:\System Volume Informat...DBF8F}\RP482\A0023199.exe
C:\System Volume Informat...DBF8F}\RP482\A0023273.exe
C:\System Volume Informat...DBF8F}\RP482\A0023585.exe
C:\System Volume Informat...DBF8F}\RP482\A0023527.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023170.exe
C:\System Volume Informat...DBF8F}\RP482\A0023168.exe
C:\System Volume Informat...DBF8F}\RP482\A0023482.exe
C:\System Volume Informat...DBF8F}\RP482\A0023242.exe
C:\System Volume Informat...DBF8F}\RP482\A0023554.exe
C:\System Volume Informat...DBF8F}\RP482\A0023321.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023377.exe
C:\System Volume Informat...DBF8F}\RP482\A0023319.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023451.exe
C:\System Volume Informat...DBF8F}\RP482\A0023137.exe
C:\System Volume Informat...DBF8F}\RP482\A0023449.exe
C:\System Volume Informat...DBF8F}\RP482\A0023211.exe
C:\System Volume Informat...DBF8F}\RP482\A0023523.exe
C:\System Volume Informat...DBF8F}\RP482\A0023209.exe
C:\System Volume Informat...DBF8F}\RP482\A0023346.exe
C:\System Volume Informat...DBF8F}\RP482\A0023420.exe
C:\System Volume Informat...DBF8F}\RP482\A0023418.exe
C:\System Volume Informat...DBF8F}\RP482\A0023315.exe
C:\System Volume Informat...DBF8F}\RP482\A0023298.exe
C:\System Volume Informat...DBF8F}\RP482\A0023195.exe
C:\System Volume Informat...DBF8F}\RP482\A0023581.exe
C:\System Volume Informat...DBF8F}\RP482\A0023267.exe
C:\System Volume Informat...DBF8F}\RP482\A0023579.exe
C:\System Volume Informat...DBF8F}\RP482\A0023164.exe
C:\System Volume Informat...DBF8F}\RP482\A0023476.exe
C:\System Volume Informat...DBF8F}\RP482\A0023550.exe
C:\System Volume Informat...DBF8F}\RP482\A0023236.exe
C:\System Volume Informat...DBF8F}\RP482\A0023548.exe
C:\System Volume Informat...DBF8F}\RP482\A0023373.exe
C:\System Volume Informat...DBF8F}\RP480\A0022641.exe
C:\System Volume Informat...DBF8F}\RP482\A0023133.exe
C:\System Volume Informat...DBF8F}\RP482\A0023445.exe
C:\System Volume Informat...DBF8F}\RP482\A0023205.exe
C:\System Volume Informat...DBF8F}\RP482\A0023517.exe
C:\System Volume Informat...DBF8F}\RP482\A0023342.exe
C:\System Volume Informat...DBF8F}\RP482\A0023414.exe
C:\System Volume Informat...DBF8F}\RP482\A0023311.exe
C:\System Volume Informat...DBF8F}\RP482\A0023309.exe
C:\System Volume Informat...DBF8F}\RP482\A0023294.exe
C:\System Volume Informat...DBF8F}\RP482\A0023191.exe
C:\System Volume Informat...DBF8F}\RP482\A0023189.exe
C:\System Volume Informat...DBF8F}\RP482\A0023263.exe
C:\System Volume Informat...DBF8F}\RP482\A0023575.exe
C:\System Volume Informat...DBF8F}\RP482\A0023398.exe
C:\System Volume Informat...DBF8F}\RP482\A0023160.exe
C:\System Volume Informat...DBF8F}\RP482\A0023158.exe
C:\System Volume Informat...DBF8F}\RP482\A0023472.exe
C:\System Volume Informat...DBF8F}\RP482\A0023232.exe
C:\System Volume Informat...DBF8F}\RP482\A0023544.exe
C:\System Volume Informat...DBF8F}\RP482\A0023367.exe
C:\System Volume Informat...DBF8F}\RP482\A0023441.exe
C:\System Volume Informat...DBF8F}\RP482\A0023439.exe
C:\System Volume Informat...DBF8F}\RP482\A0023201.exe
C:\System Volume Informat...DBF8F}\RP482\A0023513.exe
C:\System Volume Informat...DBF8F}\RP482\A0023336.exe
C:\System Volume Informat...DBF8F}\RP482\A0023410.exe
C:\System Volume Informat...DBF8F}\RP482\A0023408.exe
C:\System Volume Informat...DBF8F}\RP482\A0023305.exe
C:\System Volume Informat...DBF8F}\RP482\A0023617.exe
C:\System Volume Informat...DBF8F}\RP482\A0023290.exe
C:\System Volume Informat...DBF8F}\RP482\A0023288.exe
C:\System Volume Informat...DBF8F}\RP482\A0023127.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023185.exe
C:\System Volume Informat...DBF8F}\RP482\A0023497.exe
C:\System Volume Informat...DBF8F}\RP482\A0023571.exe
C:\System Volume Informat...DBF8F}\RP482\A0023257.exe
C:\System Volume Informat...DBF8F}\RP482\A0023569.exe
C:\System Volume Informat...DBF8F}\RP482\A0023394.exe
C:\System Volume Informat...DBF8F}\RP482\A0023154.exe
C:\System Volume Informat...DBF8F}\RP482\A0023540.exe
C:\System Volume Informat...DBF8F}\RP482\A0023226.exe
C:\System Volume Informat...DBF8F}\RP482\A0023538.exe
C:\System Volume Informat...DBF8F}\RP482\A0023363.exe
C:\System Volume Informat...DBF8F}\RP482\A0023123.exe
C:\System Volume Informat...DBF8F}\RP482\A0023435.exe
C:\System Volume Informat...DBF8F}\RP482\A0023507.exe
C:\System Volume Informat...DBF8F}\RP482\A0023404.exe
C:\System Volume Informat...DBF8F}\RP482\A0023301.exe
C:\System Volume Informat...DBF8F}\RP482\A0023613.exe
C:\System Volume Informat...DBF8F}\RP482\A0023466.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023284.exe
C:\System Volume Informat...DBF8F}\RP482\A0023596.exe
C:\System Volume Informat...DBF8F}\RP482\A0023181.exe
C:\System Volume Informat...DBF8F}\RP482\A0023493.exe
C:\System Volume Informat...DBF8F}\RP482\A0023179.exe
C:\System Volume Informat...DBF8F}\RP482\A0023253.exe
C:\System Volume Informat...DBF8F}\RP482\A0023565.exe
C:\System Volume Informat...DBF8F}\RP482\A0023332.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023390.exe
C:\System Volume Informat...DBF8F}\RP482\A0023388.exe
C:\System Volume Informat...DBF8F}\RP482\A0023150.exe
C:\System Volume Informat...DBF8F}\RP482\A0023148.exe
C:\System Volume Informat...DBF8F}\RP482\A0023222.exe
C:\System Volume Informat...DBF8F}\RP482\A0023534.exe
C:\System Volume Informat...DBF8F}\RP482\A0023431.exe
C:\System Volume Informat...DBF8F}\RP482\A0023429.exe
C:\System Volume Informat...DBF8F}\RP482\A0023503.exe
C:\System Volume Informat...DBF8F}\RP482\A0023400.exe
C:\System Volume Informat...DBF8F}\RP482\A0023607.exe
C:\System Volume Informat...DBF8F}\RP482\A0023462.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023280.exe
C:\System Volume Informat...DBF8F}\RP482\A0023357.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023175.exe
C:\System Volume Informat...DBF8F}\RP482\A0023487.exe
C:\System Volume Informat...DBF8F}\RP482\A0023561.exe
C:\System Volume Informat...DBF8F}\RP482\A0023247.exe
C:\System Volume Informat...DBF8F}\RP482\A0023559.exe
C:\System Volume Informat...DBF8F}\RP482\A0023326.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023384.exe
C:\System Volume Informat...DBF8F}\RP482\A0023144.exe
C:\System Volume Informat...DBF8F}\RP482\A0023456.exe
C:\System Volume Informat...DBF8F}\RP482\A0023216.exe
C:\System Volume Informat...DBF8F}\RP482\A0023353.exe
C:\System Volume Informat...DBF8F}\RP482\A0023425.exe
C:\System Volume Informat...DBF8F}\RP482\A0023592.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023278.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023603.exe
C:\System Volume Informat...DBF8F}\RP482\A0023530.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023274.exe
C:\System Volume Informat...DBF8F}\RP482\A0023586.exe
C:\System Volume Informat...DBF8F}\RP482\A0023528.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023171.exe
C:\System Volume Informat...DBF8F}\RP482\A0023483.exe
C:\System Volume Informat...DBF8F}\RP482\A0023169.exe
C:\System Volume Informat...DBF8F}\RP482\A0023243.exe
C:\System Volume Informat...DBF8F}\RP482\A0023555.exe
C:\System Volume Informat...DBF8F}\RP482\A0023322.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023380.exe
C:\System Volume Informat...DBF8F}\RP482\A0023378.exe
C:\System Volume Informat...DBF8F}\RP482\A0023140.exe
C:\System Volume Informat...DBF8F}\RP482\A0023138.exe
C:\System Volume Informat...DBF8F}\RP482\A0023452.exe
C:\System Volume Informat...DBF8F}\RP482\A0023212.exe
C:\System Volume Informat...DBF8F}\RP482\A0023347.exe
C:\System Volume Informat...DBF8F}\RP482\A0023421.exe
C:\System Volume Informat...DBF8F}\RP482\A0023419.exe
C:\System Volume Informat...DBF8F}\RP482\A0023316.exe
C:\System Volume Informat...DBF8F}\RP480\A0023095.exe
C:\System Volume Informat...DBF8F}\RP482\A0023299.exe
C:\System Volume Informat...DBF8F}\RP482\A0023196.exe
C:\System Volume Informat...DBF8F}\RP482\A0023270.exe
C:\System Volume Informat...DBF8F}\RP482\A0023524.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023268.exe
C:\System Volume Informat...DBF8F}\RP482\A0023165.exe
C:\System Volume Informat...DBF8F}\RP482\A0023477.exe
C:\System Volume Informat...DBF8F}\RP482\A0023551.exe
C:\System Volume Informat...DBF8F}\RP482\A0023237.exe
C:\System Volume Informat...DBF8F}\RP482\A0023549.exe
C:\System Volume Informat...DBF8F}\RP482\A0023374.exe
C:\System Volume Informat...DBF8F}\RP482\A0023134.exe
C:\System Volume Informat...DBF8F}\RP482\A0023446.exe
C:\System Volume Informat...DBF8F}\RP482\A0023520.exe
C:\System Volume Informat...DBF8F}\RP482\A0023206.exe
C:\System Volume Informat...DBF8F}\RP482\A0023518.exe
C:\System Volume Informat...DBF8F}\RP482\A0023343.exe
C:\System Volume Informat...DBF8F}\RP482\A0023415.exe
C:\System Volume Informat...DBF8F}\RP482\A0023582.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023312.exe
C:\System Volume Informat...DBF8F}\RP482\A0023295.exe
C:\System Volume Informat...DBF8F}\RP482\A0023192.exe
C:\System Volume Informat...DBF8F}\RP482\A0023264.exe
C:\System Volume Informat...DBF8F}\RP482\A0023576.exe
C:\System Volume Informat...DBF8F}\RP482\A0023399.exe
C:\System Volume Informat...DBF8F}\RP482\A0023161.exe
C:\System Volume Informat...DBF8F}\RP482\A0023473.exe
C:\System Volume Informat...DBF8F}\RP482\A0023159.exe
C:\System Volume Informat...DBF8F}\RP482\A0023233.exe
C:\System Volume Informat...DBF8F}\RP482\A0023545.exe
C:\System Volume Informat...DBF8F}\RP482\A0023370.exe
C:\System Volume Informat...DBF8F}\RP482\A0023130.exe
C:\System Volume Informat...DBF8F}\RP482\A0023368.exe
C:\System Volume Informat...DBF8F}\RP482\A0023128.exe
C:\System Volume Informat...DBF8F}\RP482\A0023442.exe
C:\System Volume Informat...DBF8F}\RP482\A0023202.exe
C:\System Volume Informat...DBF8F}\RP482\A0023514.exe
C:\System Volume Informat...DBF8F}\RP482\A0023337.exe
C:\System Volume Informat...DBF8F}\RP482\A0023411.exe
C:\System Volume Informat...DBF8F}\RP482\A0023409.exe
C:\System Volume Informat...DBF8F}\RP482\A0023306.exe
C:\System Volume Informat...DBF8F}\RP482\A0023618.exe
C:\System Volume Informat...DBF8F}\RP482\A0023291.exe
C:\System Volume Informat...DBF8F}\RP482\A0023289.exe
C:\System Volume Informat...DBF8F}\RP482\A0023186.exe
C:\System Volume Informat...DBF8F}\RP482\A0023498.exe
C:\System Volume Informat...DBF8F}\RP482\A0023260.exe
C:\System Volume Informat...DBF8F}\RP482\A0023572.exe
C:\System Volume Informat...DBF8F}\RP482\A0023258.exe
C:\System Volume Informat...DBF8F}\RP482\A0023395.exe
C:\System Volume Informat...DBF8F}\RP482\A0023155.exe
C:\System Volume Informat...DBF8F}\RP482\A0023541.exe
C:\System Volume Informat...DBF8F}\RP482\A0023227.exe
C:\System Volume Informat...DBF8F}\RP482\A0023539.exe
C:\System Volume Informat...DBF8F}\RP482\A0023364.exe
C:\System Volume Informat...DBF8F}\RP482\A0023124.exe
C:\System Volume Informat...DBF8F}\RP482\A0023436.exe
C:\System Volume Informat...DBF8F}\RP482\A0023510.exe
C:\System Volume Informat...DBF8F}\RP482\A0023508.exe
C:\System Volume Informat...DBF8F}\RP482\A0023333.exe
C:\System Volume Informat...DBF8F}\RP482\A0023405.exe
C:\System Volume Informat...DBF8F}\RP482\A0023302.exe
C:\System Volume Informat...DBF8F}\RP482\A0023614.exe
C:\System Volume Informat...DBF8F}\RP482\A0023467.EXE
C:\System Volume Informat...DBF8F}\RP482\A0023285.exe
C:\System Volume Informat...DBF8F}\RP482\A0023597.exe
C:\System Volume Informat...DBF8F}\RP482\A0023182.exe
C:\System Volume Informat...DBF8F}\RP482\A0023494.exe
C:\System Volume Informat...DBF8F}\RP482\A0023254.exe
C:\System Volume Informat...DBF8F}\RP482\A0023566.exe
C:\System Volume Informat...DBF8F}\RP482\A0023391.exe
C:\System Volume Informat...DBF8F}\RP482\A0023151.exe
C:\System Volume Informat...DBF8F}\RP482\A0023149.exe
C:\System Volume Informat...DBF8F}\RP482\A0023463.exe
C:\System Volume Informat...DBF8F}\RP482\A0023223.exe
C:\System Volume Informat...DBF8F}\RP482\A0023535.exe
C:\System Volume Informat...DBF8F}\RP482\A0023360.exe
C:\System Volume Informat...DBF8F}\RP482\A0023432.exe
C:\System Volume Informat...DBF8F}\RP482\A0023504.exe
C:\System Volume Informat...DBF8F}\RP482\A0023401.exe
C:\System Volume Informat...DBF8F}\RP482\A0023610.exe
C:\System Volume Informat...DBF8F}\RP482\A0023608.exe
C:\System Volume Informat...DBF8F}\RP482\A0023389.EXE
Trj/Rebooter.J Virus Latent Hide + Info
C:\Documents and Settings...x\SmitfraudFix\Reboot.exe

Low danger level (8)
Application/My... Tracking Application Latent Hide + Info
C:\System Volume Informat...DBF8F}\RP487\A0024354.dll
Application/Su... Tracking Application Latent Hide + Info
C:\Documents and Settings...\SmitfraudFix\restart.exe
Application/Ni... Tracking Application Latent Hide + Info
C:\WINDOWS\NirCmd.exe
C:\System Volume Informat...\A0024351.exe[nircmd.exe]
C:\System Volume Informat...0024351.exe[nircmd.cfexe]
Application/Vi... Tracking Application Latent Hide + Info
C:\System Volume Informat...DBF8F}\RP487\A0024390.dll
Adware/PornoPl... Adware Latent Hide + Info
C:\System Volume Informat...DBF8F}\RP422\A0017864.exe
Generic Adware Spyware Latent Hide + Info
C:\RECYCLER\S-1-5-21-6243...6-2469508985-1006\Dc8.dll
C:\System Volume Informat...20845.exe[VirtualDNS.dll]
Application/Ni... Tracking Application Latent Hide + Info
C:\fixwareout\FindT\nircmd.exe
Application/Pr... Tracking Application Latent Hide + Info
C:\Documents and Settings...\SmitfraudFix\Process.exe
C:\WINDOWS\SYSTEM32\Process.exe



it wont let me disinfect says i have to pay to become a member. can i just remove all these files?

Edited by Synergy, 25 October 2007 - 01:37 PM.


#11 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 25 October 2007 - 01:51 PM

You can remove the folders for Smitfraud Fix and FixWareout.

Now we need to reset System Restore and Clear out all the old infected restore points.
  • Click Start
  • Right-Click "My Computer" and Select Properties.
  • Click on the "System Restore" tab.
  • Place a checkmark in the box for "Turn off System Restore" and Click "Apply."
  • Restart the Computer.
  • Return to System Restore and Uncheck the box for "Turn off System Restore" and Click "Apply."
  • A fresh Restore Point will be created.

Consider using Erunt for a backup to System Restore in case the machine ever does crash.
http://silentrunners.org/sr_eruntuse.html

Be sure to read through the entire page and pay close attention to Emergency Procedures should you ever need it.


PC seem to running OK now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users