Mmm... McAfee finds, but .....
Try this:
Clean:
==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF.
Scan:
==Please use IE to do an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here.
[you may now be able to dl hijackthis...try, post a log if you can].
New Poly Win32 - PLEASE help...
Hi,
I'm a total computer dummy (sorry). My computer got infected with New Poly Win32. I use McAfee and it stopped working. I tried to reinstall it and it wouldn't let me. In fact, it won't let me install any of the spyware/anti-wirus software that I tried to download. I could not download HijackThis nor AVG (therefore I could not run the log). I ran McAfee online scan and it showed that I have New Poly Win32 virus.
Also, I'm not able to restart the computer in the SAFE MODE (I get a blue screen with some error information). I'm completely stuck.
I will be extremely thankful if any of you walk me through the process of getting my poor, sick computer back! Thank you!
Gerbil,
Thank you so much for responding.
I was able to ran ATF cleaner and Panda. After that I was able to download HiJackThis. Here are the two logs from Panda and HiJackThis.
Is there anything else I should do? Thank you again for your help!
Panda:
Incident Status Location
Virus:w32/bagle.hx.worm Disinfected Operating system
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Anna Wiktorowicz\Cookies\anna_wiktorowicz@tradedoubler[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Anna Wiktorowicz\Cookies\anna_wiktorowicz@zedo[1].txt
Virus:Trj/Banker.SW Disinfected C:\Program Files\Cliprex DVD Player Professional\Capthumb.dll
Spyware:Spyware/New.net Not disinfected C:\Program Files\Sciagniete\Cdvd.exe[NNCLXA638.EXE]
Adware:Adware/eZula Not disinfected C:\Program Files\Sciagniete\Cdvd.exe[Advtg.exe]
Potentially unwanted tool:Application/MyWay Not disinfected C:\Program Files\Sciagniete\Cdvd.exe[s4BarSp.exe]
Adware:Adware/nCase Not disinfected C:\Program Files\Sciagniete\Cdvd.exe[stubinstaller.exe]
Virus:Trj/Banker.SW Not disinfected C:\Program Files\Sciagniete\Cdvd.exe[Capthumb.dll]
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\102515.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\103171.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\107421.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\110171.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\110593.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\116375.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\117703.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\120000.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\122390.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\126750.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\127421.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\131484.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\133109.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\135078.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\138765.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\145796.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14624843.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14629406.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14640859.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14643031.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14645656.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14650078.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14651078.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14655890.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14672093.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14701859.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14705281.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14740406.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14750171.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14753781.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14850281.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14857921.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14862218.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14975750.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14991843.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\14996734.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\15078046.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\15087031.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\15092671.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\151625.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\1542234.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\1565859.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\1579671.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\160187.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\162328.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\168578.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\178265.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\218625.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\29144906.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\29147453.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\29152265.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\29154078.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\29154671.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\29155109.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\29177234.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\29183203.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\29189546.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\29437000.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\29521640.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\29532250.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\324906.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\343828.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\350625.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\43686828.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\43700031.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\43714640.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\44033140.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\44041515.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\505218.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\524296.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\529718.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\58579687.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\58586000.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\68671.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\69812.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\73103703.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\73111890.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\73120375.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\80625.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\82656.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\84296.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\85390.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\87623593.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\87634500.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\89312.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\92843.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\95609.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\DRIVERS\down\95812.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\mdelk.exe
Virus:W32/Bagle.RC.worm Disinfected C:\WINDOWS\SYSTEM32\wintems.exe
Possible Virus. Not disinfected F:\Incoming\Portable GIMP2.2.10 Beta 1 (Multilingual)-portable_gimp_2.2.10_beta1_multilingual.zip[PortableGIMP/gimp/lib/gimp/2.0/plug-ins/webbrowser.exe]
------------------------------------------------------------------------------------------
And HiJackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 6:57:05 PM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\eFax Messenger 4.1\J2GTray.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Anna Wiktorowicz\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R3 - URLSearchHook: (no name) - ~EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - ~4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\Anna Wiktorowicz\Local Settings\Application Data\CyberDefender\ssstbar.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\Anna Wiktorowicz\Local Settings\Application Data\CyberDefender\ssstbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\Anna Wiktorowicz\Local Settings\Application Data\CyberDefender\ssstbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\RunOnce: [Panda_cleaner] C:\WINDOWS\system32\ACTIVE~1\pavdr.exe C:\WINDOWS\system32\pavdr_actions.sys
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=f9ed62d2-da20-4818-96d8-7b95c72b662d
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: eFax 4.1.lnk = C:\Program Files\eFax Messenger 4.1\J2GTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5216/mcfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
Thanks again!
Anna, that looks like a good cleaning by Panda... I suspected the Bagle worm from your symptoms..
=Be VERY wary of this [from eZula?]:
Possible Virus. Not disinfected F:\Incoming\Portable GIMP2.2.10 Beta 1 (Multilingual)-portable_gimp_2.2.10_beta1_multilingual.zip[PortableGIMP/gimp/lib/gimp/2.0/plug-ins/webbrowser.exe]
=C:\Program Files\Sciagniete\Cdvd.exe - to me this does not like the Cliprex mp3 player...? Is it? Panda gives several different warnings for it at the top of the report. Seems doubtful to me, my advice would be to uninstall it via Add/remove pgms.
=I see that you have MyWay Search Assistant [there, courtesy DELL]. You can get rid of it if you wish...
First see if it is listed in Add/Remove pgms list - remove it if able, then..
Go start > run, paste:
MsiExec.exe /X {78d944d7-a97b-4004-ab0a-b5ad06839940} -and Enter. If it is found click yes at the prompt.
Next delete the MyWay files/folder in Program Files [use myway as a search string...].
=Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.htmlR3 - URLSearchHook: (no name) - ~EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - ~4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
Good. Now delete your copy of hijackthis, and download this: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop.
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.
also you need to do this READ CAREFULLY....
You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.
Gerbil and Overwhelmed,
I don't know how to thank you but really thanks for all the trouble you go through to help. I really appreciate it!
I did as you said with HJT and after that I scanned via McAfee website. Here is what it showed:
C:\WINDOWS\SYSTEM32\mdelk.exe New Poly Win32.
I could not install HJT, so I ran it from temp files. I still cannot download any software to my computer. I'm not sure how system works, but it looks like some files were corrupted to prevent from downloading anything to my computer.
Also, I cannot reboot in the SAFE MODE to follow Overwhelmed's steps (Thank you for trying to help, Overwhelmed!). I get an error message on a blue screen right after I press F8 and choose “restart in the safe mode” - then I have to reboot again. Grrr...
Here is the HiJackThisLog:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:19:39 PM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\eFax Messenger 4.1\J2GTray.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Documents and Settings\Anna Wiktorowicz\Local Settings\Temporary Internet Files\Content.IE5\D9B7U88A\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=f9ed62d2-da20-4818-96d8-7b95c72b662d
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: eFax 4.1.lnk = C:\Program Files\eFax Messenger 4.1\J2GTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5217/mcfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 12692 bytes
Hello, Anna, could you dl and run this please:
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
what spyware and antivirus do you use????
Normally, I use McAfee. However, I tried re-installing it when it died on me a couple days ago and I couldn't. So now, I don't have any antivirus and I cannot dl any file...:(
Hello, Anna, could you dl and run this please:
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
I cannot dl anything. When I do and I try to run it I get the message that [the progam] is not walid Win32 application. Can I just run it w/o downloading? I'll try it.
UMMM OKAY i was getting messages like that before... the "not a valid win 32 program" but when i first turned on my computer i was able to use them..... umm go to start/run and type in msconfig and click on DIAGNOSTIC Startup and restart the computer and then try and download the programs
go to filehippo.com and download Spybot S&D and download CCleaner from the link under my post that says ccleaner in it. and i will help you fix mcafee after we get past the downloading issue because you are going to need to download the mcafee removal tool to redownload it.
Please download SmitfraudFix http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop
Anna, can you dl that combofix file? If you cannot with your sys, dl it with another machine [a friend's, at work...] and copy it in. It is 1.5M so too big for a floppy, fine for a thumb drive.
You could try this first....
delete these files:
C:\WINDOWS\SYSTEM32\mdelk.exe
C:\WINDOWS\SYSTEM32\wintems.exe
and delete this folder and its contents:
C:\WINDOWS\SYSTEM32\DRIVERS\down
...and then try a dl of combofix.
Gerbil,
I ran the Combofix without dl it to my computer. Here is the log:
ComboFix 08-01-30.5 - Anna Wiktorowicz 2008-01-29 22:14:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1033.18.496 [GMT -8:00]
Running from: C:\Documents and Settings\Anna Wiktorowicz\Local Settings\Temporary Internet Files\Content.IE5\IQFRXHLH\ComboFix[2].exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\down\137343.exe
C:\WINDOWS\system32\drivers\down\191125.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000013_.tmp.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\101234.exe
C:\WINDOWS\system32\drivers\down\104968.exe
C:\WINDOWS\system32\drivers\down\105328.exe
C:\WINDOWS\system32\drivers\down\108390.exe
C:\WINDOWS\system32\drivers\down\110218.exe
C:\WINDOWS\system32\drivers\down\112125.exe
C:\WINDOWS\system32\drivers\down\114203.exe
C:\WINDOWS\system32\drivers\down\116312.exe
C:\WINDOWS\system32\drivers\down\117437.exe
C:\WINDOWS\system32\drivers\down\119921.exe
C:\WINDOWS\system32\drivers\down\120656.exe
C:\WINDOWS\system32\drivers\down\120765.exe
C:\WINDOWS\system32\drivers\down\122531.exe
C:\WINDOWS\system32\drivers\down\123687.exe
C:\WINDOWS\system32\drivers\down\124187.exe
C:\WINDOWS\system32\drivers\down\125031.exe
C:\WINDOWS\system32\drivers\down\125328.exe
C:\WINDOWS\system32\drivers\down\125828.exe
C:\WINDOWS\system32\drivers\down\125843.exe
C:\WINDOWS\system32\drivers\down\127656.exe
C:\WINDOWS\system32\drivers\down\128984.exe
C:\WINDOWS\system32\drivers\down\130171.exe
C:\WINDOWS\system32\drivers\down\131781.exe
C:\WINDOWS\system32\drivers\down\132093.exe
C:\WINDOWS\system32\drivers\down\132343.exe
C:\WINDOWS\system32\drivers\down\133687.exe
C:\WINDOWS\system32\drivers\down\135937.exe
C:\WINDOWS\system32\drivers\down\136687.exe
C:\WINDOWS\system32\drivers\down\139390.exe
C:\WINDOWS\system32\drivers\down\139734.exe
C:\WINDOWS\system32\drivers\down\139968.exe
C:\WINDOWS\system32\drivers\down\142328.exe
C:\WINDOWS\system32\drivers\down\142750.exe
C:\WINDOWS\system32\drivers\down\143906.exe
C:\WINDOWS\system32\drivers\down\144109.exe
C:\WINDOWS\system32\drivers\down\144703.exe
C:\WINDOWS\system32\drivers\down\144796.exe
C:\WINDOWS\system32\drivers\down\14623390.exe
C:\WINDOWS\system32\drivers\down\14631906.exe
C:\WINDOWS\system32\drivers\down\14634625.exe
C:\WINDOWS\system32\drivers\down\14644937.exe
C:\WINDOWS\system32\drivers\down\14646312.exe
C:\WINDOWS\system32\drivers\down\14646500.exe
C:\WINDOWS\system32\drivers\down\14650468.exe
C:\WINDOWS\system32\drivers\down\14652265.exe
C:\WINDOWS\system32\drivers\down\14654546.exe
C:\WINDOWS\system32\drivers\down\14655140.exe
C:\WINDOWS\system32\drivers\down\14657562.exe
C:\WINDOWS\system32\drivers\down\14657953.exe
C:\WINDOWS\system32\drivers\down\14659578.exe
C:\WINDOWS\system32\drivers\down\14660328.exe
C:\WINDOWS\system32\drivers\down\14660500.exe
C:\WINDOWS\system32\drivers\down\14663203.exe
C:\WINDOWS\system32\drivers\down\14666296.exe
C:\WINDOWS\system32\drivers\down\14666312.exe
C:\WINDOWS\system32\drivers\down\14668921.exe
C:\WINDOWS\system32\drivers\down\14671500.exe
C:\WINDOWS\system32\drivers\down\14671593.exe
C:\WINDOWS\system32\drivers\down\14672203.exe
C:\WINDOWS\system32\drivers\down\14672312.exe
C:\WINDOWS\system32\drivers\down\14672375.exe
C:\WINDOWS\system32\drivers\down\14672421.exe
C:\WINDOWS\system32\drivers\down\14678921.exe
C:\WINDOWS\system32\drivers\down\14680843.exe
C:\WINDOWS\system32\drivers\down\14681265.exe
C:\WINDOWS\system32\drivers\down\14681406.exe
C:\WINDOWS\system32\drivers\down\14682640.exe
C:\WINDOWS\system32\drivers\down\14683156.exe
C:\WINDOWS\system32\drivers\down\14683609.exe
C:\WINDOWS\system32\drivers\down\14684531.exe
C:\WINDOWS\system32\drivers\down\14685109.exe
C:\WINDOWS\system32\drivers\down\14686343.exe
C:\WINDOWS\system32\drivers\down\14687015.exe
C:\WINDOWS\system32\drivers\down\14688109.exe
C:\WINDOWS\system32\drivers\down\14693234.exe
C:\WINDOWS\system32\drivers\down\14693687.exe
C:\WINDOWS\system32\drivers\down\14694140.exe
C:\WINDOWS\system32\drivers\down\14694187.exe
C:\WINDOWS\system32\drivers\down\14695375.exe
C:\WINDOWS\system32\drivers\down\14695390.exe
C:\WINDOWS\system32\drivers\down\14695687.exe
C:\WINDOWS\system32\drivers\down\14696062.exe
C:\WINDOWS\system32\drivers\down\14696281.exe
C:\WINDOWS\system32\drivers\down\14696437.exe
C:\WINDOWS\system32\drivers\down\14697671.exe
C:\WINDOWS\system32\drivers\down\14697843.exe
C:\WINDOWS\system32\drivers\down\14698046.exe
C:\WINDOWS\system32\drivers\down\14698500.exe
C:\WINDOWS\system32\drivers\down\14699359.exe
C:\WINDOWS\system32\drivers\down\14700062.exe
C:\WINDOWS\system32\drivers\down\14701093.exe
C:\WINDOWS\system32\drivers\down\14701281.exe
C:\WINDOWS\system32\drivers\down\14701609.exe
C:\WINDOWS\system32\drivers\down\14701656.exe
C:\WINDOWS\system32\drivers\down\14702218.exe
C:\WINDOWS\system32\drivers\down\14703171.exe
C:\WINDOWS\system32\drivers\down\14703312.exe
C:\WINDOWS\system32\drivers\down\14703406.exe
C:\WINDOWS\system32\drivers\down\14705296.exe
C:\WINDOWS\system32\drivers\down\14705750.exe
C:\WINDOWS\system32\drivers\down\14706703.exe
C:\WINDOWS\system32\drivers\down\14709734.exe
C:\WINDOWS\system32\drivers\down\14710625.exe
C:\WINDOWS\system32\drivers\down\14713031.exe
C:\WINDOWS\system32\drivers\down\14715234.exe
C:\WINDOWS\system32\drivers\down\14717203.exe
C:\WINDOWS\system32\drivers\down\14719656.exe
C:\WINDOWS\system32\drivers\down\14719875.exe
C:\WINDOWS\system32\drivers\down\14722046.exe
C:\WINDOWS\system32\drivers\down\14722437.exe
C:\WINDOWS\system32\drivers\down\14722796.exe
C:\WINDOWS\system32\drivers\down\14724437.exe
C:\WINDOWS\system32\drivers\down\14725140.exe
C:\WINDOWS\system32\drivers\down\14726593.exe
C:\WINDOWS\system32\drivers\down\14727343.exe
C:\WINDOWS\system32\drivers\down\14727984.exe
C:\WINDOWS\system32\drivers\down\14728359.exe
C:\WINDOWS\system32\drivers\down\14729015.exe
C:\WINDOWS\system32\drivers\down\14730093.exe
C:\WINDOWS\system32\drivers\down\14730453.exe
C:\WINDOWS\system32\drivers\down\14731156.exe
C:\WINDOWS\system32\drivers\down\14731937.exe
C:\WINDOWS\system32\drivers\down\14732968.exe
C:\WINDOWS\system32\drivers\down\14733687.exe
C:\WINDOWS\system32\drivers\down\14734796.exe
C:\WINDOWS\system32\drivers\down\14734812.exe
C:\WINDOWS\system32\drivers\down\14734906.exe
C:\WINDOWS\system32\drivers\down\14737343.exe
C:\WINDOWS\system32\drivers\down\14737718.exe
C:\WINDOWS\system32\drivers\down\14737906.exe
C:\WINDOWS\system32\drivers\down\14738343.exe
C:\WINDOWS\system32\drivers\down\14739437.exe
C:\WINDOWS\system32\drivers\down\14739734.exe
C:\WINDOWS\system32\drivers\down\14741093.exe
C:\WINDOWS\system32\drivers\down\14741531.exe
C:\WINDOWS\system32\drivers\down\14742078.exe
C:\WINDOWS\system32\drivers\down\14743343.exe
C:\WINDOWS\system32\drivers\down\14744109.exe
C:\WINDOWS\system32\drivers\down\14744765.exe
C:\WINDOWS\system32\drivers\down\14745015.exe
C:\WINDOWS\system32\drivers\down\14746562.exe
C:\WINDOWS\system32\drivers\down\14748734.exe
C:\WINDOWS\system32\drivers\down\14748765.exe
C:\WINDOWS\system32\drivers\down\14750781.exe
C:\WINDOWS\system32\drivers\down\14753125.exe
C:\WINDOWS\system32\drivers\down\14754296.exe
C:\WINDOWS\system32\drivers\down\14755187.exe
C:\WINDOWS\system32\drivers\down\14756578.exe
C:\WINDOWS\system32\drivers\down\14757125.exe
C:\WINDOWS\system32\drivers\down\14757421.exe
C:\WINDOWS\system32\drivers\down\14757484.exe
C:\WINDOWS\system32\drivers\down\14757859.exe
C:\WINDOWS\system32\drivers\down\14758250.exe
C:\WINDOWS\system32\drivers\down\14758390.exe
C:\WINDOWS\system32\drivers\down\14758875.exe
C:\WINDOWS\system32\drivers\down\14760578.exe
C:\WINDOWS\system32\drivers\down\14760703.exe
C:\WINDOWS\system32\drivers\down\14761281.exe
C:\WINDOWS\system32\drivers\down\14762375.exe
C:\WINDOWS\system32\drivers\down\14762515.exe
C:\WINDOWS\system32\drivers\down\14762890.exe
C:\WINDOWS\system32\drivers\down\14765671.exe
C:\WINDOWS\system32\drivers\down\14765953.exe
C:\WINDOWS\system32\drivers\down\14767609.exe
C:\WINDOWS\system32\drivers\down\14768703.exe
C:\WINDOWS\system32\drivers\down\14769781.exe
C:\WINDOWS\system32\drivers\down\14770171.exe
C:\WINDOWS\system32\drivers\down\14771625.exe
C:\WINDOWS\system32\drivers\down\14772828.exe
C:\WINDOWS\system32\drivers\down\14773671.exe
C:\WINDOWS\system32\drivers\down\14773937.exe
C:\WINDOWS\system32\drivers\down\14775859.exe
C:\WINDOWS\system32\drivers\down\14778984.exe
C:\WINDOWS\system32\drivers\down\14780562.exe
C:\WINDOWS\system32\drivers\down\14780703.exe
C:\WINDOWS\system32\drivers\down\14780953.exe
C:\WINDOWS\system32\drivers\down\14786703.exe
C:\WINDOWS\system32\drivers\down\147875.exe
C:\WINDOWS\system32\drivers\down\14789484.exe
C:\WINDOWS\system32\drivers\down\14790875.exe
C:\WINDOWS\system32\drivers\down\14791562.exe
C:\WINDOWS\system32\drivers\down\14793093.exe
C:\WINDOWS\system32\drivers\down\14793593.exe
C:\WINDOWS\system32\drivers\down\147937.exe
C:\WINDOWS\system32\drivers\down\14798000.exe
C:\WINDOWS\system32\drivers\down\14800703.exe
C:\WINDOWS\system32\drivers\down\14801906.exe
C:\WINDOWS\system32\drivers\down\14804875.exe
C:\WINDOWS\system32\drivers\down\14805953.exe
C:\WINDOWS\system32\drivers\down\14806875.exe
C:\WINDOWS\system32\drivers\down\14808234.exe
C:\WINDOWS\system32\drivers\down\14808906.exe
C:\WINDOWS\system32\drivers\down\14809156.exe
C:\WINDOWS\system32\drivers\down\148093.exe
C:\WINDOWS\system32\drivers\down\14809500.exe
C:\WINDOWS\system32\drivers\down\14812078.exe
C:\WINDOWS\system32\drivers\down\14813484.exe
C:\WINDOWS\system32\drivers\down\14814125.exe
C:\WINDOWS\system32\drivers\down\14818218.exe
C:\WINDOWS\system32\drivers\down\148312.exe
C:\WINDOWS\system32\drivers\down\14843890.exe
C:\WINDOWS\system32\drivers\down\14847187.exe
C:\WINDOWS\system32\drivers\down\14851859.exe
C:\WINDOWS\system32\drivers\down\14857359.exe
C:\WINDOWS\system32\drivers\down\14866359.exe
C:\WINDOWS\system32\drivers\down\148687.exe
C:\WINDOWS\system32\drivers\down\14868734.exe
C:\WINDOWS\system32\drivers\down\14882890.exe
C:\WINDOWS\system32\drivers\down\14882921.exe
C:\WINDOWS\system32\drivers\down\14889359.exe
C:\WINDOWS\system32\drivers\down\14896125.exe
C:\WINDOWS\system32\drivers\down\14898453.exe
C:\WINDOWS\system32\drivers\down\14899046.exe
C:\WINDOWS\system32\drivers\down\14902375.exe
C:\WINDOWS\system32\drivers\down\149046.exe
C:\WINDOWS\system32\drivers\down\14920390.exe
C:\WINDOWS\system32\drivers\down\14923140.exe
C:\WINDOWS\system32\drivers\down\14924265.exe
C:\WINDOWS\system32\drivers\down\14928000.exe
C:\WINDOWS\system32\drivers\down\14928406.exe
C:\WINDOWS\system32\drivers\down\14930828.exe
C:\WINDOWS\system32\drivers\down\14932703.exe
C:\WINDOWS\system32\drivers\down\14981187.exe
C:\WINDOWS\system32\drivers\down\14987109.exe
C:\WINDOWS\system32\drivers\down\14990140.exe
C:\WINDOWS\system32\drivers\down\14991484.exe
C:\WINDOWS\system32\drivers\down\15001031.exe
C:\WINDOWS\system32\drivers\down\15009093.exe
C:\WINDOWS\system32\drivers\down\15029703.exe
C:\WINDOWS\system32\drivers\down\15030312.exe
C:\WINDOWS\system32\drivers\down\15038093.exe
C:\WINDOWS\system32\drivers\down\15040796.exe
C:\WINDOWS\system32\drivers\down\15043375.exe
C:\WINDOWS\system32\drivers\down\15044906.exe
C:\WINDOWS\system32\drivers\down\15048453.exe
C:\WINDOWS\system32\drivers\down\15056234.exe
C:\WINDOWS\system32\drivers\down\15059031.exe
C:\WINDOWS\system32\drivers\down\150593.exe
C:\WINDOWS\system32\drivers\down\15059843.exe
C:\WINDOWS\system32\drivers\down\15060625.exe
C:\WINDOWS\system32\drivers\down\15061937.exe
C:\WINDOWS\system32\drivers\down\15068031.exe
C:\WINDOWS\system32\drivers\down\15070093.exe
C:\WINDOWS\system32\drivers\down\15084953.exe
C:\WINDOWS\system32\drivers\down\15098140.exe
C:\WINDOWS\system32\drivers\down\150984.exe
C:\WINDOWS\system32\drivers\down\15100625.exe
C:\WINDOWS\system32\drivers\down\15101453.exe
C:\WINDOWS\system32\drivers\down\15109203.exe
C:\WINDOWS\system32\drivers\down\15113609.exe
C:\WINDOWS\system32\drivers\down\15115906.exe
C:\WINDOWS\system32\drivers\down\15116203.exe
C:\WINDOWS\system32\drivers\down\15121687.exe
C:\WINDOWS\system32\drivers\down\15124578.exe
C:\WINDOWS\system32\drivers\down\15126984.exe
C:\WINDOWS\system32\drivers\down\15128140.exe
C:\WINDOWS\system32\drivers\down\151296.exe
C:\WINDOWS\system32\drivers\down\15130984.exe
C:\WINDOWS\system32\drivers\down\15136671.exe
C:\WINDOWS\system32\drivers\down\15140015.exe
C:\WINDOWS\system32\drivers\down\15140812.exe
C:\WINDOWS\system32\drivers\down\15141531.exe
C:\WINDOWS\system32\drivers\down\15142625.exe
C:\WINDOWS\system32\drivers\down\15145218.exe
C:\WINDOWS\system32\drivers\down\15147109.exe
C:\WINDOWS\system32\drivers\down\15175531.exe
C:\WINDOWS\system32\drivers\down\15181328.exe
C:\WINDOWS\system32\drivers\down\15186093.exe
C:\WINDOWS\system32\drivers\down\152343.exe
C:\WINDOWS\system32\drivers\down\152937.exe
C:\WINDOWS\system32\drivers\down\154359.exe
C:\WINDOWS\system32\drivers\down\154765.exe
C:\WINDOWS\system32\drivers\down\1563250.exe
C:\WINDOWS\system32\drivers\down\156718.exe
C:\WINDOWS\system32\drivers\down\157250.exe
C:\WINDOWS\system32\drivers\down\157375.exe
C:\WINDOWS\system32\drivers\down\157546.exe
C:\WINDOWS\system32\drivers\down\157968.exe
C:\WINDOWS\system32\drivers\down\158093.exe
C:\WINDOWS\system32\drivers\down\158375.exe
C:\WINDOWS\system32\drivers\down\1584468.exe
C:\WINDOWS\system32\drivers\down\158859.exe
C:\WINDOWS\system32\drivers\down\1588671.exe
C:\WINDOWS\system32\drivers\down\159375.exe
C:\WINDOWS\system32\drivers\down\160031.exe
C:\WINDOWS\system32\drivers\down\1604125.exe
C:\WINDOWS\system32\drivers\down\1604515.exe
C:\WINDOWS\system32\drivers\down\160500.exe
C:\WINDOWS\system32\drivers\down\160625.exe
C:\WINDOWS\system32\drivers\down\1613390.exe
C:\WINDOWS\system32\drivers\down\161421.exe
C:\WINDOWS\system32\drivers\down\161656.exe
C:\WINDOWS\system32\drivers\down\1617984.exe
C:\WINDOWS\system32\drivers\down\161859.exe
C:\WINDOWS\system32\drivers\down\1621750.exe
C:\WINDOWS\system32\drivers\down\1623578.exe
C:\WINDOWS\system32\drivers\down\162671.exe
C:\WINDOWS\system32\drivers\down\1627421.exe
C:\WINDOWS\system32\drivers\down\1636234.exe
C:\WINDOWS\system32\drivers\down\163937.exe
C:\WINDOWS\system32\drivers\down\164125.exe
C:\WINDOWS\system32\drivers\down\1641703.exe
C:\WINDOWS\system32\drivers\down\164265.exe
C:\WINDOWS\system32\drivers\down\1643562.exe
C:\WINDOWS\system32\drivers\down\164359.exe
C:\WINDOWS\system32\drivers\down\1644984.exe
C:\WINDOWS\system32\drivers\down\164593.exe
C:\WINDOWS\system32\drivers\down\1647156.exe
C:\WINDOWS\system32\drivers\down\164765.exe
C:\WINDOWS\system32\drivers\down\165062.exe
C:\WINDOWS\system32\drivers\down\1652437.exe
C:\WINDOWS\system32\drivers\down\165484.exe
C:\WINDOWS\system32\drivers\down\1655593.exe
C:\WINDOWS\system32\drivers\down\165656.exe
C:\WINDOWS\system32\drivers\down\165875.exe
C:\WINDOWS\system32\drivers\down\166031.exe
C:\WINDOWS\system32\drivers\down\166062.exe
C:\WINDOWS\system32\drivers\down\166640.exe
C:\WINDOWS\system32\drivers\down\167328.exe
C:\WINDOWS\system32\drivers\down\1687500.exe
C:\WINDOWS\system32\drivers\down\168828.exe
C:\WINDOWS\system32\drivers\down\168984.exe
C:\WINDOWS\system32\drivers\down\169296.exe
C:\WINDOWS\system32\drivers\down\1693031.exe
C:\WINDOWS\system32\drivers\down\169328.exe
C:\WINDOWS\system32\drivers\down\1698281.exe
C:\WINDOWS\system32\drivers\down\170312.exe
C:\WINDOWS\system32\drivers\down\170406.exe
C:\WINDOWS\system32\drivers\down\171734.exe
C:\WINDOWS\system32\drivers\down\172296.exe
C:\WINDOWS\system32\drivers\down\172437.exe
C:\WINDOWS\system32\drivers\down\172890.exe
C:\WINDOWS\system32\drivers\down\173796.exe
C:\WINDOWS\system32\drivers\down\174796.exe
C:\WINDOWS\system32\drivers\down\175125.exe
C:\WINDOWS\system32\drivers\down\175390.exe
C:\WINDOWS\system32\drivers\down\175609.exe
C:\WINDOWS\system32\drivers\down\176156.exe
C:\WINDOWS\system32\drivers\down\176484.exe
C:\WINDOWS\system32\drivers\down\177078.exe
C:\WINDOWS\system32\drivers\down\177281.exe
C:\WINDOWS\system32\drivers\down\177859.exe
C:\WINDOWS\system32\drivers\down\178187.exe
C:\WINDOWS\system32\drivers\down\178593.exe
C:\WINDOWS\system32\drivers\down\178781.exe
C:\WINDOWS\system32\drivers\down\179281.exe
C:\WINDOWS\system32\drivers\down\179468.exe
C:\WINDOWS\system32\drivers\down\179890.exe
C:\WINDOWS\system32\drivers\down\179906.exe
C:\WINDOWS\system32\drivers\down\179953.exe
C:\WINDOWS\system32\drivers\down\180250.exe
C:\WINDOWS\system32\drivers\down\180609.exe
C:\WINDOWS\system32\drivers\down\181609.exe
C:\WINDOWS\system32\drivers\down\181656.exe
C:\WINDOWS\system32\drivers\down\181828.exe
C:\WINDOWS\system32\drivers\down\182046.exe
C:\WINDOWS\system32\drivers\down\182953.exe
C:\WINDOWS\system32\drivers\down\183093.exe
C:\WINDOWS\system32\drivers\down\183312.exe
C:\WINDOWS\system32\drivers\down\183890.exe
C:\WINDOWS\system32\drivers\down\183968.exe
C:\WINDOWS\system32\drivers\down\185109.exe
C:\WINDOWS\system32\drivers\down\185312.exe
C:\WINDOWS\system32\drivers\down\185671.exe
C:\WINDOWS\system32\drivers\down\186343.exe
C:\WINDOWS\system32\drivers\down\186843.exe
C:\WINDOWS\system32\drivers\down\187875.exe
C:\WINDOWS\system32\drivers\down\188343.exe
C:\WINDOWS\system32\drivers\down\188468.exe
C:\WINDOWS\system32\drivers\down\188500.exe
C:\WINDOWS\system32\drivers\down\188671.exe
C:\WINDOWS\system32\drivers\down\188703.exe
C:\WINDOWS\system32\drivers\down\188859.exe
C:\WINDOWS\system32\drivers\down\189125.exe
C:\WINDOWS\system32\drivers\down\190000.exe
C:\WINDOWS\system32\drivers\down\190328.exe
C:\WINDOWS\system32\drivers\down\190843.exe
C:\WINDOWS\system32\drivers\down\190859.exe
C:\WINDOWS\system32\drivers\down\191531.exe
C:\WINDOWS\system32\drivers\down\192468.exe
C:\WINDOWS\system32\drivers\down\192609.exe
C:\WINDOWS\system32\drivers\down\192781.exe
C:\WINDOWS\system32\drivers\down\192812.exe
C:\WINDOWS\system32\drivers\down\192968.exe
C:\WINDOWS\system32\drivers\down\193281.exe
C:\WINDOWS\system32\drivers\down\193562.exe
C:\WINDOWS\system32\drivers\down\194328.exe
C:\WINDOWS\system32\drivers\down\194437.exe
C:\WINDOWS\system32\drivers\down\194906.exe
C:\WINDOWS\system32\drivers\down\195656.exe
C:\WINDOWS\system32\drivers\down\195921.exe
C:\WINDOWS\system32\drivers\down\196156.exe
C:\WINDOWS\system32\drivers\down\196234.exe
C:\WINDOWS\system32\drivers\down\196859.exe
C:\WINDOWS\system32\drivers\down\197203.exe
C:\WINDOWS\system32\drivers\down\197859.exe
C:\WINDOWS\system32\drivers\down\198468.exe
C:\WINDOWS\system32\drivers\down\198500.exe
C:\WINDOWS\system32\drivers\down\198593.exe
C:\WINDOWS\system32\drivers\down\198656.exe
C:\WINDOWS\system32\drivers\down\198953.exe
C:\WINDOWS\system32\drivers\down\200015.exe
C:\WINDOWS\system32\drivers\down\201375.exe
C:\WINDOWS\system32\drivers\down\201984.exe
C:\WINDOWS\system32\drivers\down\202234.exe
C:\WINDOWS\system32\drivers\down\202312.exe
C:\WINDOWS\system32\drivers\down\203843.exe
C:\WINDOWS\system32\drivers\down\204109.exe
C:\WINDOWS\system32\drivers\down\204343.exe
C:\WINDOWS\system32\drivers\down\204390.exe
C:\WINDOWS\system32\drivers\down\204703.exe
C:\WINDOWS\system32\drivers\down\204765.exe
C:\WINDOWS\system32\drivers\down\205281.exe
C:\WINDOWS\system32\drivers\down\205765.exe
C:\WINDOWS\system32\drivers\down\206500.exe
C:\WINDOWS\system32\drivers\down\206546.exe
C:\WINDOWS\system32\drivers\down\207250.exe
C:\WINDOWS\system32\drivers\down\207593.exe
C:\WINDOWS\system32\drivers\down\208109.exe
C:\WINDOWS\system32\drivers\down\208203.exe
C:\WINDOWS\system32\drivers\down\209062.exe
C:\WINDOWS\system32\drivers\down\209171.exe
C:\WINDOWS\system32\drivers\down\209484.exe
C:\WINDOWS\system32\drivers\down\209562.exe
C:\WINDOWS\system32\drivers\down\209656.exe
C:\WINDOWS\system32\drivers\down\209875.exe
C:\WINDOWS\system32\drivers\down\210000.exe
C:\WINDOWS\system32\drivers\down\210265.exe
C:\WINDOWS\system32\drivers\down\211109.exe
C:\WINDOWS\system32\drivers\down\211375.exe
C:\WINDOWS\system32\drivers\down\212828.exe
C:\WINDOWS\system32\drivers\down\213125.exe
C:\WINDOWS\system32\drivers\down\213765.exe
C:\WINDOWS\system32\drivers\down\213796.exe
C:\WINDOWS\system32\drivers\down\213828.exe
C:\WINDOWS\system32\drivers\down\214015.exe
C:\WINDOWS\system32\drivers\down\215015.exe
C:\WINDOWS\system32\drivers\down\215062.exe
C:\WINDOWS\system32\drivers\down\215125.exe
C:\WINDOWS\system32\drivers\down\215296.exe
C:\WINDOWS\system32\drivers\down\216328.exe
C:\WINDOWS\system32\drivers\down\216656.exe
C:\WINDOWS\system32\drivers\down\217406.exe
C:\WINDOWS\system32\drivers\down\217453.exe
C:\WINDOWS\system32\drivers\down\217515.exe
C:\WINDOWS\system32\drivers\down\217843.exe
C:\WINDOWS\system32\drivers\down\217875.exe
C:\WINDOWS\system32\drivers\down\219000.exe
C:\WINDOWS\system32\drivers\down\219046.exe
C:\WINDOWS\system32\drivers\down\219125.exe
C:\WINDOWS\system32\drivers\down\219343.exe
C:\WINDOWS\system32\drivers\down\220109.exe
C:\WINDOWS\system32\drivers\down\221265.exe
C:\WINDOWS\system32\drivers\down\221328.exe
C:\WINDOWS\system32\drivers\down\221531.exe
C:\WINDOWS\system32\drivers\down\222156.exe
C:\WINDOWS\system32\drivers\down\222312.exe
C:\WINDOWS\system32\drivers\down\222453.exe
C:\WINDOWS\system32\drivers\down\224546.exe
C:\WINDOWS\system32\drivers\down\225156.exe
C:\WINDOWS\system32\drivers\down\225515.exe
C:\WINDOWS\system32\drivers\down\225593.exe
C:\WINDOWS\system32\drivers\down\225953.exe
C:\WINDOWS\system32\drivers\down\227359.exe
C:\WINDOWS\system32\drivers\down\227468.exe
C:\WINDOWS\system32\drivers\down\227531.exe
C:\WINDOWS\system32\drivers\down\228156.exe
C:\WINDOWS\system32\drivers\down\228859.exe
C:\WINDOWS\system32\drivers\down\229828.exe
C:\WINDOWS\system32\drivers\down\230109.exe
C:\WINDOWS\system32\drivers\down\230562.exe
C:\WINDOWS\system32\drivers\down\230578.exe
C:\WINDOWS\system32\drivers\down\231281.exe
C:\WINDOWS\system32\drivers\down\231343.exe
C:\WINDOWS\system32\drivers\down\231656.exe
C:\WINDOWS\system32\drivers\down\232343.exe
C:\WINDOWS\system32\drivers\down\232406.exe
C:\WINDOWS\system32\drivers\down\233062.exe
C:\WINDOWS\system32\drivers\down\233125.exe
C:\WINDOWS\system32\drivers\down\233640.exe
C:\WINDOWS\system32\drivers\down\233781.exe
C:\WINDOWS\system32\drivers\down\234500.exe
C:\WINDOWS\system32\drivers\down\235312.exe
C:\WINDOWS\system32\drivers\down\236265.exe
C:\WINDOWS\system32\drivers\down\236828.exe
C:\WINDOWS\system32\drivers\down\237359.exe
C:\WINDOWS\system32\drivers\down\237750.exe
C:\WINDOWS\system32\drivers\down\238875.exe
C:\WINDOWS\system32\drivers\down\239750.exe
C:\WINDOWS\system32\drivers\down\239859.exe
C:\WINDOWS\system32\drivers\down\240062.exe
C:\WINDOWS\system32\drivers\down\240843.exe
C:\WINDOWS\system32\drivers\down\241703.exe
C:\WINDOWS\system32\drivers\down\241953.exe
C:\WINDOWS\system32\drivers\down\242828.exe
C:\WINDOWS\system32\drivers\down\243156.exe
C:\WINDOWS\system32\drivers\down\243406.exe
C:\WINDOWS\system32\drivers\down\243531.exe
C:\WINDOWS\system32\drivers\down\244656.exe
C:\WINDOWS\system32\drivers\down\245046.exe
C:\WINDOWS\system32\drivers\down\246234.exe
C:\WINDOWS\system32\drivers\down\246812.exe
C:\WINDOWS\system32\drivers\down\247031.exe
C:\WINDOWS\system32\drivers\down\247343.exe
C:\WINDOWS\system32\drivers\down\247562.exe
C:\WINDOWS\system32\drivers\down\249421.exe
C:\WINDOWS\system32\drivers\down\250265.exe
C:\WINDOWS\system32\drivers\down\250281.exe
C:\WINDOWS\system32\drivers\down\250515.exe
C:\WINDOWS\system32\drivers\down\250765.exe
C:\WINDOWS\system32\drivers\down\251234.exe
C:\WINDOWS\system32\drivers\down\251937.exe
C:\WINDOWS\system32\drivers\down\251953.exe
C:\WINDOWS\system32\drivers\down\252234.exe
C:\WINDOWS\system32\drivers\down\252265.exe
C:\WINDOWS\system32\drivers\down\252468.exe
C:\WINDOWS\system32\drivers\down\253421.exe
C:\WINDOWS\system32\drivers\down\253937.exe
C:\WINDOWS\system32\drivers\down\255171.exe
C:\WINDOWS\system32\drivers\down\255343.exe
C:\WINDOWS\system32\drivers\down\255375.exe
C:\WINDOWS\system32\drivers\down\256250.exe
C:\WINDOWS\system32\drivers\down\256515.exe
C:\WINDOWS\system32\drivers\down\257109.exe
C:\WINDOWS\system32\drivers\down\257765.exe
C:\WINDOWS\system32\drivers\down\258171.exe
C:\WINDOWS\system32\drivers\down\258515.exe
C:\WINDOWS\system32\drivers\down\258593.exe
C:\WINDOWS\system32\drivers\down\259328.exe
C:\WINDOWS\system32\drivers\down\259468.exe
C:\WINDOWS\system32\drivers\down\259718.exe
C:\WINDOWS\system32\drivers\down\259859.exe
C:\WINDOWS\system32\drivers\down\260687.exe
C:\WINDOWS\system32\drivers\down\262593.exe
C:\WINDOWS\system32\drivers\down\263312.exe
C:\WINDOWS\system32\drivers\down\263578.exe
C:\WINDOWS\system32\drivers\down\263937.exe
C:\WINDOWS\system32\drivers\down\265187.exe
C:\WINDOWS\system32\drivers\down\265328.exe
C:\WINDOWS\system32\drivers\down\265421.exe
C:\WINDOWS\system32\drivers\down\266312.exe
C:\WINDOWS\system32\drivers\down\269593.exe
C:\WINDOWS\system32\drivers\down\270875.exe
C:\WINDOWS\system32\drivers\down\273703.exe
C:\WINDOWS\system32\drivers\down\274187.exe
C:\WINDOWS\system32\drivers\down\277593.exe
C:\WINDOWS\system32\drivers\down\278750.exe
C:\WINDOWS\system32\drivers\down\278890.exe
C:\WINDOWS\system32\drivers\down\279500.exe
C:\WINDOWS\system32\drivers\down\280562.exe
C:\WINDOWS\system32\drivers\down\282328.exe
C:\WINDOWS\system32\drivers\down\283468.exe
C:\WINDOWS\system32\drivers\down\283875.exe
C:\WINDOWS\system32\drivers\down\284140.exe
C:\WINDOWS\system32\drivers\down\285312.exe
C:\WINDOWS\system32\drivers\down\286656.exe
C:\WINDOWS\system32\drivers\down\288765.exe
C:\WINDOWS\system32\drivers\down\290609.exe
C:\WINDOWS\system32\drivers\down\29145046.exe
C:\WINDOWS\system32\drivers\down\29151796.exe
C:\WINDOWS\system32\drivers\down\29153625.exe
C:\WINDOWS\system32\drivers\down\29154656.exe
C:\WINDOWS\system32\drivers\down\29158468.exe
C:\WINDOWS\system32\drivers\down\29160984.exe
C:\WINDOWS\system32\drivers\down\29161703.exe
C:\WINDOWS\system32\drivers\down\29164078.exe
C:\WINDOWS\system32\drivers\down\29174625.exe
C:\WINDOWS\system32\drivers\down\29174640.exe
C:\WINDOWS\system32\drivers\down\29176578.exe
C:\WINDOWS\system32\drivers\down\29176593.exe
C:\WINDOWS\system32\drivers\down\29181078.exe
C:\WINDOWS\system32\drivers\down\29181187.exe
C:\WINDOWS\system32\drivers\down\29181578.exe
C:\WINDOWS\system32\drivers\down\29182750.exe
C:\WINDOWS\system32\drivers\down\29182953.exe
C:\WINDOWS\system32\drivers\down\29185718.exe
C:\WINDOWS\system32\drivers\down\29186156.exe
C:\WINDOWS\system32\drivers\down\29189000.exe
C:\WINDOWS\system32\drivers\down\29189828.exe
C:\WINDOWS\system32\drivers\down\29190328.exe
C:\WINDOWS\system32\drivers\down\29192375.exe
C:\WINDOWS\system32\drivers\down\29193093.exe
C:\WINDOWS\system32\drivers\down\29193171.exe
C:\WINDOWS\system32\drivers\down\29193578.exe
C:\WINDOWS\system32\drivers\down\29194796.exe
C:\WINDOWS\system32\drivers\down\29196343.exe
C:\WINDOWS\system32\drivers\down\29196703.exe
C:\WINDOWS\system32\drivers\down\29197359.exe
C:\WINDOWS\system32\drivers\down\29197828.exe
C:\WINDOWS\system32\drivers\down\29199343.exe
C:\WINDOWS\system32\drivers\down\29200031.exe
C:\WINDOWS\system32\drivers\down\29201750.exe
C:\WINDOWS\system32\drivers\down\29202343.exe
C:\WINDOWS\system32\drivers\down\29203640.exe
C:\WINDOWS\system32\drivers\down\29207484.exe
C:\WINDOWS\system32\drivers\down\29207609.exe
C:\WINDOWS\system32\drivers\down\29207781.exe
C:\WINDOWS\system32\drivers\down\29208171.exe
C:\WINDOWS\system32\drivers\down\29211609.exe
C:\WINDOWS\system32\drivers\down\29212687.exe
C:\WINDOWS\system32\drivers\down\29213359.exe
C:\WINDOWS\system32\drivers\down\29214375.exe
C:\WINDOWS\system32\drivers\down\29215750.exe
C:\WINDOWS\system32\drivers\down\29217796.exe
C:\WINDOWS\system32\drivers\down\29219671.exe
C:\WINDOWS\system32\drivers\down\29222796.exe
C:\WINDOWS\system32\drivers\down\29225515.exe
C:\WINDOWS\system32\drivers\down\29225546.exe
C:\WINDOWS\system32\drivers\down\29227328.exe
C:\WINDOWS\system32\drivers\down\29227984.exe
C:\WINDOWS\system32\drivers\down\29230093.exe
C:\WINDOWS\system32\drivers\down\29230343.exe
C:\WINDOWS\system32\drivers\down\29230890.exe
C:\WINDOWS\system32\drivers\down\29232750.exe
C:\WINDOWS\system32\drivers\down\29233046.exe
C:\WINDOWS\system32\drivers\down\29233765.exe
C:\WINDOWS\system32\drivers\down\29235156.exe
C:\WINDOWS\system32\drivers\down\29236156.exe
C:\WINDOWS\system32\drivers\down\29236421.exe
C:\WINDOWS\system32\drivers\down\29236781.exe
C:\WINDOWS\system32\drivers\down\29236953.exe
C:\WINDOWS\system32\drivers\down\29238406.exe
C:\WINDOWS\system32\drivers\down\29238968.exe
C:\WINDOWS\system32\drivers\down\29239187.exe
C:\WINDOWS\system32\drivers\down\29240812.exe
C:\WINDOWS\system32\drivers\down\29241781.exe
C:\WINDOWS\system32\drivers\down\29242812.exe
C:\WINDOWS\system32\drivers\down\29245390.exe
C:\WINDOWS\system32\drivers\down\29247593.exe
C:\WINDOWS\system32\drivers\down\29247734.exe
C:\WINDOWS\system32\drivers\down\29250203.exe
C:\WINDOWS\system32\drivers\down\29250937.exe
C:\WINDOWS\system32\drivers\down\29251562.exe
C:\WINDOWS\system32\drivers\down\29251937.exe
C:\WINDOWS\system32\drivers\down\29254328.exe
C:\WINDOWS\system32\drivers\down\29256125.exe
C:\WINDOWS\system32\drivers\down\29260546.exe
C:\WINDOWS\system32\drivers\down\29260578.exe
C:\WINDOWS\system32\drivers\down\29263015.exe
C:\WINDOWS\system32\drivers\down\29267906.exe
C:\WINDOWS\system32\drivers\down\29268984.exe
C:\WINDOWS\system32\drivers\down\29270140.exe
C:\WINDOWS\system32\drivers\down\29271906.exe
C:\WINDOWS\system32\drivers\down\29272828.exe
C:\WINDOWS\system32\drivers\down\29273890.exe
C:\WINDOWS\system32\drivers\down\29275593.exe
C:\WINDOWS\system32\drivers\down\29276265.exe
C:\WINDOWS\system32\drivers\down\29278687.exe
C:\WINDOWS\system32\drivers\down\29279765.exe
C:\WINDOWS\system32\drivers\down\29284468.exe
C:\WINDOWS\system32\drivers\down\29285609.exe
C:\WINDOWS\system32\drivers\down\29287265.exe
C:\WINDOWS\system32\drivers\down\29287890.exe
C:\WINDOWS\system32\drivers\down\29288281.exe
C:\WINDOWS\system32\drivers\down\29289671.exe
C:\WINDOWS\system32\drivers\down\29290250.exe
C:\WINDOWS\system32\drivers\down\29291625.exe
C:\WINDOWS\system32\drivers\down\29293156.exe
C:\WINDOWS\system32\drivers\down\29294687.exe
C:\WINDOWS\system32\drivers\down\293093.exe
C:\WINDOWS\system32\drivers\down\29323515.exe
C:\WINDOWS\system32\drivers\down\29326218.exe
C:\WINDOWS\system32\drivers\down\29330421.exe
C:\WINDOWS\system32\drivers\down\293453.exe
C:\WINDOWS\system32\drivers\down\293703.exe
C:\WINDOWS\system32\drivers\down\29434718.exe
C:\WINDOWS\system32\drivers\down\29440984.exe
C:\WINDOWS\system32\drivers\down\29443656.exe
C:\WINDOWS\system32\drivers\down\29459875.exe
C:\WINDOWS\system32\drivers\down\29460046.exe
C:\WINDOWS\system32\drivers\down\29464484.exe
C:\WINDOWS\system32\drivers\down\29466500.exe
C:\WINDOWS\system32\drivers\down\29469000.exe
C:\WINDOWS\system32\drivers\down\29469578.exe
C:\WINDOWS\system32\drivers\down\29472484.exe
C:\WINDOWS\system32\drivers\down\29477750.exe
C:\WINDOWS\system32\drivers\down\29480250.exe
C:\WINDOWS\system32\drivers\down\29480640.exe
C:\WINDOWS\system32\drivers\down\29481031.exe
C:\WINDOWS\system32\drivers\down\29481812.exe
C:\WINDOWS\system32\drivers\down\29484234.exe
C:\WINDOWS\system32\drivers\down\29486093.exe
C:\WINDOWS\system32\drivers\down\29514156.exe
C:\WINDOWS\system32\drivers\down\29517078.exe
C:\WINDOWS\system32\drivers\down\29521312.exe
C:\WINDOWS\system32\drivers\down\29527031.exe
C:\WINDOWS\system32\drivers\down\29539109.exe
C:\WINDOWS\system32\drivers\down\29541515.exe
C:\WINDOWS\system32\drivers\down\29555281.exe
C:\WINDOWS\system32\drivers\down\29555375.exe
C:\WINDOWS\system32\drivers\down\29561593.exe
C:\WINDOWS\system32\drivers\down\29563531.exe
C:\WINDOWS\system32\drivers\down\29565671.exe
C:\WINDOWS\system32\drivers\down\29566296.exe
C:\WINDOWS\system32\drivers\down\29569062.exe
C:\WINDOWS\system32\drivers\down\29574484.exe
C:\WINDOWS\system32\drivers\down\29577062.exe
C:\WINDOWS\system32\drivers\down\29577859.exe
C:\WINDOWS\system32\drivers\down\29578359.exe
C:\WINDOWS\system32\drivers\down\29578953.exe
C:\WINDOWS\system32\drivers\down\29587156.exe
C:\WINDOWS\system32\drivers\down\29589078.exe
C:\WINDOWS\system32\drivers\down\29617609.exe
C:\WINDOWS\system32\drivers\down\29620421.exe
C:\WINDOWS\system32\drivers\down\29625312.exe
C:\WINDOWS\system32\drivers\down\296500.exe
C:\WINDOWS\system32\drivers\down\298281.exe
C:\WINDOWS\system32\drivers\down\300734.exe
C:\WINDOWS\system32\drivers\down\301015.exe
C:\WINDOWS\system32\drivers\down\302875.exe
C:\WINDOWS\system32\drivers\down\323093.exe
C:\WINDOWS\system32\drivers\down\326421.exe
C:\WINDOWS\system32\drivers\down\331281.exe
C:\WINDOWS\system32\drivers\down\340609.exe
C:\WINDOWS\system32\drivers\down\433656.exe
C:\WINDOWS\system32\drivers\down\43698515.exe
C:\WINDOWS\system32\drivers\down\43718296.exe
C:\WINDOWS\system32\drivers\down\437187.exe
C:\WINDOWS\system32\drivers\down\43721062.exe
C:\WINDOWS\system32\drivers\down\43735812.exe
C:\WINDOWS\system32\drivers\down\43735953.exe
C:\WINDOWS\system32\drivers\down\43737906.exe
C:\WINDOWS\system32\drivers\down\43742156.exe
C:\WINDOWS\system32\drivers\down\43748578.exe
C:\WINDOWS\system32\drivers\down\43753968.exe
C:\WINDOWS\system32\drivers\down\43756046.exe
C:\WINDOWS\system32\drivers\down\43758187.exe
C:\WINDOWS\system32\drivers\down\43759015.exe
C:\WINDOWS\system32\drivers\down\43761156.exe
C:\WINDOWS\system32\drivers\down\43761500.exe
C:\WINDOWS\system32\drivers\down\43770156.exe
C:\WINDOWS\system32\drivers\down\43773312.exe
C:\WINDOWS\system32\drivers\down\43774187.exe
C:\WINDOWS\system32\drivers\down\43775203.exe
C:\WINDOWS\system32\drivers\down\43775421.exe
C:\WINDOWS\system32\drivers\down\43779875.exe
C:\WINDOWS\system32\drivers\down\43782062.exe
C:\WINDOWS\system32\drivers\down\43783937.exe
C:\WINDOWS\system32\drivers\down\43784796.exe
C:\WINDOWS\system32\drivers\down\43787343.exe
C:\WINDOWS\system32\drivers\down\43790390.exe
C:\WINDOWS\system32\drivers\down\43791078.exe
C:\WINDOWS\system32\drivers\down\43793593.exe
C:\WINDOWS\system32\drivers\down\43794140.exe
C:\WINDOWS\system32\drivers\down\43801437.exe
C:\WINDOWS\system32\drivers\down\43803500.exe
C:\WINDOWS\system32\drivers\down\43804625.exe
C:\WINDOWS\system32\drivers\down\43806515.exe
C:\WINDOWS\system32\drivers\down\43811078.exe
C:\WINDOWS\system32\drivers\down\43813828.exe
C:\WINDOWS\system32\drivers\down\43818015.exe
C:\WINDOWS\system32\drivers\down\43841937.exe
C:\WINDOWS\system32\drivers\down\43847921.exe
C:\WINDOWS\system32\drivers\down\43872437.exe
C:\WINDOWS\system32\drivers\down\43874046.exe
C:\WINDOWS\system32\drivers\down\43877015.exe
C:\WINDOWS\system32\drivers\down\43883671.exe
C:\WINDOWS\system32\drivers\down\44039734.exe
C:\WINDOWS\system32\drivers\down\44048390.exe
C:\WINDOWS\system32\drivers\down\44050906.exe
C:\WINDOWS\system32\drivers\down\44093750.exe
C:\WINDOWS\system32\drivers\down\44093968.exe
C:\WINDOWS\system32\drivers\down\44101187.exe
C:\WINDOWS\system32\drivers\down\44103562.exe
C:\WINDOWS\system32\drivers\down\44105500.exe
C:\WINDOWS\system32\drivers\down\44106171.exe
C:\WINDOWS\system32\drivers\down\44108781.exe
C:\WINDOWS\system32\drivers\down\44114437.exe
C:\WINDOWS\system32\drivers\down\44117140.exe
C:\WINDOWS\system32\drivers\down\44117906.exe
C:\WINDOWS\system32\drivers\down\44118640.exe
C:\WINDOWS\system32\drivers\down\44122375.exe
C:\WINDOWS\system32\drivers\down\44125375.exe
C:\WINDOWS\system32\drivers\down\44127312.exe
C:\WINDOWS\system32\drivers\down\44156109.exe
C:\WINDOWS\system32\drivers\down\44159046.exe
C:\WINDOWS\system32\drivers\down\44163812.exe
C:\WINDOWS\system32\drivers\down\441796.exe
C:\WINDOWS\system32\drivers\down\444250.exe
C:\WINDOWS\system32\drivers\down\447640.exe
C:\WINDOWS\system32\drivers\down\485187.exe
C:\WINDOWS\system32\drivers\down\485453.exe
C:\WINDOWS\system32\drivers\down\491406.exe
C:\WINDOWS\system32\drivers\down\498921.exe
C:\WINDOWS\system32\drivers\down\502187.exe
C:\WINDOWS\system32\drivers\down\502875.exe
C:\WINDOWS\system32\drivers\down\505703.exe
C:\WINDOWS\system32\drivers\down\511546.exe
C:\WINDOWS\system32\drivers\down\514656.exe
C:\WINDOWS\system32\drivers\down\516718.exe
C:\WINDOWS\system32\drivers\down\517562.exe
C:\WINDOWS\system32\drivers\down\522828.exe
C:\WINDOWS\system32\drivers\down\525546.exe
C:\WINDOWS\system32\drivers\down\529968.exe
C:\WINDOWS\system32\drivers\down\531906.exe
C:\WINDOWS\system32\drivers\down\534062.exe
C:\WINDOWS\system32\drivers\down\537687.exe
C:\WINDOWS\system32\drivers\down\559640.exe
C:\WINDOWS\system32\drivers\down\563062.exe
C:\WINDOWS\system32\drivers\down\567671.exe
C:\WINDOWS\system32\drivers\down\569250.exe
C:\WINDOWS\system32\drivers\down\574578.exe
C:\WINDOWS\system32\drivers\down\575000.exe
C:\WINDOWS\system32\drivers\down\581000.exe
C:\WINDOWS\system32\drivers\down\58285203.exe
C:\WINDOWS\system32\drivers\down\58292406.exe
C:\WINDOWS\system32\drivers\down\58294312.exe
C:\WINDOWS\system32\drivers\down\58299109.exe
C:\WINDOWS\system32\drivers\down\58301406.exe
C:\WINDOWS\system32\drivers\down\58302203.exe
C:\WINDOWS\system32\drivers\down\58313437.exe
C:\WINDOWS\system32\drivers\down\58317250.exe
C:\WINDOWS\system32\drivers\down\58322187.exe
C:\WINDOWS\system32\drivers\down\58322203.exe
C:\WINDOWS\system32\drivers\down\58328578.exe
C:\WINDOWS\system32\drivers\down\58330375.exe
C:\WINDOWS\system32\drivers\down\58332390.exe
C:\WINDOWS\system32\drivers\down\58332906.exe
C:\WINDOWS\system32\drivers\down\58334843.exe
C:\WINDOWS\system32\drivers\down\58334906.exe
C:\WINDOWS\system32\drivers\down\58335625.exe
C:\WINDOWS\system32\drivers\down\58340953.exe
C:\WINDOWS\system32\drivers\down\58342484.exe
C:\WINDOWS\system32\drivers\down\58344453.exe
C:\WINDOWS\system32\drivers\down\58344796.exe
C:\WINDOWS\system32\drivers\down\58345187.exe
C:\WINDOWS\system32\drivers\down\58346062.exe
C:\WINDOWS\system32\drivers\down\58348093.exe
C:\WINDOWS\system32\drivers\down\58348250.exe
C:\WINDOWS\system32\drivers\down\58350031.exe
C:\WINDOWS\system32\drivers\down\58351203.exe
C:\WINDOWS\system32\drivers\down\58352406.exe
C:\WINDOWS\system32\drivers\down\58355890.exe
C:\WINDOWS\system32\drivers\down\58362062.exe
C:\WINDOWS\system32\drivers\down\58365437.exe
C:\WINDOWS\system32\drivers\down\58365890.exe
C:\WINDOWS\system32\drivers\down\58366437.exe
C:\WINDOWS\system32\drivers\down\58367562.exe
C:\WINDOWS\system32\drivers\down\58371640.exe
C:\WINDOWS\system32\drivers\down\58373500.exe
C:\WINDOWS\system32\drivers\down\58377562.exe
C:\WINDOWS\system32\drivers\down\58380093.exe
C:\WINDOWS\system32\drivers\down\58384484.exe
C:\WINDOWS\system32\drivers\down\58403265.exe
C:\WINDOWS\system32\drivers\down\58406687.exe
C:\WINDOWS\system32\drivers\down\58411468.exe
C:\WINDOWS\system32\drivers\down\58578765.exe
C:\WINDOWS\system32\drivers\down\58589781.exe
C:\WINDOWS\system32\drivers\down\58593484.exe
C:\WINDOWS\system32\drivers\down\58611468.exe
C:\WINDOWS\system32\drivers\down\58611562.exe
C:\WINDOWS\system32\drivers\down\58620640.exe
C:\WINDOWS\system32\drivers\down\58623250.exe
C:\WINDOWS\system32\drivers\down\58626000.exe
C:\WINDOWS\system32\drivers\down\58626703.exe
C:\WINDOWS\system32\drivers\down\58630078.exe
C:\WINDOWS\system32\drivers\down\58636906.exe
C:\WINDOWS\system32\drivers\down\58640109.exe
C:\WINDOWS\system32\drivers\down\58640687.exe
C:\WINDOWS\system32\drivers\down\58641187.exe
C:\WINDOWS\system32\drivers\down\58644593.exe
C:\WINDOWS\system32\drivers\down\58648625.exe
C:\WINDOWS\system32\drivers\down\58650515.exe
C:\WINDOWS\system32\drivers\down\58681421.exe
C:\WINDOWS\system32\drivers\down\58689578.exe
C:\WINDOWS\system32\drivers\down\58694046.exe
C:\WINDOWS\system32\drivers\down\593140.exe
C:\WINDOWS\system32\drivers\down\595343.exe
C:\WINDOWS\system32\drivers\down\597078.exe
C:\WINDOWS\system32\drivers\down\602921.exe
C:\WINDOWS\system32\drivers\down\605406.exe
C:\WINDOWS\system32\drivers\down\606312.exe
C:\WINDOWS\system32\drivers\down\607171.exe
C:\WINDOWS\system32\drivers\down\608265.exe
C:\WINDOWS\system32\drivers\down\611546.exe
C:\WINDOWS\system32\drivers\down\613687.exe
C:\WINDOWS\system32\drivers\down\662593.exe
C:\WINDOWS\system32\drivers\down\665640.exe
C:\WINDOWS\system32\drivers\down\670046.exe
C:\WINDOWS\system32\drivers\down\72836843.exe
C:\WINDOWS\system32\drivers\down\72845718.exe
C:\WINDOWS\system32\drivers\down\72849687.exe
C:\WINDOWS\system32\drivers\down\72852531.exe
C:\WINDOWS\system32\drivers\down\72865531.exe
C:\WINDOWS\system32\drivers\down\72865703.exe
C:\WINDOWS\system32\drivers\down\72871890.exe
C:\WINDOWS\system32\drivers\down\72874296.exe
C:\WINDOWS\system32\drivers\down\72876359.exe
C:\WINDOWS\system32\drivers\down\72877140.exe
C:\WINDOWS\system32\drivers\down\72880140.exe
C:\WINDOWS\system32\drivers\down\72885468.exe
C:\WINDOWS\system32\drivers\down\72887625.exe
C:\WINDOWS\system32\drivers\down\72888390.exe
C:\WINDOWS\system32\drivers\down\72889515.exe
C:\WINDOWS\system32\drivers\down\72893593.exe
C:\WINDOWS\system32\drivers\down\72896218.exe
C:\WINDOWS\system32\drivers\down\72898046.exe
C:\WINDOWS\system32\drivers\down\72926468.exe
C:\WINDOWS\system32\drivers\down\72929859.exe
C:\WINDOWS\system32\drivers\down\72934562.exe
C:\WINDOWS\system32\drivers\down\73111296.exe
C:\WINDOWS\system32\drivers\down\73125046.exe
C:\WINDOWS\system32\drivers\down\73127296.exe
C:\WINDOWS\system32\drivers\down\73145234.exe
C:\WINDOWS\system32\drivers\down\73151125.exe
C:\WINDOWS\system32\drivers\down\73153187.exe
C:\WINDOWS\system32\drivers\down\73155625.exe
C:\WINDOWS\system32\drivers\down\73156234.exe
C:\WINDOWS\system32\drivers\down\73159437.exe
C:\WINDOWS\system32\drivers\down\73166062.exe
C:\WINDOWS\system32\drivers\down\73170515.exe
C:\WINDOWS\system32\drivers\down\73170968.exe
C:\WINDOWS\system32\drivers\down\73171343.exe
C:\WINDOWS\system32\drivers\down\73171703.exe
C:\WINDOWS\system32\drivers\down\73174625.exe
C:\WINDOWS\system32\drivers\down\73176328.exe
C:\WINDOWS\system32\drivers\down\73208234.exe
C:\WINDOWS\system32\drivers\down\73211000.exe
C:\WINDOWS\system32\drivers\down\73215359.exe
C:\WINDOWS\system32\drivers\down\78421.exe
C:\WINDOWS\system32\drivers\down\82125.exe
C:\WINDOWS\system32\drivers\down\86234.exe
C:\WINDOWS\system32\drivers\down\87632578.exe
C:\WINDOWS\system32\drivers\down\87642000.exe
C:\WINDOWS\system32\drivers\down\87646531.exe
C:\WINDOWS\system32\drivers\down\87668281.exe
C:\WINDOWS\system32\drivers\down\87669031.exe
C:\WINDOWS\system32\drivers\down\87677875.exe
C:\WINDOWS\system32\drivers\down\87683656.exe
C:\WINDOWS\system32\drivers\down\87688265.exe
C:\WINDOWS\system32\drivers\down\87689859.exe
C:\WINDOWS\system32\drivers\down\87698390.exe
C:\WINDOWS\system32\drivers\down\87708515.exe
C:\WINDOWS\system32\drivers\down\87711218.exe
C:\WINDOWS\system32\drivers\down\87712078.exe
C:\WINDOWS\system32\drivers\down\87717328.exe
C:\WINDOWS\system32\drivers\down\87718609.exe
C:\WINDOWS\system32\drivers\down\87721312.exe
C:\WINDOWS\system32\drivers\down\87724828.exe
C:\WINDOWS\system32\drivers\down\87754875.exe
C:\WINDOWS\system32\drivers\down\87758765.exe
C:\WINDOWS\system32\drivers\down\87763328.exe
C:\WINDOWS\system32\drivers\down\90437.exe
C:\WINDOWS\system32\drivers\down\92781.exe
C:\WINDOWS\system32\drivers\down\95796.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe
F:\Autorun.inf . . . . failed to delete
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SROSA
-------\srosa
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.
2008-01-29 17:14 . 2008-01-29 17:14 d-------- C:\Documents and Settings\Anna Wiktorowicz\Application Data\Uniblue
2008-01-29 17:06 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2008-01-29 17:06 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2008-01-29 17:06 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2008-01-29 17:06 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2008-01-28 23:37 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS
2008-01-28 19:51 . 2008-01-28 19:51 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-28 08:16 . 2008-01-29 19:09 d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-01-28 08:16 . 2008-01-29 18:37 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-01-28 08:16 . 2008-01-29 18:37 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-01-28 08:16 . 2008-01-29 18:37 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-01-27 23:43 . 2008-01-27 23:43 d-------- C:\Program Files\Trend Micro
2008-01-27 19:00 . 2008-01-27 19:00 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-27 19:00 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-01-27 18:02 . 2008-01-27 18:41 d-------- C:\Program Files\Windows Defender
2008-01-27 16:48 . 2008-01-28 19:38 d-------- C:\Program Files\TrojanHunter 5.0
2008-01-27 10:32 . 2008-01-27 10:32 74 --a------ C:\WINDOWS\st_affiliate.ini
2008-01-27 09:28 . 2008-01-28 19:40 d-------- C:\VIRUS CLEAN UP
2008-01-27 01:01 . 2008-01-27 01:01 d-------- C:\WINDOWS\McAfee.com
2008-01-27 00:40 . 2008-01-27 00:53 d-------- C:\WINDOWS\SxsCaPendDel
2008-01-26 21:59 . 2008-01-26 21:59 d-------- C:\KAV
2008-01-26 21:50 . 2008-01-26 21:50 d-------- C:\Program Files\Common Files\iS3
2008-01-26 21:50 . 2008-01-27 00:37 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-26 21:43 . 2008-01-27 18:52 d-------- C:\Program Files\Common Files\PC Tools
2008-01-26 21:43 . 2008-01-26 21:43 d-------- C:\Documents and Settings\Anna Wiktorowicz\Application Data\PC Tools
2008-01-26 21:43 . 2008-01-26 21:43 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-26 21:43 . 2007-12-10 14:53 218,504 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pctfw2.sys
2008-01-26 11:59 . 2008-01-27 10:16 d-------- C:\Program Files\Symantec
2008-01-26 11:59 . 2008-01-27 10:08 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-26 10:27 . 2008-01-26 10:27 d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2008-01-25 22:45 . 2008-01-25 22:45 61,480 --a------ C:\Documents and Settings\Anna Wiktorowicz\GoToAssistDownloadHelper.exe
2008-01-22 22:40 . 2008-01-22 22:40 d-------- C:\Program Files\iTunes
2008-01-22 22:40 . 2008-01-22 22:40 d-------- C:\Program Files\iPod
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts
2008-01-08 18:08 . 2008-01-08 18:08 d-------- C:\Program Files\Dell Computer
2008-01-08 18:07 . 2003-03-11 01:04 266,240 --a------ C:\WINDOWS\SYSTEM32\hpdj
2008-01-08 18:04 . 2008-01-08 18:04 d-------- C:\Program Files\Dell 720
2008-01-08 18:02 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe
2008-01-07 19:53 . 2008-01-07 19:47 26,697 --a------ C:\WINDOWS\hpdj3600.hi2
2008-01-07 19:53 . 2008-01-07 19:47 4,431 --a------ C:\WINDOWS\hpdj3600.bu2
2008-01-07 19:47 . 2003-03-11 01:04 266,240 --a------ C:\WINDOWS\SYSTEM32\hpdj3600
2008-01-07 19:46 . 2008-01-07 20:31 219,292 --a------ C:\WINDOWS\hpdj3600.hi1
2008-01-07 19:46 . 2008-01-07 20:31 8,667 --a------ C:\WINDOWS\hpdj3600.bu1
2007-12-30 19:08 . 2008-01-09 23:44 106,152 --------- C:\WINDOWS\hpqins13.dat.temp
2007-12-29 00:54 . 2008-01-09 23:44 106,152 --------- C:\WINDOWS\hpqins13.dat
2007-12-27 16:57 . 2007-12-27 16:57 1,409 --a------ C:\WINDOWS\SYSTEM32\tmpD35D5.FOT
2007-12-27 16:57 . 2007-12-27 16:57 1,409 --a------ C:\WINDOWS\SYSTEM32\tmpAF2D5.FOT
2007-12-27 16:57 . 2007-12-27 16:57 1,409 --a------ C:\WINDOWS\SYSTEM32\tmp863D5.FOT
2007-12-27 16:57 . 2007-12-27 16:57 1,409 --a------ C:\WINDOWS\SYSTEM32\tmp5E3D5.FOT
2007-12-27 16:57 . 2007-12-27 16:57 1,409 --a------ C:\WINDOWS\SYSTEM32\tmp334D5.FOT
2007-12-27 16:57 . 2007-12-27 16:57 1,409 --a------ C:\WINDOWS\SYSTEM32\tmp0A4D5.FOT
2007-12-27 07:51 . 2005-10-14 14:50 143,360 --a------ C:\WINDOWS\SYSTEM32\igfxres.dll
2007-12-27 01:17 . 2006-03-23 20:38 61,440 --a------ C:\WINDOWS\SYSTEM32\iAlmCoIn_v4543.dll
2007-12-26 19:07 . 2007-12-26 19:07 24 --a------ C:\WINDOWS\AM_D8.PRF
2007-12-26 18:32 . 2008-01-27 17:04 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-26 13:32 . 2008-01-26 21:13 d-------- C:\Program Files\Norton Security Scan
2007-12-26 13:16 . 2007-12-26 13:16 d-------- C:\Program Files\Enlight
2007-12-26 09:04 . 2007-12-26 09:04 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-12-26 09:03 . 2007-12-26 09:04 d-------- C:\Program Files\Dell Support Center
2007-12-26 09:03 . 2007-12-26 09:03 d-------- C:\Program Files\Common Files\supportsoft
2007-12-25 05:29 . 2007-12-26 09:40 d-------- C:\Documents and Settings\All Users\Application Data\Dell
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 07:43 --------- d-----w C:\Documents and Settings\Anna Wiktorowicz\Application Data\Skype
2008-01-30 05:43 --------- d-----w C:\Program Files\eMule
2008-01-30 04:42 --------- d-----w C:\Program Files\Google
2008-01-30 04:42 --------- d-----w C:\Program Files\Gadu-Gadu
2008-01-30 04:39 --------- d-----w C:\Program Files\eFax Messenger 4.1
2008-01-30 04:38 --------- d-----w C:\Program Files\DellSupport
2008-01-30 02:53 --------- d-----w C:\Program Files\Winamp
2008-01-30 02:53 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-30 02:52 --------- d-----w C:\Program Files\QuickTime
2008-01-29 06:30 --------- d-----w C:\Program Files\Sciagniete
2008-01-28 18:26 --------- d-----w C:\Program Files\Cliprex DVD Player Professional
2008-01-28 02:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-26 08:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-25 18:02 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-25 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-12 21:54 --------- d-----w C:\Documents and Settings\Anna Wiktorowicz\Application Data\AdobeUM
2008-01-09 02:09 --------- d-----w C:\Program Files\Jasc Software Inc
2008-01-09 02:09 --------- d-----w C:\Documents and Settings\Anna Wiktorowicz\Application Data\Jasc Software Inc
2008-01-09 02:07 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-01 18:48 --------- d-----w C:\Program Files\Java
2007-07-25 10:36 63,824 ----a-w C:\Documents and Settings\Anna Wiktorowicz\Application Data\GDIPFONTCACHEV1.DAT
2006-04-04 15:55 9,583,368 ----a-w C:\Documents and Settings\Anna Wiktorowicz\DesktopDoctor1.5.1.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00 15360]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2004-03-06 06:07 779141]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 14:46 68856]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-01-30 06:58 1716224]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2005-07-26 05:12 4771840]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"CheckNetworkConnection"="C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" [2006-01-09 15:45 1286144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 11:42 1404928]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 17:12 221184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 13:54 57344]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-06 22:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-05 22:05 127035]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 15:41 163840]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 10:41 33792]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2007-03-07 09:58 1773568]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 10:29 40960]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-19 16:58 180269]
"eFax 4.1"="C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" [2005-12-16 15:59 107008]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 20:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 20:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 20:17 118784]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 02:08 172032]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 02:00 15360]
C:\Documents and Settings\Anna Wiktorowicz\Start Menu\Programs\Startup\
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [2006-06-22 13:15:48 462848]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Billminder.lnk - C:\QUICKENW\BILLMIND.EXE [2007-02-03 08:06:36 36864]
eFax 4.1.lnk - C:\Program Files\eFax Messenger 4.1\J2GTray.exe [2006-01-30 11:05:01 513024]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 22:01:04 83360]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-09-21 16:53:32 811008]
Quicken Startup.lnk - C:\QUICKENW\QWDLLS.EXE [2007-02-03 08:06:46 36864]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-08-06 01:03:20 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
S1 pctfw2;pctfw2;C:\WINDOWS\SYSTEM32\DRIVERS\pctfw2.sys [2007-12-10 14:53]
S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2001-09-10 18:09]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83be0d45-1eed-11dc-97d4-000000000000}]
\Shell\AutoRun\command - G:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 00:06:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-25 23:00:30 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 00:00:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\eFax Messenger 4.1\J2GTray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-01-30 0:09:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-30 08:09:16
.
2008-01-23 11:01:27 --- E O F ---
Ok Guys,
I was able to download McAfee and it works fine...Yupi!!! Running ComboFix was enough. Now I'll scan for the stubborn New Poly Win32 and see if it's still here. Looks like the computer is feeling better already - works faster and I can dl files!
I will download SmitfraudFix as suggested by Overwhelmed if I still get the same message. If not, I will post this thread as solved.
How can I credit you for all the hard work? I don't even know how to thank you enough! You REALLY helped me!
THANK YOU!!!! THANK YOU!!!! THANK YOU!!!
you just click our "add to overwhelmed/gerbil's reputation and you can leave a comment in there too
if you dont have CCleaner you can get it from the link in my signature
you can get spybot S&D from www.filehippo.com and you can also use filehippo.com to check on newer versions or to try out other anti virus and anti spyware programs if you wish
It's official! You guys are geniuses! No more New Poly and my computer works just fine! I scanned the whole system and New Poly has been quarantined. Thank you for your help! I added to your reputation! That's at least I could do! THANK YOU AGAIN!
Just on a side note...why do people come up with viruses? What's the point? How can people make others lives misearable and be satisfied with their work? Grrr...Anyways...thank you again!!!
I'm marking this thread as resolved.
Nice work, Anna... that certainly worked magic.
There are still a couple of things to fix before you put your feet up, though.
What is on your F: drive? Is it/was it a plugged-in USB stick? From Combofix....:
F:\Autorun.inf . . . . failed to delete. If this is a hard drive then I suggest you try to delete this file manually. If a USB drive [thumbdrive...] than it could be okay to leave it be.
What is this file associated with [check its properties..] C:\WINDOWS\AM_D8.PRF
Now, the last thing is to fix your Safe Mode registry keys, otherwise you cannot enter Safe mode. Download the zip file I have pinned here, unzip it and dclick the .reg file to run it... agree; if it opens in notepad instead rclick the icon [file], choose Open with, Registry editor....
Then see if you can enter safe mode via F8 key.
