Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot post logs to this forum


  • This topic is locked This topic is locked
23 replies to this topic

#1 TCee

TCee

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 13 June 2011 - 01:38 PM

I cannot post my problem and logs to this forum (dds and attach.txt). I can post a plain note to the XP forum. I have 'Allow'ed this site in my cookies and disabled AVG Firewall and Linkscanner temporarily, but no difference. I am getting the message below:

"The connection to the server was reset while the page was loading.
The site could be temporarily unavailable or too busy. Try again in a few
moments.
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web."

Appreciate your help with this.

Thx.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:41 AM

Posted 21 June 2011 - 11:14 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.


Uploas the reports to mediafire and send me the link here


Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 TCee

TCee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 22 June 2011 - 05:39 PM

Gringo:
Thanks for assisting me. I was able to run everything you requested.

Symptoms I am having:
- getting browser re-directs
- AVG anti-virus shows Rootkit Pakes-BI malware
- many files are hidden
- at times the start-up toolbar becomes cream in color (normally blue) and the fonts of the tabs become very large. Usually after that, I cannot get any sound or access Outlook Express...I have to do a re-start
- everytime I sign on I get the 'Found New Hardware' wizard asking me to install drivers. Don't know why, I haven't installed any new hardware. I backed up the PC on an external hard drive a week ago, but that had long been disconnected
- many files are hidden.


Below is the link containing attach.txt and report.txt; dds.txt would not upload - I get a "Failure" message, so I am enclosing the contents of the log here:
http://www.mediafire.com/?aar4ihmpeh63z

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by user at 17:42:47 on 2011-06-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2427 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MQL Defender\MQLDefenderLoader.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Qlock\qlock.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ca.yahoo.com/?fr=fp-yie8
uSearch Page =
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://ca.yahoo.com/?fr=fp-yie8
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant =
mSearchAssistant =
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
mRun: [nwiz] "c:\windows\system32\nwiz.exe" /install
mRun: [MQLDefenderLoader] c:\program files\mql defender\MQLDefenderLoader.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"
mRun: [hpqSRMon] "c:\program files\hp\digital imaging\bin\hpqSRMon.exe"
mRun: [MediaLifeService] "c:\program files\logitech\medialife\MediaLifeService.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
dRun: [msnmsgr] ~"c:\program files\windows live\messenger\msnmsgr.exe" /background
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10q_ActiveX.exe -update activex
StartupFolder: c:\docume~1\user\startm~1\programs\startup\qlock.lnk - c:\program files\qlock\qlock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-system: NoAdminPage = 0
mPolicies-system: DisableStatusMessages = 1 (0x1)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www.epost.ca/printing/smsx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1248927028906
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://interactivebrokers.webex.com/client/T27LB/event/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{916B5DD2-6914-4C8F-A76B-3E0AFA4B5167} : DhcpNameServer = 192.168.2.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - c:\program files\turbotax 2010\ic2010pp.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: mqldefender.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 184.95.59.211 www.google.com
Hosts: 184.95.59.212 search.yahoo.com
Hosts: 184.95.59.212 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\dgzseu11.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.ca
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4de9a800&v=7.005.030.004&i=26&tp=ab&iy=&ychte=ca&lng=en-US&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-11-13 724152]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-11-13 724152]
R2 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-4-8 117288]
R2 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-4-8 117288]
R2 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-4-8 154152]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
S0 nvixes;nvixes;c:\windows\system32\drivers\gpjek.sys --> c:\windows\system32\drivers\gpjek.sys [?]
S0 RsNTGDI;RsNTGDI;c:\windows\system32\drivers\rsntgdi.sys --> c:\windows\system32\drivers\RsNTGdi.sys [?]
S1 hookcont;hookcont;c:\windows\system32\drivers\hookcont.sys --> c:\windows\system32\drivers\HookCont.sys [?]
S1 hooksys;hooksys;c:\windows\system32\drivers\hooksys.sys --> c:\windows\system32\drivers\HookSys.sys [?]
S1 MpKsld587f26a;MpKsld587f26a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{020453a7-b915-4730-a4ba-1c2032d4cdbb}\mpksld587f26a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{020453a7-b915-4730-a4ba-1c2032d4cdbb}\MpKsld587f26a.sys [?]
S1 uylbuiwy;uylbuiwy;\??\c:\windows\system32\drivers\uylbuiwy.sys --> c:\windows\system32\drivers\uylbuiwy.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-20 135664]
S2 rsassist;rsassist;c:\windows\system32\drivers\rsassist.sys --> c:\windows\system32\drivers\rsassist.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-6-3 1025352]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 cpuz135;cpuz135;\??\c:\docume~1\user\locals~1\temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\user\locals~1\temp\cpuz135\cpuz135_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-20 135664]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2.tmp --> c:\windows\system32\2.tmp [?]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-06-18 16:25:12 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-06-12 08:59:06 -------- d-----w- c:\program files\Sophos
2011-06-11 18:50:55 -------- d-----w- c:\windows\system32\NtmsData
2011-06-10 04:16:17 -------- d-----w- c:\documents and settings\user\application data\ElevatedDiagnostics
2011-06-09 04:38:17 -------- d-----w- c:\program files\OANDA - MetaTrader
2011-06-09 04:31:38 -------- d-----w- c:\program files\FXCM MT4 powered by BT
2011-06-09 04:07:30 -------- d-----w- c:\program files\IamFX MT4
2011-06-09 04:01:41 -------- d-----w- c:\program files\FXJE
2011-06-08 08:32:41 74703 ------w- c:\windows\system32\mfc45.dll
2011-06-04 14:38:41 -------- d--h--w- C:\$AVG
2011-06-04 09:32:00 -------- d-----w- c:\documents and settings\user\application data\EMCO
2011-06-04 03:51:07 -------- d-----w- c:\documents and settings\user\application data\AVG
2011-06-04 03:46:21 -------- d-----w- c:\documents and settings\user\local settings\application data\AVG Security Toolbar
2011-06-04 03:37:01 -------- d-----w- c:\documents and settings\user\application data\AVG10
2011-06-04 03:35:36 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-06-04 03:35:28 -------- d-----w- c:\documents and settings\all users\application data\AVG Security Toolbar
2011-06-04 03:34:25 -------- d-----w- c:\windows\system32\drivers\AVG
2011-06-04 03:34:25 -------- d-----w- c:\documents and settings\all users\application data\AVG10
2011-06-04 03:33:32 -------- d-----w- c:\program files\AVG
2011-06-04 03:27:00 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-06-04 02:45:12 142296 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-06-02 03:33:52 -------- dc-h--w- c:\windows\ie8
2011-06-02 03:20:59 924632 ------w- c:\program files\mozilla firefox\firefox.exe
2011-06-02 03:20:59 89048 ------w- c:\program files\mozilla firefox\libEGL.dll
2011-06-02 03:20:59 465880 ------w- c:\program files\mozilla firefox\libGLESv2.dll
2011-06-02 03:20:59 269272 ------w- c:\program files\mozilla firefox\freebl3.dll
2011-06-02 03:20:59 1974616 ------w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-06-02 03:20:59 19416 ------w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2011-06-02 03:20:59 1892184 ------w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-06-02 03:20:59 125912 ------w- c:\program files\mozilla firefox\crashreporter.exe
2011-05-31 19:47:59 -------- d-----w- c:\program files\WhiteSmoke
2011-05-24 12:30:39 118784 ------r- c:\windows\bwUnin-7.2.0.137-8876480SL.exe
.
==================== Find3M ====================
.
2011-06-02 04:16:45 404640 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 21:21:00 20324664 ------w- c:\program files\ie8-setup-ca-xp.exe
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-23 13:36:39 606104 ------w- c:\program files\unhide.exe
2011-05-23 05:48:51 54016 ------w- c:\windows\system32\drivers\vumw.sys
2011-05-23 04:43:16 0 ------w- c:\windows\Ppeca.bin
2011-05-23 01:28:22 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-05-22 21:51:57 3063136 ------w- c:\program files\ccsetup306.exe
2011-05-22 01:02:44 12521992 ------w- c:\program files\Firefox Setup 4.0.1.exe
2011-05-22 00:48:28 2923248 ------w- c:\program files\WindowsXP-KB914882-x86-ENU.exe
2011-05-22 00:43:02 7866472 ------w- c:\program files\mseinstall.exe
2011-05-21 10:20:08 5783784 ------w- c:\program files\gt4setup.exe
2011-05-18 02:35:47 4649016 ------w- c:\program files\MT4_set_up.exe
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-20 02:48:51 96200 ------w- c:\windows\system32\drivers\CDAVFS.sys
2011-04-18 00:55:35 3050664 ------w- c:\program files\ccsetup305.exe
2011-04-16 00:05:55 61450768 ------w- c:\program files\TurboTaxCanada2010_7002_Mar25.exe
2011-04-15 01:28:42 134480 ------w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-14 09:07:59 472808 ------w- c:\windows\system32\deployJava1.dll
2011-04-14 06:40:22 73728 ------w- c:\windows\system32\javacpl.cpl
2011-04-05 04:59:56 297168 ------w- c:\windows\system32\drivers\avgtdix.sys
2011-04-03 05:07:16 136051 ------w- c:\program files\uninst.exe
2011-02-23 00:39:44 5817944 ------w- c:\program files\fx4setup.exe
2011-02-21 15:03:16 5116216 ------w- c:\program files\mt4setup.exe
2011-02-19 02:06:41 6021184 ------w- c:\program files\trading-point-mt4-setup.exe
2011-02-19 00:45:23 5168392 ------w- c:\program files\tfx4setup.exe
2011-02-18 05:56:29 5152539 ------w- c:\program files\tf4setup.exe
2011-01-16 15:07:59 20974752 ------w- c:\program files\vectorvestus.exe
2010-12-18 13:45:45 2195969 ------w- c:\program files\MegaZipper.exe
2010-11-28 21:49:01 712459 ------w- c:\program files\qlock-install.exe
2010-11-27 17:45:59 445724 ------w- c:\program files\Crescendo MTF Indicators.exe
2010-11-27 17:44:47 481305 ------w- c:\program files\Crescendo_v1_3.exe
2010-11-15 05:22:38 18499623 ------w- c:\program files\vlc-1.0.5-win32.exe
2010-11-05 22:29:06 5825048 ------w- c:\program files\wfx4setup.exe
2010-10-11 15:47:02 1247056 ------w- c:\program files\wlsetup-web.exe
2010-10-11 13:16:11 155184736 ------w- c:\program files\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe
2010-10-11 02:08:31 3107152 ------w- c:\program files\TeamViewer_Setup.exe
2010-10-06 08:00:20 845867 ------w- c:\program files\Cruscotto_v1.exe
2009-12-30 03:46:49 4844296 ------w- c:\program files\mbam-setup.exe
2009-12-04 11:56:55 27325416 ------w- c:\program files\hp_smart_web_printing.exe
2009-11-30 03:38:02 4643080 ------w- c:\program files\fm4setup.exe
2009-11-19 03:56:55 139664 ------w- c:\program files\LMT-2.0.exe
2009-09-02 02:44:27 64540044 ------w- c:\program files\RavINTFree.exe
2009-08-16 13:45:10 714990 ------w- c:\program files\demo_fix.exe
2009-06-28 00:49:50 16883056 ------w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2008-11-08 23:26:40 4325320 ------w- c:\program files\klcodec425b.exe
.
============= FINISH: 17:43:59.00 ===============

Thanks,
TCee

#4 TCee

TCee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 22 June 2011 - 05:47 PM

..one other symptom..when the dds log was created I got a pop-up message from AVG with the following threat identified:

C:\Windows\Temp\KSYIPG\setup.exe
Threat name: unknown
Description: not available

I chose "Move to Vault" when given the option rather than "Allow".

TCee

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:41 AM

Posted 22 June 2011 - 11:53 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

AVG right now is very hard to shut down long enough to run our scans and is actively going after some of our tools - for this reason we are going to have to remove it until we are finished

I would like you to uninstall AVG and run their AVG removal tool - 32 bit



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 TCee

TCee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 23 June 2011 - 01:49 PM

Hi Gringo:

Combofix log attached.

Let me know of any problems you may have had:
- none, everything worked fine.

How is the computer doing now?
- much faster in Restart; opens files and browser faster
- still getting browser re-directs
- still getting Found New Hardware pop-up
- on Restart after getting the XP start up sound I used to get a dull "boom". That meant to me malware still there. Not getting it now.
- when I do Restart now I see a flash of the black boot screen - that shows Safe Boot, Windows XP etc.

Thanks,
TCee

Attached Files



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:41 AM

Posted 23 June 2011 - 04:13 PM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 TCee

TCee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 23 June 2011 - 05:14 PM

TDSSKiller log attached. No problems to report except still getting Found New Hardware wizard.



2011/06/23 18:06:03.0765 2224 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/23 18:06:04.0218 2224 ================================================================================
2011/06/23 18:06:04.0218 2224 SystemInfo:
2011/06/23 18:06:04.0218 2224
2011/06/23 18:06:04.0218 2224 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/23 18:06:04.0218 2224 Product type: Workstation
2011/06/23 18:06:04.0218 2224 ComputerName: ADMIN-606EA7806
2011/06/23 18:06:04.0218 2224 UserName: user
2011/06/23 18:06:04.0218 2224 Windows directory: C:\WINDOWS
2011/06/23 18:06:04.0218 2224 System windows directory: C:\WINDOWS
2011/06/23 18:06:04.0218 2224 Processor architecture: Intel x86
2011/06/23 18:06:04.0218 2224 Number of processors: 4
2011/06/23 18:06:04.0218 2224 Page size: 0x1000
2011/06/23 18:06:04.0218 2224 Boot type: Normal boot
2011/06/23 18:06:04.0218 2224 ================================================================================
2011/06/23 18:06:04.0359 2224 Initialize success
2011/06/23 18:06:09.0265 2644 ================================================================================
2011/06/23 18:06:09.0265 2644 Scan started
2011/06/23 18:06:09.0265 2644 Mode: Manual;
2011/06/23 18:06:09.0265 2644 ================================================================================
2011/06/23 18:06:10.0171 2644 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/23 18:06:10.0218 2644 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/23 18:06:10.0250 2644 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/23 18:06:10.0296 2644 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/06/23 18:06:10.0390 2644 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/23 18:06:10.0453 2644 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/23 18:06:10.0484 2644 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/23 18:06:10.0500 2644 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/23 18:06:10.0546 2644 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/23 18:06:10.0562 2644 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/23 18:06:10.0593 2644 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
2011/06/23 18:06:10.0609 2644 BrSerIf (26051d886f3333cb41857d6f52248de1) C:\WINDOWS\system32\Drivers\BrSerIf.sys
2011/06/23 18:06:10.0609 2644 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
2011/06/23 18:06:10.0656 2644 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/23 18:06:10.0671 2644 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/23 18:06:10.0718 2644 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/23 18:06:10.0734 2644 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/23 18:06:10.0765 2644 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/23 18:06:10.0984 2644 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/23 18:06:11.0031 2644 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/23 18:06:11.0093 2644 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/23 18:06:11.0109 2644 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/23 18:06:11.0140 2644 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/23 18:06:11.0187 2644 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/23 18:06:11.0218 2644 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/23 18:06:11.0234 2644 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/23 18:06:11.0281 2644 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/23 18:06:11.0296 2644 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/23 18:06:11.0484 2644 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/23 18:06:11.0515 2644 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/23 18:06:11.0562 2644 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/23 18:06:11.0578 2644 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/23 18:06:11.0625 2644 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/23 18:06:11.0671 2644 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/23 18:06:11.0734 2644 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/23 18:06:11.0750 2644 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/23 18:06:11.0750 2644 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/23 18:06:11.0796 2644 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/23 18:06:11.0859 2644 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/23 18:06:11.0875 2644 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/23 18:06:12.0015 2644 IntcAzAudAddService (eb5608fd4f2961517ac9f5cac88b023b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/23 18:06:12.0093 2644 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/23 18:06:12.0140 2644 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/23 18:06:12.0156 2644 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/23 18:06:12.0171 2644 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/23 18:06:12.0203 2644 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/23 18:06:12.0234 2644 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/23 18:06:12.0265 2644 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/23 18:06:12.0296 2644 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/23 18:06:12.0312 2644 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/23 18:06:12.0359 2644 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/23 18:06:12.0390 2644 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/23 18:06:12.0421 2644 L8042Kbd (5a11400ea1f0a106fe7edb28c270f7b8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2011/06/23 18:06:12.0437 2644 L8042mou (20c919b52897b72ebcb2ad2fc29d8ef0) C:\WINDOWS\system32\Drivers\L8042mou.sys
2011/06/23 18:06:12.0484 2644 LHidKe (31b582394da3290dff300f10952e9a4d) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
2011/06/23 18:06:12.0500 2644 LMouKE (90a794d0a0bf3531c4ba1c0510449629) C:\WINDOWS\system32\Drivers\LMouKE.sys
2011/06/23 18:06:12.0531 2644 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/23 18:06:12.0546 2644 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/23 18:06:12.0578 2644 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/23 18:06:12.0593 2644 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/23 18:06:12.0625 2644 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/23 18:06:12.0781 2644 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/06/23 18:06:12.0812 2644 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/06/23 18:06:12.0859 2644 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/23 18:06:12.0921 2644 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/23 18:06:12.0968 2644 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/23 18:06:13.0000 2644 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/23 18:06:13.0031 2644 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/23 18:06:13.0031 2644 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/23 18:06:13.0062 2644 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/23 18:06:13.0109 2644 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/23 18:06:13.0125 2644 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/06/23 18:06:13.0171 2644 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/23 18:06:13.0187 2644 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/23 18:06:13.0250 2644 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/23 18:06:13.0265 2644 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/23 18:06:13.0296 2644 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/23 18:06:13.0312 2644 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/23 18:06:13.0328 2644 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/23 18:06:13.0359 2644 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/23 18:06:13.0390 2644 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/23 18:06:13.0421 2644 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/23 18:06:13.0468 2644 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/23 18:06:13.0500 2644 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/23 18:06:13.0531 2644 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/23 18:06:13.0562 2644 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/23 18:06:13.0734 2644 nv (ceab17ba3e0f7de96a4649f896b35131) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/23 18:06:13.0906 2644 NVENETFD (ccd0c2a9a9c4c59441072564b011b546) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/06/23 18:06:13.0937 2644 nvgts (fa740e97a0fe36e368c2299d9f3c01c1) C:\WINDOWS\system32\DRIVERS\nvgts.sys
2011/06/23 18:06:13.0968 2644 nvnetbus (a4931d96f111b5a8f3129507ae7bdf12) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/06/23 18:06:14.0015 2644 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/23 18:06:14.0046 2644 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/23 18:06:14.0093 2644 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/23 18:06:14.0140 2644 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/23 18:06:14.0156 2644 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/23 18:06:14.0171 2644 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/23 18:06:14.0234 2644 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/23 18:06:14.0265 2644 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/23 18:06:14.0296 2644 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/23 18:06:14.0421 2644 PhilCam8116 (947ab5940eb948d5ba8766bab2681756) C:\WINDOWS\system32\DRIVERS\CamDrL21.sys
2011/06/23 18:06:14.0468 2644 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/23 18:06:14.0484 2644 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/23 18:06:14.0500 2644 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/23 18:06:14.0546 2644 PxHelp20 (db3b30c3a4cdcf07e164c14584d9d0f2) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/23 18:06:14.0640 2644 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/23 18:06:14.0687 2644 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/23 18:06:14.0703 2644 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/23 18:06:14.0718 2644 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/23 18:06:14.0781 2644 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/23 18:06:14.0812 2644 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/23 18:06:14.0875 2644 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/23 18:06:14.0906 2644 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/23 18:06:14.0984 2644 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/23 18:06:15.0031 2644 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/23 18:06:15.0062 2644 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/23 18:06:15.0093 2644 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/23 18:06:15.0140 2644 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/23 18:06:15.0187 2644 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/23 18:06:15.0234 2644 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/23 18:06:15.0281 2644 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/23 18:06:15.0328 2644 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/06/23 18:06:15.0343 2644 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/23 18:06:15.0359 2644 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/23 18:06:15.0375 2644 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/23 18:06:15.0437 2644 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/23 18:06:15.0515 2644 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/23 18:06:15.0546 2644 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/23 18:06:15.0562 2644 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/23 18:06:15.0578 2644 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/23 18:06:15.0656 2644 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/23 18:06:15.0703 2644 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/23 18:06:15.0734 2644 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/23 18:06:15.0781 2644 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/23 18:06:15.0812 2644 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/23 18:06:15.0828 2644 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/23 18:06:15.0843 2644 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/23 18:06:15.0875 2644 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/23 18:06:15.0890 2644 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/23 18:06:15.0906 2644 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/23 18:06:15.0953 2644 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/23 18:06:16.0046 2644 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/23 18:06:16.0125 2644 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/23 18:06:16.0187 2644 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/23 18:06:16.0250 2644 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/23 18:06:16.0281 2644 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/23 18:06:16.0296 2644 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/23 18:06:16.0328 2644 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/06/23 18:06:16.0328 2644 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/23 18:06:16.0328 2644 ================================================================================
2011/06/23 18:06:16.0328 2644 Scan finished
2011/06/23 18:06:16.0328 2644 ================================================================================
2011/06/23 18:06:16.0328 1796 Detected object count: 1
2011/06/23 18:06:16.0328 1796 Actual detected object count: 1
2011/06/23 18:06:31.0125 1796 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/23 18:06:31.0125 1796 \Device\Harddisk0\DR0 - ok
2011/06/23 18:06:31.0125 1796 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/23 18:06:45.0625 4240 Deinitialize success

Thx,
TCee

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:41 AM

Posted 23 June 2011 - 05:56 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

Folder::
c:\documents and settings\LocalService\Application Data\WhiteSmoke
c:\program files\WhiteSmoke

Driver::
nvixes
uylbuiwy
rsassist


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 TCee

TCee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 23 June 2011 - 11:07 PM

Log attached.
No problems except "Found New Hardware" wizard is still appearing.
I did a number of browser searches. I am not getting re-directs.
PC feeling more robust.



ComboFix 11-06-23.01 - user 06/23/2011 23:10:42.2.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2780 [GMT -4:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\user\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\LocalService\Application Data\WhiteSmoke
c:\documents and settings\LocalService\Application Data\WhiteSmoke\stat.log
c:\documents and settings\user\Local Settings\Temp\IadHide5.dll
c:\program files\WhiteSmoke
c:\program files\WhiteSmoke\buy.ico
c:\program files\WhiteSmoke\ComVistaElevator.dll
c:\program files\WhiteSmoke\FloatButtonWhiteApps.txt
c:\program files\WhiteSmoke\FuncServer_WDC_x64.exe
c:\program files\WhiteSmoke\HookDllOE.dll
c:\program files\WhiteSmoke\HookDllOE64.dll
c:\program files\WhiteSmoke\html\english\common\iepngfix\blank.gif
c:\program files\WhiteSmoke\html\english\common\iepngfix\checkerboard.gif
c:\program files\WhiteSmoke\html\english\common\iepngfix\helix.gif
c:\program files\WhiteSmoke\html\english\common\iepngfix\iepngfix.htc
c:\program files\WhiteSmoke\html\english\common\iepngfix\iepngfix.html
c:\program files\WhiteSmoke\html\english\common\iepngfix\opacity.png
c:\program files\WhiteSmoke\html\english\common\js\common.js
c:\program files\WhiteSmoke\html\english\common\js\pngfix.js
c:\program files\WhiteSmoke\html\english\common\js\prototype.js
c:\program files\WhiteSmoke\html\english\common\js\xmlhttp.js
c:\program files\WhiteSmoke\html\english\dictClientDic\dictionary.html
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\ajax-loader.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\corner_bottom_left.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\corner_bottom_right.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\corner_top_left.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\corner_top_right.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\down_arrow.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\input_bg.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\input_bg_old.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\left_input.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\leftSide.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\leftSide2.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\loading_dictionary.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\right_input.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\rightSide.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Background\search_strip_bg3.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\down_arrow.png
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\go_over.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\go_press.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\go_up.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\humanTranslation_press.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\humanTranslation_roll.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\humanTranslation_up.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\moreLang_press.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\moreLang_roll.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\Buttons\moreLang_up.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\img\spacer.gif
c:\program files\WhiteSmoke\html\english\dictClientDic\index.html
c:\program files\WhiteSmoke\html\english\dictClientDic\js\common.js
c:\program files\WhiteSmoke\html\english\dictClientDic\js\Contextmenu.js
c:\program files\WhiteSmoke\html\english\dictClientDic\js\dictInterface.js
c:\program files\WhiteSmoke\html\english\dictClientDic\js\jquery-1.4.2.min.js
c:\program files\WhiteSmoke\html\english\dictClientDic\js\jquery.combobox.js
c:\program files\WhiteSmoke\html\english\dictClientDic\js\jquery.js
c:\program files\WhiteSmoke\html\english\dictClientDic\js\prototype.js
c:\program files\WhiteSmoke\html\english\dictClientDic\js\transInterface.js
c:\program files\WhiteSmoke\html\english\dictClientDic\js\xmlhttp.js
c:\program files\WhiteSmoke\html\english\dictClientDic\style\combobox.css
c:\program files\WhiteSmoke\html\english\dictClientDic\style\Contextmenu.css
c:\program files\WhiteSmoke\html\english\dictClientDic\style\dictionary.css
c:\program files\WhiteSmoke\html\english\dictClientDic\translator.html
c:\program files\WhiteSmoke\html\english\floatingButton\blue-Q-rollover.gif
c:\program files\WhiteSmoke\html\english\floatingButton\blue-rollover.gif
c:\program files\WhiteSmoke\html\english\floatingButton\blue-X-rollover.gif
c:\program files\WhiteSmoke\html\english\floatingButton\blue.gif
c:\program files\WhiteSmoke\html\english\floatingButton\index.html
c:\program files\WhiteSmoke\html\english\floatingButton\red&blue.gif
c:\program files\WhiteSmoke\html\english\floatingButton\Thumbs.db
c:\program files\WhiteSmoke\html\english\floatingButton_howto\img\Background\howto_bg.gif
c:\program files\WhiteSmoke\html\english\floatingButton_howto\img\spacer.gif
c:\program files\WhiteSmoke\html\english\floatingButton_howto\img\Thumbs.db
c:\program files\WhiteSmoke\html\english\floatingButton_howto\index.html
c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix\blank.gif
c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix\checkerboard.gif
c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix\helix.gif
c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix\iepngfix.htc
c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix\iepngfix.html
c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix\opacity.png
c:\program files\WhiteSmoke\html\english\floatingButton_howto\js\index.js
c:\program files\WhiteSmoke\html\english\floatingButton_howto\style\style.css
c:\program files\WhiteSmoke\html\english\gui\img\Background\ajax-loader.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\base_fade_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\blue.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\blue_bg_.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\blue_dark_bg.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\blue_dark_bg_.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\blue_top_bg_.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\bottom_grey_strip.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\buttons_tray_px.p_goldng
c:\program files\WhiteSmoke\html\english\gui\img\Background\buttons_tray_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\caption_bar_re_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\caption_bar_re_over.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\caption_bar_re_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\caption_bottom_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\caption_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\caption_strip_right_corner.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\cascade.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\collapse.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_bl2.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_br2.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_dot.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_menu_bg.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_sub_menu_bg.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_submenu.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_submenu_dis.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_tl2.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\context_tr2.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\Copy of notice_right_top_bg.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\down_arrow.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\dpreloader.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_footer_left.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_footer_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_footer_right.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_header_left.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_header_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_header_right.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\edit_sidefade.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\feather.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\green.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\input_bg.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\inputline_fade_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\left_input.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\leftBottom3.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\leftSide.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\leftSide2.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\leftSide3.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\logo.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\logo.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\logo2.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\main_background.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\main_background_11.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\main_background_old.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\notice_checkbox_checked.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\notice_checkbox_unchecked.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\red.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\red2.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\resize_gripper.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\result_area_top_bg.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\right_input.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\rightBottom.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\rightSide.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\rightSide2.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\rightSide2_11.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\spacer.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\spacer_.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\strike_blue.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\strike_green.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\strike_green2.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\strike_purple.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\strike_red.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_apply_down.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_apply_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_apply_up.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_check_down.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_check_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_check_up.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_left_corner.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\summaryline_right_corner.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\ticket.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\top_grey_strip.gif
c:\program files\WhiteSmoke\html\english\gui\img\Background\topButtonsLeft.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\topButtonsLeft__.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\topButtonsLeft_from_home.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\topButtonsRight.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\topRightBorder.png
c:\program files\WhiteSmoke\html\english\gui\img\Background\wslogo.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\blue.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\bottom_right_corner.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\buttons_tray_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\caption_bar_re_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\caption_bar_re_over.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\caption_bar_re_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\caption_bottom_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\caption_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\caption_strip_right_corner.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\get-full.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\get-full3.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\green.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\help_down.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\help_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\help_up.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\left_input.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\logo.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\logo.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\logo2.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\main_background.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_dictionary_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_dictionary_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_dictionary_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_dictionary_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_templates_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_templates_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_templates_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_templates_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_toolkit_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_toolkit_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_toolkit_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_toolkit_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_translator_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_translator_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_translator_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_translator_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_tutorials_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_tutorials_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_tutorials_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_tutorials_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_writer_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_writer_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_writer_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\menuline_writer_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\red.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\red2.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\right_input.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\sitting_down.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\sitting_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\sitting_up.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\smallclosebutton.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\store_down.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\store_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\store_up.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_apply_down.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_apply_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_apply_up.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_check_down.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_check_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_check_up.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\summaryline_px.png
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\x.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\x.jpg
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\x_hover.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\x_hover_old.gif
c:\program files\WhiteSmoke\html\english\gui\img\Buttons\x_old.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\blue.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\bottom_right_corner.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\buttons_tray_px.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_close_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_close_over.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_close_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_max_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_max_over.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_max_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_re_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_re_over.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bar_re_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_bottom_px.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_px.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\caption_px_11.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\green.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\left_input.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\leftCaptionCorner.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\leftCaptionCorner2.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\logo.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\logo_1.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\logo3.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\logologo2_11.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\main_background.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_dictionary_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_dictionary_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_dictionary_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_dictionary_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_templates_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_templates_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_templates_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_templates_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_toolkit_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_toolkit_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_toolkit_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_toolkit_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_translator_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_translator_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_translator_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_translator_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_tutorials_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_tutorials_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_tutorials_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_tutorials_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_writer_down.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_writer_on.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_writer_roll.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\menuline_writer_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\red.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\red2.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\right_input.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\rightCaptionCorner.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\rightCaptionCorner.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\rightCaptionCorner2.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\rightCaptionCorner3.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\rightCaptionCorner3_11.gif
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\store_down.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\store_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\store_up.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\summaryline_apply_down.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\summaryline_apply_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\summaryline_apply_up.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\summaryline_check_down.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\summaryline_check_roll.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\summaryline_check_up.png
c:\program files\WhiteSmoke\html\english\gui\img\captionbar\summaryline_px.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\addto_disabled.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\addto_hover.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\addto_up.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\definition_disabled.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\definition_hover.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\definition_up.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\enrichment_disabled.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\enrichment_hover.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\enrichment_up.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\explanation_disabled.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\explanation_hover.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\explanation_up.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\grammarexpclosebutton.gif
c:\program files\WhiteSmoke\html\english\gui\img\grammar\howto_disabled.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\howto_hover.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\howto_up.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\search_disabled.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\search_hover.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\search_up.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\thesaurus_disabled.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\thesaurus_hover.png
c:\program files\WhiteSmoke\html\english\gui\img\grammar\thesaurus_up.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\closedy2.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\content-review4.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\dot.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\down-content.gif
c:\program files\WhiteSmoke\html\english\gui\img\review-section\down.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\grade1.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\grade2.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\grade3.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\grade4.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\grade5.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\li-content.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\opencq8.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\report.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\score1.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\score2.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\score3.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\score4.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\score5.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\shadow.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\shadow2.png
c:\program files\WhiteSmoke\html\english\gui\img\review-section\shdow.gif
c:\program files\WhiteSmoke\html\english\gui\img\review-section\shdow_good.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\button_no_down.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\button_no_up.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\button_yes_down.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\button_yes_up.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\caption_bar_close_over.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\ico_analyze.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\ico_complete.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\ico_connection.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\ico_expired.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\loading_window.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\loading_window.swf
c:\program files\WhiteSmoke\html\english\gui\img\screens\myWelcome.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg_bottom.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg_gold.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg_old.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_bg_top.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_captionbar_press.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_captionbar_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_getitnow_press.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_getitnow_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_ok_press.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_ok_press.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_ok_up.gif
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_ok_up.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\screen_ok_up_11.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\welcomeClose_down.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\welcomeClose_over.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\welcomeClose_up.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\welcomeGo_down.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\welcomeGo_over.png
c:\program files\WhiteSmoke\html\english\gui\img\screens\welcomeGo_up.png
c:\program files\WhiteSmoke\html\english\gui\img\spacer.gif
c:\program files\WhiteSmoke\html\english\gui\index.html
c:\program files\WhiteSmoke\html\english\gui\js\appInterface.js
c:\program files\WhiteSmoke\html\english\gui\js\builder.pack.js
c:\program files\WhiteSmoke\html\english\gui\js\common.js
c:\program files\WhiteSmoke\html\english\gui\js\Contextmenu.js
c:\program files\WhiteSmoke\html\english\gui\js\controls.pack.js
c:\program files\WhiteSmoke\html\english\gui\js\dictionaryContextMenu.class.js
c:\program files\WhiteSmoke\html\english\gui\js\dragdrop.pack.js
c:\program files\WhiteSmoke\html\english\gui\js\effects.pack.js
c:\program files\WhiteSmoke\html\english\gui\js\enrichmentContextMenu.class.js
c:\program files\WhiteSmoke\html\english\gui\js\enrichmentsContextMenu.class.js
c:\program files\WhiteSmoke\html\english\gui\js\final.js
c:\program files\WhiteSmoke\html\english\gui\js\gmonitor.js
c:\program files\WhiteSmoke\html\english\gui\js\grammarCache.class.js
c:\program files\WhiteSmoke\html\english\gui\js\grammarContextMenu.class.js
c:\program files\WhiteSmoke\html\english\gui\js\iepngfix\blank.gif
c:\program files\WhiteSmoke\html\english\gui\js\iepngfix\checkerboard.gif
c:\program files\WhiteSmoke\html\english\gui\js\iepngfix\helix.gif
c:\program files\WhiteSmoke\html\english\gui\js\iepngfix\iepngfix.htc
c:\program files\WhiteSmoke\html\english\gui\js\iepngfix\iepngfix.html
c:\program files\WhiteSmoke\html\english\gui\js\iepngfix\opacity.png
c:\program files\WhiteSmoke\html\english\gui\js\iframeTest.js
c:\program files\WhiteSmoke\html\english\gui\js\jqModal.js
c:\program files\WhiteSmoke\html\english\gui\js\jquery-1.2.6.pack.NotUSED.js
c:\program files\WhiteSmoke\html\english\gui\js\jquery-1.3.2.js
c:\program files\WhiteSmoke\html\english\gui\js\jquery-1.3.2.min.js
c:\program files\WhiteSmoke\html\english\gui\js\jquery.ba-throttle-debounce.js
c:\program files\WhiteSmoke\html\english\gui\js\jquery.jeegoocontext.min.js
c:\program files\WhiteSmoke\html\english\gui\js\monitor.js
c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\builder.js
c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\controls.js
c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\dragdrop.js
c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\effects.js
c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\prototype.js
c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\slider.js
c:\program files\WhiteSmoke\html\english\gui\js\NonPackedVersion\sound.js
c:\program files\WhiteSmoke\html\english\gui\js\prototype.pack.js
c:\program files\WhiteSmoke\html\english\gui\js\scriptaculous.js
c:\program files\WhiteSmoke\html\english\gui\js\slider.pack.js
c:\program files\WhiteSmoke\html\english\gui\js\sound.pack.js
c:\program files\WhiteSmoke\html\english\gui\js\spellingContextMenu.class.js
c:\program files\WhiteSmoke\html\english\gui\js\summary.js
c:\program files\WhiteSmoke\html\english\gui\js\supersleight.js
c:\program files\WhiteSmoke\html\english\gui\js\switchcontent.js
c:\program files\WhiteSmoke\html\english\gui\js\tooltip.js
c:\program files\WhiteSmoke\html\english\gui\js\unittest.js
c:\program files\WhiteSmoke\html\english\gui\js\ws_content_manager.js
c:\program files\WhiteSmoke\html\english\gui\js\ws_functions.js
c:\program files\WhiteSmoke\html\english\gui\js\ws_links.js
c:\program files\WhiteSmoke\html\english\gui\js\x.gif
c:\program files\WhiteSmoke\html\english\gui\js\xmlhttp.js
c:\program files\WhiteSmoke\html\english\gui\js\ypSlideOutMenus.js
c:\program files\WhiteSmoke\html\english\gui\js\ypSlideOutMenusContext.js
c:\program files\WhiteSmoke\html\english\gui\style\combobox.css
c:\program files\WhiteSmoke\html\english\gui\style\Contextmenu.css
c:\program files\WhiteSmoke\html\english\gui\style\dictionary.css
c:\program files\WhiteSmoke\html\english\gui\style\enrichment.css
c:\program files\WhiteSmoke\html\english\gui\style\enrichments.css
c:\program files\WhiteSmoke\html\english\gui\style\grammar.css
c:\program files\WhiteSmoke\html\english\gui\style\iframeTest.css
c:\program files\WhiteSmoke\html\english\gui\style\indexnew.css
c:\program files\WhiteSmoke\html\english\gui\style\jeegoo.css
c:\program files\WhiteSmoke\html\english\gui\style\jqModal.css
c:\program files\WhiteSmoke\html\english\gui\style\screens.css
c:\program files\WhiteSmoke\html\english\gui\style\spelling.css
c:\program files\WhiteSmoke\html\english\registration\img\banner.gif
c:\program files\WhiteSmoke\html\english\registration\img\banner.png
c:\program files\WhiteSmoke\html\english\registration\img\captionbar\caption_bar_close_down.gif
c:\program files\WhiteSmoke\html\english\registration\img\captionbar\caption_bar_close_up.gif
c:\program files\WhiteSmoke\html\english\registration\img\captionbar\caption_bar_close_up_over.gif
c:\program files\WhiteSmoke\html\english\registration\img\continue_button_click.gif
c:\program files\WhiteSmoke\html\english\registration\img\continue_button_over.gif
c:\program files\WhiteSmoke\html\english\registration\img\continue_button_up.gif
c:\program files\WhiteSmoke\html\english\registration\img\down.gif
c:\program files\WhiteSmoke\html\english\registration\img\down.png
c:\program files\WhiteSmoke\html\english\registration\img\f2.gif
c:\program files\WhiteSmoke\html\english\registration\index.html
c:\program files\WhiteSmoke\html\english\registration\js\regInterface.js
c:\program files\WhiteSmoke\html\english\registration\style\registration.css
c:\program files\WhiteSmoke\html\english\settings\css\index.css
c:\program files\WhiteSmoke\html\english\settings\img\Background\logo.png
c:\program files\WhiteSmoke\html\english\settings\img\Background\main_bg.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\cancel_disabled.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\cancel_down.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\cancel_over.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\cancel_up.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\save_disabled.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\save_down.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\save_over.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\save_up.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_connection_disabled.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_connection_off.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_connection_on.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_content_disabled.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_content_off.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_content_on.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_general_disabled.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_general_off.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_general_on.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_info_disabled.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_info_off.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_info_on.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_shortcut_disabled.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_shortcut_off.png
c:\program files\WhiteSmoke\html\english\settings\img\Buttons\tab_shortcut_on.png
c:\program files\WhiteSmoke\html\english\settings\img\captionbar\caption_bar_close_down.gif
c:\program files\WhiteSmoke\html\english\settings\img\captionbar\caption_bar_close_over.gif
c:\program files\WhiteSmoke\html\english\settings\img\captionbar\caption_bar_close_up.gif
c:\program files\WhiteSmoke\html\english\settings\index.html
c:\program files\WhiteSmoke\html\english\settings\js\iepngfix\blank.gif
c:\program files\WhiteSmoke\html\english\settings\js\iepngfix\checkerboard.gif
c:\program files\WhiteSmoke\html\english\settings\js\iepngfix\helix.gif
c:\program files\WhiteSmoke\html\english\settings\js\iepngfix\iepngfix.htc
c:\program files\WhiteSmoke\html\english\settings\js\iepngfix\iepngfix.html
c:\program files\WhiteSmoke\html\english\settings\js\iepngfix\opacity.png
c:\program files\WhiteSmoke\html\english\settings\js\settingsInterface.js
c:\program files\WhiteSmoke\html\english\templates\dtree.css
c:\program files\WhiteSmoke\html\english\templates\dtree.js
c:\program files\WhiteSmoke\html\english\templates\General\Apologies\ApologyInnappropriateBehavior.html
c:\program files\WhiteSmoke\html\english\templates\General\Apologies\ApologyUnjustBehavior.html
c:\program files\WhiteSmoke\html\english\templates\General\Community Work\ResignationFromVoluntaryPosition.html
c:\program files\WhiteSmoke\html\english\templates\General\Condolences\LetterOfCondolence.html
c:\program files\WhiteSmoke\html\english\templates\General\Cover Letters\CoverLetter.html
c:\program files\WhiteSmoke\html\english\templates\General\Cover Letters\GrantCoverSheet.html
c:\program files\WhiteSmoke\html\english\templates\General\Family\FamilyNewsUpdate.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\AgreementToCompromiseDebt.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\BankError.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\DebtValidation.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\InvestigationOfBillingInquiry.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\LetterOfCreditGeneral.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\LetterOfCreditIrrevocable.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\LetterOfCreditRevolving.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\LetterOfDispute.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\RemovalOfInadequateInformation.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\ReplyToApplicationForCredit.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\RequestForIncreaseOfCreditLimit.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\ReturningUnsignedCheck.html
c:\program files\WhiteSmoke\html\english\templates\General\Finance\UnauthorizedCreditInquiry.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\AChristmasWish.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\ArrivalOfChristmas.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\BlessingsAtChristmas.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\ChristmasGreetings.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\ChristmasGreetingsMessage.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\ChristmasGreetingsToASpouse.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\ChristmasGreetingsToWorkers.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\ChristmasWishes.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\HappyChristmasGreeting.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\InTheStillOfTheNightChristmasGreeting.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\JoyousOccasion.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\LovePeaceAndJoy.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\MerryChristmasAndHappyNewYear.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Christmas\MerryChristmasToFamily.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Graduation\CongratulationsOnYourGraduation.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Graduation\CongratulationsToTheGraduate.html
c:\program files\WhiteSmoke\html\english\templates\General\Greetings\Graduation\YouHaveGraduated.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Manual\EmployeePerformanceReviewAndPlanningSessions.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Manual\EmploymentApplications.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Manual\HealthRelatedIssues.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Manual\NewEmployeeOrientation.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Manual\TerminationOfEmployment.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Manual\TuitionReimbursementPolicy.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Reference Letters\EmploymentReferenceLetter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Reference Letters\JobReferenceLetter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Reference Letters\LetterOfReference.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Reference Letters\ReferenceLetterByAcquaintance.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Reference Letters\RequestForEmployeeReferenceLetter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employee Reference Letters\VerificationOfEmploymentLetter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests\Letter Requesting Pay Raise.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests\Refusal of Resquest For Raise.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests\Request for Leave of Absence.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests\Request for Letter of Reference.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests\Request for Meeting Regarding Pay Raise.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests\Request for Paid or Unpaid Leave.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests\Request For Salary Increase.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests\Request to Schedule an Interview.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Dismissal and Rejection\Acknowledgment of Job Application.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Dismissal and Rejection\Confirmation of Job Dismissal.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Dismissal and Rejection\Final Warning Before Dismissal.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Dismissal and Rejection\Job Rejection Letter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Dismissal and Rejection\Job Rejection Letter2.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Dismissal and Rejection\Rejection of Job Offer.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Employment Letters\Employment Letter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Employment Letters\Introduction of New Employee.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Employment Letters\Letter for Assistant Professor.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Employment Letters\LetterForTenureTrackAssociateProfessor.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Employment Letters\Offer of Employment.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Employment Letters\Request for Employment Test.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Job Acceptance\Accept or Decline Job Offer.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Job Acceptance\Job Acceptance Letter 2.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Job Acceptance\Job Acceptance Letter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Job Acceptance\Job Offer Acceptance.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Thank You Letters\Thank You Letter After Interview.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Thank You Letters\Thank You to Applicant for Testing.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Resignation Letters\Acceptance of Employee's Resignation.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Resignation Letters\Employee Termination Notice.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Resignation Letters\Job Resignation Letter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Personnel Office\Notice of Decision to Reprimand.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Job Search Cover Letters\Cover Letter Auditor Development Program.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Job Search Cover Letters\Job Application Letter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Job Search Cover Letters\Job Search Cover Letter - Disabled Citizens.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Job Search Cover Letters\Job Search Cover Letter - Software Employment.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Job Search Cover Letters\Law Internship Cover Letter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Job Search Cover Letters\Resume Cover Letter.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Job Search Cover Letters\Resume Cover Letter2.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Letters of Recommendation\Letter of Recommendation.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Accounting Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Administrative Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Banking Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Customer Service Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Database and Application Developer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\End User Trainer and Instructional Designer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Engineering Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Freelance Marcom Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\General CV Format.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Graphic Designer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Healthcare Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Internship Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Java Developer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Management Resume 2.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Management Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Marketing Administrator Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Marketing Director Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Marketing Manager Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Medical Essay Residency Experience.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Medical Resume - Physician.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Medical Resume Partnership in General Practice.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\PowerPoint Designer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Product Delivery Engineer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Sales Representative Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Software QA Engineer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Technical Publication Manager Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Technical Writer.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Web Developer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes\Web Maintainer Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Advertising\Advertising Commitment Form.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Advertising\Art Advertising Flyer.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Advertising\Request for Advertising Rate.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Advertising\Subscriber Letter News Service.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Legal\Assignment of Literary Property.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Promotions\Comments to Author Regarding Book.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Promotions\Introduction of Novel.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Promotions\Letter of Interest to Magazine.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Promotions\Letter of Recommendation.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Promotions\Magazine Review.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Promotions\Promotional Letter Antique Shop.html
c:\program files\WhiteSmoke\html\english\templates\General\Literary\Resumes\Actor Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Personal Matters\Career Change.html
c:\program files\WhiteSmoke\html\english\templates\General\Personal Matters\Letter to a Friend Regarding Change of Job.html
c:\program files\WhiteSmoke\html\english\templates\General\Personal Matters\Sale of Automobile or Other Motor Vehicle.html
c:\program files\WhiteSmoke\html\english\templates\General\Personal Matters\Upset Regarding Loss of Job.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Admissions Essays\Admissions Essay for Entrance to Theater Institute.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Admissions Essays\Essay - Describe Events.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Admissions Essays\Graduate School Literary Essay.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Careers\Career Letter for Accounting Position.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Careers\Career Letter in Journalism.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Personal Correspondence\Compliment Student on Graduation.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Personal Correspondence\Congratulations to High School Graduate.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Personal Correspondence\Personal Letter of Recommendation.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Personal Correspondence\Request for Financial Assistance from Parents.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Resumes\Resume for After-School Job.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Resumes\Student Resume Automotive Service Industry.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Resumes\Student Resume Forestry.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Resumes\Student Resume Wildlife.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\Resumes\Student Resume.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\University Correspondence\Appreciation of Scholarship.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\University Correspondence\Request for Reference.html
c:\program files\WhiteSmoke\html\english\templates\General\Students\University Correspondence\Request for University Application Material.html
c:\program files\WhiteSmoke\html\english\templates\General\Thank You\Letter Thanking Coworker for Support.html
c:\program files\WhiteSmoke\html\english\templates\General\Thank You\Message of Thanks.html
c:\program files\WhiteSmoke\html\english\templates\General\Thank You\Thank You Staff for Emotional Support.html
c:\program files\WhiteSmoke\html\english\templates\General\Well Wishes\Letter of Congratulations.html
c:\program files\WhiteSmoke\html\english\templates\General\Well Wishes\Welcome New Tenants.html
c:\program files\WhiteSmoke\html\english\templates\General\Well Wishes\Wishes for Speedy Recovery.html
c:\program files\WhiteSmoke\html\english\templates\images\jspDrag.gif
c:\program files\WhiteSmoke\html\english\templates\images\jspVerticalBar.gif
c:\program files\WhiteSmoke\html\english\templates\img\apply_over.png
c:\program files\WhiteSmoke\html\english\templates\img\apply_press.png
c:\program files\WhiteSmoke\html\english\templates\img\apply_up.png
c:\program files\WhiteSmoke\html\english\templates\img\atart_arrow.jpg
c:\program files\WhiteSmoke\html\english\templates\img\base.gif
c:\program files\WhiteSmoke\html\english\templates\img\borders.png
c:\program files\WhiteSmoke\html\english\templates\img\borders_good.png
c:\program files\WhiteSmoke\html\english\templates\img\borders2.png
c:\program files\WhiteSmoke\html\english\templates\img\borders3.png
c:\program files\WhiteSmoke\html\english\templates\img\bullet.gif
c:\program files\WhiteSmoke\html\english\templates\img\cd.gif
c:\program files\WhiteSmoke\html\english\templates\img\close.png
c:\program files\WhiteSmoke\html\english\templates\img\close2.png
c:\program files\WhiteSmoke\html\english\templates\img\dirClose.png
c:\program files\WhiteSmoke\html\english\templates\img\dirOpen.png
c:\program files\WhiteSmoke\html\english\templates\img\empty - Copy.gif
c:\program files\WhiteSmoke\html\english\templates\img\empty.gif
c:\program files\WhiteSmoke\html\english\templates\img\empty2.gif
c:\program files\WhiteSmoke\html\english\templates\img\folder.gif
c:\program files\WhiteSmoke\html\english\templates\img\folderopen.gif
c:\program files\WhiteSmoke\html\english\templates\img\globe.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\base.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\cd.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\empty.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\folder.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\folderopen.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\globe.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\imgfolder.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\join.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\joinbottom.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\line.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\minus.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\minusbottom.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\musicfolder.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\nolines_minus.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\nolines_plus.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\page.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\plus.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\plusbottom.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\question.gif
c:\program files\WhiteSmoke\html\english\templates\img\img\trash.gif
c:\program files\WhiteSmoke\html\english\templates\img\imgfolder.gif
c:\program files\WhiteSmoke\html\english\templates\img\join.gif
c:\program files\WhiteSmoke\html\english\templates\img\joinbottom.gif
c:\program files\WhiteSmoke\html\english\templates\img\jspDrag.gif
c:\program files\WhiteSmoke\html\english\templates\img\jspVerticalBar.gif
c:\program files\WhiteSmoke\html\english\templates\img\line.gif
c:\program files\WhiteSmoke\html\english\templates\img\minus.gif
c:\program files\WhiteSmoke\html\english\templates\img\minusbottom.gif
c:\program files\WhiteSmoke\html\english\templates\img\musicfolder.gif
c:\program files\WhiteSmoke\html\english\templates\img\myEmpty.png
c:\program files\WhiteSmoke\html\english\templates\img\neg_bullet.png
c:\program files\WhiteSmoke\html\english\templates\img\nolines_minus.gif
c:\program files\WhiteSmoke\html\english\templates\img\nolines_plus.gif
c:\program files\WhiteSmoke\html\english\templates\img\open.png
c:\program files\WhiteSmoke\html\english\templates\img\open2 - Copy.png
c:\program files\WhiteSmoke\html\english\templates\img\open2.png
c:\program files\WhiteSmoke\html\english\templates\img\p7t_minus.gif
c:\program files\WhiteSmoke\html\english\templates\img\p7t_plus.gif
c:\program files\WhiteSmoke\html\english\templates\img\page.gif
c:\program files\WhiteSmoke\html\english\templates\img\plus.gif
c:\program files\WhiteSmoke\html\english\templates\img\plus_bullet.png
c:\program files\WhiteSmoke\html\english\templates\img\plusbottom.gif
c:\program files\WhiteSmoke\html\english\templates\img\question.gif
c:\program files\WhiteSmoke\html\english\templates\img\top_close.png
c:\program files\WhiteSmoke\html\english\templates\img\top_open.png
c:\program files\WhiteSmoke\html\english\templates\img\trash.gif
c:\program files\WhiteSmoke\html\english\templates\index.html
c:\program files\WhiteSmoke\html\english\templates\js\jquery-1.4.2.min.js
c:\program files\WhiteSmoke\html\english\templates\js\jquery.jscrollpane.min.js
c:\program files\WhiteSmoke\html\english\templates\js\jquery.mousewheel.js
c:\program files\WhiteSmoke\html\english\templates\js\switchcontent.js
c:\program files\WhiteSmoke\html\english\templates\js\templatesInterface.js
c:\program files\WhiteSmoke\html\english\templates\menu.htm
c:\program files\WhiteSmoke\html\english\templates\objects\ebook_js.js
c:\program files\WhiteSmoke\html\english\templates\objects\flashobject.js
c:\program files\WhiteSmoke\html\english\templates\objects\mcl.css
c:\program files\WhiteSmoke\html\english\templates\objects\navigation.js
c:\program files\WhiteSmoke\html\english\templates\objects\p7tm\p7t_minus.gif
c:\program files\WhiteSmoke\html\english\templates\objects\p7tm\p7t_plus.gif
c:\program files\WhiteSmoke\html\english\templates\objects\p7tm\p7tmbasic.css
c:\program files\WhiteSmoke\html\english\templates\objects\p7tm\p7tmscripts.js
c:\program files\WhiteSmoke\html\english\templates\objects\parseURL.js
c:\program files\WhiteSmoke\html\english\templates\objects\utils.js
c:\program files\WhiteSmoke\html\english\templates\objects\wm_cookies.js
c:\program files\WhiteSmoke\html\english\templates\start.html
c:\program files\WhiteSmoke\html\english\templates\style\jquery.jscrollpane.css
c:\program files\WhiteSmoke\html\english\templates\style\style.css
c:\program files\WhiteSmoke\html\english\templates\style\templates.css
c:\program files\WhiteSmoke\html\english\userGuide\css\jquery.jscrollpane.css
c:\program files\WhiteSmoke\html\english\userGuide\css\style - Copy.css
c:\program files\WhiteSmoke\html\english\userGuide\css\style.css
c:\program files\WhiteSmoke\html\english\userGuide\faq.html
c:\program files\WhiteSmoke\html\english\userGuide\images\arr.png
c:\program files\WhiteSmoke\html\english\userGuide\images\arr2.gif
c:\program files\WhiteSmoke\html\english\userGuide\images\bg-good.png
c:\program files\WhiteSmoke\html\english\userGuide\images\bg - Copy.png
c:\program files\WhiteSmoke\html\english\userGuide\images\bg.png
c:\program files\WhiteSmoke\html\english\userGuide\images\boxBlackFix.png
c:\program files\WhiteSmoke\html\english\userGuide\images\buttons.png
c:\program files\WhiteSmoke\html\english\userGuide\images\ConfiguringWhiteSmoke.png
c:\program files\WhiteSmoke\html\english\userGuide\images\correctionssuggestions.png
c:\program files\WhiteSmoke\html\english\userGuide\images\dictionaryTab.png
c:\program files\WhiteSmoke\html\english\userGuide\images\faq.png
c:\program files\WhiteSmoke\html\english\userGuide\images\i.gif
c:\program files\WhiteSmoke\html\english\userGuide\images\I.png
c:\program files\WhiteSmoke\html\english\userGuide\images\jspDrag.gif
c:\program files\WhiteSmoke\html\english\userGuide\images\jspVerticalBar.gif
c:\program files\WhiteSmoke\html\english\userGuide\images\nav.jpg
c:\program files\WhiteSmoke\html\english\userGuide\images\otk.png
c:\program files\WhiteSmoke\html\english\userGuide\images\t.gif
c:\program files\WhiteSmoke\html\english\userGuide\images\TheRight-clickMenu.png
c:\program files\WhiteSmoke\html\english\userGuide\images\TheTemplatesTab.png
c:\program files\WhiteSmoke\html\english\userGuide\images\translatorTab.png
c:\program files\WhiteSmoke\html\english\userGuide\images\WhiteSmokeEmailCheck.png
c:\program files\WhiteSmoke\html\english\userGuide\images\WhiteSmokeOverview.png
c:\program files\WhiteSmoke\html\english\userGuide\images\WriterTab.png
c:\program files\WhiteSmoke\html\english\userGuide\js\jquery-1.4.2.min.js
c:\program files\WhiteSmoke\html\english\userGuide\js\jquery.jscrollpane.min.js
c:\program files\WhiteSmoke\html\english\userGuide\js\jquery.min.js
c:\program files\WhiteSmoke\html\english\userGuide\js\jquery.mousewheel.js
c:\program files\WhiteSmoke\html\english\userGuide\js\userGuide.js
c:\program files\WhiteSmoke\html\english\userGuide\troubleshooting.html
c:\program files\WhiteSmoke\html\english\userGuide\userGuide.html
c:\program files\WhiteSmoke\Microsoft.VC80.CRT.manifest
c:\program files\WhiteSmoke\msvcp80.dll
c:\program files\WhiteSmoke\msvcr80.dll
c:\program files\WhiteSmoke\NotifierWhiteApps.txt
c:\program files\WhiteSmoke\osmax.ocx
c:\program files\WhiteSmoke\osmax64.ocx
c:\program files\WhiteSmoke\secman.dll
c:\program files\WhiteSmoke\secman64.dll
c:\program files\WhiteSmoke\settings.ini
c:\program files\WhiteSmoke\TCCons.dll
c:\program files\WhiteSmoke\TCCons_x64.dll
c:\program files\WhiteSmoke\Uninst.exe
c:\program files\WhiteSmoke\WCapture.dll
c:\program files\WhiteSmoke\WCapture_x64.dll
c:\program files\WhiteSmoke\WCaptureX.dll
c:\program files\WhiteSmoke\WCaptureX_x64.dll
c:\program files\WhiteSmoke\WCustom.dll
c:\program files\WhiteSmoke\WCustom_x64.dll
c:\program files\WhiteSmoke\WhiteSmokeRegistration.exe
c:\program files\WhiteSmoke\WHook.dll
c:\program files\WhiteSmoke\WHook_x64.dll
c:\program files\WhiteSmoke\Writer.ico
c:\program files\WhiteSmoke\WSDictHookDll.dll
c:\program files\WhiteSmoke\WSEngine.dll
c:\program files\WhiteSmoke\WSEnrichment.exe
c:\program files\WhiteSmoke\WSLogger.exe
c:\program files\WhiteSmoke\WSMouseHook.dll
c:\program files\WhiteSmoke\WSTray64.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RSASSIST
-------\Service_nvixes
-------\Service_rsassist
-------\Service_uylbuiwy
.
.
((((((((((((((((((((((((( Files Created from 2011-05-24 to 2011-06-24 )))))))))))))))))))))))))))))))
.
.
2011-06-23 14:04 . 2011-06-21 14:48 2083464 ----a-w- c:\windows\system32\Incinerator32.dll
2011-06-18 16:25 . 2011-06-18 16:25 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-06-12 08:59 . 2011-06-12 08:59 -------- d-----w- c:\program files\Sophos
2011-06-11 18:50 . 2011-06-11 19:48 -------- d-----w- c:\windows\system32\NtmsData
2011-06-10 04:16 . 2011-06-10 04:16 -------- d-----w- c:\documents and settings\user\Application Data\ElevatedDiagnostics
2011-06-09 04:38 . 2011-06-09 04:38 -------- d-----w- c:\program files\OANDA - MetaTrader
2011-06-09 04:31 . 2011-06-17 03:42 -------- d-----w- c:\program files\FXCM MT4 powered by BT
2011-06-09 04:07 . 2011-06-09 04:56 -------- d-----w- c:\program files\IamFX MT4
2011-06-09 04:01 . 2011-06-09 04:02 -------- d-----w- c:\program files\FXJE
2011-06-08 08:32 . 2011-06-08 08:32 74703 ------w- c:\windows\system32\mfc45.dll
2011-06-04 16:36 . 2011-06-04 16:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2011-06-04 14:38 . 2011-06-04 14:38 -------- d-----w- C:\$AVG
2011-06-04 09:32 . 2011-06-04 09:32 -------- d-----w- c:\documents and settings\user\Application Data\EMCO
2011-06-04 03:49 . 2011-06-23 17:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-06-04 03:46 . 2011-06-04 03:46 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\AVG Security Toolbar
2011-06-04 03:35 . 2011-06-04 03:35 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-06-04 03:34 . 2011-06-23 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-06-04 03:33 . 2011-06-04 03:48 -------- d-----w- c:\program files\AVG
2011-06-04 03:27 . 2011-06-23 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-06-04 02:45 . 2011-06-04 02:45 -------- d-----w- c:\documents and settings\Administrator.ADMIN-606EA7806\Local Settings\Application Data\Mozilla
2011-06-02 20:11 . 2011-06-02 20:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Identities
2011-06-02 03:33 . 2011-06-02 03:34 -------- dc-h--w- c:\windows\ie8
2011-06-02 03:21 . 2011-06-02 03:21 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Mozilla
2011-06-01 00:14 . 2011-06-01 00:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2011-05-31 19:47 . 2011-05-31 19:47 -------- d-----w- c:\documents and settings\Default User\Tracing
2011-05-31 17:45 . 2011-05-31 17:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Yahoo
2011-05-31 17:44 . 2011-05-31 23:08 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData
2011-05-31 17:44 . 2011-05-31 17:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-21 15:02 . 2010-11-13 21:37 11776 ----a-w- c:\windows\system32\smrgdf.exe
2011-06-21 15:02 . 2010-11-13 21:37 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2011-06-02 04:16 . 2011-05-15 13:38 404640 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 21:21 . 2011-04-22 22:03 20324664 ------w- c:\program files\ie8-setup-ca-xp.exe
2011-05-24 23:14 . 2011-05-23 01:25 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 12:30 . 2011-05-24 12:30 118784 ------r- c:\windows\bwUnin-7.2.0.137-8876480SL.exe
2011-05-23 13:36 . 2011-05-23 13:37 606104 ------w- c:\program files\unhide.exe
2011-05-22 21:51 . 2011-05-06 14:39 3063136 ------w- c:\program files\ccsetup306.exe
2011-05-22 01:02 . 2011-05-23 01:20 12521992 ------w- c:\program files\Firefox Setup 4.0.1.exe
2011-05-22 00:48 . 2011-05-23 01:21 2923248 ------w- c:\program files\WindowsXP-KB914882-x86-ENU.exe
2011-05-22 00:43 . 2011-05-23 01:21 7866472 ------w- c:\program files\mseinstall.exe
2011-05-21 10:20 . 2011-05-21 10:19 5783784 ------w- c:\program files\gt4setup.exe
2011-05-18 02:35 . 2010-03-27 15:32 4649016 ------w- c:\program files\MT4_set_up.exe
2011-05-02 15:31 . 2008-10-14 23:08 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-14 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-20 02:48 . 2011-04-20 02:49 96200 ------w- c:\windows\system32\drivers\CDAVFS.sys
2011-04-18 00:55 . 2011-04-18 00:55 3050664 ------w- c:\program files\ccsetup305.exe
2011-04-16 00:05 . 2011-04-16 00:05 61450768 ------w- c:\program files\TurboTaxCanada2010_7002_Mar25.exe
2011-04-14 09:07 . 2010-05-06 08:45 472808 ------w- c:\windows\system32\deployJava1.dll
2011-04-14 06:40 . 2009-08-08 14:15 73728 ------w- c:\windows\system32\javacpl.cpl
2011-04-03 05:07 . 2011-02-26 02:47 136051 ------w- c:\program files\uninst.exe
2011-02-23 00:39 . 2011-02-23 00:39 5817944 ------w- c:\program files\fx4setup.exe
2011-02-21 15:03 . 2011-02-06 20:58 5116216 ------w- c:\program files\mt4setup.exe
2011-02-19 02:06 . 2011-02-19 02:06 6021184 ------w- c:\program files\trading-point-mt4-setup.exe
2011-02-19 00:45 . 2011-02-19 00:45 5168392 ------w- c:\program files\tfx4setup.exe
2011-02-18 05:56 . 2011-02-18 05:56 5152539 ------w- c:\program files\tf4setup.exe
2011-01-16 15:07 . 2008-11-12 02:14 20974752 ------w- c:\program files\vectorvestus.exe
2010-12-18 13:45 . 2010-12-18 13:45 2195969 ------w- c:\program files\MegaZipper.exe
2010-11-28 21:49 . 2010-11-28 21:49 712459 ------w- c:\program files\qlock-install.exe
2010-11-27 17:45 . 2010-11-27 17:45 445724 ------w- c:\program files\Crescendo MTF Indicators.exe
2010-11-27 17:44 . 2010-11-27 17:44 481305 ------w- c:\program files\Crescendo_v1_3.exe
2010-11-15 05:22 . 2010-11-15 05:22 18499623 ------w- c:\program files\vlc-1.0.5-win32.exe
2010-11-05 22:29 . 2010-09-19 20:19 5825048 ------w- c:\program files\wfx4setup.exe
2010-10-11 15:47 . 2010-10-11 15:47 1247056 ------w- c:\program files\wlsetup-web.exe
2010-10-11 13:16 . 2010-10-11 13:15 155184736 ------w- c:\program files\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe
2010-10-11 02:08 . 2009-09-21 02:35 3107152 ------w- c:\program files\TeamViewer_Setup.exe
2010-10-06 08:00 . 2010-09-30 01:30 845867 ------w- c:\program files\Cruscotto_v1.exe
2009-12-30 03:46 . 2009-12-30 03:46 4844296 ------w- c:\program files\mbam-setup.exe
2009-12-04 11:56 . 2009-12-04 11:56 27325416 ------w- c:\program files\hp_smart_web_printing.exe
2009-11-30 03:38 . 2009-08-31 00:50 4643080 ------w- c:\program files\fm4setup.exe
2009-11-19 03:56 . 2009-10-09 20:20 139664 ------w- c:\program files\LMT-2.0.exe
2009-09-02 02:44 . 2009-09-02 02:44 64540044 ------w- c:\program files\RavINTFree.exe
2009-08-16 13:45 . 2009-08-16 13:44 714990 ------w- c:\program files\demo_fix.exe
2009-06-28 00:49 . 2009-06-28 00:49 16883056 ------w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2008-11-08 23:26 . 2008-11-08 23:26 4325320 ------w- c:\program files\klcodec425b.exe
2011-04-14 16:26 . 2011-06-04 02:45 142296 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-23_18.05.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-24 03:18 . 2011-06-24 03:18 16384 c:\windows\Temp\Perflib_Perfdata_7c0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2011-05-24 32768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\windows\system32\nwiz.exe" [2007-05-11 1626112]
"MQLDefenderLoader"="c:\program files\MQL Defender\MQLDefenderLoader.exe" [2008-10-24 48856]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 28160]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-28 264040]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"MediaLifeService"="c:\program files\Logitech\MediaLife\MediaLifeService.exe" [2005-05-13 110739]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-11 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-11 8429568]
.
c:\documents and settings\LocalService\Start Menu\Programs\Startup\
Launch WhiteSmoke.lnk - c:\program files\WhiteSmoke\WSEnrichment.exe [N/A]
.
c:\documents and settings\user\Start Menu\Programs\Startup\
qlock.lnk - c:\program files\Qlock\qlock.exe [2006-3-20 4070912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2011-5-24 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-28 450560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\MQLDefender.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0 bsmain
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\1stWORKS\\hotCommCL\\BIN\\HotComm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\{FA0F0A01-4631-4161-A6C2-948BF694382E}\\setup\\hpznui01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Documents and Settings\\user\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
.
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [11/13/2010 5:38 PM 722616]
R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [4/8/2010 4:46 PM 117288]
R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [4/8/2010 4:46 PM 117288]
R2 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [4/8/2010 4:46 PM 154152]
S0 RsNTGDI;RsNTGDI;c:\windows\system32\Drivers\RsNTGdi.sys --> c:\windows\system32\Drivers\RsNTGdi.sys [?]
S1 hookcont;hookcont;c:\windows\system32\drivers\HookCont.sys --> c:\windows\system32\drivers\HookCont.sys [?]
S1 hooksys;hooksys;c:\windows\system32\drivers\HookSys.sys --> c:\windows\system32\drivers\HookSys.sys [?]
S1 MpKsld587f26a;MpKsld587f26a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{020453A7-B915-4730-A4BA-1C2032D4CDBB}\MpKsld587f26a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{020453A7-B915-4730-A4BA-1C2032D4CDBB}\MpKsld587f26a.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/20/2010 10:48 PM 135664]
S3 cpuz135;cpuz135;\??\c:\docume~1\user\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\user\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/20/2010 10:48 PM 135664]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2.tmp --> c:\windows\system32\2.tmp [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 02:48]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 02:48]
.
2011-06-23 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:17]
.
2011-05-11 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ca.yahoo.com/?fr=fp-yie8
uSearchAssistant =
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\dgzseu11.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.ca
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4de9a800&v=7.005.030.004&i=26&tp=ab&iy=&ychte=ca&lng=en-US&q=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-WhiteSmoke - c:\program files\WhiteSmoke\Uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-23 23:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1968)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\windows\system32\nvsvc32.exe
.
**************************************************************************
.
Completion time: 2011-06-23 23:20:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-24 03:20
ComboFix2.txt 2011-06-23 18:09
.
Pre-Run: 467,216,465,920 bytes free
Post-Run: 467,385,257,984 bytes free
.
Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 29ADECD62DF655A376D815512000D71C

Regards,
TCee

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:41 AM

Posted 23 June 2011 - 11:23 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 TCee

TCee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 23 June 2011 - 11:32 PM

Hi:

Here you go:

32 Bit HP CIO Components Installer
6500_E709_eDocs
6500_E709_Help
6500_E709n
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
AVSDK5
Bell Internet Check-up
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CamStudio
CamStudio Lossless Codec v1.4
CCleaner
Cruscotto
Currensys FX Calculator 8.0
Destination Component
DeviceDiscovery
DocMgr
DocProc
EVGA Display Driver
Fax
Forex Crescendo
Forex Harvester v21
Google Update Helper
GPBaseService2
hotComm® CL
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Document Manager 2.0
HP Imaging Device Functions 12.0
HP Officejet 6500 E709 Series
HP Photosmart Essential 3.5
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
iolo technologies' System Mechanic
Java Auto Updater
Java™ 6 Update 20
Java™ 6 Update 25
Java™ 6 Update 7
K-Lite Codec Pack 4.2.5 (Full)
Logitech Desktop Messenger
Logitech SetPoint
MediaLife
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft LifeChat
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 4.0.1 (x86 en-US)
MQL Defender
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Musicmatch® Jukebox
Network
OANDA FXGame
OCR Software by I.R.I.S. 12.0
OpenOffice.org 3.2
PaperPort
ProductContext
Qlock Lite
QuickTax 2009
Realtek High Definition Audio Driver
Rover North TA
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Segoe UI
Skype Toolbars
Skype™ 5.0
SmartWebPrinting
SolutionCenter
Speccy
Status
TeamViewer 5
TELL ME MORE
Toolbox
Trader Workstation
Trader Workstation 4.0
TrayApp
TurboTax 2010
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VLC media player 1.0.5
WebFldrs XP
WebReg
WhiteSmoke
Windows Backup Utility
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Yahoo! Software Update


Regards,
TCee

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:41 AM

Posted 23 June 2011 - 11:44 PM

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Java™ 6 Update 20
Java™ 6 Update 7


and click on remove

Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 TCee

TCee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 24 June 2011 - 07:53 AM

Below is Malwarebytes' log.

I downloaded Hijack This from your link but it wouldn't execute when I double-click. Here is the message I get: "C:\Documents and Settings\User\My Documents\Downloads\Hijack This.msi - invalid menu handle". Note, all my downloads have been going automatically to this file and have worked. I dragged the icon to the desktop and tried to execute there but it goes looking for a file to "Open With...". Is there a different link you can send?

No problems with browser re-directs and computer performance is fast. Still getting Found New Hardware pop-up. When I turned on the PC today, I automatically got a Firefox update to 5.0



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6937

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/24/2011 8:26:01 AM
mbam-log-2011-06-24 (08-26-01).txt

Scan type: Quick scan
Objects scanned: 175135
Time elapsed: 1 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Regards,
TCee

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:41 AM

Posted 24 June 2011 - 07:57 AM

hello

try this - save to desktop - http://www.trendmicro.com/ftp/products/hijackthis/HijackThis.exe
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users