Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How Do I know if I am Infected?


  • Please log in to reply
26 replies to this topic

#1 ispy6266

ispy6266

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 09 February 2009 - 10:17 PM

Hello,

I need to know if my computer has been infected. Here are the specs.

Windows Update pops up with the IE 7 upgrade. I accept. After reboot I can't open my music player. I check other music players and they just freeze after opening. I do a virus scan (McAfee) and delete the spyware and other things it shows.

I, then, try to do a system restore. Application wont even start. This alarms me. I try other programs, including Word. It opens but freezes when I click on anythig in the toolbar.

I do a uninstall of the IE 7 and return to IE 6.

The music player works but the Word and system restore functions still dont.

I, then, do a repair on the Office Suite. The repair doesn't work, so I uninstall it completely.

Then, I reinstall it. No Go! It still wont work properly. I uninstall it again. Will re-install after this problem has been corrected.

I already had an old revision of Spybot S & D on this computer, so I updated it and let it run. It found a bunch of things and cleaned all it could. I rebooted to take care of the 8 that didn't clean automatically.

None of this worked.

I, then ran sfc/scannow and inserted the XP Home Edition to assist the function. After I ran it, I was able to operate the system restore.

I have tried to do two system restores to take the system back about a week before these problems started. No Go! Could not restore to either check point.

I am totally lost at this point. Am I infected? If so, How do I get cured? Please help!


Girl who loves her computer
Ispy

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:01 PM

Posted 09 February 2009 - 10:43 PM

Hello and welcome please run these next. If you have Spybot installed temporarily disable it.
Next run ATF:
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".


Next run MBAM:
Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ispy6266

ispy6266
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 10 February 2009 - 12:05 AM

Hello boopme,

I encountered my first problem. I downloaded ATF and tried to run it. It loads and allows me to select all and click on Empty Selected. Then it freezes. Question: Do I continue on to the next step or do we try to work out this new issue first?

Ispy

#4 ispy6266

ispy6266
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 10 February 2009 - 12:07 AM

Also, not sure if I disabled the Spybot properly. It was open in the icon tray and I selected exit. Did that disable it or do I have to do something else?

Ispy

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:01 PM

Posted 10 February 2009 - 12:27 AM

Hi, OK move on after ATF and yes that disabled it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 ispy6266

ispy6266
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 10 February 2009 - 01:42 AM

Here's the log..............


Malwarebytes' Anti-Malware 1.33
Database version: 1742
Windows 5.1.2600 Service Pack 2

2/10/2009 1:41:07 AM
mbam-log-2009-02-10 (01-41-07).txt

Scan type: Quick Scan
Objects scanned: 120352
Time elapsed: 21 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 23
Files Infected: 37

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\dynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PWRSWMDA (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PWRSWMDA\Cache (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\REALBAR (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\REALBAR\Cache (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Installer (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Installer\bin (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Installer\Ready (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Installer\temp (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Installer\Upload (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Wallpaper (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\WhistleSoftware (Adware.Whistle) -> Quarantined and deleted successfully.
C:\Program Files\MyWay (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\History (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Settings (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sharon.DELL\Application Data\FunWebProducts (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sharon.DELL\Application Data\FunWebProducts\Data (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sharon.DELL\Application Data\FunWebProducts\Data\Sharon (Adware.MyWay) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\dynamic toolbar\PWRSWMDA\Cache\PWRSWMDAauctions.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PWRSWMDA\Cache\PWRSWMDAdvds.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PWRSWMDA\Cache\PWRSWMDAgames.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PWRSWMDA\Cache\PWRSWMDAheart.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PWRSWMDA\Cache\PWRSWMDAlogo.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PWRSWMDA\Cache\PWRSWMDAsearch.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PWRSWMDA\Cache\PWRSWMDAskin.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PWRSWMDA\Cache\PWRSWMDAspacer.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PWRSWMDA\Cache\T15156.tmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PWRSWMDA\Cache\T16015.tmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PWRSWMDA\Cache\T16859.tmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\REALBAR\Cache\bubble.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\REALBAR\Cache\bubble16.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\REALBAR\Cache\celebs.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\REALBAR\Cache\ebay.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\REALBAR\Cache\ebaysm.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\REALBAR\Cache\ErrorLog.txt (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\REALBAR\Cache\games.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\REALBAR\Cache\gotb.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\REALBAR\Cache\highlight.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\REALBAR\Cache\hotstuff.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\REALBAR\Cache\hotstuffsm.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\REALBAR\Cache\movies.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\REALBAR\Cache\music.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\REALBAR\Cache\news.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\REALBAR\Cache\ngames.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\REALBAR\Cache\radio.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\REALBAR\Cache\REALBARTB0115.cfg (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\REALBAR\Cache\sports.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History\allowed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\Wallpaper\Subway - SimpleArtist.jpg (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\History\search (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm (Adware.MyWay) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost.com (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Waiting here for your reply...................


Ispy

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:01 PM

Posted 10 February 2009 - 01:28 PM

Hi,sorry had to log off, now lets run SAS and an updated MBAM.

From your regular user account:
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


RUN MBAM

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan.
After scan click Remove Selected, Post new scan log and Reboot.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 ispy6266

ispy6266
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 11 February 2009 - 01:20 AM

Here's the next log.......it took 2 hours and ten mins....Whew, didn't know there were that many files on this computer.

SuperAntiSpyware Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/11/2009 at 01:05 AM

Application Version : 4.25.1012

Core Rules Database Version : 3751
Trace Rules Database Version: 1717

Scan type : Complete Scan
Total Scan Time : 02:04:15

Memory items scanned : 277
Memory threats detected : 0
Registry items scanned : 6053
Registry threats detected : 33
File items scanned : 154528
File threats detected : 180

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\InprocServer32
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\Programmable
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\TypeLib
HKCR\TypeLib\{4D1C4E80-A32A-416b-BCDB-33B3EF3617D3}
HKCR\TypeLib\{4D1C4E80-A32A-416b-BCDB-33B3EF3617D3}\1.0
HKCR\TypeLib\{4D1C4E80-A32A-416b-BCDB-33B3EF3617D3}\1.0\0
HKCR\TypeLib\{4D1C4E80-A32A-416b-BCDB-33B3EF3617D3}\1.0\0\win32
HKCR\TypeLib\{4D1C4E80-A32A-416b-BCDB-33B3EF3617D3}\1.0\FLAGS
HKCR\TypeLib\{4D1C4E80-A32A-416b-BCDB-33B3EF3617D3}\1.0\HELPDIR
C:\PROGRAM FILES\NEED2FIND\BAR\2.BIN\ND2FNBAR.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}
HKU\S-1-5-21-343818398-2139871995-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}
C:\DOCUMENTS AND SETTINGS\SHARON.DELL\DESKTOP\NERO 6.6.0.3 WITH KEYGEN\NERO 6.6 ULTRA PACKAGE\KEYGEN\NERO 6.6.0.3 KEYGEN.EXE
HKCR\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}
HKCR\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ProxyStubClsid
HKCR\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ProxyStubClsid32
HKCR\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\TypeLib
HKCR\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\TypeLib#Version
HKCR\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}
HKCR\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}\ProxyStubClsid
HKCR\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}\ProxyStubClsid32
HKCR\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}\TypeLib
HKCR\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}\TypeLib#Version

Adware.MyWebSearch
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1228\A0322435.EXE

Adware.Tracking Cookie
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@atdmt[2].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@warnerbros.112.2o7[1].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@ad.yieldmanager[2].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@tacoda[1].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@questionmarket[2].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@insightexpressai[1].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@atwola[2].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@at.atwola[2].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@fastclick[1].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@adopt.specificclick[1].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@doubleclick[1].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@trafficmp[2].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@specificmedia[2].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@advertising[2].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@adopt.euroclick[1].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@adrevolver[2].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@specificclick[1].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@media.adrevolver[1].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@realmedia[2].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@counter2.hitslink[1].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@ad.httpool[1].txt
C:\Documents and Settings\Administrator.DELL\Cookies\administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\Administrator.DELL\Cookies\administrator@atdmt[1].txt
C:\Documents and Settings\Administrator.DELL\Cookies\administrator@cms.trafficmp[1].txt
C:\Documents and Settings\Administrator.DELL\Cookies\administrator@trafficmp[2].txt
C:\Documents and Settings\Administrator.DELL\Cookies\administrator@tribalfusion[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@1.primaryads[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@247realmedia[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@2o7[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@a.websponsors[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ad.yieldmanager[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ad.zanox[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ad2.doublepimp[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@adbrite[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@adecn[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@adinterax[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@adknowledge[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@adlegend[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@adopt.euroclick[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@adopt.specificclick[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@adrevolver[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@adrevolver[3].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ads.ad4game[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ads.addynamix[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ads.adsag[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ads.loudsocial[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ads.monster[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ads.paperdollheaven[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ads.pointroll[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ads.realcastmedia[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ads.realtechnetwork[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ads.widgetbucks[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@adserve.webtoolcafe[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@adserver.adtechus[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@adverticum[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@advertising[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@aff.primaryads[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@apmebf[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@as-eu.falkag[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@as-us.falkag[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@as1.falkag[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@atdmt[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ath.belnk[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@atwola[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@azjmp[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@banner.casinolasvegas[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@banner.fairpoker[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@banner[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@belnk[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@bluestreak[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@bs.serving-sys[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@burstnet[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@casalemedia[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@casinolasvegas[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@certified-safe-downloads[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@clicksor[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@collective-media[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@cpvfeed[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@cs.sexcounter[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@data1.perf.overture[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@data3.perf.overture[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@dist.belnk[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@doubleclick[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@dynamic.media.adrevolver[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@e-2dj6wjk4kmdzohq.stats.esomniture[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@e-2dj6wjkyundzggp.stats.esomniture[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@edge.ru4[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ehg-hollywoodmedia.hitbox[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@emarketmakers[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@exitexchange[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@fastclick[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@fcstats.bcentral[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@find.blackplanet[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@fortunecity[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@free.wegcash[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@getcartoonsex[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@hentaicounter[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@hitbox[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@hits.clickandtrack[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@hypertracker[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@i.screensavers[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@iacas.adbureau[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@icc.intellisrv[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@indextools[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@insightexpressai[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@interclick[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@kanoodle[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@login.tracking101[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@lynxtrack[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@maxserving[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@media.adrevolver[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@media.ntsserve[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@media6degrees[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@mediaminer[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@mediaplex[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@msninvite.112.2o7[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@msnportal.112.2o7[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@mywebsearch[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@nbads[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@network.realmedia[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@nextag[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@optimost[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@partner2profit[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@partypoker[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@paycounter[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@paypopup[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@perf.overture[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@pool2.stolenpornpasswords[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@qnsr[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@questionmarket[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@rb4.worldsex[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@realmedia[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@redorbit[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@reduxads.valuead[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@regalinteractive[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@revenue[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@revsci[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@richmedia.yahoo[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@rotator.adjuggler[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@sel.as-us.falkag[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@server.iad.liveperson[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@serving-sys[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@sitestats.tiscali.co[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@smileycentral[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@socialmedia[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@specificclick[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@starware[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@stat.onestat[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@statcounter[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@stats1.reliablestats[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@tagworld[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@tracking.sms[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@tradedoubler[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@trafficmp[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@tribalfusion[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@tripod[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@webpower[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@winfixer[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.burstbeacon[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.burstnet[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.clickedyclick[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.clickxchange[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.dgm2[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.fortunecity[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.glispatrack[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.jackpotmadness[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.maxrevenue[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.privatepornvideo[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.rowise[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.screensavers[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.winfixer[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.xctrk[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.xxx69[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@xiti[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@yieldmanager[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@z1.adserver[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@zedo[2].txt

Adware.IEPlugin
HKCR\Remove

Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-343818398-2139871995-1801674531-1004\SOFTWARE\FunWebProducts
HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs


I will now run the MBAM Waiting for your reply....if you are up, sleepyhead

Ispy

#9 ispy6266

ispy6266
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 11 February 2009 - 07:50 AM

Here's the second SuperAS Log:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/11/2009 at 01:05 AM

Application Version : 4.25.1012

Core Rules Database Version : 3751
Trace Rules Database Version: 1717

Scan type : Complete Scan
Total Scan Time : 02:04:15

Memory items scanned : 277
Memory threats detected : 0
Registry items scanned : 6053
Registry threats detected : 33
File items scanned : 154528
File threats detected : 180

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\InprocServer32
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\Programmable
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\TypeLib
HKCR\TypeLib\{4D1C4E80-A32A-416b-BCDB-33B3EF3617D3}
HKCR\TypeLib\{4D1C4E80-A32A-416b-BCDB-33B3EF3617D3}\1.0
HKCR\TypeLib\{4D1C4E80-A32A-416b-BCDB-33B3EF3617D3}\1.0\0
HKCR\TypeLib\{4D1C4E80-A32A-416b-BCDB-33B3EF3617D3}\1.0\0\win32
HKCR\TypeLib\{4D1C4E80-A32A-416b-BCDB-33B3EF3617D3}\1.0\FLAGS
HKCR\TypeLib\{4D1C4E80-A32A-416b-BCDB-33B3EF3617D3}\1.0\HELPDIR
C:\PROGRAM FILES\NEED2FIND\BAR\2.BIN\ND2FNBAR.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}
HKU\S-1-5-21-343818398-2139871995-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}
C:\DOCUMENTS AND SETTINGS\SHARON.DELL\DESKTOP\NERO 6.6.0.3 WITH KEYGEN\NERO 6.6 ULTRA PACKAGE\KEYGEN\NERO 6.6.0.3 KEYGEN.EXE
HKCR\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}
HKCR\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ProxyStubClsid
HKCR\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ProxyStubClsid32
HKCR\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\TypeLib
HKCR\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\TypeLib#Version
HKCR\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}
HKCR\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}\ProxyStubClsid
HKCR\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}\ProxyStubClsid32
HKCR\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}\TypeLib
HKCR\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}\TypeLib#Version

Adware.MyWebSearch
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1228\A0322435.EXE

Adware.Tracking Cookie
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@atdmt[2].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@warnerbros.112.2o7[1].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@ad.yieldmanager[2].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@tacoda[1].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@questionmarket[2].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@insightexpressai[1].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@atwola[2].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@at.atwola[2].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@fastclick[1].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@adopt.specificclick[1].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@doubleclick[1].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@trafficmp[2].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@specificmedia[2].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@advertising[2].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@adopt.euroclick[1].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@adrevolver[2].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@specificclick[1].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@media.adrevolver[1].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@realmedia[2].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@counter2.hitslink[1].txt
C:\Documents and Settings\Sharon.DELL\Cookies\sharon@ad.httpool[1].txt
C:\Documents and Settings\Administrator.DELL\Cookies\administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\Administrator.DELL\Cookies\administrator@atdmt[1].txt
C:\Documents and Settings\Administrator.DELL\Cookies\administrator@cms.trafficmp[1].txt
C:\Documents and Settings\Administrator.DELL\Cookies\administrator@trafficmp[2].txt
C:\Documents and Settings\Administrator.DELL\Cookies\administrator@tribalfusion[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@1.primaryads[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@247realmedia[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@2o7[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@a.websponsors[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ad.yieldmanager[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ad.zanox[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ad2.doublepimp[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@adbrite[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@adecn[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@adinterax[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@adknowledge[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@adlegend[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@adopt.euroclick[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@adopt.specificclick[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@adrevolver[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@adrevolver[3].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ads.ad4game[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ads.addynamix[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ads.adsag[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ads.loudsocial[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ads.monster[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ads.paperdollheaven[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ads.pointroll[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ads.realcastmedia[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ads.realtechnetwork[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ads.widgetbucks[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@adserve.webtoolcafe[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@adserver.adtechus[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@adverticum[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@advertising[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@aff.primaryads[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@apmebf[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@as-eu.falkag[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@as-us.falkag[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@as1.falkag[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@atdmt[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ath.belnk[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@atwola[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@azjmp[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@banner.casinolasvegas[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@banner.fairpoker[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@banner[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@belnk[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@bluestreak[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@bs.serving-sys[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@burstnet[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@casalemedia[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@casinolasvegas[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@certified-safe-downloads[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@clicksor[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@collective-media[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@cpvfeed[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@cs.sexcounter[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@data1.perf.overture[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@data3.perf.overture[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@dist.belnk[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@doubleclick[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@dynamic.media.adrevolver[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@e-2dj6wjk4kmdzohq.stats.esomniture[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@e-2dj6wjkyundzggp.stats.esomniture[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@edge.ru4[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@ehg-hollywoodmedia.hitbox[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@emarketmakers[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@exitexchange[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@fastclick[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@fcstats.bcentral[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@find.blackplanet[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@fortunecity[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@free.wegcash[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@getcartoonsex[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@hentaicounter[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@hitbox[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@hits.clickandtrack[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@hypertracker[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@i.screensavers[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@iacas.adbureau[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@icc.intellisrv[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@indextools[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@insightexpressai[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@interclick[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@kanoodle[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@login.tracking101[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@lynxtrack[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@maxserving[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@media.adrevolver[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@media.ntsserve[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@media6degrees[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@mediaminer[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@mediaplex[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@msninvite.112.2o7[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@msnportal.112.2o7[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@mywebsearch[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@nbads[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@network.realmedia[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@nextag[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@optimost[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@partner2profit[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@partypoker[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@paycounter[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@paypopup[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@perf.overture[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@pool2.stolenpornpasswords[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@qnsr[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@questionmarket[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@rb4.worldsex[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@realmedia[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@redorbit[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@reduxads.valuead[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@regalinteractive[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@revenue[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@revsci[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@richmedia.yahoo[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@rotator.adjuggler[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@sel.as-us.falkag[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@server.iad.liveperson[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@serving-sys[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@sitestats.tiscali.co[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@smileycentral[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@socialmedia[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@specificclick[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@starware[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@stat.onestat[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@statcounter[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@stats1.reliablestats[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@tagworld[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@tracking.sms[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@tradedoubler[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@trafficmp[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@tribalfusion[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@tripod[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@webpower[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@winfixer[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.burstbeacon[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.burstnet[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.clickedyclick[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.clickxchange[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.dgm2[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.fortunecity[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.glispatrack[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.jackpotmadness[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.maxrevenue[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.privatepornvideo[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.rowise[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.screensavers[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.winfixer[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.xctrk[2].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@www.xxx69[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@xiti[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@yieldmanager[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@z1.adserver[1].txt
C:\Documents and Settings\Shara.DELL\Cookies\shara@zedo[2].txt

Adware.IEPlugin
HKCR\Remove

Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-343818398-2139871995-1801674531-1004\SOFTWARE\FunWebProducts
HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs


WAiting for you analysis..............

Ispy

#10 ispy6266

ispy6266
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 11 February 2009 - 07:54 AM

scratch that.....pasted the wrong log . Here's the right one:

MBAM Log

Malwarebytes' Anti-Malware 1.33
Database version: 1747
Windows 5.1.2600 Service Pack 2

2/11/2009 7:46:54 AM
mbam-log-2009-02-11 (07-46-54).txt

Scan type: Quick Scan
Objects scanned: 118065
Time elapsed: 23 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:01 PM

Posted 11 February 2009 - 10:14 AM

I thought I was the sleepyhead :thumbsup: :flowers:

Looks pretty good now. is it running better/ let's do an online scan and see if there is anything left.
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 ispy6266

ispy6266
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 12 February 2009 - 12:45 AM

Kaspersky has been running for over 5 hours now. Don't know when it will finish. Going to bed. Look for you tomorrow, Goodnight.

Ispy

#13 ispy6266

ispy6266
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 12 February 2009 - 08:50 AM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, February 12, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, February 11, 2009 23:44:40
Records in database: 1784406
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 164210
Threat name: 52
Infected objects: 363
Suspicious objects: 0
Duration of the scan: 05:28:18


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\pcsvc\patchme.exe Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.a 5
C:\Documents and Settings\All Users\Application Data\pcsvc\patchme.exe Infected: not-a-virus:NetTool.Win32.Dpi 4
C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads\lpitunes_setupSTUS\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\Documents and Settings\Default User\My Documents\Data\all_files3.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b 3
C:\Documents and Settings\Default User\My Documents\Data\all_files3.exe Infected: Trojan-Downloader.Win32.Turown.h 1
C:\Documents and Settings\Default User\My Documents\Data\all_files3.exe Infected: Trojan-Downloader.Win32.Turown.b 1
C:\Documents and Settings\Default User\My Documents\Data\all_files3.exe Infected: Trojan-Downloader.Win32.Turown.a 1
C:\Documents and Settings\Default User\My Documents\Data\all_files3.exe Infected: not-a-virus:AdWare.Win32.Connector 2
C:\Documents and Settings\Default User\My Documents\Data\all_files3.exe Infected: Trojan-Downloader.Win32.Agent.ec 1
C:\Documents and Settings\Default User\My Documents\Data\all_files3.exe Infected: not-a-virus:AdWare.Win32.SaveNow.t 1
C:\Documents and Settings\Default User\My Documents\Data\all_files3.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af 1
C:\Documents and Settings\Default User\My Documents\Data\all_files3.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v 2
C:\Documents and Settings\Default User\My Documents\Data\all_files3.exe Infected: not-a-virus:AdWare.Win32.EZula 1
C:\Documents and Settings\Default User\My Documents\Data\all_files3.exe Infected: not-a-virus:AdWare.Win32.HelpExpress 2
C:\Documents and Settings\Default User\My Documents\Data\all_files3b.exe Infected: not-a-virus:AdWare.Win32.180Solutions 1
C:\Documents and Settings\Default User\My Documents\Data\all_files3b.exe Infected: Trojan-Downloader.Win32.Keenval.b 1
C:\Documents and Settings\Default User\My Documents\Data\all_files3b.exe Infected: Trojan-Downloader.Win32.Keenval 2
C:\Documents and Settings\Default User\My Documents\Data\all_files3b.exe Infected: not-a-virus:AdWare.Win32.Keenval.c 1
C:\Documents and Settings\Default User\My Documents\Data\all_files3b.exe Infected: not-a-virus:AdWare.Win32.Perfnav.d 1
C:\Documents and Settings\Default User\My Documents\Data\all_files3b.exe Infected: Trojan-Downloader.Win32.Keenval.p 1
C:\Documents and Settings\Default User\My Documents\Data\all_files3b.exe Infected: not-a-virus:AdWare.Win32.Keenval.b 1
C:\Documents and Settings\Default User\My Documents\Data\all_files3b.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.a 2
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files3.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b 3
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files3.exe Infected: Trojan-Downloader.Win32.Turown.h 1
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files3.exe Infected: Trojan-Downloader.Win32.Turown.b 1
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files3.exe Infected: Trojan-Downloader.Win32.Turown.a 1
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files3.exe Infected: not-a-virus:AdWare.Win32.Connector 2
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files3.exe Infected: Trojan-Downloader.Win32.Agent.ec 1
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files3.exe Infected: not-a-virus:AdWare.Win32.SaveNow.t 1
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files3.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af 1
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files3.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v 2
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files3.exe Infected: not-a-virus:AdWare.Win32.EZula 1
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files3.exe Infected: not-a-virus:AdWare.Win32.HelpExpress 2
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files3b.exe Infected: not-a-virus:AdWare.Win32.180Solutions 1
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files3b.exe Infected: Trojan-Downloader.Win32.Keenval.b 1
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files3b.exe Infected: Trojan-Downloader.Win32.Keenval 2
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files3b.exe Infected: not-a-virus:AdWare.Win32.Keenval.c 1
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files3b.exe Infected: not-a-virus:AdWare.Win32.Perfnav.d 1
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files3b.exe Infected: Trojan-Downloader.Win32.Keenval.p 1
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files3b.exe Infected: not-a-virus:AdWare.Win32.Keenval.b 1
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files3b.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.a 2
C:\Documents and Settings\Geoffrey\Local Settings\Temp\~499143.tmp Infected: Trojan-Downloader.Win32.Wintool.d 1
C:\Documents and Settings\Geoffrey\Local Settings\Temp\~499691.tmp Infected: Trojan-Downloader.Win32.Wintool.d 1
C:\Documents and Settings\Geoffrey\Local Settings\Temp\~720162.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Geoffrey\Local Settings\Temp\~753823.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Geoffrey\Local Settings\Temp\~822010.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Geoffrey\Local Settings\Temp\~904752.tmp Infected: Trojan-Downloader.Win32.Wintool.d 1
C:\Documents and Settings\Geoffrey\Local Settings\Temp\~989458.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j 1
C:\Documents and Settings\ShanTina\Local Settings\Temp\~40786.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j 1
C:\Documents and Settings\ShanTina\Local Settings\Temp\~46453.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\ShanTina\Local Settings\Temp\~50540.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\ShanTina\Local Settings\Temp\~511595.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\ShanTina\Local Settings\Temp\~533944.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\ShanTina\Local Settings\Temp\~539294.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\ShanTina\Local Settings\Temp\~577999.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\ShanTina\Local Settings\Temp\~582755.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\ShanTina\Local Settings\Temp\~602529.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\ShanTina\Local Settings\Temp\~658406.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\ShanTina\Local Settings\Temp\~682570.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\ShanTina\Local Settings\Temp\~850735.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\ShanTina\Local Settings\Temp\~854630.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\ShanTina\Local Settings\Temp\~860396.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\ShanTina\Local Settings\Temp\~866765.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\ShanTina\Local Settings\Temp\~882243.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\ShanTina\Local Settings\Temp\~989329.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\ShanTina\Local Settings\Temp\~999796.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j 1
C:\Documents and Settings\Shara\Local Settings\Temp\~760117.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j 1
C:\Documents and Settings\Shara\Local Settings\Temporary Internet Files\Content.IE5\S7ZVQOXH\toolbar[1].cab Infected: not-a-virus:AdWare.Win32.WebSearch.f 1
C:\Documents and Settings\Shara\Local Settings\Temporary Internet Files\Content.IE5\S7ZVQOXH\toolbar[1].cab Infected: not-a-virus:AdWare.Win32.WebSearch.o 1
C:\Documents and Settings\Shara\Local Settings\Temporary Internet Files\Content.IE5\U5RCTS3I\all_files3b[1].exe Infected: not-a-virus:AdWare.Win32.180Solutions 1
C:\Documents and Settings\Shara\Local Settings\Temporary Internet Files\Content.IE5\U5RCTS3I\all_files3b[1].exe Infected: Trojan-Downloader.Win32.Keenval.b 1
C:\Documents and Settings\Shara\Local Settings\Temporary Internet Files\Content.IE5\U5RCTS3I\all_files3b[1].exe Infected: Trojan-Downloader.Win32.Keenval 2
C:\Documents and Settings\Shara\Local Settings\Temporary Internet Files\Content.IE5\U5RCTS3I\all_files3b[1].exe Infected: not-a-virus:AdWare.Win32.Keenval.c 1
C:\Documents and Settings\Shara\Local Settings\Temporary Internet Files\Content.IE5\U5RCTS3I\all_files3b[1].exe Infected: not-a-virus:AdWare.Win32.Perfnav.d 1
C:\Documents and Settings\Shara\Local Settings\Temporary Internet Files\Content.IE5\U5RCTS3I\all_files3b[1].exe Infected: Trojan-Downloader.Win32.Keenval.p 1
C:\Documents and Settings\Shara\Local Settings\Temporary Internet Files\Content.IE5\U5RCTS3I\all_files3b[1].exe Infected: not-a-virus:AdWare.Win32.Keenval.b 1
C:\Documents and Settings\Shara\Local Settings\Temporary Internet Files\Content.IE5\U5RCTS3I\all_files3b[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.a 2
C:\Documents and Settings\Sharon\Local Settings\Temp\~11836.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~1244.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~128766.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~134776.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~141157.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~144690.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~149166.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~154526.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~159927.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~170632.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~17587.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~180290.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~18096.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~183842.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~190328.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~198823.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~227836.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~2376.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~238900.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~262173.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~263196.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~26468.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~266440.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~274140.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~279846.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~281469.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~285486.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~285568.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~288769.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~290027.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~295800.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~297152.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~307007.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~313174.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~319024.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~319101.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~320625.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~325143.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~328.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~328111.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~329286.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~333204.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~333802.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~335065.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~34387.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~345292.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~349840.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~353412.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~358115.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~360318.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~36645.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~370645.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~372177.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~374313.tmp Infected: Trojan-Downloader.Win32.Wintool.d 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~382916.tmp Infected: Trojan-Downloader.Win32.Wintool.d 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~387913.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~389830.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~391776.tmp Infected: not-a-virus:AdWare.Win32.Wintol.i 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~392405.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~393180.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~394401.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~396027.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~396556.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~397472.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~398529.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~401692.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~412747.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~416017.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~418385.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~427802.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~449951.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~450867.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~459572.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~460121.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~46253.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~464657.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~479683.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~484858.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~488304.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~497451.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~502048.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~507556.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~508131.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~509557.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~510535.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~510915.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~513462.tmp Infected: Trojan-Downloader.Win32.Wintool.d 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~513616.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~514167.tmp Infected: not-a-virus:AdWare.Win32.Wintol.i 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~517757.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~520252.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~523071.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~526196.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~527183.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~536621.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~540277.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~541048.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~546201.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~557621.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~560767.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~560898.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~561489.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~565477.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~566870.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~568000.tmp Infected: not-a-virus:AdWare.Win32.Wintol.i 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~570085.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~578993.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~580971.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~582178.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~586425.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~603562.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~60886.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~619497.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~622105.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~625686.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~630398.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~634222.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~637307.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~639135.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~639389.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~641691.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~641757.tmp Infected: Trojan-Downloader.Win32.Wintool.d 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~642348.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~644445.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~645487.tmp Infected: Trojan-Downloader.Win32.Wintool.d 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~645507.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~647796.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~648870.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~655928.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~66216.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~662955.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~666354.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~673821.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~684228.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~684543.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~688819.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~689050.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~689107.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~698344.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~704507.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~706295.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~708011.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~708022.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~708680.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~709398.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~723447.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~728383.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~72995.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~730906.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~735090.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~745507.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~750552.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~750798.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~750921.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~764379.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~769817.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~772126.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~774625.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~777896.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~784965.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~789813.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~812869.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~816317.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~820949.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~823530.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~826953.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~833184.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~840375.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~843821.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~851429.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~856217.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~859095.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~859196.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~860513.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~865290.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~867153.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~868570.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~88346.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~889487.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~892879.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~895919.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~897062.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~898149.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~911095.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~915088.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~915484.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~918554.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~925910.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~928609.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~930874.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~931226.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~938960.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~940321.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~943160.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~947225.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~947364.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~947839.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~952725.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~95447.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~955747.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~963713.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~968357.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~969896.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~969954.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~971395.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~973694.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~974034.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~976007.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~978703.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~981925.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~986716.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~989089.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~990192.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~991957.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~993097.tmp Infected: Trojan-Downloader.Win32.Wintool.a 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~993587.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon\Local Settings\Temp\~996875.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l 1
C:\Documents and Settings\Sharon.DELL\My Documents\FrostWire\Saved\beyonce wishing on a star - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Sharon.DELL\My Documents\My Music\All Microsoft Software Key_gen (Nearly All) Windows (98,Me,2000,2kserver,Xp,2003 Server) Office (2000,Xp,2003), Picture It, Fron serials cracks.zip Infected: Backdoor.Win32.Bionet.405 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1222\A0322284.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.cj 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1222\A0322285.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.cg 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1222\A0322286.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.cg 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1222\A0322287.scr Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bg 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1222\A0322289.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.dn 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1222\A0322290.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.eb 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1222\A0322291.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ed 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1222\A0322292.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.cg 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1222\A0322293.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ch 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1222\A0322294.SCR Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bg 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1222\A0322296.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.cj 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1222\A0322297.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ck 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1222\A0322298.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1222\A0322301.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.cj 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1222\A0322302.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1222\A0322305.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.cm 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1222\A0322307.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.el 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1222\A0322309.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ad 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1222\A0322311.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.cl 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1222\A0322312.EXE Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ee 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1222\A0322313.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ci 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1228\A0322432.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ca 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1228\A0322433.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.cn 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1228\A0322434.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.cc 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1228\A0322436.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.db 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1228\A0322437.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.cc 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1264\A0343100.dll Infected: not-a-virus:AdWare.Win32.WebSearch.o 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1264\A0343152.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b 3
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1264\A0343152.exe Infected: Trojan-Downloader.Win32.Turown.h 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1264\A0343152.exe Infected: Trojan-Downloader.Win32.Turown.b 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1264\A0343152.exe Infected: Trojan-Downloader.Win32.Turown.a 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1264\A0343152.exe Infected: not-a-virus:AdWare.Win32.Connector 2
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1264\A0343152.exe Infected: Trojan-Downloader.Win32.Agent.ec 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1264\A0343152.exe Infected: not-a-virus:AdWare.Win32.SaveNow.t 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1264\A0343152.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1264\A0343152.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v 2
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1264\A0343152.exe Infected: not-a-virus:AdWare.Win32.EZula 1
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1264\A0343152.exe Infected: not-a-virus:AdWare.Win32.HelpExpress 2
C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1264\A0343162.exe Infected: Trojan-Dropper.Win32.Small.of 1

The selected area was scanned.

This scan doesn't seem to have a fix or clean up. Am I missing it or do i need to run another program to get rid of the stuff I found?

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:01 PM

Posted 12 February 2009 - 10:19 AM

Unfortunately it doesn't remove . But it 's god cause it will find everything that needs to go. So we can run other tools.
Next carefully follow instructions for SDFix:
Please print out and follow these instructions: "How to use SDFix". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.


Please run part 1 of S!Ri's SmitfraudFix
Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 ispy6266

ispy6266
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 13 February 2009 - 12:34 AM

Here's the SDFix log:


SDFix: Version 1.240
Run by Sharon on Thu 02/12/2009 at 11:42 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-12 23:59:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\WU]
"FlushCacheFiles"=str(7):"d\2\x8d\x8d\xffe8\xffffv\0\32\0\x92\1\0\0\xf4f2\xffe8\xffff0#pI\xa490I\xed70J\xffe0\xffffv\a\xb6\0`\1\0\1aL\x2367\x32305\xffe8\xffffv\0\4\xffffILegitCheck\0tohi\xffffl\2\x8d\x8d\xeafa\xf4f2\xfff0\xffffl\1\x008d1\0\xffffn :\xd915\0\0(\x8d\0\0\0\0\xffff\xffff\xffff\xffff\2\0X\x8b(}\xffff\xffff\0\0\0\0\34\0h\0\xffff\xffff\16\0IpoSre\x3233\xffff\xff90\xffffC:\Program Files\America Online 9.0c\MyCalendar.dll\0.D\xffd8\xffffv\16\24\0\x8d\1\0\1\x8dTraigoei\xffe8\xffffApartment\0\xffffn :\xd915\0\0(\x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0\0\0\a\0Cnrl\xffe8\xffffv\0\4\0\xfff8\xffffx\x8d\xfff8\xffff\x8d\xff98\xffffn :\xd915\0\0(\x8d\2\0\0\0\x8d\xffff\xffff\0\0\xffff\xffff(}\xffff\xffffL\0\0\0\0\0\0\0\0\0\26\0Ipeet\x2064Ctgret\xff88\xffffn :\xd915\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0\0\0&\0{D98\x2d319\x3238\x312d1\x2d469A\x302d0\x30410C240\xff88\xffffn :\xd915\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0\0\0&\0{D98\x2d329\x3238\x312d1\x2d469A\x302d0\x30410C240\xffffn :\xd915\0\0(\x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0\0\0\n\0Isralsra\xffffn \xd917\0\0(\x8d\1\0\0\0\x8d\xffff\xffff\1\0\x8d(}\xffff\xffff\2\0\0\0\0\0\4\0\0\0\n\0MsSausSa\xffffl\n\x8d\x8d\x2e32\x8d\x843\xdac7\x8d}X\x8d \x1bdf\x8d\xf575p\x8dR\x8d\xa70fP\x8dp\x8d
 \x8d
\xffffn \xd917\0\0X\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0\16\0\0\0\1\01\x8d\1\0\xffe8\xffff131473\000473\xffffn \xd917\0\0(\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0N\0\0\0\a\0TpLb\xffe8\xffffv\0N\0\x8d\1\0\0\x8d\xffff{00A987AE-587B-4343-B826-89F17AB41A03}\00003}\xffffn \xd917\0\0(\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0\b\0\0\0\a\0Vrin\xffe8\xffffv\0\b\0\x8d\1\0\0\x8d\xfff8\xffff\x8d\xff88\xffffn \x27ee\xd91a\0\0\xf498\4\n\0\0\0\x8d\xffff\xffff\1\0\x8d(}\xffff\xffff0\0\0\0\0\0(\0\0\0&\0{4\x3033\x3043\x2d31AB-\x3239\x2d6593-87\x3246DD63\xffe8\xffffv\0(\0X\x8d\1\0\0\0\xffd0\xffffACToolBarCtrl Class\0l \xfff8\xffff@\x8d\xffffn \x27ee\xd91a\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0004\0\0\0\6\0PoI\0\xfff8\xffff\x8d\xfff8\xffff0\x8d\xffe8\xffffv\0004\0P\x8d\1\0\0\x8d\xfff8\xffff\x8d\xfff8\xffff\x8d\xffffn \x27ee\xd91a\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0\0\0\a\0Cnr\xff6c\xff98\xffffn \x27ee\xd91a\0\0\x8d\2\0\0\0\x8d\xffff\xffff\0\0\xffff\xffff(}\xffff\xffffL\0\0\0\0\0\0\0004\0\26\0Ipeet\x2064Ctgrel\xff88\xffffn \x27ee\xd91a\0\0x\x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0\0\0&\0{D98\x2d319\x3238\x312d1\x2d469A\x302d0\x30410C24\0\xff88\xffffn \x27ee\xd91a\0\0x\x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0\1\0&\0{D98\x2d329\x3238\x312d1\x2d469A\x302d0\x30410C24a\xffffn \x27ee\xd91a\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0\0\0\n\0Isral\0\f\0\xffe8\xffffv\0\4\xffffv\0h\0p\x8d\1\0\0\xffe8\xffffv\0000\0 \x8d\1\0\0\xffc8\xffffAolCalSvr.ACToolBarCtrl\0To\xffffn \x27ee\xd91a\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0\xffff\xffff\f\0Pormal\0\0\xfff8\xffff8\x8d\b\0\x8d\xffe8\xffffl\2\x8dX\x8d\xeafa\xf4f2\xffe8\xffffApartment\0\xfff8\xffff\x8d\xfff0\xffff`\xf7\xf7
\xffffn \x27ee\xd91a\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\2\0 \x8b(}\xffff\xffff\0\0\0\0\34\0h\0OL\16\0IpoSre\x3233t\xff90\xffffC:\Program Files\America Online 9.0c\MyCalendar.dll\0ai\xffd8\xffffv\16\24\0\x8d\1\0\1mTraigoe3\xffe8\xffffv\0\16\0 \x8d\1\0\0\xffe8\xffff131473\0\x8d\xf575\xffe8\xffffv\0N\0\x8d\1\0\0C\xffe8\xffffv\0@\0\x30e8\x8d\1\0\0\x8d\xff88\xffffC:\Program Files\America Online 9.0c\MyCalendar.dll, 101\0\x8d\xffffn \xd913\0\0\x8d\1\0\0\0\x8d\xffff\xffff\1\0`\x8d(}\xffff\xffff\2\0\0\0\0\0\4\0ar\n\0MsSau\0n \xffffl\n\x8d\x8d\x843\xdac7H\x8d}\x8d \x1bdf\x8d\xf575\x8dR\x8d \x194e\x8d\xa70f\xf7H\x8d
H\0v\0\xffffn \xd913\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0\16\0\2\0\1\01\xffff\xffff\xffff\xffffn \xd913\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0N\0ER\a\0TpLb\xffe8\xffffv\0N\0h\x8d\1\0\0D\xffff{00A987AE-587B-4343-B826-89F17AB41A03}\0\1\0\x8d(}\xffff\xffff\2\0\0\0\0\0\4\0\x1cc2\n\0MsSau9\x3238\x312d\xffffl\n \x8dx\x8d\x2e32\x8d\x843\xdac7\x8d} \x8d \x1bdf\x8d\xf575X\x8dR\x8d\xa70f0\x8dⅈ\x8d
\0\0\4\0\xffe8\xffffv\0(\0\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0004\0\1\0\6\0PoI8\xffe8\xffffv\0004\0p\x8d\1\0\00\xffc8\xffffAolCalSvr.ACMPickerCtrl.5\0\xff98\xffffn H\xd91c\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0H\x8d(}\xffff\xffff\0\0\0\0\0\0000\0`\0\30\0VrinneednPoI\xffe8\xffffv\0h\0H\x8d\1\0\0\xffc8\xffffAolCalSvr.ACMPickerCtrl\0Ġ\xffffn H\xd91c\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0u1\f\0Pormal
\xffe8\xffffl\2\x8d\xeafa\xf4f2\xfff0\xffffl\1\x008d1\0\xffffn H\xd91c\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\2\0\x858\x8b(}\xffff\xffff\0\0\0\0\34\0h\0\xffff\xffff\16\0IpoSre\x3233\xffff\xff90\xffffC:\Program Files\America Online 9.0c\MyCalendar.dll\0ai\xffd8\xffffv\16\24\0\x8d\1\0\1mTraigoe \xffe8\xffffApartment\0\xffffn \xeca2\xd91e\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0\1\0\a\0Cnrl\xffe8\xffffv\0\4473\0\0l\1\xffe8\xffffv\0N\0H\x8d\1\0\0\x8d\xffffn \xd921\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0006\0ie\6\0PoI5\xffc0\xffffAolCalSvr.ACWebDlgHelper.5\0\0AC\xff98\xffffn \xd921\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0002\0\0\0\30\0VrinneednPoI\xffe8\xffffv\0h\0\x8d\1\0\0\xffe8\xffffv\0002\0\x8d\1\0\0\x8d\xffc8\xffffAolCalSvr.ACWebDlgHelper\0e\xffffn \xd921\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0\xffff\xffff\f\0Pormal\xffff\xffff\xffe8\xffffl\20\x8d\x8d\xeafa\xf4f2\xfff8\xffff0\x8d\xfff8\xffffx\x8d\xffd8\xffffv\16\24\00\x8d\1\0\1Traigoe\xff98\xffffn \xd921\0\0\x8d\2\0\0\0x\x8d\xffff\xffff\0\0\xffff\xffff(}\xffff\xffffL\0\0\0\0\0\0\0\x27d8n\26\0Ipeet\x2064Ctgre\xffff\xff88\xffffn \xd921\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0C2&\0{D98\x2d319\x3238\x312d1\x2d469A\x302d0\x30410C24\xffff\xff88\xffffn \xd921\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0C2&\0{D98\x2d329\x3238\x312d1\x2d469A\x302d0\x30410C24\xffff\xffffn \xd921\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\2\0\x8b(}\xffff\xffff\0\0\0\0\34\0h\0H\x8d\16\0IpoSre\x3233\xffc0\xffffl\6\x8d\x2e32 \x8d\x843\xdac7\x8d\xf575\x8dRH\x8d\xa70fH\x8d
ERIC\xff90\xffffC:\Program Files\America Online 9.0c\MyCalendar.dll\0n \xffe8\xffffApartment\0\xffffn \xd921\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0N\0\1\0\a\0TpLb\xffe8\xffffv\0N\0\xf7\1\0\0B\xff88\xffffn \xd921\0\0\xf498\4\5\0\0\0P\x8d\xffff\xffff\1\0\x8d(}\xffff\xffff0\0\0\0\0\0&\0Sv&\0{F29\x2d45\x32314-5\x2d369F-CD5A\x3234A \xffe8\xffffv\0&\0H\x8d\1\0\0\0\xffd0\xffffACDictionary Class\0\0\f\0\xffe8\xffffv\0002\0\x8d\1\0\0\0\xfff8\xffff\x8d\xfff8\xffff\x8d\xfff8\xffff\x8d\xfff8\xffff\x8d\xffffn \xd921\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0002\0\x2d0\0\6\0PoIS\xffc8\xffffAolCalSvr.ACDictionary.5\0000\xff98\xffffn \xd921\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0.\0\30\0\30\0VrinneednPoI\xffe8\xffffv\0h\0`\x8d\1\0\0\xffe8\xffffv\0.\0\x8d\1\0\0\xffff\xffc8\xffffAolCalSvr.ACDictionary\0\x8d
\xffffn \xd921\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0-4\f\0Pormal-8\xffe8\xffffApartment\0\xff88\xffffn \xd926\0\0\xf498\4\n\0\0\00\xac\xffff\xffff\1\0\x8d(}\xffff\xffff0\0\0\0\0\0002\0\0\0&\0{8B\x3231\x2d33FC-1\x2d31A\x3341\x302d5BF\x3231B3F\xffffn V\xd923\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0>\0\xec8cr\6\0PoI\x8d\xffe8\xffffv\0h\0\x2c48\xac\1\0\0\xffe8\xffffv\0:\0\x2e48\xac\1\0\0\0\xfff8\xffffp\x8d\b\0X\x8d\xfff8\xffff\xa640\x8d\xfff8\xffff\x8d\xffe8\xffffv\0002\0\x8d\1\0\0\x8d\xfff8\xffff\x8d\xfff8\xffff\x8d\xfff8\xffff\x8d\xffe8\xffffv\0N\0`\xf7\1\0\0\xfff0\xffffX\x8e8\x8e\xf575\xffffn \xd921\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\2\0\x8b(}\xffff\xffff\0\0\0\0\34\0h\0A\x3234\16\0IpoSre\x3233\x8d\xff90\xffffC:\Program Files\America Online 9.0c\MyCalendar.dll\0\xffff\xffff\xffd8\xffffv\16\24\0p\x8d\1\0\1\0Traigoe\0\xffffn V\xd923\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0N\0\x98\0\a\0TpLb\xffc0\xffffl\5\x8e\x8e\0\x8d\xfff8\xffff(\x8d\xfff8\xffffX\x8dhi \x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0Cl&\0{D98\x2d319\x3238\x312d1\x2d469A\x302d0\x30410C24\0\xff88\xffffn \xeca2\xd91e\0\0 \x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0P\0&\0{D98\x2d329\x3238\x312d1\x2d469A\x302d0\x30410C24.\xffffn \xeca2\xd91e\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0\1\0\n\0Isral\0\0\0\xffffn \xeca2\xd91e\0\0\x8d\1\0\0\0\x8d\xffff\xffff\1\0x\x8d(}\xffff\xffff\2\0\0\0\0\0\4\0000\0\n\0MsSau\0Ao\xffffl\n\x8d \x8d\x2e32\x8d\x843\xdac7x\x8d}\x8d \x1bdf(}\xffff\xffff\0\0\0\0\0\0\16\0\0\0\1\01\xffff\xffff\xffff\xffffn \xeca2\xd91e\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0N\0X\0\a\0TpLb\xffff{00A987AE-587B-4343-B826-89F17AB41A03}\0nĨ\xffffn \xeca2\xd91e\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0\b\0000\0\a\0Vrin\xffe8\xffffv\0\b\0\x8b\1\0\0\xfff8\xffff\x8d\xff88\xffffn \xd921\0\0\xf498\4\6\0\0\0\x8d\xffff\xffff\1\0\x8d(}\xffff\xffff0\0\0\0\0\0*\0\16\0&\0{A35\x2d4499-c\x2d3295\x322d\x333040E\x33314\x8d\xffe8\xffffv\0*\0\x8d\1\0\0\xffd0\xffffACWebDlgHelper Class\0\0\xfff8\xffff\x8d\xfff8\xffff\x8d\xfff8\xffff\x8d\xffe8\xffffv\0006\0\x8d\1\0\0\0\xfff8\xffff\x8d\xfff0\xffff@\x8e\x8e\xf575\xfff8\xffff \x8d\xffffn \x27ee\xd91a\0\0 \x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0\16\0\x8d\1\01\x8d
\xffffn \x27ee\xd91a\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0N\0\0\0\a\0TpLb\xffff{00A987AE-587B-4343-B826-89F17AB41A03}\0\xffff\xffff\xffff\xffffn \x27ee\xd91a\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\00\0\0\0\0\0(\0\0\0&\0{\x3341C7\x2d41DD-7\x2d32B\x3046-9\x3031C\x3237\x3335F\0\xffd0\xffffACMPickerCtrl Class\0\0000\xffe8\xffffv\0000\0(\x8d\1\0\0\x8d\xfff8\xffff0\x8d\xffffAOL_ClientCommands.AOL_ClientCommands.1\0tC\xff98\xffffn \x2aca\xd8dc\0\0n \xf1c2F\0\0\x560\0\1\0\0\0\x8d\xffff\xffff\1\0 \x8d(}\xffff\xffff\n\0\0\0\0\0002\0\0\0'\0ALCinCmad.O_letomn\x2e731\xffe8\xffffv\0002\08\x8d\1\0\0\0\xffc8\xffffAOL_ClientCommands Class\0\0\xffffn \xf1c2F\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0H\x8d(}\xffff\xffff\0\0\0\0\0\0N\0\0\0\5\0CSD\0\xfff0\xffffl\1p\x8d[\x7b8\xffe8\xffffv\0N\0\x8d\1\0\0\0\xffff{BB4AEB43-D0AB-11D2-A719-0060B0B41584}\0\0\0\0\xfff8\xffff\x8d\xff88\xffffn \xf1c2F\0\0\x560\0\1\0\0\0x\x8d\xffff\xffff\1\0\x8d(}\xffff\xffff\f\0\0\0\0\0002\0\0\0%\0ALCinCmad.O_letomns\0\xffe8\xffffv\0002\0\x8d\1\0\0\0\xffc8\xffffAOL_ClientCommands Class\0\0\xfff8\xffff\x8d\xffffn \xf1c2F\0\0P\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0P\0\0\0\6\0Cre\0\xfff0\xffffl\1 \x8d\xffe8\xffffv\0P\0\x8d\1\0\0\0\xffffAOL_ClientCommands.AOL_ClientCommands.1\0\0\0\xfff8\xffff\x8d\xff88\xffffn \x2aca\xd8dc\0\0\xf498\4\4\0\0\00\x8d\xffff\xffff\2\0\x8d(}\xffff\xffff0\0\0\0\n\0N\0\0\0&\0{BAB\x2d33\x3044A\x312d1\x2d32A1\x302d000454\0\xffc8\xffffAOL_ClientCommands Class\0m\xffe8\xffffv\0P\0P\x8d\1\0\0\0\xfff8\xffff\x8d\xffffn \x2aca\xd8dc\0\0l\4X\x8d\x1d93 \x8d\xf575\x8dR\x8d
\xffffn \x2aca\xd8dc\0\0v\5N\0@\x8d\1\0\1\x8dApD \xffff{225789EE-CCA8-11D2-A719-0060B0B41584}\084}\xffffn \x2aca\xd8dc\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0P\0\0\0\6\0PoI\0\xffe8\xffffv\0P\0\x8d\1\0\0\0\xffffAOL_Communications.AOL_Communications.1\0ti\xff98\xffffn \x2aca\xd8dc\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0L\0\xffff\xffff\30\0VrinneednPoI\xffe8\xffffv\0`\0\x8d\1\0\0\xffe8\xffffv\0L\0\x8d\1\0\0\xfff8\xffff\x8dhi\0\0\0\0\0\0\0\0\xffffn p\xd8d9\0\01\xffe8\xffffv\0002\0\x8d\1\0\0\0\xffc8\xffffAOL_Communications Class\0\0\xffffn F\0\0x\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0N\0\0\0\5\0CSD\0\xfff0\xffffl\1@\x8d[\x7b8\xffe8\xffffv\0N\0\x8d\1\0\0\0\xffff{00e0313F-8627-45db-863d-fd41083c3d32}\0\0\0\0\xff88\xffffn F\0\0\x560\0\1\0\0\0@\x8d\xffff\xffff\1\0\x8d(}\xffff\xffff\f\0\0\0\0\0002\0\0\0%\0ALCmuiain.O_omnctos\0\xffe8\xffffv\0002\0\x8d\1\0\0\0\xffc8\xffffAOL_Communications Class\0\0\xfff8\xffff\x8d\xffffn F\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0P\0\0\0\6\0Cre\0\xfff0\xffffl\1\x8d\xffe8\xffffv\0P\0h\x8d\1\0\0\0\xffffAOL_Communications.AOL_Communications.1\0\0\0\xfff8\xffffP\x8d\xff88\xffffn $\xd8de\0\0\xf498\4\4\0\0\0H\x8d\xffff\xffff\2\0\x8d(}\xffff\xffff0\0\0\0\n\0N\0\0\0&\0\x307b0\x3330\x3331\x2d4682-5\x2d6283-d\x3031\x3338\x3363\x33642\0\xffc8\xffffAOL_Communications Class\0t\xfff8\xffffP\x8d\xfff0\xffff\x8d\x8d\xf575\xfff8\xffff\x8d\xffffAOL_Communications.AOL_Communications\0\xffffn \x2aca\xd8dc\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0\xffff\xffff\f\0Pormal\0\0\xffd8\xffffl\4p\x8d\x1d93\x8d\xf575\x8dR`\x8d
\xffffn \x2aca\xd8dc\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0`\0\xffff\xffff\r\0Lclev\x33722\0\xff98\xffff"C:\Program Files\America Online 9.0c\waol.exe"\0b\\xffe0\xffffv\5N\0\xaf\1\0\1\5ApD\5\xff88\xffffn $\xd8de\0\0\xf498\4\4\0\0\0\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0H\0\0d\6\0PoI \xffffAOL_BuddyManager.AOL_BuddyManager.1\0\0\xffff\xfff8\xffff\x8d\xfff8\xffff\x8d\xffe8\xffffv\0.\0\x8d\1\0\0d\xfff8\xffff\x8d\xfff8\xffffX\x8d\xff88\xffffn F\0\0\x560\0\1\0\0\08\x8d\xffff\xffff\1\0\x8d(}\xffff\xffff\n\0\0\0\0\0.\0\0\0#\0ALBdyaae.O_udMng\x2e721\0\0\xffe8\xffffv\0.\0\x8d\1\0\0\0\xffc8\xffffAOL_BuddyManager Class\0\0\0\0\xffffn F\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0N\0\0\0\5\0CSD\0\xfff0\xffffl\1\x8d[\x7b8\xffe8\xffffv\0N\0`\x8d\1\0\0\0\xffff{19038319-D799-4819-94C0-1A115A590BF8}\0\0\0\0\xfff8\xffffH\x8d\xff88\xffffn F\0\0\x560\0\1\0\0\0\x8d\xffff\xffff\1\0\x8d(}\xffff\xffff\f\0\0\0\0\0.\0\0\0!\0ALBdyaae.O_udMngr\0\0\0\xffe8\xffffv\0.\0P\x8d\1\0\0\0\xffc8\xffffAOL_BuddyManager Class\0\0\0\0\xfff8\xffff8\x8d\xffffn F\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0`\x8d(}\xffff\xffff\0\0\0\0\0\0H\0\0\0\6\0Cre\0\xfff0\xffffl\1\x8d\xffe8\xffffv\0H\0\x8d\1\0\0\0\xffffAOL_BuddyManager.AOL_BuddyManager.1\0\0\0\xfff8\xffff\x8d\xff98\xffffn $\xd8de\0\0X\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0D\0001\0\30\0VrinneednPoI\xffe8\xffffv\0`\0@\x8d\1\0\0\xffe8\xffffv\0D\08\x8d\1\0\0\0\xffd8\xffffl\4\x8d\x1d938\x8d\xf575\x8dRh\x8d
\xfff8\xffff\x8d\xfff8\xffff\x9fa8\x8d\xffffAOL_BuddyManager.AOL_BuddyManager\0\xffffn $\xd8de\0\0X\x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0\0\0\f\0Pormal\xffff\xffff\xffffn $\xd8de\0\0X\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0(\x8d(}\xffff\xffff\0\0\0\0\0\0`\0\xffff\xffff\r\0Lclev\x33722\xffff\xff98\xffff"C:\Program Files\America Online 9.0c\waol.exe"\0li\xffe0\xffffv\5N\0\x8d\1\0\1lApDe\xffff{225789EE-CCA8-11D2-A719-0060B0B41584}\0-A7\xff88\xffffn \xef7e\xd8e0\0\0\xf498\4\a\0\0\0x\x8d\xffff\xffff\2\0\x8d(}\xffff\xffff0\0\0\0\n\0N\0\xffff\xffff&\0{\x3333\x3339F\x2d46\x3042\x3243-\x3031\x2d33AE-0B4470\0\xfff8\xffffp\x8d\xfff8\xffffh\x8d\xffe8\xffffv\0\2\6\0PoI\0\xffe8\xffffv\08\0\xa4b8\x8d\1\0\0\xffe8\xffffv\0`\0\xa5b8\x8d\1\0\0\0\xfff0\xffff \x8d\xa620\x8d\xf575\xfff0\xffff\xaba0\x8d`\x8d\0\x8d\xffe8\xffffv\0(\0\x9fc0\x8d\1\0\0\0\xffd0\xffffAOL_IMManager Class\0\0\0\xfff0\xffffl\1\x8d[\x7b8hi\x8dN\0\0\0\5\0CSD\0\xffe8\xffffv\0N\0v\0(\0\x8d\1\0\0\0\xffd0\xffffAOL_IMManager Class\0\0\0\xfff8\xffff\x8d\xffffn vF\0\0`\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0<\0\0\0\6\0Cre\0\xfff0\xffffl\1 \x8d\xffe8\xffffv\0<\0\x8d\1\0\0\0\xffc0\xffffAOL_IMManager.AOL_IMManager.1\0\xfff8\xffff\x8d\xffffn \xef7e\xd8e0\0\0 \x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0\0\0\r\0ALIMng\x3272-\xffffn \xef7e\xd8e0\0\0 \x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0na\3\0\x312e'\0s\xfff8\xffff\xa6c0\x8d\xfff8\xffff\xa870\x8d\xffffn \xef7e\xd8e0\0\0 \x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0\0\0\17\0\x272eALIMngr\xff98\xffffn \xef7e\xd8e0\0\0 \x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\08\0\0\0\30\0VrinneednPoI\xffc0\xffffl\a\x8dH\x8d:\0\x8dL\xa558\x8d\x1d93\0\0 \x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0\xffff\xffff\f\0Pormal\0\0\xffffn \xef7e\xd8e0\0\0 \x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0`\0\xffff\xffff\r\0Lclev\x33722\0\xff98\xffff"C:\Program Files\America Online 9.0c\waol.exe"\0a \xffe0\xffffv\5N\0\xaf\1\0\1\ApDl\xffd8\xffffv\vd\08\xf7\1\0\1\5ALi\x2e6cee\0017\xffffn \xd8e3\0\0\xab28\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0D\0\0\0\6\0PoI\0\xffe8\xffffv\0D\0\xa6d8\x8d\1\0\0\x8d\xffffAOL_AddressBook.AOL_AddressBook.1\0\xff98\xffffn \xd8e3\0\0\xab28\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0@\0\0\0\30\0VrinneednPoI\xffe8\xffffv\0`\0\x8d\1\0\0\xffe8\xffffv\0@\0\xabf0\x8d\1\0\0\x8d\xffd8\xffffl\4\x8d\x1d93\xa668\x8d\xf5758\x8dR\xa720\x8d
\xffe8\xffffv\0(\0P\x8d\1\0\0\xff88\xffffn vF\0\0\x560\0\1\0\0\0\xa910\x8d\xffff\xffff\1\0\x8d(}\xffff\xffff\n\0\0\0\0\0,\0\0\0!\0ALAdeso\x2e6bALAdeso\x2e6b1\0\0\0\xffe8\xffffv\0,\0\xa888\x8d\1\0\0\0\xffd0\xffffAOL_AddressBook Class\0\xffffn vF\0\0\xa7f8\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xa990\x8d(}\xffff\xffff\0\0\0\0\0\0N\0\0\0\5\0CSD\0\xfff0\xffffl\1\xa8b8\x8d[\x7b8\xffe8\xffffv\0N\0\xa938\x8d\1\0\0\0\xffff{602DB47D-DFE2-4553-8C54-0522A9DC74AC}\0\0\0\0\xfff8\xffff\xa920\x8d\xff90\xffffn vF\0\0\x560\0\1\0\0\0\xaab0\x8d\xffff\xffff\1\0\xaa50\x8d(}\xffff\xffff\f\0\0\0\0\0,\0\0\0\37\0ALAdeso\x2e6bALAdesok\xffe8\xffffv\0,\0\xaa20\x8d\1\0\0\0\xffd0\xffffAOL_AddressBook Class\0\xfff8\xffff\xaa08\x8d\xffffn vF\0\0\xa998\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xab20\x8d(}\xffff\xffff\0\0\0\0\0\0D\0\0\0\6\0Cre\0\xfff0\xffffl\1\xaa58\x8d\xffe8\xffffv\0D\0\xaad8\x8d\1\0\0\0\xffffAOL_AddressBook.AOL_AddressBook.1\0\xfff8\xffff\xaac0\x8d\xff88\xffffn \xd8e3\0\0\xf498\4\4\0\0\0\xa7b8\x8d\xffff\xffff\2\0\x8d(}\xffff\xffff0\0\0\0\n\0N\0\0\0&\0{\x3230D4\x2d44D\x3245-5\x2d3385\x302d\x323529C4C\0\xffe8\xffffv\0,\0\xabb8\x8d\1\0\0\0\xffd0\xffffAOL_AddressBook Class\0\xfff8\xffff\x8d\xffffAOL_AddressBook.AOL_AddressBook\0Ad\xffffn \xd8e3\0\0\xab28\x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0\xffff\xffff\f\0Pormal\0\0\xffffn \xd8e3\0\0\xab28\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0`\0J<\r\0Lclev\x33722\0\xff98\xffff"C:\Program Files\America Online 9.0c\waol.exe"\0IC\xffe0\xffffv\5N\0\x8d\1\0\1xApD0\xffff{225789EE-CCA8-11D2-A719-0060B0B41584}\09-0\xff88\xffffn \xd8e8\0\0\xf498\4\4\0\0\0\x8d\xffff\xffff\2\0\x8d(}\xffff\xffff0\0\0\0\n\0N\0\2\0&\0{87D\x2d449D-d\x2d3689-58F\x3231D4D\xffd0\xffffAOL_Favorites Class\0ri\xffffn 2\xd8e5\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0@\x8d(}\xffff\xffff\0\0\0\0\0\0<\0\xffff\xffff\6\0PoI\0\xfff0\xffff\xa7e0\x8d\x8d\xf575\xffe8\xffffv\0<\0\x8d(}\xffff\xffff\n\0\0\0\0\0(\0\0\0\35\0ALFvrt\x2e73ALFvrt\x2e731\0\xffe8\xffffv\0(\0 \x8d\1\0\0\0\xfff0\xffffl\1P\x8d[\x7b8\xfff8\xffff\x8d\xfff8\xffff\x8dhiX\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0N\0\0\0\5\0CSD\0\xffe8\xffffv\0N\0\x8d\1\0\0\0\xffff{C8A7FDAD-94D1-4da6-8D95-75888FB12DD4}\0\0\0\0\xfff8\xffff\x8d\xff90\xffffn \x18d0F\0\0\x560\0\1\0\0\08\x8d\xffff\xffff\1\0\x8d(}\xffff\xffff\f\0\0\0\0\0(\0\0\0\e\0ALFvrt\x2e73ALFvrts\0\0\xffe8\xffffv\0(\0\x8d\1\0\0\0\xffd0\xffffAOL_Favorites Class\0\0\0\xfff8\xffff\x8d\xffffn \x18d0F\0\0 \x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0<\0\0\0\6\0Cre\0\xfff0\xffffl\1\x8d\xffe8\xffffv\0<\0`\x8d\1\0\0\0\xffc0\xffffAOL_Favorites.AOL_Favorites.1\0\xfff8\xffffH\x8d\xff98\xffffn \xd8e8\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\08\0\30\0VrinneednPoI\xffe8\xffffv\08\0(\x8d\1\0\0i\xffc0\xffffAOL_Favorites.AOL_Favorites\0\0\xfff8\xffff(\x8d\xfff8\xffff \x8d\xffffn \xd8e8\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0\0\0\f\0Pormalrm\xffd8\xffffl\4\x8d\xf575x\x8dR\x8d
\xffffn \xd8e8\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0`\0\0\0\r\0Lclev\x33722e\xff98\xffff"C:\Program Files\America Online 9.0c\waol.exe"\0\1:\xffe0\xffffv\5N\0H\xaf\1\0\18ApD-\xff88\xffffn \xd8f8\0\0\xf498\4\4\0\0\0\x8d\xffff\xffff\2\0\x8d(}\xffff\xffff0\0\0\0\n\0N\0\x8d&\0{69\x3041\x2d38\x32376-6\x2d3687-9138\x33422\xffff\xffc8\xffffAOL_Publish.AOL_Publish\06-\xffe8\xffffv\0`\08\x8d\1\0\0\xffff\xfff8\xffff\x8d\xffc8\xffffAOL_Publish.AOL_Publish.1\0\xfff8\xffff\x8d\xfff8\xffff\x8d\xfff8\xffff\x8d\xffffn \xd8f8\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0004\0N\0\6\0PoI\0\xffe8\xffffv\0*\0 \x8d\1\0\0\x8d\xffe8\xffffv\0000\0`\x8d\1\0\0s\xffd8\xffffl\4\x8d\x1d93\x8d\xf575x\x8dR\x8d
\xff90\xffffn 8F\0\0\x560\0\1\0\0\0\x8d\xffff\xffff\1\0h\x8d(}\xffff\xffff\n\0\0\0\0\0$\0\0\0\31\0ALPbi\x2e68ALPbi\x2e681\0\0\0\xffe8\xffffv\0$\0@\x8d\1\0\0\0\xffd8\xffffAOL_Publish Class\0\xffffn 8F\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0@\x8d(}\xffff\xffff\0\0\0\0\0\0N\0\0\0\5\0CSD\0\xfff0\xffffl\1h\x8d[\x7b8\xffe8\xffffv\0N\0\x8d\1\0\0\0\xffff{C689CA08-726F-4676-8876-99F163685B32}\0\0\0\0\xfff8\xffff\x8d\xff98\xffffn F\0\0\x560\0\1\0\0\0P\x8d\xffff\xffff\1\0\x8d(}\xffff\xffff\f\0\0\0\0\0$\0\0\0\27\0ALPbi\x2e68ALPbih\xffe8\xffffv\0$\0\x8d\1\0\0\0\xffd8\xffffAOL_Publish Class\0\xfff8\xffff\x8d\xffffn F\0\0H\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0004\0\0\0\6\0Cre\0\xfff0\xffffl\1\x8d\xffe8\xffffv\0004\0x\x8d\1\0\0\0\xffc8\xffffAOL_Publish.AOL_Publish.1\0\xfff8\xffff`\x8d\xff98\xffffn \xd8f8\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0P\x8d(}\xffff\xffff\0\0\0\0\0\0000\0\0\0\30\0VrinneednPoI\xffd0\xffffAOL_SAPMoniker Class\0\xfff8\xffffx\x8d\xffe8\xffffv\0@\0p\x8d\1\0\0\x8d\xfff8\xffff0\x8d\xffffn \xd8f8\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0h\0\f\0Pormal4Ġ\xffffn \xd8f8\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0`\0\xffff\xffff\r\0Lclev\x33722\xffff\xff98\xffff"C:\Program Files\America Online 9.0c\waol.exe"\0li\xffe0\xffffv\5N\0\x8d\1\0\1lApDe\xffff{225789EE-CCA8-11D2-A719-0060B0B41584}\0-A7\xffffn \xd8f8\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0<\0\xe076\30\0VrinneednPoI\xffc0\xffffAOL_SAPMoniker.AOL_SAPMoniker\0\xffffn \x295c\xd8fb\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0Mo\f\0PormalX\x8d\xff90\xffffn F\0\0\x560\0\1\0\0\0\x8d\xffff\xffff\1\0p\x8d(}\xffff\xffff\n\0\0\0\0\0*\0\0\0\37\0ALSPoie.O_AMnk\x2e721\xffe8\xffffv\0*\0H\x8d\1\0\0\0\xffd0\xffffAOL_SAPMoniker Class\0\0\xffffn F\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0P\x8d(}\xffff\xffff\0\0\0\0\0\0N\0\0\0\5\0CSD\0\xfff0\xffffl\1x\x8d[\x7b8\xffe8\xffffv\0N\0\x8d\1\0\0\0\xffff{9482BC28-EAA5-4b6e-82E9-C6832320936E}\0\0\0\0\xfff8\xffff\x8d\xff90\xffffn F\0\0\x560\0\1\0\0\0\x8d\xffff\xffff\1\0\x8d(}\xffff\xffff\f\0\0\0\0\0*\0\0\0\35\0ALSPoie.O_AMnkr\0\xffe8\xffffv\0*\0 \x8d\1\0\0\0\xfff8\xffff\x8d\xfff0\xffffl\1P\x8d\xfff8\xffff\x8dhi\xffff\0\0\0\0\0\0@\0e \6\0Cre.\xffe8\xffffv\0@\0\x8d\1\0\0\x336d\xffffAOL_SAPMoniker.AOL_SAPMoniker.1\0oe\xff88\xffffn \x295c\xd8fb\0\0\xf498\4\4\0\0\0\x8d\xffff\xffff\2\08\x8d(}\xffff\xffff0\0\0\0\n\0N\0\x30322&\0{42\x3243\x2d38EA-b\x2d65\x3238E-6\x3233\x323303E\x3233\xfff8\xffff\x8d\xfff8\xffffx\x8d\xffe8\xffffv\0`\0X\x8d\1\0\0\xffe8\xffffv\0<\0 \x8d\1\0\0\b\0\x8d\xfff8\xffff\x8d\xffd8\xffffl\4\x8d\x1d93\x8d\xf575`\x8dR\x8d
\xffffn \x295c\xd8fb\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0`\0\x8d\r\0Lclev\x33722\xff98\xffff"C:\Program Files\America Online 9.0c\waol.exe"\0"C\xffe0\xffffv\5N\0\x8d\1\0\1iApD\\xffff{225789EE-CCA8-11D2-A719-0060B0B41584}\0\0\1C\xfff0\xffff`\x8d\x8d{2\xffd0\xffffAOL_MailInfo Class\09-0\xffffn \xee10\xd8ff\0\0P\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\08\0fo\6\0PoIs\xffc0\xffffAOL_MailInfo.AOL_MailInfo.1\0\xffff\xffff\xff98\xffffn \xee10\xd8ff\0\0P\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0004\0il\30\0VrinneednPoI\xffe8\xffffv\0`\0\x8d\1\0\0\xffe8\xffffv\0004\0\x8d\1\0\0\0\xffc8\xffffAOL_MailInfo.AOL_MailInfo\0\xffd8\xffffl\4x\x8d\x1d93x\x8d\xf575\x8dR\x8d
\xffe0\xffffv\5N\0@\x8d\1\0\1ApD\b\0
\xff90\xffffn F\0\0\x560\0\1\0\0\0@\x8d\xffff\xffff\1\0\x8d(}\xffff\xffff\n\0\0\0\0\0&\0\0\0\e\0ALMiIf.O_aln\x2e6f1\0\0\xffe8\xffffv\0&\0\x8d\1\0\0\0\xffd0\xffffAOL_MailInfo Class\0\0\0\0\xffffn F\0\00\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0N\0\0\0\5\0CSD\0\xfff0\xffffl\1\x8d[\x7b8\xffe8\xffffv\0N\0h\x8d\1\0\0\0\xffff{7BD901A3-39BA-419b-AF57-EAA3145420DF}\0\0\0\0\xfff8\xffffP\x8d\xff90\xffffn F\0\0\x560\0\1\0\0\0\x8d\xffff\xffff\1\0\x8d(}\xffff\xffff\f\0\0\0\0\0&\0\0\0\31\0ALMiIf.O_alno\0\0\0\xffe8\xffffv\0&\0P\x8d\1\0\0\0\xffd0\xffffAOL_MailInfo Class\0\0\0\0\xfff8\xffff8\x8d\xffffn \xee10\xd8ff\0\0\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0H\x8d(}\xffff\xffff\0\0\0\0\0\0<\0\0\0\6\0Cre\0\xfff0\xffffl\1\x8d\xffe8\xffffv\0<\0\x8d\1\0\0\0\xffc0\xffffAOL_MailInfo2.AOL_MailInfo2.1\0\xfff8\xffff\x8d\xff88\xffffn \xee10\xd8ff\0\0\xf498\4\4\0\0\0\x8d\xffff\xffff\2\0\x8d(}\xffff\xffff0\0\0\0\n\0N\0\0\0&\0{B91\x2d333B-1\x2d62A5-A34\x32340F\0\xfff8\xffff\x8d\xfff8\xffff8\x8d\xffe8\xffffv\0&\0H\x8d\1\0\0a\xffe8\xffffv\08\0\x8d\1\0\0\xfff8\xffff\x8d\xfff8\xffffH\x8d\xffffn \xee10\xd8ff\0\0P\x8d\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff(}\xffff\xffff\0\0\0\0\0\0\0\0\0\0\f\0Pormal\xffff\xffff\xffffn \xee10\xd8ff\0\0P\x8d\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x8d(}\xffff\xffff\0\0\0\0\0\0`\0\0\0\r\0Lclev\x33722\xffff\xff98\xffff"C:\Program Files\America Online 9.0c\waol.exe"\0er\xffff{225789EE-CCA8-11D2-A719-0060B0B41584}\0pDM\xfff0\xffff\x8d\x008d78\xffe8\xffffv\0(\0\x8d\1\0\0D\xffd0\xffffAOL_MailInfo2 Class\0004}\xfff0\xffff\x8d\xaf\x8d\xfff8\xffffX\x8d\xffe0\xffffv\4P\0@\x97\1\0\1BPt41\xffe0\xffffv\a$\0\x97\1\0\1\x8dDfkn\xffffn \x30a0L4"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Yahoo!\\Messenger\\YPAGER.EXE"="C:\\Program Files\\Yahoo!\\Messenger\\YPAGER.EXE:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"="C:\\Program Files\\Yahoo!\\Messenger\\yserver.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0c\\waol.exe"="C:\\Program Files\\America Online 9.0c\\waol.exe:*:Enabled:America Online 9.0c"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\browser\\ycommon.exe"="C:\\Program Files\\Yahoo!\\browser\\ycommon.exe:*:Enabled:YCommon Exe Module"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Common Files\\aol\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\aol\\ACS\\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
"C:\\Program Files\\Common Files\\aol\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\aol\\ACS\\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\aol\\1100818470\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\aol\\1100818470\\EE\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Common Files\\aol\\1100818470\\EE\\aolsoftware.exe"="C:\\Program Files\\Common Files\\aol\\1100818470\\EE\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:FrostWire"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Tue 8 Oct 2002 36,939 A..H. --- "C:\Program Files\America Online 8.0\aoltray.exe"
Tue 16 Nov 2004 54,872 A..H. --- "C:\Program Files\America Online 9.0c\AOLphx.exe"
Tue 16 Nov 2004 31,832 A..H. --- "C:\Program Files\America Online 9.0c\rbm.exe"
Wed 24 Sep 2003 49,238 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
Wed 24 Sep 2003 36,954 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
Wed 24 Sep 2003 40,960 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
Wed 24 Sep 2003 233,554 A..H. --- "C:\Program Files\America Online 9.0\waol.exe"
Wed 24 Sep 2003 49,238 A..H. --- "C:\Program Files\America Online 9.0a\aolphx.exe"
Wed 24 Sep 2003 36,954 A..H. --- "C:\Program Files\America Online 9.0a\aoltray.exe"
Wed 24 Sep 2003 40,960 A..H. --- "C:\Program Files\America Online 9.0a\RBM.exe"
Wed 28 Apr 2004 238,792 A..H. --- "C:\Program Files\America Online 9.0a\waol.exe"
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\File Scanner Library (Spybot - Search & Destroy)\advcheck.dll"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)\Tools.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\SDHelper (Spybot - Search & Destroy)\SDHelper.dll"
Tue 27 Feb 2007 146,432 ..SHR --- "C:\Program Files\Sprint music manager\Setup.exe"
Thu 22 Feb 2007 53,248 A.SHR --- "C:\Program Files\Sprint music manager\_Setupx.dll"
Thu 14 Aug 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\TeaTimer (Spybot - Search & Destroy)\TeaTimer.exe"
Wed 27 Aug 2003 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 13 Mar 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Thu 4 Dec 2008 2,661,888 ...H. --- "C:\Documents and Settings\Sharon.DELL\Desktop\~WRL3402.tmp"
Sat 22 Nov 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Sat 22 Nov 2008 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Mon 18 Aug 2008 1,832,272 A.SH. --- "C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1263\A0337241.exe"
Wed 30 Jul 2008 4,891,984 A.SH. --- "C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1263\A0337243.exe"
Thu 14 Aug 2008 1,429,840 A.SH. --- "C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1263\A0337245.exe"
Mon 15 Sep 2008 1,562,960 A.SH. --- "C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1263\A0337261.dll"
Tue 16 Sep 2008 1,833,296 A.SH. --- "C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1263\A0337263.exe"
Wed 22 Oct 2008 949,072 A.SH. --- "C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1263\A0337264.dll"
Wed 22 Oct 2008 962,896 A.SH. --- "C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1263\A0337265.dll"
Mon 18 Aug 2008 1,832,272 A.SH. --- "C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1264\A0342025.exe"
Wed 30 Jul 2008 4,891,984 A.SH. --- "C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1264\A0342027.exe"
Thu 14 Aug 2008 1,429,840 A.SH. --- "C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1264\A0342029.exe"
Mon 15 Sep 2008 1,562,960 A.SH. --- "C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1264\A0342045.dll"
Tue 16 Sep 2008 1,833,296 A.SH. --- "C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1264\A0342047.exe"
Wed 22 Oct 2008 949,072 A.SH. --- "C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1264\A0342048.dll"
Wed 22 Oct 2008 962,896 A.SH. --- "C:\System Volume Information\_restore{A572838B-45C7-4630-8778-0FA4B16845C1}\RP1264\A0342049.dll"
Sun 13 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv03.tmp"
Tue 1 Jun 2004 5,245,352 A..H. --- "C:\Documents and Settings\Sharon\Local Settings\Temp\BIT112.tmp"
Wed 21 Jul 2004 338 A..H. --- "C:\Documents and Settings\Sharon\Local Settings\Temp\byw.dll"
Thu 6 Nov 2003 7,318 A..H. --- "C:\Documents and Settings\Sharon\Local Settings\Temp\Off264.tmp"
Wed 21 Jul 2004 338 A..H. --- "C:\Documents and Settings\Sharon\Local Settings\Temp\p41.dll"
Wed 15 Jan 2003 110,592 A..H. --- "C:\Program Files\Common Files\aolshare\shell\shellext_AOLBROADBAND.dll"
Wed 19 Nov 2008 1,131,560 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\94e2de28cb8ee27606822ca199876d4a\BIT9F7.tmp"
Thu 5 Feb 2009 19,968 ...H. --- "C:\Documents and Settings\Sharon.DELL\Application Data\Microsoft\Word\~WRL0003.tmp"
Thu 5 Feb 2009 20,992 ...H. --- "C:\Documents and Settings\Sharon.DELL\Application Data\Microsoft\Word\~WRL0005.tmp"
Sun 13 Mar 2005 4,348 ...H. --- "C:\Documents and Settings\Sharon.DELL\My Documents\My Music\License Backup\drmv1key.bak"
Sun 18 Dec 2005 20 A..H. --- "C:\Documents and Settings\Sharon.DELL\My Documents\My Music\License Backup\drmv1lic.bak"
Mon 14 Mar 2005 400 A.SH. --- "C:\Documents and Settings\Sharon.DELL\My Documents\My Music\License Backup\drmv2key.bak"
Tue 24 Feb 2004 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"

Finished!

Going on to the SmitfraudFix................I'll check back as soon as it finishes. Thanks bunches!

Ispy




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users