Tech Support Forum - View Single Post - Malware-systemerrorfixer-my log from PandaSoftware

SonjaM7312 · 11-29-2007, 03:11 PM

Logfile of HijackThis v1.99.1
Scan saved at 4:05:53 PM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\BellSouth Accelerator Technology\propelac.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\BellSouth® Internet Services\Dialer\DartDialer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ABC\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\BellSouth Accelerator Technology\prpl_IePopupBlocker.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\BellSouth Accelerator Technology\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\BellSouth Accelerator Technology\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\BellSouth Accelerator Technology\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www1.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{85653724-D20B-4F9D-A6CA-0E45C2429A42}: NameServer = 205.152.37.23 205.152.132.23
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

ComboFix log

ComboFix 07-11-19.4C - MENDY 2007-11-29 14:55:12.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.154 [GMT -6:00]
Running from: C:\Documents and Settings\MENDY\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\Documents and Settings\MENDY\Local Settings\Application Data\onmsbyafo.dat
C:\Documents and Settings\MENDY\Local Settings\Application Data\onmsbyafo.exe
c:\Documents and Settings\MENDY\Local Settings\Application Data\onmsbyafo_nav.dat
C:\Documents and Settings\MENDY\Local Settings\Application Data\onmsbyafo_navps.dat
C:\Program Files\instant access
C:\Program Files\instant access\Center\Crazy Girls.upd
C:\Program Files\instant access\Center\Fun-Games.upd
C:\Program Files\instant access\Center\GAMES-DESKTOP.COM.upd
C:\Program Files\instant access\Center\SERIALPLAYERS.upd
C:\Program Files\instant access\Center\tray1.ico
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\EN\txt1.gif
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\EN\txt2.gif
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\h1.gif
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\h2.gif
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\h3.gif
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\l1.gif
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\l2.gif
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\l3.gif
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\l4.gif
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\l5.gif
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\logo.gif
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\pic1.jpg
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\pic2.jpg
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\pic3.jpg
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\vid1.jpg
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\vid2.jpg
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\vid3.jpg
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\5219345df144faaacbda30660f07a0fc.html
C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\5219345df144faaacbda30660f07a0fc.html_0.loginvis
C:\Program Files\instant access\Dialer\1033802053\us2-external-api.dlv4.com\js\a2fb689eb0a5542939b0d2ab10208e4d
C:\Program Files\instant access\Dialer\1033802053\us2-www.0texkax7c6hzuidk.com\Common\5e698d7dcf6ba8b62992173e4d5cb59f.html
C:\Program Files\instant access\Dialer\1033802053\us2-www.0texkax7c6hzuidk.com\custom\4256\EN\button1.gif
C:\Program Files\instant access\Dialer\1033802053\us2-www.0texkax7c6hzuidk.com\custom\4256\EN\button2.gif
C:\Program Files\instant access\Dialer\1033802053\us2-www.0texkax7c6hzuidk.com\custom\4256\EN\button3.gif
C:\Program Files\instant access\Dialer\1033802053\us2-www.0texkax7c6hzuidk.com\custom\4256\EN\button4.gif
C:\Program Files\instant access\Dialer\1077506764\Crazy Girls.lnk
C:\Program Files\instant access\Dialer\1077506764\fp.pc-on-internet.com\2e6b0c9d5c70305d9b124f8d3a98680e.html
C:\Program Files\instant access\Dialer\1077506764\fp.pc-on-internet.com\2e6b0c9d5c70305d9b124f8d3a98680e.html_0.loginvis
C:\Program Files\instant access\Dialer\1077506764\fp.pc-on-internet.com\50281\images\EN\index_01.gif
C:\Program Files\instant access\Dialer\1077506764\fp.pc-on-internet.com\50281\images\EN\index_02.gif
C:\Program Files\instant access\Dialer\1077506764\fp.pc-on-internet.com\50281\images\index_04.jpg
C:\Program Files\instant access\Dialer\1077506764\us2-external-api.dlv4.com\js\0df1a4daf3f8c6cbd463d7b3a352af7d
C:\Program Files\instant access\Dialer\1077506764\us2-www.0texkax7c6hzuidk.com\Common\049152f555a67f56432c7916d52c234e.html
C:\Program Files\instant access\Dialer\1077506764\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\1077506764\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\1077506764\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\1077506764\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\133202765\fp.gad-network.com\50110\images\bckg.gif
C:\Program Files\instant access\Dialer\133202765\fp.pc-on-internet.com\50110\images\EN\index_01.jpg
C:\Program Files\instant access\Dialer\133202765\fp.pc-on-internet.com\50110\images\index_03.jpg
C:\Program Files\instant access\Dialer\133202765\fp.pc-on-internet.com\a3d663faf6f3ce6fd17c6e8185347345.html
C:\Program Files\instant access\Dialer\133202765\fp.pc-on-internet.com\a3d663faf6f3ce6fd17c6e8185347345.html_0.loginvis
C:\Program Files\instant access\Dialer\133202765\us2-external-api.dlv4.com\js\3e84b5ebe4105b22b65ad28a9c76a162
C:\Program Files\instant access\Dialer\133202765\us2-www.0texkax7c6hzuidk.com\Common\cd07c400182e332dbcd9b05992b0de66.html
C:\Program Files\instant access\Dialer\133202765\us2-www.0texkax7c6hzuidk.com\custom\4339\EN\button1.gif
C:\Program Files\instant access\Dialer\133202765\us2-www.0texkax7c6hzuidk.com\custom\4339\EN\button2.gif
C:\Program Files\instant access\Dialer\133202765\us2-www.0texkax7c6hzuidk.com\custom\4339\EN\button3.gif
C:\Program Files\instant access\Dialer\133202765\us2-www.0texkax7c6hzuidk.com\custom\4339\EN\button4.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\00.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\bando.jpg
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\bando_bas.jpg
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\bando_haut.jpg
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\bas.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\d.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\EN\fun1.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\EN\fun2.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\EN\fun3.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\EN\fun4.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\EN\jeu1.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\EN\jeu2.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\EN\jeu3.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\EN\titre.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\g.gif
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\a2acac7e866026f04ce03b40443a9ada.html
C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\a2acac7e866026f04ce03b40443a9ada.html_0.loginvis
C:\Program Files\instant access\Dialer\150607247\GAMES-DESKTOP.COM.lnk
C:\Program Files\instant access\Dialer\150607247\us2-external-api.dlv4.com\js\7a655120da9b9d8fe96043ef5ce9e056
C:\Program Files\instant access\Dialer\150607247\us2-www.0texkax7c6hzuidk.com\Common\fac93cde7939314bb04c4046fe63af8d.html
C:\Program Files\instant access\Dialer\150607247\us2-www.0texkax7c6hzuidk.com\custom\4160\4160_dialer.ico
C:\Program Files\instant access\Dialer\150607247\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button1.gif
C:\Program Files\instant access\Dialer\150607247\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button2.gif
C:\Program Files\instant access\Dialer\150607247\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button3.gif
C:\Program Files\instant access\Dialer\150607247\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button4.gif
C:\Program Files\instant access\Dialer\150607247\http://www.rapid-pass.net\789e4360fd...43989e6f6210b1
C:\Program Files\instant access\Dialer\362074402\fp.pc-on-internet.com\274d9db5fe3a5ca3999f58be5eebba57.html
C:\Program Files\instant access\Dialer\362074402\fp.pc-on-internet.com\274d9db5fe3a5ca3999f58be5eebba57.html_0.loginvis
C:\Program Files\instant access\Dialer\362074402\fp.pc-on-internet.com\50282\images\EN\index_01.gif
C:\Program Files\instant access\Dialer\362074402\fp.pc-on-internet.com\50282\images\EN\index_02.gif
C:\Program Files\instant access\Dialer\362074402\fp.pc-on-internet.com\50282\images\index_03.jpg
C:\Program Files\instant access\Dialer\362074402\us2-external-api.dlv4.com\js\55f404d95a022643d8257aa8895fb236
C:\Program Files\instant access\Dialer\362074402\us2-www.0texkax7c6hzuidk.com\Common\058afa0363434457539746c687645f15.html
C:\Program Files\instant access\Dialer\362074402\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\362074402\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\362074402\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\362074402\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\384097938\us2-external-api.dlv4.com\js\1917347171ef733d49bc90c7a0e96822
C:\Program Files\instant access\Dialer\384097938\us2-www.0texkax7c6hzuidk.com\Common\d734fcbd2875cb2cee95f3d403755bc5.html
C:\Program Files\instant access\Dialer\384097938\us2-www.0texkax7c6hzuidk.com\Common\d734fcbd2875cb2cee95f3d403755bc5.html_0.loginvis
C:\Program Files\instant access\Dialer\384097938\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button1.gif
C:\Program Files\instant access\Dialer\384097938\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button2.gif
C:\Program Files\instant access\Dialer\384097938\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button3.gif
C:\Program Files\instant access\Dialer\384097938\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button4.gif
C:\Program Files\instant access\Dialer\395004339\es6-external-api.dlv4.com\js\08746d00e1fa6e83368b2bc62d212eef
C:\Program Files\instant access\Dialer\395004339\es6-scripts.nccgateway.com\Common\358d75fffc2b04ed7bdcc84788642627.html
C:\Program Files\instant access\Dialer\395004339\Fun-Games.lnk
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\09ad72aa7cf1f177e7fa6f76390459ac.html
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\09ad72aa7cf1f177e7fa6f76390459ac.html_0.loginvis
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_01.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_02.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_03.gif
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_04.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_05.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_06.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_07.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_09.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_10.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_11.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_12.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_13.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_16.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_17.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_18.jpg
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\flash-1.swf
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\flash-2.swf
C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\flash-3.swf
C:\Program Files\instant access\Dialer\395004339\http://www.waypointcash.com\conversi...7e66ae9b3f9905
C:\Program Files\instant access\Dialer\406769774\fp.pc-on-internet.com\235efb54ac074e29b6e3cc6cba1b8f66.html
C:\Program Files\instant access\Dialer\406769774\fp.pc-on-internet.com\235efb54ac074e29b6e3cc6cba1b8f66.html_0.loginvis
C:\Program Files\instant access\Dialer\406769774\fp.pc-on-internet.com\50214\images\EN\index_01.jpg
C:\Program Files\instant access\Dialer\406769774\fp.pc-on-internet.com\50214\images\index_02.jpg
C:\Program Files\instant access\Dialer\406769774\fp.pc-on-internet.com\50214\images\index_04.jpg
C:\Program Files\instant access\Dialer\406769774\SERIALPLAYERS.lnk
C:\Program Files\instant access\Dialer\406769774\us2-external-api.dlv4.com\js\25b3f6c025f3269d99e2e48eed0c9974
C:\Program Files\instant access\Dialer\406769774\us2-www.0texkax7c6hzuidk.com\Common\8227a52656381d1f87545f21d6dd8487.html
C:\Program Files\instant access\Dialer\406769774\us2-www.0texkax7c6hzuidk.com\custom\4282\4282_dialer.ico
C:\Program Files\instant access\Dialer\406769774\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button1.gif
C:\Program Files\instant access\Dialer\406769774\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button2.gif
C:\Program Files\instant access\Dialer\406769774\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button3.gif
C:\Program Files\instant access\Dialer\406769774\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button4.gif
C:\Program Files\instant access\Dialer\406769774\http://www.rapid-pass.net\f494cc8f64...c38cc689a3e6b9
C:\Program Files\instant access\Dialer\528888614\fp.pc-on-internet.com\50274\images\EN\index_01.jpg
C:\Program Files\instant access\Dialer\528888614\fp.pc-on-internet.com\50274\images\EN\index_02.jpg
C:\Program Files\instant access\Dialer\528888614\fp.pc-on-internet.com\50274\images\EN\index_05.jpg
C:\Program Files\instant access\Dialer\528888614\fp.pc-on-internet.com\50274\images\index_03.jpg
C:\Program Files\instant access\Dialer\528888614\fp.pc-on-internet.com\d90faf27639e8db579b5f82fbce64960.html
C:\Program Files\instant access\Dialer\528888614\fp.pc-on-internet.com\d90faf27639e8db579b5f82fbce64960.html_0.loginvis
C:\Program Files\instant access\Dialer\528888614\us2-external-api.dlv4.com\js\15d50c6922c465feb4d79925e06f0533
C:\Program Files\instant access\Dialer\528888614\us2-www.0texkax7c6hzuidk.com\Common\6249cd562d66a32c9421ea49e8b5d4b5.html
C:\Program Files\instant access\Dialer\528888614\us2-www.0texkax7c6hzuidk.com\custom\4279\EN\button1.gif
C:\Program Files\instant access\Dialer\528888614\us2-www.0texkax7c6hzuidk.com\custom\4279\EN\button2.gif
C:\Program Files\instant access\Dialer\528888614\us2-www.0texkax7c6hzuidk.com\custom\4279\EN\button3.gif
C:\Program Files\instant access\Dialer\528888614\us2-www.0texkax7c6hzuidk.com\custom\4279\EN\button4.gif
C:\Program Files\instant access\Dialer\579185367\fp.pc-on-internet.com\50282\images\EN\index_01.gif
C:\Program Files\instant access\Dialer\579185367\fp.pc-on-internet.com\50282\images\EN\index_02.gif
C:\Program Files\instant access\Dialer\579185367\fp.pc-on-internet.com\50282\images\index_03.jpg
C:\Program Files\instant access\Dialer\579185367\fp.pc-on-internet.com\d61e362f21061102c871cdac7253c049.html
C:\Program Files\instant access\Dialer\579185367\fp.pc-on-internet.com\d61e362f21061102c871cdac7253c049.html_0.loginvis
C:\Program Files\instant access\Dialer\579185367\us2-external-api.dlv4.com\js\562dd916f2cbfe23eec3fea7135201c1
C:\Program Files\instant access\Dialer\579185367\us2-www.0texkax7c6hzuidk.com\Common\aeaf40dccb2922aaebee9977a82e070e.html
C:\Program Files\instant access\Dialer\579185367\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\579185367\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\579185367\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\579185367\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\586223745\es6-external-api.dlv4.com\js\08746d00e1fa6e83368b2bc62d212eef
C:\Program Files\instant access\Dialer\586223745\es6-scripts.nccgateway.com\Common\358d75fffc2b04ed7bdcc84788642627.html
C:\Program Files\instant access\Dialer\586223745\es6-scripts.nccgateway.com\custom\3020\EN\button1.gif
C:\Program Files\instant access\Dialer\586223745\es6-scripts.nccgateway.com\custom\3020\EN\button2.gif
C:\Program Files\instant access\Dialer\586223745\es6-scripts.nccgateway.com\custom\3020\EN\button3.gif
C:\Program Files\instant access\Dialer\586223745\es6-scripts.nccgateway.com\custom\3020\EN\button4.gif
C:\Program Files\instant access\Dialer\586223745\Fun-Games.lnk
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\09ad72aa7cf1f177e7fa6f76390459ac.html
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\09ad72aa7cf1f177e7fa6f76390459ac.html_0.loginvis
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_01.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_02.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_03.gif
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_04.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_05.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_06.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_07.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_09.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_10.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_11.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_12.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_13.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_16.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_17.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_18.jpg
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\flash-1.swf
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\flash-2.swf
C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\flash-3.swf
C:\Program Files\instant access\Dialer\586223745\http://www.waypointcash.com\conversi...7e66ae9b3f9905
C:\Program Files\instant access\Dialer\683255145\es6-external-api.dlv4.com\js\08746d00e1fa6e83368b2bc62d212eef
C:\Program Files\instant access\Dialer\683255145\es6-scripts.nccgateway.com\Common\86cebfec6a47389f820ef1ff27e1bd2f.html
C:\Program Files\instant access\Dialer\683255145\es6-scripts.nccgateway.com\Common\86cebfec6a47389f820ef1ff27e1bd2f.html_0.loginvis
C:\Program Files\instant access\Dialer\683255145\es6-scripts.nccgateway.com\custom\3020\EN\button1.gif
C:\Program Files\instant access\Dialer\683255145\es6-scripts.nccgateway.com\custom\3020\EN\button2.gif
C:\Program Files\instant access\Dialer\683255145\es6-scripts.nccgateway.com\custom\3020\EN\button3.gif
C:\Program Files\instant access\Dialer\683255145\es6-scripts.nccgateway.com\custom\3020\EN\button4.gif
C:\Program Files\instant access\Dialer\719965770\fp.gad-network.com\50110\images\bckg.gif
C:\Program Files\instant access\Dialer\719965770\fp.pc-on-internet.com\50110\images\EN\index_01.jpg
C:\Program Files\instant access\Dialer\719965770\fp.pc-on-internet.com\50110\images\index_03.jpg
C:\Program Files\instant access\Dialer\719965770\fp.pc-on-internet.com\a3d663faf6f3ce6fd17c6e8185347345.html
C:\Program Files\instant access\Dialer\719965770\fp.pc-on-internet.com\a3d663faf6f3ce6fd17c6e8185347345.html_0.loginvis
C:\Program Files\instant access\Dialer\719965770\us2-external-api.dlv4.com\js\3e84b5ebe4105b22b65ad28a9c76a162
C:\Program Files\instant access\Dialer\719965770\us2-www.0texkax7c6hzuidk.com\Common\cd07c400182e332dbcd9b05992b0de66.html
C:\Program Files\instant access\Dialer\719965770\us2-www.0texkax7c6hzuidk.com\custom\4339\EN\button1.gif
C:\Program Files\instant access\Dialer\719965770\us2-www.0texkax7c6hzuidk.com\custom\4339\EN\button2.gif
C:\Program Files\instant access\Dialer\719965770\us2-www.0texkax7c6hzuidk.com\custom\4339\EN\button3.gif
C:\Program Files\instant access\Dialer\719965770\us2-www.0texkax7c6hzuidk.com\custom\4339\EN\button4.gif
C:\Program Files\instant access\Dialer\736826486\fp.pc-on-internet.com\50281\images\EN\index_01.gif
C:\Program Files\instant access\Dialer\736826486\fp.pc-on-internet.com\50281\images\EN\index_02.gif
C:\Program Files\instant access\Dialer\736826486\fp.pc-on-internet.com\50281\images\index_04.jpg
C:\Program Files\instant access\Dialer\736826486\fp.pc-on-internet.com\691dda679a5aecc4254e75a12e61b137.html
C:\Program Files\instant access\Dialer\736826486\fp.pc-on-internet.com\691dda679a5aecc4254e75a12e61b137.html_0.loginvis
C:\Program Files\instant access\Dialer\736826486\us2-external-api.dlv4.com\js\b0f039ba7d1d4348e580f96febf05f8f
C:\Program Files\instant access\Dialer\736826486\us2-www.0texkax7c6hzuidk.com\Common\81c48f57a1ee951ce62f657872c9142b.html
C:\Program Files\instant access\Dialer\736826486\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\736826486\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\736826486\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\736826486\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\985715611\us2-external-api.dlv4.com\js\4b0b57cf462bba1711a290f60b02961e
C:\Program Files\instant access\Dialer\985715611\us2-www.0texkax7c6hzuidk.com\Common\5337388825079376b0f998654615846a.html
C:\Program Files\instant access\Dialer\985715611\us2-www.0texkax7c6hzuidk.com\Common\5337388825079376b0f998654615846a.html_0.loginvis
C:\Program Files\instant access\Dialer\985715611\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button1.gif
C:\Program Files\instant access\Dialer\985715611\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button2.gif
C:\Program Files\instant access\Dialer\985715611\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button3.gif
C:\Program Files\instant access\Dialer\985715611\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button4.gif
C:\Program Files\instant access\Dialer\99123178\fp.pc-on-internet.com\055d23083302114e577e443e9c3493d0.html
C:\Program Files\instant access\Dialer\99123178\fp.pc-on-internet.com\055d23083302114e577e443e9c3493d0.html_0.loginvis
C:\Program Files\instant access\Dialer\99123178\fp.pc-on-internet.com\50274\images\EN\index_01.jpg
C:\Program Files\instant access\Dialer\99123178\fp.pc-on-internet.com\50274\images\EN\index_02.jpg
C:\Program Files\instant access\Dialer\99123178\fp.pc-on-internet.com\50274\images\EN\index_05.jpg
C:\Program Files\instant access\Dialer\99123178\fp.pc-on-internet.com\50274\images\index_03.jpg
C:\Program Files\instant access\Dialer\99123178\us2-external-api.dlv4.com\js\559e3f66eb948f584ca31a3483e8fe5c
C:\Program Files\instant access\Dialer\99123178\us2-www.0texkax7c6hzuidk.com\Common\5be931d351cac44ba9a5bafc984cdba0.html
C:\Program Files\instant access\Dialer\99123178\us2-www.0texkax7c6hzuidk.com\custom\4279\EN\button1.gif
C:\Program Files\instant access\Dialer\99123178\us2-www.0texkax7c6hzuidk.com\custom\4279\EN\button2.gif
C:\Program Files\instant access\Dialer\99123178\us2-www.0texkax7c6hzuidk.com\custom\4279\EN\button3.gif
C:\Program Files\instant access\Dialer\99123178\us2-www.0texkax7c6hzuidk.com\custom\4279\EN\button4.gif
C:\Program Files\poolsv
C:\Program Files\svhost
C:\WINDOWS\system32\nvs2.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_IPRIP
-------\Iprip
-------\nm

((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
.

2007-11-29 06:50 <DIR> d-------- C:\Deckard
2007-11-29 06:22 <DIR> d-------- C:\Program Files\Real
2007-11-28 23:28 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-11-28 14:10 <DIR> d-------- C:\Program Files\ABC
2007-11-28 10:55 <DIR> d-------- C:\VundoFix Backups
2007-11-25 00:50 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-25 00:50 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-24 19:38 <DIR> d-------- C:\Program Files\directx
2007-11-18 15:12 <DIR> d-------- C:\Program Files\Strategy First
2007-11-06 19:23 <DIR> d-------- C:\WINDOWS\system32\Adobe
2007-11-06 19:23 <DIR> d-------- C:\WINDOWS\Profiles
2007-11-06 19:23 <DIR> d-------- C:\Documents and Settings\MENDY\Application Data\InterTrust
2007-10-30 19:55 145,968 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2007-10-30 19:55 39,856 --a------ C:\WINDOWS\system32\drivers\symids.sys
2007-10-30 19:55 37,936 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-30 19:55 35,120 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2007-10-30 19:55 12,848 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2007-10-30 19:24 12,963 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-30 19:24 1,358 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 20:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-26 05:25 --------- d-----w C:\Program Files\QuickTime
2007-11-26 05:17 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-26 05:13 --------- d-----w C:\Program Files\Lexmark Toolbar
2007-11-26 05:09 --------- d-----w C:\Program Files\Google
2007-11-26 05:09 --------- d-----w C:\Program Files\DellSupport
2007-11-26 05:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-26 05:05 --------- d-----w C:\Program Files\BellSouth Accelerator Technology
2007-11-25 06:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-25 02:54 --------- d-----w C:\Program Files\Dell Games
2007-11-25 02:40 --------- d-----w C:\Program Files\Selectsoft
2007-11-07 01:24 --------- d-----w C:\Program Files\Microsoft Games
2007-11-07 01:23 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-05 15:06 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-05 15:06 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-05 15:06 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-05 15:06 --------- d-----w C:\Program Files\Symantec
2007-10-31 01:55 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-31 01:55 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-29 04:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2007-10-09 16:55 --------- d-----w C:\Program Files\Common Files\Real
2007-09-29 17:58 91,648 ----a-w C:\WINDOWS\gzip.exe
2007-09-29 17:58 --------- d-----w C:\Program Files\Homestead
2007-06-22 00:25 225,776 -c--a-w C:\Documents and Settings\MENDY\Application Data\GDIPFONTCACHEV1.DAT
2007-05-21 18:27 67,819 -c--a-w C:\Program Files\INSTALL.LOG
2006-01-22 15:50 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2005-12-26 04:04 2,002,069 -c--a-w C:\Program Files\yahoo_texttwist_tm1-1.exe
2005-12-24 23:20 3,411,891 -c--a-w C:\Program Files\yahoo_spsolitaire_tm1-1.exe
1997-01-03 15:25 361,984 -c--a-w C:\Program Files\EyeCand3.dll
1997-01-03 04:59 375,296 -c--a-w C:\Program Files\EC3-ENG.8BF
1997-01-03 01:24 720,690 -c--a-w C:\Program Files\EC3-ENG.PDF
1996-10-24 23:45 59,952 -c--a-w C:\Program Files\UNWISE.EXE
2006-12-14 03:36 56 --sh--r C:\WINDOWS\system32\208BE54AEB.sys
2005-12-24 13:26 56 --sh--r C:\WINDOWS\system32\99C26D7B5C.sys
2006-12-14 04:04 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 21:08]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 06:36]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 10:09]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 10:06]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 10:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
"SigmatelSysTrayApp"="stsystra.exe" [2005-08-23 23:42 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 12:46]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-30 18:56]
"Propel Accelerator"="C:\Program Files\BellSouth Accelerator Technology\trayctl.exe" [2006-06-27 16:12]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 20:22]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-06 23:06]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-07 21:08:41]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\CBTNDIS5.SYS
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 winusb;WinUSB Service;C:\WINDOWS\system32\DRIVERS\WinUSB.SYS
S3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

.
Contents of the 'Scheduled Tasks' folder
"2007-11-24 04:10:36 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - MENDY.job"
- C:\PROGRA~1\NORTON~1\Navw32.exe
"2007-11-29 09:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 15:05:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-29 15:09:04 - machine was rebooted
.
--- E O F ---

11-29-2007, 03:11 PM	#7 (permalink)
SonjaM7312 Registered User Join Date: Nov 2007 Location: Tennessee Posts: 25 OS: Windows Vista, Home basic	Re: Malware-systemerrorfixer-my log from PandaSoftware Logfile of HijackThis v1.99.1 Scan saved at 4:05:53 PM, on 11/29/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe C:\Program Files\BellSouth Accelerator Technology\propelac.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\BellSouth® Internet Services\Dialer\DartDialer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\ABC\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\BellSouth Accelerator Technology\prpl_IePopupBlocker.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\BellSouth Accelerator Technology\trayctl.exe" /STARTUPLAUNCH O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\BellSouth Accelerator Technology\pac-page.html O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\BellSouth Accelerator Technology\pac-image.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.att.net O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www1.snapfish.com/SnapfishOutlookImport.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{85653724-D20B-4F9D-A6CA-0E45C2429A42}: NameServer = 205.152.37.23 205.152.132.23 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe ComboFix log ComboFix 07-11-19.4C - MENDY 2007-11-29 14:55:12.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.154 [GMT -6:00] Running from: C:\Documents and Settings\MENDY\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\Documents and Settings\MENDY\Local Settings\Application Data\onmsbyafo.dat C:\Documents and Settings\MENDY\Local Settings\Application Data\onmsbyafo.exe c:\Documents and Settings\MENDY\Local Settings\Application Data\onmsbyafo_nav.dat C:\Documents and Settings\MENDY\Local Settings\Application Data\onmsbyafo_navps.dat C:\Program Files\instant access C:\Program Files\instant access\Center\Crazy Girls.upd C:\Program Files\instant access\Center\Fun-Games.upd C:\Program Files\instant access\Center\GAMES-DESKTOP.COM.upd C:\Program Files\instant access\Center\SERIALPLAYERS.upd C:\Program Files\instant access\Center\tray1.ico C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\EN\txt1.gif C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\EN\txt2.gif C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\h1.gif C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\h2.gif C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\h3.gif C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\l1.gif C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\l2.gif C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\l3.gif C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\l4.gif C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\l5.gif C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\logo.gif C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\pic1.jpg C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\pic2.jpg C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\pic3.jpg C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\vid1.jpg C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\vid2.jpg C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\4121\images\vid3.jpg C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\5219345df144faaacbda30660f07a0fc.html C:\Program Files\instant access\Dialer\1033802053\fp.pc-on-internet.com\5219345df144faaacbda30660f07a0fc.html_0.loginvis C:\Program Files\instant access\Dialer\1033802053\us2-external-api.dlv4.com\js\a2fb689eb0a5542939b0d2ab10208e4d C:\Program Files\instant access\Dialer\1033802053\us2-www.0texkax7c6hzuidk.com\Common\5e698d7dcf6ba8b62992173e4d5cb59f.html C:\Program Files\instant access\Dialer\1033802053\us2-www.0texkax7c6hzuidk.com\custom\4256\EN\button1.gif C:\Program Files\instant access\Dialer\1033802053\us2-www.0texkax7c6hzuidk.com\custom\4256\EN\button2.gif C:\Program Files\instant access\Dialer\1033802053\us2-www.0texkax7c6hzuidk.com\custom\4256\EN\button3.gif C:\Program Files\instant access\Dialer\1033802053\us2-www.0texkax7c6hzuidk.com\custom\4256\EN\button4.gif C:\Program Files\instant access\Dialer\1077506764\Crazy Girls.lnk C:\Program Files\instant access\Dialer\1077506764\fp.pc-on-internet.com\2e6b0c9d5c70305d9b124f8d3a98680e.html C:\Program Files\instant access\Dialer\1077506764\fp.pc-on-internet.com\2e6b0c9d5c70305d9b124f8d3a98680e.html_0.loginvis C:\Program Files\instant access\Dialer\1077506764\fp.pc-on-internet.com\50281\images\EN\index_01.gif C:\Program Files\instant access\Dialer\1077506764\fp.pc-on-internet.com\50281\images\EN\index_02.gif C:\Program Files\instant access\Dialer\1077506764\fp.pc-on-internet.com\50281\images\index_04.jpg C:\Program Files\instant access\Dialer\1077506764\us2-external-api.dlv4.com\js\0df1a4daf3f8c6cbd463d7b3a352af7d C:\Program Files\instant access\Dialer\1077506764\us2-www.0texkax7c6hzuidk.com\Common\049152f555a67f56432c7916d52c234e.html C:\Program Files\instant access\Dialer\1077506764\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button1.gif C:\Program Files\instant access\Dialer\1077506764\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button2.gif C:\Program Files\instant access\Dialer\1077506764\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button3.gif C:\Program Files\instant access\Dialer\1077506764\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button4.gif C:\Program Files\instant access\Dialer\133202765\fp.gad-network.com\50110\images\bckg.gif C:\Program Files\instant access\Dialer\133202765\fp.pc-on-internet.com\50110\images\EN\index_01.jpg C:\Program Files\instant access\Dialer\133202765\fp.pc-on-internet.com\50110\images\index_03.jpg C:\Program Files\instant access\Dialer\133202765\fp.pc-on-internet.com\a3d663faf6f3ce6fd17c6e8185347345.html C:\Program Files\instant access\Dialer\133202765\fp.pc-on-internet.com\a3d663faf6f3ce6fd17c6e8185347345.html_0.loginvis C:\Program Files\instant access\Dialer\133202765\us2-external-api.dlv4.com\js\3e84b5ebe4105b22b65ad28a9c76a162 C:\Program Files\instant access\Dialer\133202765\us2-www.0texkax7c6hzuidk.com\Common\cd07c400182e332dbcd9b05992b0de66.html C:\Program Files\instant access\Dialer\133202765\us2-www.0texkax7c6hzuidk.com\custom\4339\EN\button1.gif C:\Program Files\instant access\Dialer\133202765\us2-www.0texkax7c6hzuidk.com\custom\4339\EN\button2.gif C:\Program Files\instant access\Dialer\133202765\us2-www.0texkax7c6hzuidk.com\custom\4339\EN\button3.gif C:\Program Files\instant access\Dialer\133202765\us2-www.0texkax7c6hzuidk.com\custom\4339\EN\button4.gif C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\00.gif C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\bando.jpg C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\bando_bas.jpg C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\bando_haut.jpg C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\bas.gif C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\d.gif C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\EN\fun1.gif C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\EN\fun2.gif C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\EN\fun3.gif C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\EN\fun4.gif C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\EN\jeu1.gif C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\EN\jeu2.gif C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\EN\jeu3.gif C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\EN\titre.gif C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\3041\images\g.gif C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\a2acac7e866026f04ce03b40443a9ada.html C:\Program Files\instant access\Dialer\150607247\fp.pc-on-internet.com\a2acac7e866026f04ce03b40443a9ada.html_0.loginvis C:\Program Files\instant access\Dialer\150607247\GAMES-DESKTOP.COM.lnk C:\Program Files\instant access\Dialer\150607247\us2-external-api.dlv4.com\js\7a655120da9b9d8fe96043ef5ce9e056 C:\Program Files\instant access\Dialer\150607247\us2-www.0texkax7c6hzuidk.com\Common\fac93cde7939314bb04c4046fe63af8d.html C:\Program Files\instant access\Dialer\150607247\us2-www.0texkax7c6hzuidk.com\custom\4160\4160_dialer.ico C:\Program Files\instant access\Dialer\150607247\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button1.gif C:\Program Files\instant access\Dialer\150607247\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button2.gif C:\Program Files\instant access\Dialer\150607247\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button3.gif C:\Program Files\instant access\Dialer\150607247\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button4.gif C:\Program Files\instant access\Dialer\150607247\http://www.rapid-pass.net\789e4360fd...43989e6f6210b1 C:\Program Files\instant access\Dialer\362074402\fp.pc-on-internet.com\274d9db5fe3a5ca3999f58be5eebba57.html C:\Program Files\instant access\Dialer\362074402\fp.pc-on-internet.com\274d9db5fe3a5ca3999f58be5eebba57.html_0.loginvis C:\Program Files\instant access\Dialer\362074402\fp.pc-on-internet.com\50282\images\EN\index_01.gif C:\Program Files\instant access\Dialer\362074402\fp.pc-on-internet.com\50282\images\EN\index_02.gif C:\Program Files\instant access\Dialer\362074402\fp.pc-on-internet.com\50282\images\index_03.jpg C:\Program Files\instant access\Dialer\362074402\us2-external-api.dlv4.com\js\55f404d95a022643d8257aa8895fb236 C:\Program Files\instant access\Dialer\362074402\us2-www.0texkax7c6hzuidk.com\Common\058afa0363434457539746c687645f15.html C:\Program Files\instant access\Dialer\362074402\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button1.gif C:\Program Files\instant access\Dialer\362074402\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button2.gif C:\Program Files\instant access\Dialer\362074402\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button3.gif C:\Program Files\instant access\Dialer\362074402\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button4.gif C:\Program Files\instant access\Dialer\384097938\us2-external-api.dlv4.com\js\1917347171ef733d49bc90c7a0e96822 C:\Program Files\instant access\Dialer\384097938\us2-www.0texkax7c6hzuidk.com\Common\d734fcbd2875cb2cee95f3d403755bc5.html C:\Program Files\instant access\Dialer\384097938\us2-www.0texkax7c6hzuidk.com\Common\d734fcbd2875cb2cee95f3d403755bc5.html_0.loginvis C:\Program Files\instant access\Dialer\384097938\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button1.gif C:\Program Files\instant access\Dialer\384097938\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button2.gif C:\Program Files\instant access\Dialer\384097938\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button3.gif C:\Program Files\instant access\Dialer\384097938\us2-www.0texkax7c6hzuidk.com\custom\4160\EN\button4.gif C:\Program Files\instant access\Dialer\395004339\es6-external-api.dlv4.com\js\08746d00e1fa6e83368b2bc62d212eef C:\Program Files\instant access\Dialer\395004339\es6-scripts.nccgateway.com\Common\358d75fffc2b04ed7bdcc84788642627.html C:\Program Files\instant access\Dialer\395004339\Fun-Games.lnk C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\09ad72aa7cf1f177e7fa6f76390459ac.html C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\09ad72aa7cf1f177e7fa6f76390459ac.html_0.loginvis C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_01.jpg C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_02.jpg C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_03.gif C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_04.jpg C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_05.jpg C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_06.jpg C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_07.jpg C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_09.jpg C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_10.jpg C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_11.jpg C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_12.jpg C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_13.jpg C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_16.jpg C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_17.jpg C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_18.jpg C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\flash-1.swf C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\flash-2.swf C:\Program Files\instant access\Dialer\395004339\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\flash-3.swf C:\Program Files\instant access\Dialer\395004339\http://www.waypointcash.com\conversi...7e66ae9b3f9905 C:\Program Files\instant access\Dialer\406769774\fp.pc-on-internet.com\235efb54ac074e29b6e3cc6cba1b8f66.html C:\Program Files\instant access\Dialer\406769774\fp.pc-on-internet.com\235efb54ac074e29b6e3cc6cba1b8f66.html_0.loginvis C:\Program Files\instant access\Dialer\406769774\fp.pc-on-internet.com\50214\images\EN\index_01.jpg C:\Program Files\instant access\Dialer\406769774\fp.pc-on-internet.com\50214\images\index_02.jpg C:\Program Files\instant access\Dialer\406769774\fp.pc-on-internet.com\50214\images\index_04.jpg C:\Program Files\instant access\Dialer\406769774\SERIALPLAYERS.lnk C:\Program Files\instant access\Dialer\406769774\us2-external-api.dlv4.com\js\25b3f6c025f3269d99e2e48eed0c9974 C:\Program Files\instant access\Dialer\406769774\us2-www.0texkax7c6hzuidk.com\Common\8227a52656381d1f87545f21d6dd8487.html C:\Program Files\instant access\Dialer\406769774\us2-www.0texkax7c6hzuidk.com\custom\4282\4282_dialer.ico C:\Program Files\instant access\Dialer\406769774\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button1.gif C:\Program Files\instant access\Dialer\406769774\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button2.gif C:\Program Files\instant access\Dialer\406769774\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button3.gif C:\Program Files\instant access\Dialer\406769774\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button4.gif C:\Program Files\instant access\Dialer\406769774\http://www.rapid-pass.net\f494cc8f64...c38cc689a3e6b9 C:\Program Files\instant access\Dialer\528888614\fp.pc-on-internet.com\50274\images\EN\index_01.jpg C:\Program Files\instant access\Dialer\528888614\fp.pc-on-internet.com\50274\images\EN\index_02.jpg C:\Program Files\instant access\Dialer\528888614\fp.pc-on-internet.com\50274\images\EN\index_05.jpg C:\Program Files\instant access\Dialer\528888614\fp.pc-on-internet.com\50274\images\index_03.jpg C:\Program Files\instant access\Dialer\528888614\fp.pc-on-internet.com\d90faf27639e8db579b5f82fbce64960.html C:\Program Files\instant access\Dialer\528888614\fp.pc-on-internet.com\d90faf27639e8db579b5f82fbce64960.html_0.loginvis C:\Program Files\instant access\Dialer\528888614\us2-external-api.dlv4.com\js\15d50c6922c465feb4d79925e06f0533 C:\Program Files\instant access\Dialer\528888614\us2-www.0texkax7c6hzuidk.com\Common\6249cd562d66a32c9421ea49e8b5d4b5.html C:\Program Files\instant access\Dialer\528888614\us2-www.0texkax7c6hzuidk.com\custom\4279\EN\button1.gif C:\Program Files\instant access\Dialer\528888614\us2-www.0texkax7c6hzuidk.com\custom\4279\EN\button2.gif C:\Program Files\instant access\Dialer\528888614\us2-www.0texkax7c6hzuidk.com\custom\4279\EN\button3.gif C:\Program Files\instant access\Dialer\528888614\us2-www.0texkax7c6hzuidk.com\custom\4279\EN\button4.gif C:\Program Files\instant access\Dialer\579185367\fp.pc-on-internet.com\50282\images\EN\index_01.gif C:\Program Files\instant access\Dialer\579185367\fp.pc-on-internet.com\50282\images\EN\index_02.gif C:\Program Files\instant access\Dialer\579185367\fp.pc-on-internet.com\50282\images\index_03.jpg C:\Program Files\instant access\Dialer\579185367\fp.pc-on-internet.com\d61e362f21061102c871cdac7253c049.html C:\Program Files\instant access\Dialer\579185367\fp.pc-on-internet.com\d61e362f21061102c871cdac7253c049.html_0.loginvis C:\Program Files\instant access\Dialer\579185367\us2-external-api.dlv4.com\js\562dd916f2cbfe23eec3fea7135201c1 C:\Program Files\instant access\Dialer\579185367\us2-www.0texkax7c6hzuidk.com\Common\aeaf40dccb2922aaebee9977a82e070e.html C:\Program Files\instant access\Dialer\579185367\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button1.gif C:\Program Files\instant access\Dialer\579185367\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button2.gif C:\Program Files\instant access\Dialer\579185367\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button3.gif C:\Program Files\instant access\Dialer\579185367\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button4.gif C:\Program Files\instant access\Dialer\586223745\es6-external-api.dlv4.com\js\08746d00e1fa6e83368b2bc62d212eef C:\Program Files\instant access\Dialer\586223745\es6-scripts.nccgateway.com\Common\358d75fffc2b04ed7bdcc84788642627.html C:\Program Files\instant access\Dialer\586223745\es6-scripts.nccgateway.com\custom\3020\EN\button1.gif C:\Program Files\instant access\Dialer\586223745\es6-scripts.nccgateway.com\custom\3020\EN\button2.gif C:\Program Files\instant access\Dialer\586223745\es6-scripts.nccgateway.com\custom\3020\EN\button3.gif C:\Program Files\instant access\Dialer\586223745\es6-scripts.nccgateway.com\custom\3020\EN\button4.gif C:\Program Files\instant access\Dialer\586223745\Fun-Games.lnk C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\09ad72aa7cf1f177e7fa6f76390459ac.html C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\09ad72aa7cf1f177e7fa6f76390459ac.html_0.loginvis C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_01.jpg C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_02.jpg C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_03.gif C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_04.jpg C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_05.jpg C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_06.jpg C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_07.jpg C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_09.jpg C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_10.jpg C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_11.jpg C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_12.jpg C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_13.jpg C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_16.jpg C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_17.jpg C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\emoticonsplanet_18.jpg C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\flash-1.swf C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\flash-2.swf C:\Program Files\instant access\Dialer\586223745\traffic.waypointcash.com\emoticonsplanet.com\enter\4\en\flash-3.swf C:\Program Files\instant access\Dialer\586223745\http://www.waypointcash.com\conversi...7e66ae9b3f9905 C:\Program Files\instant access\Dialer\683255145\es6-external-api.dlv4.com\js\08746d00e1fa6e83368b2bc62d212eef C:\Program Files\instant access\Dialer\683255145\es6-scripts.nccgateway.com\Common\86cebfec6a47389f820ef1ff27e1bd2f.html C:\Program Files\instant access\Dialer\683255145\es6-scripts.nccgateway.com\Common\86cebfec6a47389f820ef1ff27e1bd2f.html_0.loginvis C:\Program Files\instant access\Dialer\683255145\es6-scripts.nccgateway.com\custom\3020\EN\button1.gif C:\Program Files\instant access\Dialer\683255145\es6-scripts.nccgateway.com\custom\3020\EN\button2.gif C:\Program Files\instant access\Dialer\683255145\es6-scripts.nccgateway.com\custom\3020\EN\button3.gif C:\Program Files\instant access\Dialer\683255145\es6-scripts.nccgateway.com\custom\3020\EN\button4.gif C:\Program Files\instant access\Dialer\719965770\fp.gad-network.com\50110\images\bckg.gif C:\Program Files\instant access\Dialer\719965770\fp.pc-on-internet.com\50110\images\EN\index_01.jpg C:\Program Files\instant access\Dialer\719965770\fp.pc-on-internet.com\50110\images\index_03.jpg C:\Program Files\instant access\Dialer\719965770\fp.pc-on-internet.com\a3d663faf6f3ce6fd17c6e8185347345.html C:\Program Files\instant access\Dialer\719965770\fp.pc-on-internet.com\a3d663faf6f3ce6fd17c6e8185347345.html_0.loginvis C:\Program Files\instant access\Dialer\719965770\us2-external-api.dlv4.com\js\3e84b5ebe4105b22b65ad28a9c76a162 C:\Program Files\instant access\Dialer\719965770\us2-www.0texkax7c6hzuidk.com\Common\cd07c400182e332dbcd9b05992b0de66.html C:\Program Files\instant access\Dialer\719965770\us2-www.0texkax7c6hzuidk.com\custom\4339\EN\button1.gif C:\Program Files\instant access\Dialer\719965770\us2-www.0texkax7c6hzuidk.com\custom\4339\EN\button2.gif C:\Program Files\instant access\Dialer\719965770\us2-www.0texkax7c6hzuidk.com\custom\4339\EN\button3.gif C:\Program Files\instant access\Dialer\719965770\us2-www.0texkax7c6hzuidk.com\custom\4339\EN\button4.gif C:\Program Files\instant access\Dialer\736826486\fp.pc-on-internet.com\50281\images\EN\index_01.gif C:\Program Files\instant access\Dialer\736826486\fp.pc-on-internet.com\50281\images\EN\index_02.gif C:\Program Files\instant access\Dialer\736826486\fp.pc-on-internet.com\50281\images\index_04.jpg C:\Program Files\instant access\Dialer\736826486\fp.pc-on-internet.com\691dda679a5aecc4254e75a12e61b137.html C:\Program Files\instant access\Dialer\736826486\fp.pc-on-internet.com\691dda679a5aecc4254e75a12e61b137.html_0.loginvis C:\Program Files\instant access\Dialer\736826486\us2-external-api.dlv4.com\js\b0f039ba7d1d4348e580f96febf05f8f C:\Program Files\instant access\Dialer\736826486\us2-www.0texkax7c6hzuidk.com\Common\81c48f57a1ee951ce62f657872c9142b.html C:\Program Files\instant access\Dialer\736826486\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button1.gif C:\Program Files\instant access\Dialer\736826486\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button2.gif C:\Program Files\instant access\Dialer\736826486\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button3.gif C:\Program Files\instant access\Dialer\736826486\us2-www.0texkax7c6hzuidk.com\custom\4239\EN\button4.gif C:\Program Files\instant access\Dialer\985715611\us2-external-api.dlv4.com\js\4b0b57cf462bba1711a290f60b02961e C:\Program Files\instant access\Dialer\985715611\us2-www.0texkax7c6hzuidk.com\Common\5337388825079376b0f998654615846a.html C:\Program Files\instant access\Dialer\985715611\us2-www.0texkax7c6hzuidk.com\Common\5337388825079376b0f998654615846a.html_0.loginvis C:\Program Files\instant access\Dialer\985715611\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button1.gif C:\Program Files\instant access\Dialer\985715611\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button2.gif C:\Program Files\instant access\Dialer\985715611\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button3.gif C:\Program Files\instant access\Dialer\985715611\us2-www.0texkax7c6hzuidk.com\custom\4282\EN\button4.gif C:\Program Files\instant access\Dialer\99123178\fp.pc-on-internet.com\055d23083302114e577e443e9c3493d0.html C:\Program Files\instant access\Dialer\99123178\fp.pc-on-internet.com\055d23083302114e577e443e9c3493d0.html_0.loginvis C:\Program Files\instant access\Dialer\99123178\fp.pc-on-internet.com\50274\images\EN\index_01.jpg C:\Program Files\instant access\Dialer\99123178\fp.pc-on-internet.com\50274\images\EN\index_02.jpg C:\Program Files\instant access\Dialer\99123178\fp.pc-on-internet.com\50274\images\EN\index_05.jpg C:\Program Files\instant access\Dialer\99123178\fp.pc-on-internet.com\50274\images\index_03.jpg C:\Program Files\instant access\Dialer\99123178\us2-external-api.dlv4.com\js\559e3f66eb948f584ca31a3483e8fe5c C:\Program Files\instant access\Dialer\99123178\us2-www.0texkax7c6hzuidk.com\Common\5be931d351cac44ba9a5bafc984cdba0.html C:\Program Files\instant access\Dialer\99123178\us2-www.0texkax7c6hzuidk.com\custom\4279\EN\button1.gif C:\Program Files\instant access\Dialer\99123178\us2-www.0texkax7c6hzuidk.com\custom\4279\EN\button2.gif C:\Program Files\instant access\Dialer\99123178\us2-www.0texkax7c6hzuidk.com\custom\4279\EN\button3.gif C:\Program Files\instant access\Dialer\99123178\us2-www.0texkax7c6hzuidk.com\custom\4279\EN\button4.gif C:\Program Files\poolsv C:\Program Files\svhost C:\WINDOWS\system32\nvs2.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_IPRIP -------\Iprip -------\nm ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 ))))))))))))))))))))))))))))))) . 2007-11-29 06:50 <DIR> d-------- C:\Deckard 2007-11-29 06:22 <DIR> d-------- C:\Program Files\Real 2007-11-28 23:28 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe 2007-11-28 14:10 <DIR> d-------- C:\Program Files\ABC 2007-11-28 10:55 <DIR> d-------- C:\VundoFix Backups 2007-11-25 00:50 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-11-25 00:50 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-11-24 19:38 <DIR> d-------- C:\Program Files\directx 2007-11-18 15:12 <DIR> d-------- C:\Program Files\Strategy First 2007-11-06 19:23 <DIR> d-------- C:\WINDOWS\system32\Adobe 2007-11-06 19:23 <DIR> d-------- C:\WINDOWS\Profiles 2007-11-06 19:23 <DIR> d-------- C:\Documents and Settings\MENDY\Application Data\InterTrust 2007-10-30 19:55 145,968 --a------ C:\WINDOWS\system32\drivers\symfw.sys 2007-10-30 19:55 39,856 --a------ C:\WINDOWS\system32\drivers\symids.sys 2007-10-30 19:55 37,936 --a------ C:\WINDOWS\system32\drivers\symndisv.sys 2007-10-30 19:55 35,120 --a------ C:\WINDOWS\system32\drivers\symndis.sys 2007-10-30 19:55 12,848 --a------ C:\WINDOWS\system32\drivers\symdns.sys 2007-10-30 19:24 12,963 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat 2007-10-30 19:24 1,358 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-28 20:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2007-11-26 05:25 --------- d-----w C:\Program Files\QuickTime 2007-11-26 05:17 --------- d-----w C:\Program Files\Norton AntiVirus 2007-11-26 05:13 --------- d-----w C:\Program Files\Lexmark Toolbar 2007-11-26 05:09 --------- d-----w C:\Program Files\Google 2007-11-26 05:09 --------- d-----w C:\Program Files\DellSupport 2007-11-26 05:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-11-26 05:05 --------- d-----w C:\Program Files\BellSouth Accelerator Technology 2007-11-25 06:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-11-25 02:54 --------- d-----w C:\Program Files\Dell Games 2007-11-25 02:40 --------- d-----w C:\Program Files\Selectsoft 2007-11-07 01:24 --------- d-----w C:\Program Files\Microsoft Games 2007-11-07 01:23 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-05 15:06 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-11-05 15:06 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-11-05 15:06 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-11-05 15:06 --------- d-----w C:\Program Files\Symantec 2007-10-31 01:55 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys 2007-10-31 01:55 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys 2007-10-29 04:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent 2007-10-09 16:55 --------- d-----w C:\Program Files\Common Files\Real 2007-09-29 17:58 91,648 ----a-w C:\WINDOWS\gzip.exe 2007-09-29 17:58 --------- d-----w C:\Program Files\Homestead 2007-06-22 00:25 225,776 -c--a-w C:\Documents and Settings\MENDY\Application Data\GDIPFONTCACHEV1.DAT 2007-05-21 18:27 67,819 -c--a-w C:\Program Files\INSTALL.LOG 2006-01-22 15:50 774,144 -c--a-w C:\Program Files\RngInterstitial.dll 2005-12-26 04:04 2,002,069 -c--a-w C:\Program Files\yahoo_texttwist_tm1-1.exe 2005-12-24 23:20 3,411,891 -c--a-w C:\Program Files\yahoo_spsolitaire_tm1-1.exe 1997-01-03 15:25 361,984 -c--a-w C:\Program Files\EyeCand3.dll 1997-01-03 04:59 375,296 -c--a-w C:\Program Files\EC3-ENG.8BF 1997-01-03 01:24 720,690 -c--a-w C:\Program Files\EC3-ENG.PDF 1996-10-24 23:45 59,952 -c--a-w C:\Program Files\UNWISE.EXE 2006-12-14 03:36 56 --sh--r C:\WINDOWS\system32\208BE54AEB.sys 2005-12-24 13:26 56 --sh--r C:\WINDOWS\system32\99C26D7B5C.sys 2006-12-14 04:04 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 21:08] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 06:36] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 10:09] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 10:06] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 10:10] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48] "SigmatelSysTrayApp"="stsystra.exe" [2005-08-23 23:42 C:\WINDOWS\stsystra.exe] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44] "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 12:46] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-30 18:56] "Propel Accelerator"="C:\Program Files\BellSouth Accelerator Technology\trayctl.exe" [2006-06-27 16:12] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59] "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 20:22] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-06 23:06] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-07 21:08:41] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04] S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\CBTNDIS5.SYS S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc S3 winusb;WinUSB Service;C:\WINDOWS\system32\DRIVERS\WinUSB.SYS S3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc . Contents of the 'Scheduled Tasks' folder "2007-11-24 04:10:36 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - MENDY.job" - C:\PROGRA~1\NORTON~1\Navw32.exe "2007-11-29 09:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job" . ************************************************************************ catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-29 15:05:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . Completion time: 2007-11-29 15:09:04 - machine was rebooted . --- E O F ---