Tech Support Guy banner
Status
Not open for further replies.

c:\windows\system32\geeby.dll

7K views 18 replies 2 participants last post by  jimiiii 
#1 ·
Does anyone know what this is? I keep getting a virus warning from my Norton telling me I am infected with the Vundo Trojan virus n this file, but I cannot find the file. I have searched my computer from the bottom to the top. Norton is no help. It won't let me quarantine or delete the file. When I run their FixVundo program it comes back saying there is no virus to be found. When I called Norton they sent me a really complicated registry fix where I turn off the system restore, follow a path thru the registry looking for a super long number they sent me. It's not there and yet, when I log on the next time their warning window pops up and tells me I'm infected still. I am totally confused as my computer is acting like it does when I've had a virus before...........slow and jerky, you know, like it's painting the windows and maybe a bit confused. But for the life of me I can't seem to locate the little sucker and pin it down.

I've tried all the tricks you guys have taught me in the past to speed up my computer and get it running smoothly again, but nothing seems to work. Any advice/help will be greatly appreciated.

Thanks,
the old Chief
 
#3 ·
Thanks muchly, Jim

Logfile of HijackThis v1.99.1
Scan saved at 4:23:14 PM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Common Files\AOL\1121431195\ee\AOLSoftware.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1121431195\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\CDBurnerXP Pro 3\cdbxp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
c:\program files\common files\aol\1121431195\ee\aolsoftware.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {00a6faf6-072e-44cf-8957-5838f569a31d} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07b18ea1-a523-4961-b6bb-170de4475cca} - blank (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\jkhff.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Burn4Free Toolbar Helper - {F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F} - blank (file missing)
O3 - Toolbar: Burn4Free Toolbar - {70DE7956-479D-4eb7-8641-2B45774C350E} - blank (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1121431195\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk243DHUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resources/1.1.0.31/cab/aolpPlugins.10.1.0.0.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098225166390
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solutions/ie/bridge-c24.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkhff - C:\WINDOWS\system32\jkhff.dll
O20 - Winlogon Notify: pmkjk - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
 
#4 ·
Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning and a list of forums to seek help at.
    it should look like this
    VundoFix V2.15 by Atri
    By pressing enter you agree that you are using this at your own risk
  • At this point press enter one time.
  • Next you will see:
    Type in the filepath as instructed by the forum staff
    Then Press Enter
  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\jkhff.dll
  • Press Enter,
  • Next you will see:
    Please type in the second filepath as instructed by the forum staff
    Then Press Enter,
  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\ffhkj.*
    If you have a script blocker running, you may get a warning about a malicious script. Allow the script to run. It is not malicious.
  • The fix will run then HijackThis will open.
  • In HijackThis, please place a check next to the following items and click FIX CHECKED:

    • O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\jkhff.dll

      O20 - Winlogon Notify: jkhff - C:\WINDOWS\system32\jkhff.dll

      O20 - Winlogon Notify: pmkjk - C:\WINDOWS\

  • After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
  • Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
  • Once your machine reboots please continue with the instructions below.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HijackThis log and the vundofix.txt file from the vundofix folder into this topic.
 
#5 ·
OK, I did what you said and here are the results. I haven't done anything further and will not until I hear from you again------------thank you much, jimi

Logfile of HijackThis v1.99.1
Scan saved at 7:14:17 AM, on 1/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Common Files\AOL\1121431195\ee\AOLSoftware.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPHipm09.exe
c:\program files\common files\aol\1121431195\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {00a6faf6-072e-44cf-8957-5838f569a31d} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Burn4Free Toolbar Helper - {F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F} - blank (file missing)
O3 - Toolbar: Burn4Free Toolbar - {70DE7956-479D-4eb7-8641-2B45774C350E} - blank (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1121431195\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm638YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resources/1.1.0.31/cab/aolpPlugins.10.1.0.0.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098225166390
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solutions/ie/bridge-c24.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
 
#6 ·
results from Activescan:

Incident Status Location Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoestb.dll Potentially unwanted tool:application/mywebsearch Not disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk Potentially unwanted tool:application/mywebsearch Not disinfected C:\WINDOWS\SYSTEM32\f3pssavr.scr Adware:adware/wupd Not disinfected C:\WINDOWS\SYSTEM32\ide21201.vxd Potentially unwanted tool:application/funweb Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.15.inf Potentially unwanted tool:application/winfixer2005 Not disinfected C:\PROGRAM FILES\COMMON FILES\WinSoftware Potentially unwanted tool:application/zango Not disinfected HKEY_CLASSES_ROOT\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} Potentially unwanted tool:application/myway Not disinfected HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Dialer:dialer generic Not disinfected HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443D-B082-284F960C6D17} Adware:adware/dyfuca Not disinfected Windows Registry Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@2o7[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@ad.yieldmanager[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@ads.pointroll[1].txt Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@adultfriendfinder[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@advertising[2].txt Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@ask[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@atdmt[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@burstnet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@casalemedia[2].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@centrport[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@fastclick[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@fortunecity[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@go[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@hitbox[1].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@linksynergy[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@maxserving[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@media.fastclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@realmedia[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@rn11[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@server.iad.liveperson[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@statcounter[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@stats1.reliablestats[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@statse.webtrendslive[1].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@targetnet[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@tribalfusion[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@winfixer[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@zedo[2].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@ad.yieldmanager[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@ads.pointroll[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@adultfriendfinder[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@advertising[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@ask[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@burstnet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@casalemedia[2].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@centrport[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@dist.belnk[2].txt
 
#7 ·
the rest of it............

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@fastclick[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@fortunecity[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@go[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@hitbox[1].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@linksynergy[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@maxserving[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@media.fastclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@realmedia[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@rn11[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@server.iad.liveperson[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@statcounter[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@stats1.reliablestats[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@statse.webtrendslive[1].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@targetnet[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@tribalfusion[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@winfixer[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\vcombs\Cookies\vcombs@zedo[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\vcombs\Desktop\Unused Desktop Shortcuts\VundoFix\VundoFix\process.exe
Possible Virus. Not disinfected C:\Documents and Settings\vcombs\Local Settings\Temp\AolCoach.cab[ACHtmfu.dll]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\vcombs\Local Settings\Temp\Cookies\vcombs@ad.yieldmanager[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\vcombs\Local Settings\Temp\Cookies\vcombs@winfixer[2].txt
Adware:Adware/WUpd Not disinfected C:\Documents and Settings\vcombs\Local Settings\Temp\ICD1.tmp\MediaGatewayX.dll
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Documents and Settings\vcombs\Local Settings\Temporary Internet Files\Content.IE5\S1Y7OLUV\CursorManiaFWBInitialSetup1.0.0.15[1].cab[f3initialsetup1.0.0.15.inf]
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Documents and Settings\vcombs\Local Settings\Temporary Internet Files\Content.IE5\S1Y7OLUV\CursorManiaFWBInitialSetup1.0.0.15[1].cab[f3Setup1.exe]
Possible Virus. Not disinfected C:\Program Files\Common Files\WinSoftware\PrCheck.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\WINDOWS\SYSTEM32\f3pssavr.scr
Virus:Bck/Obot.A Disinfected C:\WINDOWS\SYSTEM32\ssttu.dll
 
#8 ·
Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
 
#9 ·
Logfile of HijackThis v1.99.1
Scan saved at 6:31:38 PM, on 1/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Common Files\AOL\1121431195\ee\AOLSoftware.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\program files\common files\aol\1121431195\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {00a6faf6-072e-44cf-8957-5838f569a31d} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Burn4Free Toolbar Helper - {F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F} - blank (file missing)
O3 - Toolbar: Burn4Free Toolbar - {70DE7956-479D-4eb7-8641-2B45774C350E} - blank (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1121431195\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm638YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resources/1.1.0.31/cab/aolpPlugins.10.1.0.0.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098225166390
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
 
#10 ·
********
5:09 PM: | Start of Session, Tuesday, January 10, 2006 |
5:09 PM: Spy Sweeper started
5:09 PM: Sweep initiated using definitions version 599
5:09 PM: Starting Memory Sweep
5:14 PM: Memory Sweep Complete, Elapsed Time: 00:04:27
5:14 PM: Starting Registry Sweep
5:14 PM: Found Adware: coolsavings
5:14 PM: HKCR\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 106999)
5:14 PM: HKLM\software\classes\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 107005)
5:14 PM: Found Adware: winantispyware 2005
5:14 PM: HKCR\pcheck.pcheck\ (5 subtraces) (ID = 812703)
5:14 PM: HKCR\pcheck.pcheck.1\ (3 subtraces) (ID = 812709)
5:14 PM: HKCR\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\ (14 subtraces) (ID = 812934)
5:14 PM: HKCR\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\ (9 subtraces) (ID = 812960)
5:14 PM: HKLM\software\classes\pcheck.pcheck\ (5 subtraces) (ID = 813205)
5:14 PM: HKLM\software\classes\pcheck.pcheck.1\ (3 subtraces) (ID = 813211)
5:14 PM: HKLM\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\ (14 subtraces) (ID = 813436)
5:14 PM: HKLM\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\ (9 subtraces) (ID = 813462)
5:14 PM: Found Adware: winad
5:14 PM: HKCR\clsid\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\ (6 subtraces) (ID = 815132)
5:14 PM: HKLM\software\classes\clsid\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\ (6 subtraces) (ID = 815145)
5:14 PM: Found Adware: 180search assistant/zango
5:14 PM: HKLM\software\microsoft\code store database\distribution units\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\ (9 subtraces) (ID = 832871)
5:14 PM: Found Adware: virtumonde
5:14 PM: HKCR\atldistrib.atldistrib\ (5 subtraces) (ID = 1030533)
5:14 PM: HKCR\atldistrib.atldistrib\clsid\ (1 subtraces) (ID = 1030535)
5:14 PM: HKCR\atldistrib.atldistrib\curver\ (1 subtraces) (ID = 1030537)
5:14 PM: HKCR\atldistrib.atldistrib.1\ (3 subtraces) (ID = 1030539)
5:14 PM: HKCR\atldistrib.atldistrib.1\clsid\ (1 subtraces) (ID = 1030541)
5:14 PM: HKLM\software\classes\atldistrib.atldistrib\ (5 subtraces) (ID = 1030666)
5:14 PM: HKLM\software\classes\atldistrib.atldistrib\clsid\ (1 subtraces) (ID = 1030668)
5:14 PM: HKLM\software\classes\atldistrib.atldistrib\curver\ (1 subtraces) (ID = 1030670)
5:14 PM: HKLM\software\classes\atldistrib.atldistrib.1\ (3 subtraces) (ID = 1030672)
5:14 PM: HKLM\software\classes\atldistrib.atldistrib.1\clsid\ (1 subtraces) (ID = 1030674)
5:15 PM: Registry Sweep Complete, Elapsed Time:00:00:42
5:15 PM: Starting Cookie Sweep
5:15 PM: Found Spy Cookie: 2o7.net cookie
5:15 PM: vcombs@2o7[2].txt (ID = 1957)
5:15 PM: Found Spy Cookie: yieldmanager cookie
5:15 PM: vcombs@ad.yieldmanager[2].txt (ID = 3751)
5:15 PM: Found Spy Cookie: adknowledge cookie
5:15 PM: vcombs@adknowledge[1].txt (ID = 2072)
5:15 PM: Found Spy Cookie: specificclick.com cookie
5:15 PM: vcombs@adopt.specificclick[1].txt (ID = 3400)
5:15 PM: Found Spy Cookie: adprofile cookie
5:15 PM: vcombs@adprofile[2].txt (ID = 2084)
5:15 PM: Found Spy Cookie: adrevolver cookie
5:15 PM: vcombs@adrevolver[1].txt (ID = 2088)
5:15 PM: Found Spy Cookie: addynamix cookie
5:15 PM: vcombs@ads.addynamix[1].txt (ID = 2062)
5:15 PM: Found Spy Cookie: pointroll cookie
5:15 PM: vcombs@ads.pointroll[2].txt (ID = 3148)
5:15 PM: Found Spy Cookie: adultfriendfinder cookie
5:15 PM: vcombs@adultfriendfinder[2].txt (ID = 2165)
5:15 PM: Found Spy Cookie: advertising cookie
5:15 PM: vcombs@advertising[1].txt (ID = 2175)
5:15 PM: Found Spy Cookie: ask cookie
5:15 PM: vcombs@ask[1].txt (ID = 2245)
5:15 PM: Found Spy Cookie: atlas dmt cookie
5:15 PM: vcombs@atdmt[2].txt (ID = 2253)
5:15 PM: Found Spy Cookie: atwola cookie
5:15 PM: vcombs@atwola[1].txt (ID = 2255)
5:15 PM: Found Spy Cookie: belnk cookie
5:15 PM: vcombs@belnk[1].txt (ID = 2292)
5:15 PM: Found Spy Cookie: burstnet cookie
5:15 PM: vcombs@burstnet[1].txt (ID = 2336)
5:15 PM: Found Spy Cookie: casalemedia cookie
5:15 PM: vcombs@casalemedia[2].txt (ID = 2354)
5:15 PM: vcombs@cbs.112.2o7[1].txt (ID = 1958)
5:15 PM: Found Spy Cookie: centrport net cookie
5:15 PM: vcombs@centrport[1].txt (ID = 2374)
5:15 PM: vcombs@dist.belnk[2].txt (ID = 2293)
5:15 PM: Found Spy Cookie: go.com cookie
5:15 PM: vcombs@espn.go[1].txt (ID = 2729)
5:15 PM: Found Spy Cookie: exitexchange cookie
5:15 PM: vcombs@exitexchange[2].txt (ID = 2633)
5:15 PM: Found Spy Cookie: fastclick cookie
5:15 PM: vcombs@fastclick[1].txt (ID = 2651)
5:15 PM: Found Spy Cookie: fortunecity cookie
5:15 PM: vcombs@fortunecity[1].txt (ID = 2686)
5:15 PM: vcombs@go[2].txt (ID = 2728)
5:15 PM: Found Spy Cookie: linksynergy cookie
5:15 PM: vcombs@linksynergy[1].txt (ID = 2926)
5:15 PM: vcombs@maxim.122.2o7[1].txt (ID = 1958)
5:15 PM: Found Spy Cookie: maxserving cookie
5:15 PM: vcombs@maxserving[2].txt (ID = 2966)
5:15 PM: vcombs@media.fastclick[1].txt (ID = 2652)
5:15 PM: Found Spy Cookie: mywebsearch cookie
5:15 PM: vcombs@mywebsearch[1].txt (ID = 3051)
5:15 PM: Found Spy Cookie: nextag cookie
5:15 PM: vcombs@nextag[2].txt (ID = 5014)
5:15 PM: Found Spy Cookie: questionmarket cookie
5:15 PM: vcombs@questionmarket[1].txt (ID = 3217)
5:15 PM: Found Spy Cookie: realmedia cookie
5:15 PM: vcombs@realmedia[2].txt (ID = 3235)
5:15 PM: Found Spy Cookie: rn11 cookie
5:15 PM: vcombs@rn11[2].txt (ID = 3261)
5:15 PM: vcombs@rsi.espn.go[1].txt (ID = 2729)
5:15 PM: Found Spy Cookie: server.iad.liveperson cookie
5:15 PM: vcombs@server.iad.liveperson[1].txt (ID = 3341)
5:15 PM: Found Spy Cookie: serving-sys cookie
5:15 PM: vcombs@serving-sys[2].txt (ID = 3343)
5:15 PM: vcombs@sports.espn.go[2].txt (ID = 2729)
5:15 PM: Found Spy Cookie: statcounter cookie
5:15 PM: vcombs@statcounter[1].txt (ID = 3447)
5:15 PM: Found Spy Cookie: reliablestats cookie
5:15 PM: vcombs@stats1.reliablestats[2].txt (ID = 3254)
5:15 PM: Found Spy Cookie: webtrendslive cookie
5:15 PM: vcombs@statse.webtrendslive[1].txt (ID = 3667)
5:15 PM: Found Spy Cookie: targetnet cookie
5:15 PM: vcombs@targetnet[1].txt (ID = 3489)
5:15 PM: Found Spy Cookie: coremetrics cookie
5:15 PM: vcombs@test.coremetrics[1].txt (ID = 2472)
5:15 PM: Found Spy Cookie: trafficmp cookie
5:15 PM: vcombs@trafficmp[1].txt (ID = 3581)
5:15 PM: Found Spy Cookie: tribalfusion cookie
5:15 PM: vcombs@tribalfusion[1].txt (ID = 3589)
5:15 PM: Found Spy Cookie: adserver cookie
5:15 PM: vcombs@z1.adserver[1].txt (ID = 2142)
5:15 PM: Found Spy Cookie: zedo cookie
5:15 PM: vcombs@zedo[1].txt (ID = 3762)
5:15 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03
5:15 PM: Starting File Sweep
5:15 PM: c:\program files\common files\winsoftware (1 subtraces) (ID = -2147476682)
5:15 PM: dfd.sys (ID = 162513)
5:18 PM: mediagatewayx.dll (ID = 159757)
5:25 PM: setup.exe (ID = 162517)
5:28 PM: winfixer2005setup.exe (ID = 162518)
5:28 PM: Found Adware: apropos
5:28 PM: wingenerics.dll (ID = 50187)
5:40 PM: Found System Monitor: potentially rootkit-masked files
5:40 PM: 00007f96_439de2a2_000a4083 (ID = 0)
5:40 PM: 00007ff5_439de2a2_000ca2dd (ID = 0)
5:40 PM: 00004d06_43bbfcdd_000a7d8c (ID = 0)
5:40 PM: 00004509_439ddee8_00094c5f (ID = 0)
5:40 PM: 00004d06_439dd736_0000f424 (ID = 0)
5:40 PM: 00000124_439dd532_00094c5f (ID = 0)
5:40 PM: 000039b3_439dd8db_00053ec6 (ID = 0)
5:40 PM: 0000305e_439dd532_000b71b0 (ID = 0)
5:40 PM: 00004db7_439dd736_00057bcf (ID = 0)
5:40 PM: 00002d12_439dd8db_0006ea05 (ID = 0)
5:40 PM: 00003d6c_43b2f208_0001312d (ID = 0)
5:40 PM: 00001649_439dcbf6_000e8b25 (ID = 0)
5:40 PM: 00001238_439ddee8_000a7d8c (ID = 0)
5:40 PM: 00006e5d_439de091_000e4e1c (ID = 0)
5:40 PM: 00007e87_439dd18b_00066ff3 (ID = 0)
5:40 PM: 0000491c_439dd630_000632ea (ID = 0)
5:40 PM: 00000bb3_439dcfeb_000a037a (ID = 0)
5:40 PM: 00005d2b_43984d81_000f0537 (ID = 0)
5:40 PM: 000012e1_439dfadb_0002dc6c (ID = 0)
5:40 PM: 00003a9e_439dee56_00053ec6 (ID = 0)
5:40 PM: 00000120_439de86c_000b34a7 (ID = 0)
5:40 PM: 00007a5a_439dddb1_00090f56 (ID = 0)
5:40 PM: 0000440d_439dd630_0003d090 (ID = 0)
5:40 PM: 00002ea6_439dcfeb_000b71b0 (ID = 0)
5:40 PM: 00003e12_439dec7c_00053ec6 (ID = 0)
5:40 PM: 0000428b_439ddb91_0007de29 (ID = 0)
5:40 PM: 00001547_439dd81f_0001e848 (ID = 0)
5:40 PM: 000054de_439dd81f_0003d090 (ID = 0)
5:40 PM: 0000301c_439de656_0005f5e1 (ID = 0)
5:40 PM: 000026a6_439ddb91_000b34a7 (ID = 0)
5:41 PM: 000063cb_439de1e8_0000f424 (ID = 0)
5:41 PM: 00002213_439de48f_00029f63 (ID = 0)
5:41 PM: 0000767d_439dddb1_000c28cb (ID = 0)
5:41 PM: 00000f3e_439dd3bc_00053ec6 (ID = 0)
5:41 PM: 0000074d_439dd9f7_000ca2dd (ID = 0)
5:41 PM: 00006bfc_439de1ed_00094c5f (ID = 0)
5:41 PM: 0000390c_439dd18b_000f0537 (ID = 0)
5:41 PM: 00004dc8_439dd9f7_000e8b25 (ID = 0)
5:41 PM: 00000099_439dd3bc_000c65d4 (ID = 0)
5:41 PM: 00001ad4_439de092_0007a120 (ID = 0)
5:41 PM: 0000759a_439de86c_000c65d4 (ID = 0)
5:41 PM: 0000260d_439de48f_0004c4b4 (ID = 0)
5:41 PM: 00003b25_439ddf95_0002625a (ID = 0)
5:41 PM: 00000bdb_439de656_0009c671 (ID = 0)
5:41 PM: 0000701f_439ddc84_000ca2dd (ID = 0)
5:41 PM: 00001e1f_439ddf95_000501bd (ID = 0)
5:41 PM: 000001eb_43b6a277_0007270e (ID = 0)
5:41 PM: 0000798b_439dfadb_00057bcf (ID = 0)
5:41 PM: 000012db_439dd0cf_0007270e (ID = 0)
5:41 PM: 00005d03_439ddc84_000e1113 (ID = 0)
5:41 PM: 00001a49_439dec7c_0008583b (ID = 0)
5:41 PM: 0000797d_439dee56_0007a120 (ID = 0)
5:41 PM: 0000357e_43984c62_000baeb9 (ID = 0)
5:41 PM: 0000153c_439dd0cf_000a037a (ID = 0)
5:41 PM: 00004cad_439df17f_000b34a7 (ID = 0)
5:41 PM: 00004ae1_43bff9ad_0005f5e1 (ID = 0)
5:41 PM: 0000314f_439df17f_000c28cb (ID = 0)
5:41 PM: 00004e45_439de3bb_000501bd (ID = 0)
5:41 PM: 00006b36_439debb3_00081b32 (ID = 0)
5:41 PM: 0000323b_439de3bb_00076417 (ID = 0)
5:41 PM: 00006443_439ddaae_0008d24d (ID = 0)
5:41 PM: 000066bb_439ddaae_000baeb9 (ID = 0)
5:41 PM: 00006b89_439de56d_0002dc6c (ID = 0)
5:41 PM: 000013e9_439e04c5_000aba95 (ID = 0)
5:41 PM: dns (ID = 0)
5:41 PM: 00005cfd_439debb3_0009c671 (ID = 0)
5:41 PM: 0000030a_439de56d_0005b8d8 (ID = 0)
5:41 PM: 000058b0_439dfd5c_00053ec6 (ID = 0)
5:41 PM: 00000029_43b2b55f_0005b8d8 (ID = 0)
5:41 PM: 00002350_439de965_0001ab3f (ID = 0)
5:41 PM: 0000440d_43b6a7db_000baeb9 (ID = 0)
5:41 PM: 000022ee_439de965_0002625a (ID = 0)
5:41 PM: 00004080_439e04c6_00003d09 (ID = 0)
5:41 PM: 00003ef6_439df904_000d59f8 (ID = 0)
5:41 PM: 000026ca_439dfd5c_000632ea (ID = 0)
5:41 PM: 000026e9_439dcd9a_00040d99 (ID = 0)
5:41 PM: 00000822_439df905_00003d09 (ID = 0)
5:42 PM: 00000029_43bff943_00007a12 (ID = 0)
5:42 PM: 00003d6c_43bff9ae_0006acfc (ID = 0)
5:42 PM: 00005af1_439dccdf_0005b8d8 (ID = 0)
5:42 PM: 00005f32_439ded73_00022551 (ID = 0)
5:42 PM: 000001eb_439dcd9a_0008d24d (ID = 0)
5:42 PM: 00005f49_439df022_000ca2dd (ID = 0)
5:42 PM: 00003bf6_439ded73_00053ec6 (ID = 0)
5:42 PM: 00000ddc_439df022_000d9701 (ID = 0)
5:42 PM: 00005c67_439e0873_0005b8d8 (ID = 0)
5:42 PM: 00006899_439e032b_000c28cb (ID = 0)
5:42 PM: 00004823_43b2b55f_000baeb9 (ID = 0)
5:42 PM: 0000187e_439e026d_000aba95 (ID = 0)
5:42 PM: 000016c5_439e026d_000d9701 (ID = 0)
5:42 PM: 00003cd6_439e0873_0008583b (ID = 0)
5:42 PM: 000056ae_439de73b_0001e848 (ID = 0)
5:42 PM: 00000732_439de73b_0002dc6c (ID = 0)
5:42 PM: 00005f90_439dcbe0_00000000 (ID = 0)
5:42 PM: 00000029_43b95b22_000ca2dd (ID = 0)
5:42 PM: 00003cd5_439e032c_00000000 (ID = 0)
5:42 PM: 000003fa_43984da1_000c65d4 (ID = 0)
5:42 PM: 00004944_439df34f_000d9701 (ID = 0)
5:42 PM: 00004b40_439deadb_00090f56 (ID = 0)
5:42 PM: 00005878_439deadb_000aba95 (ID = 0)
5:42 PM: 00001649_43b6a1f7_000e8b25 (ID = 0)
5:42 PM: 00002e40_439df350_0001312d (ID = 0)
5:42 PM: 000041bb_439dccdf_000d1cef (ID = 0)
5:42 PM: 00004823_43bff94f_000a037a (ID = 0)
5:42 PM: 000018be_43bff94f_000d9701 (ID = 0)
5:42 PM: 000015a1_439df835_00040d99 (ID = 0)
5:42 PM: 00005422_439df835_0005b8d8 (ID = 0)
5:42 PM: 00006032_439df6ae_000e4e1c (ID = 0)
5:42 PM: 0000366b_439df4f5_000baeb9 (ID = 0)
5:42 PM: 000041bb_43a6cb12_0000f424 (ID = 0)
5:42 PM: 00005e14_439df260_000aba95 (ID = 0)
5:42 PM: 00004df2_439df260_000cdfe6 (ID = 0)
5:42 PM: 00000bb3_43a6ccbf_0007270e (ID = 0)
5:42 PM: 000066c4_439df4f6_0003d090 (ID = 0)
5:42 PM: 00002cd6_43b6a0ec_00031975 (ID = 0)
5:42 PM: 000023c9_439e069d_00089544 (ID = 0)
5:42 PM: 00005db2_439e05cd_000ca2dd (ID = 0)
5:42 PM: 00002cd6_43bff9bf_0000f424 (ID = 0)
5:42 PM: 000072ae_43bff9bf_0005b8d8 (ID = 0)
5:42 PM: 000033ea_439e05ce_00000000 (ID = 0)
5:42 PM: 00002c3b_439df6af_0007a120 (ID = 0)
5:42 PM: 00004230_439df5da_000cdfe6 (ID = 0)
5:42 PM: 0000527f_43984dc1_0008583b (ID = 0)
5:43 PM: 000072ae_43a1f5e2_0008b8ee (ID = 0)
5:43 PM: 00007eb7_439df5db_00053ec6 (ID = 0)
5:43 PM: 00001366_439df411_00081b32 (ID = 0)
5:43 PM: index (ID = 0)
5:43 PM: 000048cc_439e069d_000d9701 (ID = 0)
5:43 PM: 00001cd0_439df411_000aba95 (ID = 0)
5:43 PM: 00000029_43b3ebd3_0008d24d (ID = 0)
5:43 PM: 00005991_439dfa1c_00031975 (ID = 0)
5:43 PM: 0000409d_439dfa1c_0005f5e1 (ID = 0)
5:43 PM: 00005753_439e0776_0009c671 (ID = 0)
5:43 PM: 000060bf_439e0777_000aba95 (ID = 0)
5:43 PM: 00006952_43b6a613_0005f5e1 (ID = 0)
5:43 PM: 00007e87_43b6a64b_00031975 (ID = 0)
5:43 PM: 000072ae_43a569ed_00053ec6 (ID = 0)
5:43 PM: 00007e87_43bd3aa1_00057bcf (ID = 0)
5:43 PM: 00007bb9_439dff55_00066ff3 (ID = 0)
5:43 PM: 0000692c_439e0157_00053ec6 (ID = 0)
5:43 PM: 00001e1f_43bd3b8c_0001ab3f (ID = 0)
5:43 PM: 00005772_439dff55_000bebc2 (ID = 0)
5:43 PM: 00004a80_439e0157_0005f5e1 (ID = 0)
5:43 PM: 0000121f_439dfbe5_000bebc2 (ID = 0)
5:43 PM: 000073da_439dfbe6_00003d09 (ID = 0)
5:43 PM: 00002f14_439e09ea_0006acfc (ID = 0)
5:43 PM: 00004e45_4390b7e5_0003567e (ID = 0)
5:43 PM: 000012db_43b44d78_000e00b4 (ID = 0)
5:43 PM: 0000153c_43b44d79_00028f04 (ID = 0)
5:43 PM: 0000074d_43bd3b2c_000cdfe6 (ID = 0)
5:43 PM: 0000388a_43984f43_0006ea05 (ID = 0)
5:43 PM: 000046a7_43984def_00094c5f (ID = 0)
5:43 PM: 000041bb_43bd3a9c_000f0537 (ID = 0)
5:43 PM: 000072ae_43b44d50_00065f94 (ID = 0)
5:43 PM: 0000305e_438a6ef2_00090f56 (ID = 0)
5:43 PM: 00000e99_43985022_000c28cb (ID = 0)
5:43 PM: 00006952_43b44d50_000ccf87 (ID = 0)
5:43 PM: 00004db7_43bd3ae7_000d1cef (ID = 0)
5:43 PM: 0000491c_43b44dbd_000790c1 (ID = 0)
5:43 PM: 00001649_43b44d51_000d0c90 (ID = 0)
5:43 PM: 0000139d_439e0046_00000000 (ID = 0)
5:43 PM: 00006952_43bd2ba2_000e1113 (ID = 0)
5:43 PM: 00007049_439e0046_00039387 (ID = 0)
5:43 PM: 00000029_43c028ea_000aba95 (ID = 0)
5:43 PM: 00002213_43bd3bd5_000487ab (ID = 0)
5:44 PM: 00006784_43b0ab3a_0002dc6c (ID = 0)
5:44 PM: 00006d73_43984ca2_000d1cef (ID = 0)
5:44 PM: 00000029_43ab2cb3_0008f0da (ID = 0)
5:44 PM: 0000701f_43bd3b55_000a4083 (ID = 0)
5:44 PM: 000043db_43984d42_0003567e (ID = 0)
5:44 PM: 00000732_43bbfe21_00057bcf (ID = 0)
5:44 PM: 000026e9_43a4e068_000f0537 (ID = 0)
5:44 PM: 00003699_439dfe71_0005b8d8 (ID = 0)
5:44 PM: 00005d03_43bbfd06_0002dc6c (ID = 0)
5:44 PM: 00000902_439dfe71_0006acfc (ID = 0)
5:44 PM: 00001246_43984d62_0001e848 (ID = 0)
5:44 PM: 00001bfc_43984ec2_000c28cb (ID = 0)
5:44 PM: 000075ec_43985181_00090f56 (ID = 0)
5:44 PM: 00000786_43984e01_0007270e (ID = 0)
5:44 PM: 00001649_43a6cb10_00081b32 (ID = 0)
5:44 PM: 00004823_43a1f5de_000787c1 (ID = 0)
5:44 PM: 00006df1_43a6cb10_000a7d8c (ID = 0)
5:44 PM: 000042be_43984f03_00076417 (ID = 0)
5:44 PM: 00001649_439a48d8_00022551 (ID = 0)
5:44 PM: 00001649_43a1f5e4_00009dbc (ID = 0)
5:44 PM: 00001927_439852a0_00003d09 (ID = 0)
5:44 PM: 000072ae_438e2f12_000a4083 (ID = 0)
5:44 PM: 00000d9f_43984f23_000a7d8c (ID = 0)
5:44 PM: 00000f3e_43bbfcd4_00094c5f (ID = 0)
5:44 PM: 000015fd_43984f83_00000000 (ID = 0)
5:44 PM: 00003d6c_43a1f5df_000e71c6 (ID = 0)
5:44 PM: 00006784_43bea148_000d59f8 (ID = 0)
5:44 PM: 00002cd6_43a1f5e2_0001cee9 (ID = 0)
5:44 PM: 00007daa_43984e41_0001e848 (ID = 0)
5:44 PM: 00006df1_439dcbf8_0000f424 (ID = 0)
5:44 PM: 000001eb_43a4e07c_0001312d (ID = 0)
5:44 PM: 00002044_439850a1_000cdfe6 (ID = 0)
5:44 PM: 00001fb4_439850c2_0006ea05 (ID = 0)
5:44 PM: ultl1280.sys (ID = 0)
5:44 PM: 00006784_43a569e9_000ca2dd (ID = 0)
5:44 PM: 00001af6_43984fe2_000baeb9 (ID = 0)
5:44 PM: 0000387c_4398535f_00031975 (ID = 0)
5:44 PM: 000063cb_43985121_000ec82e (ID = 0)
5:44 PM: 000064a0_43984c02_0001e848 (ID = 0)
5:44 PM: 00005410_43985141_000b34a7 (ID = 0)
5:44 PM: 00005173_439851c1_0000f424 (ID = 0)
5:44 PM: 000020a8_43984b82_00066ff3 (ID = 0)
5:44 PM: 00004d59_4398533f_000632ea (ID = 0)
5:44 PM: 0000123b_43984c22_0007a120 (ID = 0)
5:44 PM: 00002f0b_43984ea2_00022551 (ID = 0)
 
#11 ·
5:45 PM: 0000007b_43985003_00000000 (ID = 0)
5:45 PM: 00004b40_43bc0000_0001ab3f (ID = 0)
5:45 PM: 00004f66_439850e2_00081b32 (ID = 0)
5:45 PM: 00007833_43985102_00016e36 (ID = 0)
5:45 PM: 00005f67_4398579e_000a037a (ID = 0)
5:45 PM: 000032c1_4398537f_000487ab (ID = 0)
5:45 PM: 00003d6c_43a569eb_00053ec6 (ID = 0)
5:45 PM: 00005ab0_4398545e_00016e36 (ID = 0)
5:45 PM: 00006ad6_439e09ed_0005f5e1 (ID = 0)
5:45 PM: 00003605_439851e0_000f0537 (ID = 0)
5:45 PM: 00006df1_43a1f5e4_0005dc82 (ID = 0)
5:45 PM: 00004bcd_4398539e_000f0537 (ID = 0)
5:45 PM: 00004823_43a83cd3_0003567e (ID = 0)
5:45 PM: 0000328a_43985f7e_0001e848 (ID = 0)
5:45 PM: 00004531_43985200_000aba95 (ID = 0)
5:45 PM: 000036a1_4398483b_000baeb9 (ID = 0)
5:45 PM: 00002cd6_43a569ed_00022551 (ID = 0)
5:45 PM: 000044aa_43985220_000a7d8c (ID = 0)
5:45 PM: 00007a36_43984b42_000d59f8 (ID = 0)
5:45 PM: 000031d8_439852c0_0002dc6c (ID = 0)
5:45 PM: 00000029_439f6e1d_000af79e (ID = 0)
5:45 PM: 000078fe_43984ba2_0005b8d8 (ID = 0)
5:45 PM: 0000248d_4398547d_000d1cef (ID = 0)
5:45 PM: 00001edc_43984b62_00090f56 (ID = 0)
5:45 PM: 000041bb_43a576c8_0003d090 (ID = 0)
5:45 PM: 00003106_43984c43_0000f424 (ID = 0)
5:45 PM: 000004b0_43985280_0001e848 (ID = 0)
5:45 PM: 00007987_439853be_000d59f8 (ID = 0)
5:45 PM: 00004823_43a0b117_0005b8d8 (ID = 0)
5:45 PM: 000001eb_43a21b8b_000c4c75 (ID = 0)
5:45 PM: 00007a5a_43bbfd06_00098968 (ID = 0)
5:45 PM: 000054de_43bbfce3_0003d090 (ID = 0)
5:45 PM: 00000914_439852df_000f0537 (ID = 0)
5:45 PM: 000013f4_439852ff_000aba95 (ID = 0)
5:45 PM: 00000029_43b88642_000d9701 (ID = 0)
5:45 PM: 00003223_439853de_000b71b0 (ID = 0)
5:45 PM: 00004461_43984aa4_000a7d8c (ID = 0)
5:45 PM: 000058c5_43984ac3_0005f5e1 (ID = 0)
5:45 PM: 0000567e_43985f9e_00000000 (ID = 0)
5:45 PM: 000017b8_439853fe_00094c5f (ID = 0)
5:45 PM: 00001649_43a46c72_000d9701 (ID = 0)
5:45 PM: 00000029_43a8f7be_0001312d (ID = 0)
5:46 PM: 000079d1_43982f4c_000d9701 (ID = 0)
5:46 PM: 000071f2_43984bc2_00029f63 (ID = 0)
5:46 PM: 00006952_43ac9970_000ee480 (ID = 0)
5:46 PM: 00001a49_43bc004d_000aba95 (ID = 0)
5:46 PM: 00005718_43985dbe_000c65d4 (ID = 0)
5:46 PM: runsbmon.exe (ID = 0)
5:46 PM: 00005af1_43bbfca0_00057bcf (ID = 0)
5:46 PM: 0000368e_439e3b53_0004c4b4 (ID = 0)
5:46 PM: 00005f32_43bc004e_000c28cb (ID = 0)
5:46 PM: 00003bf6_43bc004e_000d59f8 (ID = 0)
5:46 PM: 00003a9e_43bc004e_000e8b25 (ID = 0)
5:46 PM: 0000797d_43bc004f_0001ab3f (ID = 0)
5:46 PM: 0000196f_43985fbd_000c28cb (ID = 0)
5:46 PM: 00004987_4398541e_000a4083 (ID = 0)
5:46 PM: 00007871_43984be2_00040d99 (ID = 0)
5:46 PM: 000053d3_43985ffd_00076417 (ID = 0)
5:46 PM: 000072b1_4398551c_00090f56 (ID = 0)
5:46 PM: 00006df1_43a46c73_00040d99 (ID = 0)
5:46 PM: 00004823_43b88643_00057bcf (ID = 0)
5:46 PM: 00004823_43b9bd59_0008d24d (ID = 0)
5:46 PM: 0000797d_4389b91b_000f0537 (ID = 0)
5:46 PM: 00000099_43b6a327_0004c4b4 (ID = 0)
5:46 PM: 00004ae1_43b6a0d6_00057bcf (ID = 0)
5:46 PM: 0000440d_43bbfcdb_000af79e (ID = 0)
5:46 PM: 00002ea6_43b6a2ad_0001e848 (ID = 0)
5:46 PM: loccxpnt.exe (ID = 0)
5:46 PM: 0000153c_43bbfcb3_00039387 (ID = 0)
5:46 PM: 000031ad_4398559c_0007a120 (ID = 0)
5:46 PM: 0000428b_43bbfce9_000e4e1c (ID = 0)
5:46 PM: 00002cd6_43bd2b6a_000ec82e (ID = 0)
5:46 PM: 00002d41_4398577e_000c28cb (ID = 0)
5:46 PM: 00006b89_43bbfdd5_0008583b (ID = 0)
5:46 PM: 00002350_43bbfeba_0002625a (ID = 0)
5:46 PM: 00006e7e_43982dd7_0005b8d8 (ID = 0)
5:46 PM: 000011d5_43985d7f_00031975 (ID = 0)
5:46 PM: 00001547_43bbfcde_000f0537 (ID = 0)
5:46 PM: 00007e87_43bbfcbd_000c28cb (ID = 0)
5:46 PM: 00003d6c_438a6ea3_00094c5f (ID = 0)
5:46 PM: 00001e1f_43bbfd48_00000000 (ID = 0)
5:46 PM: 00006df1_439a48d8_00076417 (ID = 0)
5:46 PM: 00003d6c_438c6371_0007de29 (ID = 0)
5:46 PM: 00006b89_43bd3bd7_0001e848 (ID = 0)
5:46 PM: 0000767d_43bbfd07_0000b71b (ID = 0)
5:46 PM: 000053d1_43985e9e_0005b8d8 (ID = 0)
5:46 PM: 00005f90_43ac9972_000ad6e7 (ID = 0)
5:46 PM: 000041bb_43bbfca0_00081b32 (ID = 0)
5:46 PM: 00000099_43bbfcd5_00003d09 (ID = 0)
5:46 PM: 00004823_43c3ca50_00053ec6 (ID = 0)
5:46 PM: 000026e9_43bbfca0_000e1113 (ID = 0)
5:46 PM: 000072ae_43bd2b6b_000c65d4 (ID = 0)
5:47 PM: 00003ee9_43982dd8_000dd40a (ID = 0)
5:47 PM: 00004db7_43b44df4_000bdb63 (ID = 0)
5:47 PM: 000001eb_43bbfca1_0007de29 (ID = 0)
5:47 PM: 00000bb3_43bbfca1_000baeb9 (ID = 0)
5:47 PM: 00004dc8_43bd3b2e_00007a12 (ID = 0)
5:47 PM: 00002ea6_43bbfca1_000d9701 (ID = 0)
5:47 PM: 00005d03_43bd3b5c_000cdfe6 (ID = 0)
5:47 PM: 00004ae1_43c2b014_0002dc6c (ID = 0)
5:47 PM: 0000030a_43bd3bd8_000632ea (ID = 0)
5:47 PM: 00000b93_43985ede_00000000 (ID = 0)
5:47 PM: 0000301c_43bd3bd8_0007270e (ID = 0)
5:47 PM: 000018be_43a0b119_000b71b0 (ID = 0)
5:47 PM: ace.dll (ID = 0)
5:47 PM: 0000153c_43b6a2f7_00031975 (ID = 0)
5:47 PM: 00006e5d_43bbfd5b_0001312d (ID = 0)
5:47 PM: data.bin (ID = 0)
5:47 PM: 00006443_43bd3b2e_00029f63 (ID = 0)
5:47 PM: 00003d6c_4390a5e0_00094c5f (ID = 0)
5:47 PM: 00001547_43bd3afd_000dd40a (ID = 0)
5:47 PM: 00000029_43b6a0d4_00081b32 (ID = 0)
5:47 PM: 00004823_43ac996b_000b50f9 (ID = 0)
5:47 PM: 00004ae1_43c03f58_000501bd (ID = 0)
5:47 PM: 000054de_43bd3aff_0000b71b (ID = 0)
5:47 PM: 000018be_439dcbd6_0002dc6c (ID = 0)
5:47 PM: 00004d06_43b44df4_0007cdca (ID = 0)
5:47 PM: 000001eb_43a6cb80_000a037a (ID = 0)
5:47 PM: 000009b3_43985efd_000c65d4 (ID = 0)
5:47 PM: 00000099_43bd3aa2_000b71b0 (ID = 0)
5:47 PM: 00004823_43bd2b4a_0007a120 (ID = 0)
5:47 PM: 000018be_43bd2b4a_0008d24d (ID = 0)
5:47 PM: 00001649_43bd3a9c_0000f424 (ID = 0)
5:47 PM: 00006784_439dcbd7_0005f5e1 (ID = 0)
5:47 PM: 00006df1_43bd3a9c_00022551 (ID = 0)
5:47 PM: 00000029_43ac996b_00078069 (ID = 0)
5:47 PM: 00004ae1_439dcbd9_0004c4b4 (ID = 0)
5:47 PM: 00005af1_43bd3a9c_000487ab (ID = 0)
5:47 PM: 00000029_43c2a8c8_00076417 (ID = 0)
5:47 PM: 00000bb3_43b44d68_0003fd3a (ID = 0)
5:47 PM: 000039b3_43bd3b0d_000b71b0 (ID = 0)
5:47 PM: 00002d12_43bd3b0e_000dd40a (ID = 0)
5:47 PM: 00007f96_43bd3bac_0008d24d (ID = 0)
5:47 PM: 0000767d_43bd3b78_000d9701 (ID = 0)
5:47 PM: 00000029_43be9416_00081b32 (ID = 0)
5:47 PM: 00004823_43c2a8ca_000501bd (ID = 0)
5:47 PM: 00004509_43bd3b7b_0007a120 (ID = 0)
5:47 PM: 00007ff5_43bd3bbb_0007de29 (ID = 0)
5:47 PM: rdcn87em.exe (ID = 0)
5:47 PM: 00002cd6_439dcbda_00057bcf (ID = 0)
5:47 PM: 00003d6c_43a6cae5_0007de29 (ID = 0)
5:47 PM: 00000029_43b06f86_000a7d8c (ID = 0)
5:47 PM: 00002ea6_438cdd88_000c65d4 (ID = 0)
5:47 PM: 00004ae1_43bbfc61_00094c5f (ID = 0)
5:47 PM: 00004823_43b07060_0002dc6c (ID = 0)
5:48 PM: 00004823_43a8f7c0_0003567e (ID = 0)
5:48 PM: 000018be_43b88643_000d9701 (ID = 0)
5:48 PM: 000072ae_439dcbdc_000d59f8 (ID = 0)
5:48 PM: 00000bb3_43b6a2a6_000af79e (ID = 0)
5:48 PM: 00006784_43a0b11d_000c28cb (ID = 0)
5:48 PM: 000072ae_43a6cae6_00057bcf (ID = 0)
5:48 PM: 00000c95_4398601d_00053ec6 (ID = 0)
5:48 PM: 00001238_43bd3b7b_000baeb9 (ID = 0)
5:48 PM: 000001eb_4389b8a1_0006ea05 (ID = 0)
5:48 PM: 00006784_43bc884c_00053ec6 (ID = 0)
5:48 PM: 00001649_43ac997a_000968b1 (ID = 0)
5:48 PM: 00002753_43985f3e_00044aa2 (ID = 0)
5:48 PM: 00004ae1_43bd2b57_00089544 (ID = 0)
5:48 PM: 00002ea6_438a6ec6_00090f56 (ID = 0)
5:48 PM: 0000390c_43b44d7a_0005e582 (ID = 0)
5:48 PM: 00007e87_43b44d79_000ae73f (ID = 0)
5:48 PM: 00003b25_43bd3b7d_0002dc6c (ID = 0)
5:48 PM: 00005f90_439a48d7_000d9701 (ID = 0)
5:48 PM: 00000124_43bd3aa3_00081b32 (ID = 0)
5:48 PM: 000026e9_43a5770c_00076417 (ID = 0)
5:48 PM: 0000428b_43bd3b2f_000af79e (ID = 0)
5:48 PM: 000039b3_43bbfce6_0000f424 (ID = 0)
5:48 PM: 00006bfc_43bd3b8e_00031975 (ID = 0)
5:48 PM: 000072ae_43b6a0ed_000d59f8 (ID = 0)
5:48 PM: 00001649_43bff9c0_000baeb9 (ID = 0)
5:48 PM: 00000f3e_43b6a326_000c65d4 (ID = 0)
5:48 PM: 00000bb3_4389b8a1_000ca2dd (ID = 0)
5:48 PM: 0000305e_43bd3aa3_00094c5f (ID = 0)
5:48 PM: 00000124_43b6a79e_00076417 (ID = 0)
5:48 PM: 00003d6c_43b44d2d_000a6d2d (ID = 0)
5:48 PM: 0000305e_43b6a7a4_000d59f8 (ID = 0)
5:48 PM: 000066bb_43bbfce8_0006ea05 (ID = 0)
5:48 PM: 00002d12_43bbfce6_00039387 (ID = 0)
5:48 PM: 0000074d_43bbfce6_0007de29 (ID = 0)
5:48 PM: 00003d6c_43bbfc63_0004c4b4 (ID = 0)
5:48 PM: 00004509_43bbfd25_00053ec6 (ID = 0)
5:48 PM: 00001238_43bbfd25_0007de29 (ID = 0)
5:48 PM: 0000301c_43bbfdd5_000d59f8 (ID = 0)
5:48 PM: 0000390c_43b6a64f_000e4e1c (ID = 0)
5:48 PM: 00004823_43b6a0d4_000ec82e (ID = 0)
5:48 PM: 00006df1_43bff9c4_00039387 (ID = 0)
5:48 PM: 00004ae1_43935941_000af79e (ID = 0)
5:48 PM: 00004e45_43bd3bbe_000c65d4 (ID = 0)
5:48 PM: 000026a6_43bd3b32_00031975 (ID = 0)
5:48 PM: 00000bb3_43bd3aa0_0002625a (ID = 0)
5:49 PM: 00002cd6_43a6cae5_000c28cb (ID = 0)
5:49 PM: 00005af1_438a6eb3_00000000 (ID = 0)
5:49 PM: 000072ae_438c6373_00003d09 (ID = 0)
5:49 PM: 00006952_438c6373_000aba95 (ID = 0)
5:49 PM: 00000029_43c3b181_000d59f8 (ID = 0)
5:49 PM: 00006952_43a6cae6_0007270e (ID = 0)
5:49 PM: 000056ae_43bbfdf5_000a4083 (ID = 0)
5:49 PM: 00006952_43b6a104_0005b8d8 (ID = 0)
5:49 PM: 000018be_43b6a60c_0008d24d (ID = 0)
5:49 PM: 000063cb_43bd3b8e_00007a12 (ID = 0)
5:49 PM: 00000bdb_43bd3be9_000a4083 (ID = 0)
5:49 PM: 00003b25_43bbfd26_00007a12 (ID = 0)
5:49 PM: 0000440d_43b44d9a_000ccf87 (ID = 0)
5:49 PM: 00006784_4389b646_00007a12 (ID = 0)
5:49 PM: 000018be_43b0aaf5_000487ab (ID = 0)
5:49 PM: 00006784_43b6a60c_000dd40a (ID = 0)
5:49 PM: 00003d6c_43bc96bc_000c65d4 (ID = 0)
5:49 PM: 00006952_43b88772_000d1cef (ID = 0)
5:49 PM: 00006784_43b6a0d5_000d1cef (ID = 0)
5:49 PM: 00006784_43ac996c_00018a88 (ID = 0)
5:49 PM: 00004ae1_43b6a60d_000ca2dd (ID = 0)
5:49 PM: 00004ae1_43c43e18_000f0537 (ID = 0)
5:49 PM: 00000029_43c01873_00040d99 (ID = 0)
5:49 PM: 0000323b_43bd3bbf_0001e848 (ID = 0)
5:49 PM: 0000440d_43bd3aa4_00022551 (ID = 0)
5:50 PM: 00000029_43bd2b2a_00053ec6 (ID = 0)
5:50 PM: 00001547_438a6f15_00029f63 (ID = 0)
5:50 PM: 0000153c_43bd3aa1_0003d090 (ID = 0)
5:50 PM: 000026a6_43bbfcea_0007de29 (ID = 0)
5:50 PM: 00000120_43bbfeb3_000c28cb (ID = 0)
5:50 PM: 0000390c_43bd3aa1_000baeb9 (ID = 0)
5:50 PM: 00000f3e_43b44d83_0006228b (ID = 0)
5:50 PM: 00004823_43c037a6_00044aa2 (ID = 0)
5:50 PM: 00003d6c_43a46c02_000e1113 (ID = 0)
5:50 PM: 00005af1_439a48d9_0004c4b4 (ID = 0)
5:50 PM: 00000099_43b44d83_000b9e5a (ID = 0)
5:50 PM: 000072ae_43b6a613_0004c4b4 (ID = 0)
5:50 PM: 00004823_43b6b94b_00066ff3 (ID = 0)
5:50 PM: 00006784_43c43e12_000ec82e (ID = 0)
5:50 PM: 00001649_43b6a614_00039387 (ID = 0)
5:50 PM: 00000bdb_43bbfdd5_000e8b25 (ID = 0)
5:50 PM: 00006df1_43b6a614_00044aa2 (ID = 0)
5:50 PM: 000072ae_43c31b3d_00090f56 (ID = 0)
5:50 PM: 00006df1_43c32544_00000000 (ID = 0)
5:50 PM: 00004ae1_43b88644_000e4e1c (ID = 0)
5:50 PM: 000018be_43c037ab_000bebc2 (ID = 0)
5:50 PM: 00000124_43b44d8a_0004774c (ID = 0)
5:50 PM: 00000f3e_43bd3aa2_00031975 (ID = 0)
5:50 PM: 00005f90_43b6a1f7_000aba95 (ID = 0)
5:50 PM: 00000029_43b6b945_000cdfe6 (ID = 0)
5:50 PM: 00006df1_43bbfc81_000e4e1c (ID = 0)
5:50 PM: 00003d6c_43bd2b68_000a037a (ID = 0)
5:50 PM: 00005af1_43b6a1f8_000a4083 (ID = 0)
5:50 PM: 00005af1_43c32545_00007a12 (ID = 0)
5:50 PM: 0000305e_43b44d92_00056b70 (ID = 0)
5:50 PM: 00001649_43c31b56_000aba95 (ID = 0)
5:50 PM: 00006784_43a1f5df_000154d7 (ID = 0)
5:50 PM: 00006952_43a569ef_000a037a (ID = 0)
5:50 PM: 00005f90_43a1f5e3_00087be5 (ID = 0)
5:50 PM: 000018be_43ac996b_000e2d65 (ID = 0)
5:50 PM: 00003d6c_43bea14a_0007270e (ID = 0)
5:50 PM: 00001c75_43984c40_00094c5f (ID = 0)
5:50 PM: ai_04-01-2006.log (ID = 0)
5:50 PM: ai_06-01-2006.log (ID = 0)
5:50 PM: ai_05-01-2006.log (ID = 0)
5:50 PM: 00006784_43b2b55f_000f0537 (ID = 0)
5:50 PM: 000018be_43b2b55f_000d9701 (ID = 0)
5:50 PM: 00004ae1_43b2b561_0007270e (ID = 0)
5:50 PM: 000054be_43984d00_0009c671 (ID = 0)
5:51 PM: 0000008c_43984c60_000ec82e (ID = 0)
5:51 PM: ai_10-01-2006.log (ID = 0)
5:51 PM: 00005478_43984ca0_000ec82e (ID = 0)
5:51 PM: 00000a87_43984c80_000b71b0 (ID = 0)
5:51 PM: ai_08-01-2006.log (ID = 0)
5:51 PM: 000018be_43a83ea5_00089544 (ID = 0)
5:51 PM: ai_07-01-2006.log (ID = 0)
5:51 PM: 00004823_43b6a60b_00044aa2 (ID = 0)
5:51 PM: 00000fbf_439e09ea_0003d090 (ID = 0)
5:51 PM: 000048e6_439851df_0000b71b (ID = 0)
5:51 PM: 0000422d_439e09ed_000c65d4 (ID = 0)
5:51 PM: 0000047e_439e09ed_00090f56 (ID = 0)
5:51 PM: 00004823_43a3166a_0001312d (ID = 0)
5:51 PM: 00000029_43a44fe2_0001e848 (ID = 0)
5:51 PM: 00007954_43984dff_00053ec6 (ID = 0)
5:51 PM: 00000029_43a569e8_00003d09 (ID = 0)
5:51 PM: 0000084d_43984cc0_000ca2dd (ID = 0)
5:51 PM: ai_09-01-2006.log (ID = 0)
5:51 PM: 000018be_43a8f7f4_0007de29 (ID = 0)
5:51 PM: 00004823_43bc8847_000af79e (ID = 0)
5:51 PM: 000067d0_43984ce0_0008d24d (ID = 0)
5:51 PM: 00005841_43984d80_0001e848 (ID = 0)
5:51 PM: 00005882_43984d20_000632ea (ID = 0)
5:51 PM: 000066be_43984d40_0002625a (ID = 0)
5:51 PM: 000057c2_43984d60_0002dc6c (ID = 0)
5:51 PM: 00004823_43c01875_000501bd (ID = 0)
5:51 PM: 00005f90_43a56a0c_000c28cb (ID = 0)
5:51 PM: 00000af0_43984deb_00022551 (ID = 0)
5:51 PM: 00004823_43a569e8_00098968 (ID = 0)
5:51 PM: 0000638c_43984d9f_000e8b25 (ID = 0)
5:51 PM: 000018be_43a569e9_00007a12 (ID = 0)
5:51 PM: 00006f30_43984dbf_000bebc2 (ID = 0)
5:51 PM: 00004ae1_43a569ea_00039387 (ID = 0)
5:51 PM: 00005a70_43984ddf_0007de29 (ID = 0)
5:51 PM: 00004f5b_43984e5f_0002625a (ID = 0)
5:51 PM: 00007613_43984e9f_00044aa2 (ID = 0)
5:51 PM: 0000038f_43985f1b_000d1cef (ID = 0)
5:51 PM: 00002332_43984e1f_00076417 (ID = 0)
5:51 PM: 00006784_43c03f57_00044aa2 (ID = 0)
5:51 PM: 00006784_43a8f825_00057bcf (ID = 0)
5:51 PM: 00001295_43984e3f_00044aa2 (ID = 0)
5:51 PM: 00002568_43984e7f_0006ea05 (ID = 0)
5:51 PM: 0000183a_439850bf_000ca2dd (ID = 0)
5:51 PM: 000058e6_43984ec0_00022551 (ID = 0)
5:51 PM: 00001649_43a56a0c_000d59f8 (ID = 0)
5:51 PM: 00006df1_43a56a19_0005b8d8 (ID = 0)
5:51 PM: 00000a41_43984f61_00066ff3 (ID = 0)
5:51 PM: 000013f5_43984ee0_000b71b0 (ID = 0)
5:51 PM: 00000bb3_43a4e07c_000c28cb (ID = 0)
5:51 PM: 00001eca_43984f01_000a037a (ID = 0)
5:51 PM: 00006784_43bd2b4f_000af79e (ID = 0)
5:51 PM: 0000737d_43984f21_00076417 (ID = 0)
5:51 PM: 00007389_43984f41_000a037a (ID = 0)
5:51 PM: 00005af1_43a56d6f_000e1113 (ID = 0)
5:52 PM: 00006f68_43984fe0_000e4e1c (ID = 0)
5:52 PM: 0000641b_43984f81_00039387 (ID = 0)
5:52 PM: 00007cb8_43984fa1_00000000 (ID = 0)
5:52 PM: 0000634f_43984fc1_00029f63 (ID = 0)
5:52 PM: 000033cd_43985040_000b71b0 (ID = 0)
5:52 PM: 00003a72_43985000_000b34a7 (ID = 0)
5:52 PM: 00006014_43985020_000f0537 (ID = 0)
5:52 PM: 000027d3_43985060_00098968 (ID = 0)
5:52 PM: 00007f0d_43985080_00053ec6 (ID = 0)
5:52 PM: 000004f0_439850a0_0000f424 (ID = 0)
5:52 PM: 000052a1_4398513f_000e1113 (ID = 0)
5:52 PM: 000013a6_439850e0_00076417 (ID = 0)
5:52 PM: 00007153_43985100_00044aa2 (ID = 0)
5:52 PM: 0000190b_43985120_00016e36 (ID = 0)
5:52 PM: 0000134c_439851bf_000501bd (ID = 0)
5:52 PM: 0000745e_4398515f_000aba95 (ID = 0)
5:52 PM: 00004ae1_43bc93d2_0006ea05 (ID = 0)
5:52 PM: 000018be_43c2a8d0_000ec82e (ID = 0)
5:52 PM: 00006784_43c2a8d1_000d9701 (ID = 0)
5:52 PM: 00003a4c_4398517f_000b34a7 (ID = 0)
5:52 PM: 00005503_4398519f_0008d24d (ID = 0)
5:52 PM: 00004a0e_4398521e_000a4083 (ID = 0)
5:52 PM: 00005f90_43c31b55_0001312d (ID = 0)
5:52 PM: 000078b4_439851fe_000e8b25 (ID = 0)
5:52 PM: 000065ca_4398529e_0001ab3f (ID = 0)
5:52 PM: 000020ad_4398523e_000a4083 (ID = 0)
5:52 PM: 000032cf_4398525e_00081b32 (ID = 0)
5:52 PM: 00002cd5_4398527e_0004c4b4 (ID = 0)
5:52 PM: 00005279_4398531d_000a7d8c (ID = 0)
5:52 PM: 000008ff_439852be_00007a12 (ID = 0)
5:52 PM: 00004b9d_439852de_00029f63 (ID = 0)
5:52 PM: 0000194d_439852fd_000ec82e (ID = 0)
5:52 PM: 00006af8_4398539d_0003d090 (ID = 0)
5:52 PM: 00003a27_4398533d_0008583b (ID = 0)
5:52 PM: 00005942_4398535d_0005b8d8 (ID = 0)
5:52 PM: 00006df1_43b6a1f8_00029f63 (ID = 0)
5:52 PM: 0000579c_4398537d_0002dc6c (ID = 0)
5:52 PM: 0000390c_43b6a326_000501bd (ID = 0)
5:52 PM: 0000198c_439853bc_000ec82e (ID = 0)
5:52 PM: 00007020_439853dc_000d1cef (ID = 0)
5:52 PM: 00007e64_439853fc_000baeb9 (ID = 0)
5:52 PM: 0000065a_4398547c_0000f424 (ID = 0)
5:52 PM: 000072a6_4398541c_0008d24d (ID = 0)
5:52 PM: 00003895_4398543c_0009c671 (ID = 0)
5:52 PM: 0000504c_4398545c_00057bcf (ID = 0)
5:52 PM: 000041bb_43b6a1f8_000c28cb (ID = 0)
5:52 PM: 00005ae7_439854fb_00022551 (ID = 0)
5:52 PM: 000026e9_43b6a1f8_000d59f8 (ID = 0)
5:52 PM: 0000214e_4398549b_000dd40a (ID = 0)
5:53 PM: 0000342d_439854bb_000a037a (ID = 0)
5:53 PM: 00007299_439854db_0005f5e1 (ID = 0)
5:53 PM: 000073b1_4398557a_00031975 (ID = 0)
5:53 PM: 00005f90_43b44d50_000e3dbd (ID = 0)
5:53 PM: 00005d3d_4398551a_000d1cef (ID = 0)
5:53 PM: 00003260_4398553a_0008d24d (ID = 0)
5:53 PM: 000041bb_43bff9f0_000a4083 (ID = 0)
5:53 PM: 000032de_4398555a_0005f5e1 (ID = 0)
5:53 PM: 00002780_4398559a_000501bd (ID = 0)
5:53 PM: 00004908_4398577c_0004c4b4 (ID = 0)
5:53 PM: 00005de9_4398579c_000b34a7 (ID = 0)
5:53 PM: 00005e41_439857bc_000bebc2 (ID = 0)
5:53 PM: 0000749f_43985ddc_000c65d4 (ID = 0)
5:53 PM: 00005ea5_43985d7c_000baeb9 (ID = 0)
5:53 PM: 0000199f_43985d9d_00016e36 (ID = 0)
5:53 PM: 000022e4_43985dbc_000e4e1c (ID = 0)
5:53 PM: 00005f90_43bd3a9b_00089544 (ID = 0)
5:53 PM: 00007426_43985e5c_0007a120 (ID = 0)
5:53 PM: 00002f15_43985dfd_0000b71b (ID = 0)
5:53 PM: 000026e9_43bd3a9e_000b34a7 (ID = 0)
5:53 PM: 000001eb_43bd3a9f_00007a12 (ID = 0)
5:53 PM: 00002ea6_43bd3aa0_0006ea05 (ID = 0)
5:53 PM: 000012db_43bd3aa0_00098968 (ID = 0)
5:53 PM: 0000260d_43bd3bd5_000632ea (ID = 0)
5:53 PM: 00004242_43985e1c_000c28cb (ID = 0)
5:53 PM: 00000e00_43985e3c_00094c5f (ID = 0)
5:53 PM: 00005804_43985edc_0002625a (ID = 0)
5:53 PM: 000019fe_43985e7c_0003d090 (ID = 0)
5:53 PM: 0000424c_43985e9c_00057bcf (ID = 0)
5:53 PM: 00003821_43985ebc_0005b8d8 (ID = 0)
5:53 PM: 000054de_43b44df5_0004f15e (ID = 0)
5:53 PM: 00001547_43b44df5_0003461f (ID = 0)
5:53 PM: 000039b3_43b44df6_00052e67 (ID = 0)
5:53 PM: 00000a2f_43985efc_00000000 (ID = 0)
5:53 PM: 00004d06_43bd3ad9_000ec82e (ID = 0)
5:53 PM: 0000491c_43bd3aca_000ec82e (ID = 0)
5:53 PM: 00007a5a_43bd3b6e_00000000 (ID = 0)
5:53 PM: 000012e1_4394906e_0001ab3f (ID = 0)
5:53 PM: 00002d73_43985f3b_000e8b25 (ID = 0)
5:53 PM: 00005cca_43985fbb_000ec82e (ID = 0)
5:53 PM: 00005940_43985f5c_00044aa2 (ID = 0)
5:53 PM: 00001243_43985f7c_0003d090 (ID = 0)
5:53 PM: 000066bb_43bd3b2f_00029f63 (ID = 0)
5:53 PM: 000008af_43985f9c_0001e848 (ID = 0)
5:53 PM: 000018be_4391b54b_00098968 (ID = 0)
5:53 PM: 000058d5_43985fdb_000bebc2 (ID = 0)
5:53 PM: 000045ce_4398603b_0004c4b4 (ID = 0)
5:53 PM: 00006e5d_43bd3b8d_00066ff3 (ID = 0)
5:53 PM: 00001ad4_43bd3b8d_000aba95 (ID = 0)
5:54 PM: 00004ecf_43985ffb_000a7d8c (ID = 0)
5:54 PM: 000045a1_4398601b_0006ea05 (ID = 0)
5:54 PM: 00000732_43bd3bef_0002dc6c (ID = 0)
5:54 PM: 000056ae_43bd3bea_00003d09 (ID = 0)
5:54 PM: 00000120_43bd3bef_0003d090 (ID = 0)
5:54 PM: 00004823_43be9417_0004c4b4 (ID = 0)
5:54 PM: 000018be_43be941c_0007de29 (ID = 0)
5:54 PM: 00000124_43bbfcd5_000f0537 (ID = 0)
5:54 PM: 00007e87_43b6a2fa_000f0537 (ID = 0)
5:54 PM: 00005f90_43a46c48_00003d09 (ID = 0)
5:54 PM: 00004ae1_43a46bfd_000cdfe6 (ID = 0)
5:54 PM: 00000099_43b6a79e_00040d99 (ID = 0)
5:54 PM: 00000029_43a1f5dd_000c897e (ID = 0)
5:54 PM: 00000029_43a01832_000aba95 (ID = 0)
5:54 PM: 00004ae1_43bea149_000dd40a (ID = 0)
5:54 PM: 00006952_43bff9c0_00039387 (ID = 0)
5:54 PM: 000072ae_43b88771_00098968 (ID = 0)
5:54 PM: 00006784_43b9e77c_000b34a7 (ID = 0)
5:54 PM: 00006784_43bff956_0006ea05 (ID = 0)
5:54 PM: 00005f90_43bff9c0_0005f5e1 (ID = 0)
5:54 PM: 00005af1_43bff9c6_00029f63 (ID = 0)
5:54 PM: 0000314f_4389b91d_0002dc6c (ID = 0)
5:54 PM: 00000029_43b13279_000baeb9 (ID = 0)
5:54 PM: 00000029_43c3ca4d_000baeb9 (ID = 0)
5:54 PM: 00004ae1_43b9e788_0005b8d8 (ID = 0)
5:54 PM: 00002cd6_43b88664_000d59f8 (ID = 0)
5:54 PM: 00005f90_43b8889e_000cdfe6 (ID = 0)
5:54 PM: 00006784_43b88643_000e8b25 (ID = 0)
5:54 PM: 00003d6c_43b88646_000632ea (ID = 0)
5:54 PM: 00001649_43b888a1_00031975 (ID = 0)
5:54 PM: 00000029_439dcbd4_00053ec6 (ID = 0)
5:54 PM: 000026e9_438a6ec5_000dd40a (ID = 0)
5:54 PM: 00004823_439dcbd5_0007270e (ID = 0)
5:54 PM: 00003d6c_439dcbd9_00066ff3 (ID = 0)
5:54 PM: 00006952_439dcbdf_000a7d8c (ID = 0)
5:54 PM: 00006df1_43908dc6_000a4083 (ID = 0)
5:54 PM: 00005af1_43a6cb10_000e8b25 (ID = 0)
5:54 PM: 000026e9_43a6cb65_0008d24d (ID = 0)
5:54 PM: 00004d06_438a6ef2_000c65d4 (ID = 0)
5:55 PM: 000072ae_439a48d7_00089544 (ID = 0)
5:55 PM: 00000029_4390cfd7_00003d09 (ID = 0)
5:55 PM: 00002ea6_439a48dc_000aba95 (ID = 0)
5:55 PM: 000018be_43b9bd5b_000d9701 (ID = 0)
5:55 PM: 00006952_43a1f5e3_0000dac5 (ID = 0)
5:55 PM: 000018be_43a1f5de_000b1b48 (ID = 0)
5:55 PM: 00005af1_43a1f710_000191e0 (ID = 0)
5:55 PM: 00004ae1_43a1f5df_0006939d (ID = 0)
5:55 PM: 000041bb_43a1fa96_0003f43a (ID = 0)
5:55 PM: 000026e9_43a1fe1c_0008f5f7 (ID = 0)
5:55 PM: 00000029_43a31668_000a7d8c (ID = 0)
5:55 PM: 000018be_43a3166a_00031975 (ID = 0)
5:55 PM: 00007e87_438cdd89_00094c5f (ID = 0)
5:55 PM: 000018be_43bbfc57_000af79e (ID = 0)
5:55 PM: 00004ae1_43ac996c_000cfc38 (ID = 0)
5:55 PM: 00003d6c_43ac996d_0000595b (ID = 0)
5:55 PM: 0000390c_43bbfcc0_0001312d (ID = 0)
5:55 PM: 00002cd6_43ac996e_000cbf2f (ID = 0)
5:55 PM: 000072ae_43ac996e_000ee480 (ID = 0)
5:55 PM: 0000491c_43bbfcdc_0009c671 (ID = 0)
5:55 PM: 0000305e_43bbfcdb_0002625a (ID = 0)
5:55 PM: 00004db7_43bbfcdd_000bebc2 (ID = 0)
5:55 PM: 00004dc8_43bbfce7_000af79e (ID = 0)
5:55 PM: 00006443_43bbfce7_000e8b25 (ID = 0)
5:55 PM: 0000701f_43bbfd06_0000b71b (ID = 0)
5:55 PM: 00007514_439849af_0005f5e1 (ID = 0)
5:55 PM: 0000030a_43bbfdd5_00094c5f (ID = 0)
5:55 PM: 00003305_439849ce_00029f63 (ID = 0)
5:55 PM: 00003765_439849ec_000ec82e (ID = 0)
5:55 PM: 0000791b_43984a0b_000bebc2 (ID = 0)
5:55 PM: 0000008e_43984b21_00007a12 (ID = 0)
5:55 PM: 00006b28_43984aa2_000ca2dd (ID = 0)
5:55 PM: 00006bc9_43984ac2_0007de29 (ID = 0)
5:55 PM: 000032e7_43984ae1_0005b8d8 (ID = 0)
5:55 PM: 0000212c_43984b01_00022551 (ID = 0)
5:55 PM: 00004346_43984b40_000d9701 (ID = 0)
5:55 PM: 00003308_43984b60_000c28cb (ID = 0)
5:55 PM: 00004af3_43984b80_0008d24d (ID = 0)
5:55 PM: 0000759a_43bbfeb9_000e8b25 (ID = 0)
5:55 PM: 000022ee_43bbffff_000d9701 (ID = 0)
5:55 PM: 0000578d_43984ba0_00066ff3 (ID = 0)
5:55 PM: 000037be_43984bc0_0005b8d8 (ID = 0)
5:55 PM: 000000eb_43984be0_0002625a (ID = 0)
5:55 PM: 00004cff_43984c00_00040d99 (ID = 0)
5:55 PM: 000049d0_43984c20_00022551 (ID = 0)
5:57 PM: File Sweep Complete, Elapsed Time: 00:42:36
5:57 PM: Full Sweep has completed. Elapsed time 00:47:58
5:57 PM: Traces Found: 890
6:22 PM: Removal process initiated
6:22 PM: Quarantining All Traces: 180search assistant/zango
6:22 PM: Quarantining All Traces: virtumonde
6:22 PM: Quarantining All Traces: apropos
6:22 PM: apropos is in use. It will be removed on reboot.
6:22 PM: wingenerics.dll is in use. It will be removed on reboot.
6:22 PM: Quarantining All Traces: winad
6:22 PM: Quarantining All Traces: coolsavings
6:22 PM: Quarantining All Traces: 2o7.net cookie
6:22 PM: Quarantining All Traces: addynamix cookie
6:22 PM: Quarantining All Traces: adknowledge cookie
6:22 PM: Quarantining All Traces: adprofile cookie
6:22 PM: Quarantining All Traces: adrevolver cookie
6:22 PM: Quarantining All Traces: adserver cookie
6:22 PM: Quarantining All Traces: adultfriendfinder cookie
6:22 PM: Quarantining All Traces: advertising cookie
6:22 PM: Quarantining All Traces: ask cookie
6:22 PM: Quarantining All Traces: atlas dmt cookie
6:22 PM: Quarantining All Traces: atwola cookie
6:22 PM: Quarantining All Traces: belnk cookie
6:22 PM: Quarantining All Traces: burstnet cookie
6:22 PM: Quarantining All Traces: casalemedia cookie
6:22 PM: Quarantining All Traces: centrport net cookie
6:22 PM: Quarantining All Traces: coremetrics cookie
6:22 PM: Quarantining All Traces: exitexchange cookie
6:22 PM: Quarantining All Traces: fastclick cookie
6:22 PM: Quarantining All Traces: fortunecity cookie
6:22 PM: Quarantining All Traces: go.com cookie
6:22 PM: Quarantining All Traces: linksynergy cookie
6:22 PM: Quarantining All Traces: maxserving cookie
6:22 PM: Quarantining All Traces: nextag cookie
6:22 PM: Quarantining All Traces: pointroll cookie
6:22 PM: Quarantining All Traces: questionmarket cookie
6:23 PM: Quarantining All Traces: realmedia cookie
6:23 PM: Quarantining All Traces: reliablestats cookie
6:23 PM: Quarantining All Traces: rn11 cookie
6:23 PM: Quarantining All Traces: server.iad.liveperson cookie
6:23 PM: Quarantining All Traces: serving-sys cookie
6:23 PM: Quarantining All Traces: specificclick.com cookie
6:23 PM: Quarantining All Traces: statcounter cookie
6:23 PM: Quarantining All Traces: targetnet cookie
6:23 PM: Quarantining All Traces: trafficmp cookie
6:23 PM: Quarantining All Traces: tribalfusion cookie
6:23 PM: Quarantining All Traces: webtrendslive cookie
6:23 PM: Quarantining All Traces: winantispyware 2005
6:23 PM: Quarantining All Traces: yieldmanager cookie
6:23 PM: Quarantining All Traces: zedo cookie
6:23 PM: Removal process completed. Elapsed time 00:00:31
********
5:06 PM: | Start of Session, Tuesday, January 10, 2006 |
5:06 PM: Spy Sweeper started
5:07 PM: Your spyware definitions have been updated.
5:09 PM: | End of Session, Tuesday, January 10, 2006 |


I hope I'm doing this right!!
 
#12 ·
Add remove programs – remove if present MyWeb Search

Fix these with HJT – mark them, close IE, click fix checked

R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

R3 - URLSearchHook: (no name) - {00a6faf6-072e-44cf-8957-5838f569a31d} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

O2 - BHO: Burn4Free Toolbar Helper - {F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F} - blank (file missing)

O3 - Toolbar: Burn4Free Toolbar - {70DE7956-479D-4eb7-8641-2B45774C350E} - blank (file missing)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZCxdm638YYUS

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Program Files\MyWebSearch

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
 
#13 ·
Pocket Killbox version 2.0.0.588
Running on Windows XP as vcombs(Administrator)
was started @ Wednesday, January 11, 2006, 12:14 PM

# 1 [Files to Delete]
Path = C:\Program Files\MyWebSearch
*File Was Deleted

Killbox Closed(Exit) @ 12:18:33 PM
__________________________________________________
 
#14 ·
Pocket Killbox version 2.0.0.588
Running on Windows XP as vcombs(Administrator)
was started @ Wednesday, January 11, 2006, 12:14 PM

# 1 [Files to Delete]
Path = C:\Program Files\MyWebSearch
*File Was Deleted

Killbox Closed(Exit) @ 12:18:33 PM
__________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 12:31:09 PM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Common Files\AOL\1121431195\ee\AOLSoftware.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\program files\common files\aol\1121431195\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1121431195\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resources/1.1.0.31/cab/aolpPlugins.10.1.0.0.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098225166390
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
 
#15 ·
I can't understand it but when I rebooted my system after running the last hijack and killbox.........my norton made a sweep and I still have the Trojan Vundo in some windows\system 32\geeby.dll file...........and I still can't find that file



other than that it's about the same
 
#16 ·
Fix these with HJT – mark them, close IE, click fix checked

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

http://www.kaspersky.com/virusscanner - Online scan

When the scan is finished Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan
 
#17 ·
Logfile of HijackThis v1.99.1
Scan saved at 9:56:26 AM, on 1/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Common Files\AOL\1121431195\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\program files\common files\aol\1121431195\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPHipm09.exe
c:\program files\common files\aol\1121431195\ee\aim6.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
c:\program files\common files\aol\1121431195\ee\aolsoftware.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Burn4Free Toolbar Helper - {F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F} - C:\Program Files\Burn4Free Toolbar\v2.0.0.2\Burn4Free_Toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: Burn4Free Toolbar - {70DE7956-479D-4eb7-8641-2B45774C350E} - C:\Program Files\Burn4Free Toolbar\v2.0.0.2\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1121431195\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resources/1.1.0.31/cab/aolpPlugins.10.1.0.0.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098225166390
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
 
#18 ·
DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\geeby.dll

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top