returning bankerfox.a and win32nugel.e - please help...

View previous topic View next topic Go down

returning bankerfox.a and win32nugel.e - please help...

Post by jys on Wed Nov 04, 2009 7:38 pm

Hi there,

I'm battling a returning (3rd round...) bankerfox.a and win32nugel.e virus - so my fake anti virus program is tellling me... the pop ups are the least of my worries, i'm more concerned with security of passwords, pins, etc. of course.

i've been browsing other posts on the topic and solutions as well - have attempted some and it keeps returning.

anyone?
i'd appreciate it..

jys
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-11-04
OS OS : windows xp
Points Points : 25918
# Likes # Likes : 0

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by Belahzur on Wed Nov 04, 2009 7:51 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by jys on Wed Nov 04, 2009 7:58 pm

Wow. Thanks for the quick response. I know you repond to this type of post ALL the time - so I've read. Sorry to be repetative.. it keeps coming back. There are no pop ups at the moment, but I'm afraid they are hiding.

The log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:02 PM, on 11/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Admin\My Documents\Installs\winlogonhijackthis.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O1 - Hosts: ::1 localhost
O1 - Hosts: 193.169.12.50 winguard2009.microsoft.com
O1 - Hosts: 193.169.12.50 winguard-2009.com
O1 - Hosts: 193.169.12.50 [You must be registered and logged in to see this link.]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - [You must be registered and logged in to see this link.] Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - [You must be registered and logged in to see this link.] Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - [You must be registered and logged in to see this link.] Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - [You must be registered and logged in to see this link.] Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe

--
End of file - 14291 bytes

jys
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-11-04
OS OS : windows xp
Points Points : 25918
# Likes # Likes : 0

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by Belahzur on Wed Nov 04, 2009 8:07 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O1 - Hosts: ::1 localhost
    O1 - Hosts: 193.169.12.50 winguard2009.microsoft.com
    O1 - Hosts: 193.169.12.50 winguard-2009.com
    O1 - Hosts: 193.169.12.50 [You must be registered and logged in to see this link.]


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by jys on Wed Nov 04, 2009 8:21 pm

Malwarebytes' Anti-Malware 1.41
Database version: 3103
Windows 5.1.2600 Service Pack 3

11/4/2009 8:20:01 PM
mbam-log-2009-11-04 (20-20-01).txt

Scan type: Quick Scan
Objects scanned: 106205
Time elapsed: 8 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jys
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-11-04
OS OS : windows xp
Points Points : 25918
# Likes # Likes : 0

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by Belahzur on Wed Nov 04, 2009 8:22 pm

Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by jys on Wed Nov 04, 2009 8:26 pm

DDS (Ver_09-10-26.01) - NTFSx86
Run by Admin at 20:23:56.87 on Wed 11/04/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.478 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\EX7U1ZX1\dds[1].scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.2.28.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TP4EX] tp4ex.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [suScheduler] c:\program files\thinkvantage\systemupdate\UCLauncher.exe /SCHEDULER
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\symant~2\VPTray.exe
mRun: [PDService.exe] "c:\program files\ibm thinkvantage\safeguard privatedisk\pdservice.exe"
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - [You must be registered and logged in to see this link.] files\bitcomet\tools\BitCometBHO_1.2.2.28.dll/206
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
LSA: Notification Packages = scecli csspwntfy

============= SERVICES / DRIVERS ===============

R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2006-5-27 85760]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2006-5-27 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2006-5-27 6016]
R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2006-5-27 4736]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2006-5-27 4442]
R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2005-12-21 12544]
R2 PrivateDisk;PrivateDisk;c:\program files\ibm thinkvantage\safeguard privatedisk\privatediskm.sys [2005-11-15 46142]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2005-12-21 3968]
S3 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2005-8-18 124608]

=============== Created Last 30 ================

2009-11-05 00:07:36 0 d-----w- C:\efa27edc932066d7a7d77417534d55c4
2009-11-05 00:04:51 0 d-----w- C:\15a7c49fa6ec34f5f9dedbcf2b5f
2009-11-04 23:58:08 0 d-----w- C:\2b2d3c146103217f9e954473
2009-11-04 23:58:07 0 d-----w- C:\eb05271b15f418477e064402
2009-11-04 23:58:05 0 d-----w- C:\5825653577c4bf65c2
2009-11-04 23:58:02 0 d-----w- C:\00915a8acde8beddc5
2009-11-04 23:57:01 0 d-----w- C:\36b35b93d0883fc361d134575cbe46
2009-11-04 23:57:00 0 d-----w- C:\9f8da5184cd7d08dee2e37267ac709ed
2009-11-04 23:56:58 0 d-----w- C:\a9c96e040a187a27f338
2009-11-04 23:56:50 0 d-----w- C:\1d97c4109601ae0b172220d44623
2009-11-04 23:56:48 0 d-----w- C:\98647f94f6db12c412
2009-11-04 23:56:46 0 d-----w- C:\098d0daa40feeaa4d993
2009-11-04 23:56:42 0 d-----w- C:\22ed26d3123a49fe64378e
2009-11-04 23:55:27 0 d-----w- C:\9036e218e6bc3289da
2009-11-04 23:55:23 0 d-----w- C:\fe70a1b7ee55f882e040bd503ed28f
2009-11-02 14:07:03 0 d-----w- c:\program files\jhhhgv
2009-11-02 07:11:21 0 d-s---w- C:\commy30963c
2009-11-02 06:35:19 0 d-sha-r- C:\cmdcons
2009-11-02 06:32:39 0 d-----w- C:\commy
2009-11-02 06:23:06 0 ----a-w- c:\windows\VPC32.INI
2009-11-02 05:06:04 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes
2009-11-02 05:03:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-02 05:03:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-02 05:03:43 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-02 05:03:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-02 04:55:23 0 ----a-w- C:\__tmp_rar_sfx_access_check_4837140
2009-11-02 03:37:48 3968 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys
2009-11-01 22:07:28 0 d-----w- c:\program files\duoqoh
2009-10-30 21:07:46 0 d-----w- C:\0122662c9d9240dbf1f8
2009-10-30 21:07:00 0 d-----w- C:\6929e0ae7ac219fb96bd
2009-10-28 01:18:15 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2009-10-22 11:35:20 0 d-sh--w- c:\documents and settings\admin\IECompatCache
2009-10-21 11:46:23 0 ----atw- c:\windows\005319_.tmp
2009-10-21 02:44:11 0 d-sh--w- c:\documents and settings\admin\PrivacIE
2009-10-21 02:42:26 0 d-sh--w- c:\documents and settings\admin\IETldCache
2009-10-21 02:30:38 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-21 02:30:35 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-21 02:30:31 0 d-----w- c:\windows\ie8updates
2009-10-21 02:30:15 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-21 02:29:19 0 dc-h--w- c:\windows\ie8
2009-10-21 01:08:52 81920 ------w- c:\windows\system32\ieencode.dll
2009-10-21 00:21:20 1435648 ------w- c:\windows\system32\dllcache\query.dll
2009-10-21 00:11:17 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-10-21 00:11:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-21 00:11:13 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-21 00:11:11 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-20 23:57:47 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-10-20 23:57:34 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-20 23:57:13 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-10-20 23:56:43 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-10-20 23:56:14 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-20 23:48:33 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-10-20 22:04:37 753 ----a-w- C:\rp.ini

==================== Find3M ====================

2009-11-01 18:37:20 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-29 08:08:21 916480 ------w- c:\windows\system32\wininet.dll
2009-08-29 08:08:21 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-08-29 08:08:21 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-08-29 08:08:20 5940224 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-08-29 08:08:20 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-08-29 08:08:18 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-29 08:08:18 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-29 08:08:18 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-08-29 08:08:18 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-08-29 08:08:17 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-08-29 08:08:16 11069440 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-08-29 08:08:13 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-08-29 07:36:24 133120 ------w- c:\windows\system32\dllcache\extmgr.dll
2009-08-28 10:35:52 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 10:28:59 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2008-09-04 03:01:01 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090320080904\index.dat

============= FINISH: 20:24:31.01 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/17/2007 4:51:54 PM
System Uptime: 11/4/2009 8:12:41 PM (0 hours ago)

Motherboard: LENOVO | | 9462W11
Processor: Genuine Intel(R) CPU T2500 @ 2.00GHz | nȯne | 1994/167mhz

==== Disk Partitions =========================

C: is fȋxed (NTFS) - 69 GiB total, 18.061 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 11/2/2009 11:10:37 AM - System Checkpoint
RP2: 11/2/2009 12:14:49 PM - Software Distribution Service 3.0
RP3: 11/3/2009 7:06:35 PM - System Checkpoint

==== Installed Programs ======================

Access Help
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
AVG Anti-Spyware 7.5
Diskeeper Lite
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Help Center
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
IBM 32-bit Runtime Environment for Java 2, v1.4.2
Intel(R) PROSet/Wireless Software
InterActual Player
InterVideo WinDVD
InterVideo WinDVD Creator
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
mCore
mDriver
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
mMHouse
mPfMgr
mProSafe
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multi Virus Cleaner 2009
mWlsSafe
mXML
PC-Doctor 5 for Windows
Picasa 2
Productivity Center Supplement for ThinkPad
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
Rescue and Recovery - Client Security Solution
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Segoe UI
Software Installer
Sonic DLA
Sonic Express Labeler
Sonic Update Manager
SoundMAX
Symantec Client Security
System Migration Assistant
ThinkPad Configuration
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Keyboard Customizer Utility
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad Presentation Director
ThinkPad UltraNav Driver
ThinkPad UltraNav Wizard
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Away Manager
ThinkVantage Productivity Center
ThinkVantage System Update
ThinkVantage Technologies Welcome Message
TrackPoint Accessibility Features
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB942763)
Update for Windows XP (KB951978)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Wallpapers
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
XP Themes

==== Event Viewer Messages From Past Week ========

11/2/2009 2:36:50 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
11/2/2009 2:36:48 AM, error: Service Control Manager [7034] - The ThinkVantage System Update service terminated unexpectedly. It has done this 1 time(s).
11/2/2009 2:36:48 AM, error: Service Control Manager [7034] - The IBM KCU Service service terminated unexpectedly. It has done this 1 time(s).
11/2/2009 2:36:48 AM, error: Service Control Manager [7034] - The Ac Profile Manager Service service terminated unexpectedly. It has done this 1 time(s).
11/2/2009 2:33:12 AM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/2/2009 2:33:11 AM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
11/2/2009 1:14:26 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Symantec AntiVirus service.
10/28/2009 8:31:16 PM, error: Print [6161] - The document [You must be registered and logged in to see this link.] owned by Admin failed to print on printer Canon i560. Data type: NT EMF 1.008. Size of the spool file in bytes: 786432. Number of bytes printed: 635948. Total number of pages in the document: 4. Number of pages printed: 3. Client machine: \\LENOVO-BE5EE788. Win32 error code returned by the print processor: 122 (0x7a).

==== End Of File ===========================

jys
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-11-04
OS OS : windows xp
Points Points : 25918
# Likes # Likes : 0

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by jys on Wed Nov 04, 2009 10:14 pm

anything?

jys
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-11-04
OS OS : windows xp
Points Points : 25918
# Likes # Likes : 0

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by jys on Wed Nov 04, 2009 11:42 pm

was something not posted properly? please let me know.
Let me think

jys
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-11-04
OS OS : windows xp
Points Points : 25918
# Likes # Likes : 0

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by Belahzur on Thu Nov 05, 2009 4:51 pm

Hello.
Do you know what these 2 folders are?

c:\program files\jhhhgv
c:\program files\duoqoh


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by jys on Thu Nov 05, 2009 6:17 pm

no - they are not familiar to me.

jys
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-11-04
OS OS : windows xp
Points Points : 25918
# Likes # Likes : 0

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by jys on Thu Nov 05, 2009 6:30 pm

AND - i just searched - they are seemingly empty. Let me think

jys
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-11-04
OS OS : windows xp
Points Points : 25918
# Likes # Likes : 0

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by Belahzur on Thu Nov 05, 2009 8:41 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    C:\efa27edc932066d7a7d77417534d55c4
    C:\15a7c49fa6ec34f5f9dedbcf2b5f
    C:\2b2d3c146103217f9e954473
    C:\eb05271b15f418477e064402
    C:\5825653577c4bf65c2
    C:\00915a8acde8beddc5
    C:\36b35b93d0883fc361d134575cbe46
    C:\9f8da5184cd7d08dee2e37267ac709ed
    C:\a9c96e040a187a27f338
    C:\1d97c4109601ae0b172220d44623
    C:\98647f94f6db12c412
    C:\098d0daa40feeaa4d993
    C:\22ed26d3123a49fe64378e
    C:\9036e218e6bc3289da
    C:\fe70a1b7ee55f882e040bd503ed28f
    c:\program files\jhhhgv
    c:\program files\duoqoh
    C:\0122662c9d9240dbf1f8
    C:\6929e0ae7ac219fb96bd


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by jys on Thu Nov 05, 2009 10:36 pm

OTMoveIt Log.. i don't like the looks of the many 'errors'...

Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!

OTM by OldTimer - Version 3.0.0.6 log created on 11052009_223439

jys
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-11-04
OS OS : windows xp
Points Points : 25918
# Likes # Likes : 0

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by Dr Jay on Fri Nov 06, 2009 10:14 am

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • hȋdden Files << Selected

  • At the bottom of the page

    • hȋdden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The
    log will be saved automatically in the same folder Sysprot.exe was
    extracted to. Open the text file and copy/paste the log here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13812
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302439
# Likes # Likes : 10

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by jys on Fri Nov 06, 2009 4:11 pm

after finishing the scan that program 'sysprot...' froze up. it still is, but here is the log,... (it's in two postings)

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No hȋdden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: AAC27000
Module End: AACFD000
hȋdden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwConnectPort
Address: 862470C0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcess
Address: F7B308AC
Driver Base: F7B30000
Driver End: F7B31000
Driver Name: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys

Function Name: ZwTerminateProcess
Address: F7B30812
Driver Base: F7B30000
Driver End: F7B31000
Driver Name: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
hȋdden files/folders:
Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\01\11-{43122B3B-4C91-19F5-B106-8F4EA410188C}-v1-{3821A7DA-40
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\11\23-{86F6BB33-D106-4A3D-AE35-64A2E8663F1B}-v11-{3821A7DA-4
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\73\13-{9D0850B3-552E-43FB-AD14-78B0983B66D0}-v73-{AE4B31B1-6
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\74\14-{9D0850B3-552E-43FB-AD14-78B0983B66D0}-v74-{AE4B31B1-6
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\75\16-{9D0850B3-552E-43FB-AD14-78B0983B66D0}-v75-{AE4B31B1-6
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\76\19-{9D0850B3-552E-43FB-AD14-78B0983B66D0}-v76-{AE4B31B1-6
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\77\20-{9D0850B3-552E-43FB-AD14-78B0983B66D0}-v77-{AE4B31B1-6
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\77\77-{022062DA-5911-455B-A3BF-C24FF00FCA5A}-v77-{022062DA-5
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\78\21-{9D0850B3-552E-43FB-AD14-78B0983B66D0}-v78-{AE4B31B1-6
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\79\22-{9D0850B3-552E-43FB-AD14-78B0983B66D0}-v79-{AE4B31B1-6
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\79\92-{022062DA-5911-455B-A3BF-C24FF00FCA5A}-v79-{022062DA-5
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\80\23-{9D0850B3-552E-43FB-AD14-78B0983B66D0}-v80-{AE4B31B1-6
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\80\80-{022062DA-5911-455B-A3BF-C24FF00FCA5A}-v80-{022062DA-5
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\81\132-{9D0850B3-552E-43FB-AD14-78B0983B66D0}-v81-{022062DA-
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\81\81-{022062DA-5911-455B-A3BF-C24FF00FCA5A}-v81-{022062DA-5
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\82\82-{022062DA-5911-455B-A3BF-C24FF00FCA5A}-v82-{022062DA-5
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\83\83-{022062DA-5911-455B-A3BF-C24FF00FCA5A}-v83-{022062DA-5
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\84\84-{022062DA-5911-455B-A3BF-C24FF00FCA5A}-v84-{022062DA-5
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\85\85-{022062DA-5911-455B-A3BF-C24FF00FCA5A}-v85-{022062DA-5
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\86\131-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v186-{022062DA
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\86\86-{022062DA-5911-455B-A3BF-C24FF00FCA5A}-v86-{022062DA-5
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\87\87-{022062DA-5911-455B-A3BF-C24FF00FCA5A}-v87-{022062DA-5
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\88\88-{022062DA-5911-455B-A3BF-C24FF00FCA5A}-v88-{022062DA-5
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\89\89-{022062DA-5911-455B-A3BF-C24FF00FCA5A}-v89-{022062DA-5
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\90\90-{022062DA-5911-455B-A3BF-C24FF00FCA5A}-v90-{022062DA-5
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\dougism@hotmail.com\DFSR\Staging\CS{43122B3B-4C91-19F5-B106-8F4EA410188C}\91\91-{022062DA-5911-455B-A3BF-C24FF00FCA5A}-v91-{022062DA-5
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\froggy4ann@hotmail.com\DFSR\Staging\CS{33E4C054-AF7E-559F-2030-8D5708057580}\01\160-{33E4C054-AF7E-559F-2030-8D5708057580}-v1-{3821A7D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\froggy4ann@hotmail.com\DFSR\Staging\CS{33E4C054-AF7E-559F-2030-8D5708057580}\36\171-{2E71B5DD-E6FA-44D7-88D4-351F63249700}-v36-{3821A7
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\froggy4ann@hotmail.com\DFSR\Staging\CS{33E4C054-AF7E-559F-2030-8D5708057580}\37\172-{2E71B5DD-E6FA-44D7-88D4-351F63249700}-v37-{3821A7
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\froggy4ann@hotmail.com\DFSR\Staging\CS{33E4C054-AF7E-559F-2030-8D5708057580}\38\38-{2E71B5DD-E6FA-44D7-88D4-351F63249700}-v38-{2E71B5D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\froggy4ann@hotmail.com\DFSR\Staging\CS{33E4C054-AF7E-559F-2030-8D5708057580}\39\39-{2E71B5DD-E6FA-44D7-88D4-351F63249700}-v39-{2E71B5D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\froggy4ann@hotmail.com\DFSR\Staging\CS{33E4C054-AF7E-559F-2030-8D5708057580}\40\40-{2E71B5DD-E6FA-44D7-88D4-351F63249700}-v40-{2E71B5D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\froggy4ann@hotmail.com\DFSR\Staging\CS{33E4C054-AF7E-559F-2030-8D5708057580}\41\41-{2E71B5DD-E6FA-44D7-88D4-351F63249700}-v41-{2E71B5D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\froggy4ann@hotmail.com\DFSR\Staging\CS{33E4C054-AF7E-559F-2030-8D5708057580}\42\42-{2E71B5DD-E6FA-44D7-88D4-351F63249700}-v42-{2E71B5D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\froggy4ann@hotmail.com\DFSR\Staging\CS{33E4C054-AF7E-559F-2030-8D5708057580}\43\43-{2E71B5DD-E6FA-44D7-88D4-351F63249700}-v43-{2E71B5D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\froggy4ann@hotmail.com\DFSR\Staging\CS{33E4C054-AF7E-559F-2030-8D5708057580}\44\202-{2E71B5DD-E6FA-44D7-88D4-351F63249700}-v44-{3821A7
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\froggy4ann@hotmail.com\DFSR\Staging\CS{33E4C054-AF7E-559F-2030-8D5708057580}\45\45-{2E71B5DD-E6FA-44D7-88D4-351F63249700}-v45-{2E71B5D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\froggy4ann@hotmail.com\DFSR\Staging\CS{33E4C054-AF7E-559F-2030-8D5708057580}\46\46-{2E71B5DD-E6FA-44D7-88D4-351F63249700}-v46-{2E71B5D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\froggy4ann@hotmail.com\DFSR\Staging\CS{33E4C054-AF7E-559F-2030-8D5708057580}\47\47-{2E71B5DD-E6FA-44D7-88D4-351F63249700}-v47-{2E71B5D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\froggy4ann@hotmail.com\DFSR\Staging\CS{33E4C054-AF7E-559F-2030-8D5708057580}\50\50-{2E71B5DD-E6FA-44D7-88D4-351F63249700}-v50-{2E71B5D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\froggy4ann@hotmail.com\DFSR\Staging\CS{33E4C054-AF7E-559F-2030-8D5708057580}\51\51-{2E71B5DD-E6FA-44D7-88D4-351F63249700}-v51-{2E71B5D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\froggy4ann@hotmail.com\DFSR\Staging\CS{33E4C054-AF7E-559F-2030-8D5708057580}\61\162-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v161-{3821A
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\froggy4ann@hotmail.com\DFSR\Staging\CS{33E4C054-AF7E-559F-2030-8D5708057580}\63\163-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v163-{3821A
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\lesleysprung@hotmail.com\DFSR\Staging\CS{F2792B9E-7165-C554-8463-9D2BDE3AF2F7}\01\117-{F2792B9E-7165-C554-8463-9D2BDE3AF2F7}-v1-{3821A
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\lesleysprung@hotmail.com\DFSR\Staging\CS{F2792B9E-7165-C554-8463-9D2BDE3AF2F7}\11\21-{6EE5DCF7-32C6-4CBD-8E22-B42446D79E28}-v11-{6EE5D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\lesleysprung@hotmail.com\DFSR\Staging\CS{F2792B9E-7165-C554-8463-9D2BDE3AF2F7}\12\22-{6EE5DCF7-32C6-4CBD-8E22-B42446D79E28}-v12-{6EE5D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\lesleysprung@hotmail.com\DFSR\Staging\CS{F2792B9E-7165-C554-8463-9D2BDE3AF2F7}\13\23-{6EE5DCF7-32C6-4CBD-8E22-B42446D79E28}-v13-{6EE5D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\lesleysprung@hotmail.com\DFSR\Staging\CS{F2792B9E-7165-C554-8463-9D2BDE3AF2F7}\14\24-{6EE5DCF7-32C6-4CBD-8E22-B42446D79E28}-v14-{6EE5D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\lesleysprung@hotmail.com\DFSR\Staging\CS{F2792B9E-7165-C554-8463-9D2BDE3AF2F7}\15\25-{6EE5DCF7-32C6-4CBD-8E22-B42446D79E28}-v15-{6EE5D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\lesleysprung@hotmail.com\DFSR\Staging\CS{F2792B9E-7165-C554-8463-9D2BDE3AF2F7}\16\26-{6EE5DCF7-32C6-4CBD-8E22-B42446D79E28}-v16-{6EE5D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\lesleysprung@hotmail.com\DFSR\Staging\CS{F2792B9E-7165-C554-8463-9D2BDE3AF2F7}\17\27-{6EE5DCF7-32C6-4CBD-8E22-B42446D79E28}-v17-{6EE5D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\lesleysprung@hotmail.com\DFSR\Staging\CS{F2792B9E-7165-C554-8463-9D2BDE3AF2F7}\18\28-{6EE5DCF7-32C6-4CBD-8E22-B42446D79E28}-v18-{6EE5D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\lesleysprung@hotmail.com\DFSR\Staging\CS{F2792B9E-7165-C554-8463-9D2BDE3AF2F7}\19\29-{6EE5DCF7-32C6-4CBD-8E22-B42446D79E28}-v19-{6EE5D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\01\26-{E4235B18-8C70-6084-D062-288C7476ADBC}-v1-{3821A7DA-40
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\13\390-{9D0850B3-552E-43FB-AD14-78B0983B66D0}-v13-{FE5B039C-
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\14\393-{9D0850B3-552E-43FB-AD14-78B0983B66D0}-v14-{FE5B039C-
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\15\396-{9D0850B3-552E-43FB-AD14-78B0983B66D0}-v15-{FE5B039C-
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\16\400-{9D0850B3-552E-43FB-AD14-78B0983B66D0}-v16-{FE5B039C-
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\27\27-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v27-{3821A7DA-4
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\28\28-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v28-{3821A7DA-4
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\29\29-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v29-{3821A7DA-4
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\30\30-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v30-{3821A7DA-4
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\31\31-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v31-{3821A7DA-4
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\31\392-{9D0850B3-552E-43FB-AD14-78B0983B66D0}-v31-{FE5B039C-
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\32\32-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v32-{3821A7DA-4
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\33\33-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v33-{3821A7DA-4
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\34\34-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v34-{3821A7DA-4
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\35\35-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v35-{3821A7DA-4
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\36\36-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v36-{3821A7DA-4
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\44\389-{9D0850B3-552E-43FB-AD14-78B0983B66D0}-v44-{FE5B039C-
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\45\394-{9D0850B3-552E-43FB-AD14-78B0983B66D0}-v45-{FE5B039C-
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\46\397-{9D0850B3-552E-43FB-AD14-78B0983B66D0}-v46-{FE5B039C-
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\47\147-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v147-{3821A7DA
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\47\401-{9D0850B3-552E-43FB-AD14-78B0983B66D0}-v47-{FE5B039C-
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\48\148-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v148-{3821A7DA
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\49\149-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v149-{3821A7DA
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\50\150-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v150-{3821A7DA
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\51\151-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v151-{3821A7DA
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\52\152-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v152-{3821A7DA
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\53\153-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v153-{3821A7DA
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\54\154-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v154-{3821A7DA
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\55\155-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v155-{3821A7DA
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\56\156-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v156-{3821A7DA
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\57\157-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v157-{3821A7DA
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\58\158-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v158-{3821A7DA
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\59\395-{FE5B039C-0A7D-4187-BEC2-75369F404618}-v159-{FE5B039C
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\60\399-{FE5B039C-0A7D-4187-BEC2-75369F404618}-v160-{FE5B039C
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\70\398-{9D0850B3-552E-43FB-AD14-78B0983B66D0}-v70-{FE5B039C-
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\loolie7@hotmail.com\DFSR\Staging\CS{E4235B18-8C70-6084-D062-288C7476ADBC}\71\391-{FE5B039C-0A7D-4187-BEC2-75369F404618}-v171-{FE5B039C
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\ltegelberg@hotmail.com\DFSR\Staging\CS{C7E413A6-25CD-5776-F2FA-E2B13F88528F}\01\10-{C7E413A6-25CD-5776-F2FA-E2B13F88528F}-v1-{3821A7DA
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\ltegelberg@hotmail.com\DFSR\Staging\CS{C7E413A6-25CD-5776-F2FA-E2B13F88528F}\12\12-{8134C702-1134-4E9D-8D40-224B1C87915D}-v12-{8134C70
Status: hȋdden

jys
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-11-04
OS OS : windows xp
Points Points : 25918
# Likes # Likes : 0

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by jys on Fri Nov 06, 2009 4:12 pm

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\ltegelberg@hotmail.com\DFSR\Staging\CS{C7E413A6-25CD-5776-F2FA-E2B13F88528F}\15\15-{8134C702-1134-4E9D-8D40-224B1C87915D}-v15-{8134C70
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\ltegelberg@hotmail.com\DFSR\Staging\CS{C7E413A6-25CD-5776-F2FA-E2B13F88528F}\16\17-{8134C702-1134-4E9D-8D40-224B1C87915D}-v16-{3821A7D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\ltegelberg@hotmail.com\DFSR\Staging\CS{C7E413A6-25CD-5776-F2FA-E2B13F88528F}\17\18-{8134C702-1134-4E9D-8D40-224B1C87915D}-v17-{3821A7D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\ltegelberg@hotmail.com\DFSR\Staging\CS{C7E413A6-25CD-5776-F2FA-E2B13F88528F}\18\19-{8134C702-1134-4E9D-8D40-224B1C87915D}-v18-{3821A7D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\ltegelberg@hotmail.com\DFSR\Staging\CS{C7E413A6-25CD-5776-F2FA-E2B13F88528F}\19\19-{8134C702-1134-4E9D-8D40-224B1C87915D}-v19-{8134C70
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\ltegelberg@hotmail.com\DFSR\Staging\CS{C7E413A6-25CD-5776-F2FA-E2B13F88528F}\20\20-{8134C702-1134-4E9D-8D40-224B1C87915D}-v20-{3821A7D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\ltegelberg@hotmail.com\DFSR\Staging\CS{C7E413A6-25CD-5776-F2FA-E2B13F88528F}\21\21-{8134C702-1134-4E9D-8D40-224B1C87915D}-v21-{3821A7D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\ltegelberg@hotmail.com\DFSR\Staging\CS{C7E413A6-25CD-5776-F2FA-E2B13F88528F}\22\22-{8134C702-1134-4E9D-8D40-224B1C87915D}-v22-{3821A7D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\ltegelberg@hotmail.com\DFSR\Staging\CS{C7E413A6-25CD-5776-F2FA-E2B13F88528F}\23\23-{8134C702-1134-4E9D-8D40-224B1C87915D}-v23-{8134C70
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\ltegelberg@hotmail.com\DFSR\Staging\CS{C7E413A6-25CD-5776-F2FA-E2B13F88528F}\24\24-{8134C702-1134-4E9D-8D40-224B1C87915D}-v24-{3821A7D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\ltegelberg@hotmail.com\DFSR\Staging\CS{C7E413A6-25CD-5776-F2FA-E2B13F88528F}\54\11-{9EAD3D75-B304-49D2-B189-C77BA2CB6311}-v54-{DE92830
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\meggs_11_11@hotmail.com\DFSR\Staging\CS{572279F6-98BB-D4F9-27A5-4806D3BD7D5F}\01\37-{572279F6-98BB-D4F9-27A5-4806D3BD7D5F}-v1-{3821A7D
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\meggs_11_11@hotmail.com\DFSR\Staging\CS{572279F6-98BB-D4F9-27A5-4806D3BD7D5F}\38\38-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v38-{3821A7
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\meggs_11_11@hotmail.com\DFSR\Staging\CS{572279F6-98BB-D4F9-27A5-4806D3BD7D5F}\39\39-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v39-{3821A7
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\meggs_11_11@hotmail.com\DFSR\Staging\CS{572279F6-98BB-D4F9-27A5-4806D3BD7D5F}\40\40-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v40-{3821A7
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\meggs_11_11@hotmail.com\DFSR\Staging\CS{572279F6-98BB-D4F9-27A5-4806D3BD7D5F}\41\41-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v41-{3821A7
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\meggs_11_11@hotmail.com\DFSR\Staging\CS{572279F6-98BB-D4F9-27A5-4806D3BD7D5F}\42\42-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v42-{3821A7
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\meggs_11_11@hotmail.com\DFSR\Staging\CS{572279F6-98BB-D4F9-27A5-4806D3BD7D5F}\43\43-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v43-{3821A7
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\meggs_11_11@hotmail.com\DFSR\Staging\CS{572279F6-98BB-D4F9-27A5-4806D3BD7D5F}\44\44-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v44-{3821A7
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\meggs_11_11@hotmail.com\DFSR\Staging\CS{572279F6-98BB-D4F9-27A5-4806D3BD7D5F}\45\45-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v45-{3821A7
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\meggs_11_11@hotmail.com\DFSR\Staging\CS{572279F6-98BB-D4F9-27A5-4806D3BD7D5F}\46\46-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v46-{3821A7
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\meggs_11_11@hotmail.com\DFSR\Staging\CS{572279F6-98BB-D4F9-27A5-4806D3BD7D5F}\47\47-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v47-{3821A7
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\meggs_11_11@hotmail.com\DFSR\Staging\CS{572279F6-98BB-D4F9-27A5-4806D3BD7D5F}\88\188-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v188-{3821
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\00\472-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v100-{50E4608
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\01\473-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v101-{50E4608
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\01\48-{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}-v1-{3821A7DA-4
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\02\474-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v102-{50E4608
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\03\475-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v103-{50E4608
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\04\476-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v104-{50E4608
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\05\477-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v105-{50E4608
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\06\478-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v106-{50E4608
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\07\479-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v107-{50E4608
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\08\480-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v108-{50E4608
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\09\481-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v109-{50E4608
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\10\482-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v110-{50E4608
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\11\483-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v111-{50E4608
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\12\484-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v112-{50E4608
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\13\485-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v113-{50E4608
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\14\486-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v114-{50E4608
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\15\487-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v115-{50E4608
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\16\488-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v116-{50E4608
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\49\451-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v49-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\50\434-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v50-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\51\436-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v51-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\52\438-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v52-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\53\439-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v53-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\54\442-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v54-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\55\443-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v55-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\56\446-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v56-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\57\448-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v57-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\58\449-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v58-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\70\489-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v70-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\71\433-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v71-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\72\435-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v72-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\73\437-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v73-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\74\440-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v74-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\75\441-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v75-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\76\444-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v76-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\77\445-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v77-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\78\447-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v78-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\79\450-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v79-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\80\452-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v80-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\81\453-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v81-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\82\454-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v82-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\83\455-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v83-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\84\456-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v84-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\85\457-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v85-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\86\458-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v86-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\87\459-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v87-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\88\460-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v88-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\89\461-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v89-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\90\462-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v90-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\91\463-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v91-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\92\464-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v92-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\93\465-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v93-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\94\466-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v94-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\95\467-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v95-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\96\468-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v96-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\97\469-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v97-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\98\470-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v98-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\mm_7teen@hotmail.com\DFSR\Staging\CS{F75333F8-86ED-9AF6-F2D9-F51439BAEDCA}\99\471-{3821A7DA-40EE-45BB-A60D-0E8E0DA1B5BE}-v99-{50E46080
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\01\118-{E568A22E-D835-B18D-4242-1AA2FDCE816B}-v1-{3821A7DA-4
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\11\11-{53AE5E12-8082-492B-8379-7B793C95D646}-v11-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\12\12-{53AE5E12-8082-492B-8379-7B793C95D646}-v12-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\13\13-{53AE5E12-8082-492B-8379-7B793C95D646}-v13-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\14\14-{53AE5E12-8082-492B-8379-7B793C95D646}-v14-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\15\15-{53AE5E12-8082-492B-8379-7B793C95D646}-v15-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\16\16-{53AE5E12-8082-492B-8379-7B793C95D646}-v16-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\17\17-{53AE5E12-8082-492B-8379-7B793C95D646}-v17-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\18\18-{53AE5E12-8082-492B-8379-7B793C95D646}-v18-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\19\19-{53AE5E12-8082-492B-8379-7B793C95D646}-v19-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\20\20-{53AE5E12-8082-492B-8379-7B793C95D646}-v20-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\21\21-{53AE5E12-8082-492B-8379-7B793C95D646}-v21-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\22\22-{53AE5E12-8082-492B-8379-7B793C95D646}-v22-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\23\119-{53AE5E12-8082-492B-8379-7B793C95D646}-v23-{3821A7DA-
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\24\24-{53AE5E12-8082-492B-8379-7B793C95D646}-v24-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\25\25-{53AE5E12-8082-492B-8379-7B793C95D646}-v25-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\26\124-{53AE5E12-8082-492B-8379-7B793C95D646}-v26-{3821A7DA-
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\27\120-{53AE5E12-8082-492B-8379-7B793C95D646}-v27-{3821A7DA-
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\28\121-{53AE5E12-8082-492B-8379-7B793C95D646}-v28-{3821A7DA-
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\29\125-{53AE5E12-8082-492B-8379-7B793C95D646}-v29-{3821A7DA-
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\30\126-{53AE5E12-8082-492B-8379-7B793C95D646}-v30-{3821A7DA-
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\31\127-{53AE5E12-8082-492B-8379-7B793C95D646}-v31-{3821A7DA-
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\32\32-{53AE5E12-8082-492B-8379-7B793C95D646}-v32-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\33\122-{53AE5E12-8082-492B-8379-7B793C95D646}-v33-{3821A7DA-
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\34\123-{53AE5E12-8082-492B-8379-7B793C95D646}-v34-{3821A7DA-
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\35\128-{53AE5E12-8082-492B-8379-7B793C95D646}-v35-{3821A7DA-
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\36\36-{53AE5E12-8082-492B-8379-7B793C95D646}-v36-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\37\37-{53AE5E12-8082-492B-8379-7B793C95D646}-v37-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\38\38-{53AE5E12-8082-492B-8379-7B793C95D646}-v38-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\39\39-{53AE5E12-8082-492B-8379-7B793C95D646}-v39-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\40\40-{53AE5E12-8082-492B-8379-7B793C95D646}-v40-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\41\41-{53AE5E12-8082-492B-8379-7B793C95D646}-v41-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\42\42-{53AE5E12-8082-492B-8379-7B793C95D646}-v42-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\43\43-{53AE5E12-8082-492B-8379-7B793C95D646}-v43-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\44\44-{53AE5E12-8082-492B-8379-7B793C95D646}-v44-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\45\45-{53AE5E12-8082-492B-8379-7B793C95D646}-v45-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\46\46-{53AE5E12-8082-492B-8379-7B793C95D646}-v46-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\47\47-{53AE5E12-8082-492B-8379-7B793C95D646}-v47-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\48\48-{53AE5E12-8082-492B-8379-7B793C95D646}-v48-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\49\49-{53AE5E12-8082-492B-8379-7B793C95D646}-v49-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\50\50-{53AE5E12-8082-492B-8379-7B793C95D646}-v50-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\51\51-{53AE5E12-8082-492B-8379-7B793C95D646}-v51-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\52\52-{53AE5E12-8082-492B-8379-7B793C95D646}-v52-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\53\53-{53AE5E12-8082-492B-8379-7B793C95D646}-v53-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\54\54-{53AE5E12-8082-492B-8379-7B793C95D646}-v54-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\55\55-{53AE5E12-8082-492B-8379-7B793C95D646}-v55-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\56\56-{53AE5E12-8082-492B-8379-7B793C95D646}-v56-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\57\57-{53AE5E12-8082-492B-8379-7B793C95D646}-v57-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\58\58-{53AE5E12-8082-492B-8379-7B793C95D646}-v58-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\59\59-{53AE5E12-8082-492B-8379-7B793C95D646}-v59-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\60\60-{53AE5E12-8082-492B-8379-7B793C95D646}-v60-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\61\61-{53AE5E12-8082-492B-8379-7B793C95D646}-v61-{53AE5E12-8
Status: hȋdden

Object: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Messenger\jessstew11@yahoo.com\SharingMetadata\stef_62@hotmail.com\DFSR\Staging\CS{E568A22E-D835-B18D-4242-1AA2FDCE816B}\62\62-{53AE5E12-8082-492B-8379-7B793C95D646}-v62-{53AE5E12-8
Status: hȋdden

jys
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-11-04
OS OS : windows xp
Points Points : 25918
# Likes # Likes : 0

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by Dr Jay on Fri Nov 06, 2009 8:08 pm

Please download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  • Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  • Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13812
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302439
# Likes # Likes : 10

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by jys on Sat Nov 07, 2009 12:21 am

SpiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows XP [Version 5.1.2600]

********************Drivers list********************


Volume in drive C is IBM_PRELOAD
Volume Serial Number is 6850-E046

Directory of C:\Windows\System32\Drivers

11/02/2009 10:37 AM .
11/02/2009 10:37 AM ..
04/13/2008 01:46 PM 53,376 1394bus.sys
08/17/2001 03:52 PM 23,552 ABP480N5.SYS
08/17/2001 02:20 PM 96,256 ac97intc.sys
04/13/2008 01:36 PM 187,776 acpi.sys
08/04/2004 07:00 AM 11,648 acpiec.sys
01/31/2006 12:19 PM 176,128 ADIHdAud.sys
08/17/2001 04:07 PM 101,888 adpu160m.sys
04/13/2008 07:11 PM 4,255 adv01nt5.dll
04/13/2008 07:11 PM 3,967 adv02nt5.dll
04/13/2008 07:11 PM 3,615 adv05nt5.dll
04/13/2008 07:11 PM 3,647 adv07nt5.dll
04/13/2008 07:11 PM 3,135 adv08nt5.dll
04/13/2008 07:11 PM 3,711 adv09nt5.dll
04/13/2008 07:11 PM 3,775 adv11nt5.dll
06/07/2005 03:53 PM 152,960 aeaudio.sys
04/13/2008 11:39 AM 142,592 aec.sys
05/27/2006 11:40 AM 21,275 AegisP.sys
08/14/2008 05:04 AM 138,496 afd.sys
04/13/2008 01:36 PM 42,368 agp440.sys
04/13/2008 01:36 PM 44,928 agpcpq.sys
08/17/2001 03:52 PM 12,800 aha154x.sys
08/17/2001 04:07 PM 55,168 aic78u2.sys
08/17/2001 04:07 PM 56,960 aic78xx.sys
08/17/2001 03:51 PM 5,248 aliide.sys
04/13/2008 01:36 PM 42,752 alim1541.sys
04/13/2008 01:36 PM 43,008 amdagp.sys
04/13/2008 01:31 PM 37,376 amdk6.sys
04/13/2008 01:31 PM 37,760 amdk7.sys
08/17/2001 03:52 PM 12,032 amsint.sys
11/08/2005 11:27 AM 11,520 ANC.sys
04/13/2008 01:51 PM 60,800 arp1394.sys
08/17/2001 03:52 PM 26,496 asc.sys
08/17/2001 03:52 PM 22,400 asc3350p.sys
08/17/2001 03:51 PM 14,848 asc3550.sys
04/13/2008 01:57 PM 14,336 asyncmac.sys
04/13/2008 01:40 PM 96,512 atapi.sys
08/03/2004 09:29 PM 56,623 ati1btxx.sys
08/03/2004 09:29 PM 11,615 ati1mdxx.sys
08/03/2004 09:29 PM 12,047 ati1pdxx.sys
08/03/2004 09:29 PM 30,671 ati1raxx.sys
08/03/2004 09:29 PM 63,663 ati1rvxx.sys
08/03/2004 09:29 PM 26,367 ati1snxx.sys
08/03/2004 09:29 PM 21,343 ati1ttxx.sys
08/03/2004 09:29 PM 36,463 ati1tuxx.sys
08/03/2004 09:29 PM 29,455 ati1xbxx.sys
08/03/2004 09:29 PM 34,735 ati1xsxx.sys
02/22/2006 12:09 AM 40,960 ati2erec.dll
08/03/2004 09:29 PM 327,040 ati2mtaa.sys
02/22/2006 12:46 AM 1,505,792 ati2mtag.sys
08/03/2004 09:29 PM 57,856 atinbtxx.sys
08/03/2004 09:29 PM 13,824 atinmdxx.sys
08/03/2004 09:29 PM 14,336 atinpdxx.sys
08/03/2004 09:29 PM 52,224 atinraxx.sys
08/03/2004 09:29 PM 104,960 atinrvxx.sys
08/03/2004 09:29 PM 28,672 atinsnxx.sys
08/03/2004 09:29 PM 13,824 atinttxx.sys
08/03/2004 09:29 PM 73,216 atintuxx.sys
08/03/2004 09:29 PM 31,744 atinxbxx.sys
08/03/2004 09:29 PM 63,488 atinxsxx.sys
01/18/2006 12:57 PM 1,114,674 ativcaxx.cpa
01/18/2006 12:57 PM 929 ativcaxx.vp
10/14/2005 12:10 PM 58,560 ativckxx.vp
07/17/2004 10:36 AM 64,352 ativmc20.cod
02/22/2006 12:58 AM 27,264 ativvpxx.vp
04/13/2008 01:51 PM 59,904 atmarpc.sys
05/17/2005 12:20 PM 15,872 atmeltpm.sys
08/04/2004 07:00 AM 31,360 atmepvc.sys
04/13/2008 01:51 PM 55,808 atmlane.sys
08/04/2004 07:00 AM 352,256 atmuni.sys
04/13/2008 07:11 PM 21,183 atv01nt5.dll
04/13/2008 07:11 PM 11,359 atv02nt5.dll
04/13/2008 07:11 PM 25,471 atv04nt5.dll
04/13/2008 07:11 PM 14,143 atv06nt5.dll
04/13/2008 07:11 PM 17,279 atv10nt5.dll
08/17/2001 03:59 PM 3,072 audstub.sys
09/05/2006 11:03 AM 3,968 AvgAsCln.sys
10/26/2005 12:01 PM 142,720 b57xp32.sys
04/13/2008 01:36 PM 14,208 battc.sys
08/04/2004 07:00 AM 4,224 beep.sys
04/13/2008 01:53 PM 71,552 bridge.sys
04/13/2008 01:46 PM 17,024 bthenum.sys
04/13/2008 01:46 PM 37,888 bthmodem.sys
04/13/2008 01:51 PM 101,120 bthpan.sys
06/13/2008 06:05 AM 272,128 bthport.sys
04/13/2008 01:46 PM 36,480 bthprint.sys
04/13/2008 01:46 PM 18,944 bthusb.sys
08/17/2001 03:52 PM 13,952 cbidf2k.sys
04/13/2008 02:46 PM 17,024 CCDECODE.sys
08/17/2001 03:52 PM 7,680 cd20xrnt.sys
08/04/2004 07:00 AM 18,688 cdaudio.sys
04/13/2008 02:14 PM 63,744 cdfs.sys
04/13/2008 01:40 PM 62,976 cdrom.sys
04/13/2008 07:11 PM 15,423 ch7xxnt5.dll
08/04/2004 07:00 AM 262,528 cinemst2.sys
04/13/2008 02:16 PM 49,536 classpnp.sys
04/13/2008 01:36 PM 13,952 cmbatt.sys
08/17/2001 03:51 PM 6,656 cmdide.sys
04/13/2008 01:36 PM 10,240 compbatt.sys
08/17/2001 03:52 PM 14,976 cpqarray.sys
08/04/2004 07:00 AM 11,776 cpqdap01.sys
04/13/2008 01:31 PM 36,736 crusoe.sys
07/17/2004 09:55 PM 129,045 cxthsfs2.cty
08/17/2001 03:52 PM 179,584 dac2w2k.sys
08/17/2001 03:52 PM 14,720 dac960nt.sys
08/09/2004 03:12 PM disdn
04/13/2008 01:40 PM 36,352 disk.sys
04/13/2008 01:40 PM 14,208 diskdump.sys
07/07/2005 11:03 AM 5,628 DLACDBHM.SYS
07/07/2005 11:02 AM 22,684 DLARTL_N.SYS
04/13/2008 01:44 PM 799,744 dmboot.sys
04/13/2008 01:44 PM 153,344 dmio.sys
08/04/2004 07:00 AM 5,888 dmload.sys
04/13/2008 01:45 PM 52,864 dmusic.sys
08/17/2001 04:07 PM 20,192 dpti2o.sys
04/13/2008 01:45 PM 60,160 drmk.sys
04/13/2008 01:45 PM 2,944 drmkaud.sys
07/28/2005 05:30 AM 88,704 DRVMCDB.SYS
07/07/2005 07:10 AM 40,544 DRVNDDM.SYS
08/04/2004 07:00 AM 10,496 dxapi.sys
04/13/2008 01:38 PM 71,168 dxg.sys
08/04/2004 07:00 AM 3,328 dxgthk.sys
08/17/2001 02:12 PM 117,760 e100b325.sys
08/17/2001 03:46 PM 6,400 enum1394.sys
11/04/2009 08:09 PM etc
04/13/2008 02:14 PM 143,744 fastfat.sys
04/13/2008 01:40 PM 27,392 fdc.sys
04/13/2008 01:33 PM 44,544 fips.sys
04/13/2008 01:40 PM 20,480 flpydisk.sys
04/13/2008 01:32 PM 129,792 fltmgr.sys
08/04/2004 07:00 AM 12,160 fsvga.sys
08/04/2004 07:00 AM 7,936 fs_rec.sys
08/17/2001 03:52 PM 125,056 ftdisk.sys
04/13/2008 01:36 PM 46,464 gagp30kx.sys
08/04/2004 07:00 AM 3,440,660 gm.dls
08/04/2004 07:00 AM 646 gmreadme.txt
04/13/2008 11:36 AM 144,384 hdaudbus.sys
01/07/2005 07:07 PM 145,920 Hdaudio.sys
04/13/2008 01:46 PM 25,600 hidbth.sys
04/13/2008 01:45 PM 36,864 hidclass.sys
04/13/2008 01:45 PM 19,200 hidir.sys
04/13/2008 01:45 PM 24,960 hidparse.sys
04/13/2008 01:45 PM 10,368 hidusb.sys
08/17/2001 04:07 PM 25,952 hpn.sys
08/03/2004 09:41 PM 220,032 hsfbs2s2.sys
08/03/2004 09:41 PM 685,056 hsfcxts2.sys
08/03/2004 09:41 PM 1,041,536 hsfdpsp2.sys
12/06/2005 09:50 AM 141,392 HSFProf.cty
12/06/2005 01:20 PM 192,512 hsxhwazl.sys
12/06/2005 01:20 PM 670,208 hsx_cnxt.sys
12/06/2005 01:21 PM 936,448 hsx_dpv.sys
04/13/2008 01:53 PM 264,832 http.sys
04/13/2008 01:41 PM 8,576 i2omgmt.sys
04/13/2008 01:41 PM 18,560 i2omp.sys
04/13/2008 02:18 PM 52,480 i8042prt.sys
10/12/2005 02:07 PM 874,240 IASTOR.SYS
01/13/2006 02:33 AM 6,016 IBMBLDID.sys
12/21/2005 07:14 PM 12,544 ibmfilter.sys
11/11/2005 03:33 AM 10,112 ibmpmdrv.sys
04/13/2008 01:40 PM 42,112 imapi.sys
08/17/2001 03:52 PM 16,000 ini910u.sys
04/13/2008 01:40 PM 5,504 intelide.sys
04/13/2008 01:31 PM 36,352 intelppm.sys
04/13/2008 01:53 PM 36,608 ip6fw.sys
08/04/2004 07:00 AM 32,896 ipfltdrv.sys
04/13/2008 01:57 PM 20,864 ipinip.sys
04/13/2008 01:57 PM 152,832 ipnat.sys
04/13/2008 02:19 PM 75,264 ipsec.sys
04/13/2008 01:54 PM 11,264 irenum.sys
04/13/2008 01:36 PM 37,248 isapnp.sys
09/11/2003 01:36 AM 21,060 iviaspi.sys
04/13/2008 01:39 PM 24,576 kbdclass.sys
04/13/2008 01:45 PM 172,416 kmixer.sys
04/13/2008 02:16 PM 141,056 ks.sys
06/24/2009 06:18 AM 92,928 ksecdd.sys
04/17/2007 03:52 PM 100 LENOVO_9462_W11.MRK
09/20/2002 03:15 PM 472,396 lvcm.sys
09/20/2002 03:14 PM 12,112 LVUSBSta.sys
09/10/2009 02:53 PM 19,160 mbam.sys
09/10/2009 02:54 PM 38,224 mbamswissarmy.sys
08/04/2004 07:00 AM 7,680 mcd.sys
10/05/2005 05:57 PM 12,544 mdmxsdk.sys
04/13/2008 01:36 PM 63,744 mf.sys
08/04/2004 07:00 AM 4,224 mnmdd.sys
04/13/2008 02:00 PM 30,080 modem.sys
04/13/2008 01:39 PM 23,040 mouclass.sys
08/17/2001 12:48 PM 12,160 mouhid.sys
04/13/2008 01:39 PM 42,368 mountmgr.sys
08/17/2001 03:52 PM 17,280 mraid35x.sys
04/13/2008 01:32 PM 180,608 mrxdav.sys
10/24/2008 06:21 AM 455,296 mrxsmb.sys
04/13/2008 01:32 PM 19,072 msfs.sys
04/13/2008 01:56 PM 35,072 msgpc.sys
04/13/2008 01:39 PM 7,552 mskssrv.sys
04/13/2008 01:39 PM 5,376 mspclock.sys
04/13/2008 01:39 PM 4,992 mspqm.sys
04/13/2008 01:36 PM 15,488 mssmbios.sys
04/13/2008 02:39 PM 5,504 MSTEE.sys
08/03/2004 09:41 PM 126,686 mtlmnt5.sys
08/03/2004 09:41 PM 1,309,184 mtlstrm.sys
08/03/2004 09:29 PM 452,736 mtxparhm.sys
04/13/2008 02:17 PM 105,344 mup.sys
04/13/2008 01:43 PM 12,672 mutohpen.sys
04/13/2008 02:46 PM 85,248 NABTSFEC.sys
04/13/2008 02:20 PM 182,656 ndis.sys
04/13/2008 02:46 PM 10,880 NdisIP.sys
04/13/2008 01:57 PM 10,112 ndistapi.sys
04/13/2008 01:55 PM 14,592 ndisuio.sys
04/13/2008 02:20 PM 91,520 ndiswan.sys
04/13/2008 01:57 PM 40,576 ndproxy.sys
04/13/2008 01:56 PM 34,688 netbios.sys
04/13/2008 02:21 PM 162,816 netbt.sys
07/17/2004 10:35 AM 67,866 netwlan5.img
04/13/2008 01:51 PM 61,824 nic1394.sys
08/04/2004 07:00 AM 12,032 nikedrv.sys
04/13/2008 01:53 PM 40,320 nmnt.sys
04/13/2008 01:32 PM 30,848 npfs.sys
04/13/2008 02:15 PM 574,976 ntfs.sys
08/03/2004 09:41 PM 180,360 ntmtlfax.sys
08/04/2004 07:00 AM 2,944 null.sys
08/04/2004 12:29 AM 1,897,408 nv4_mini.sys
08/04/2004 07:00 AM 12,416 nwlnkflt.sys
08/04/2004 07:00 AM 32,512 nwlnkfwd.sys
04/13/2008 01:56 PM 88,320 nwlnkipx.sys
08/04/2004 07:00 AM 63,232 nwlnknb.sys
08/04/2004 07:00 AM 55,936 nwlnkspx.sys
04/13/2008 01:46 PM 61,696 ohci1394.sys
08/04/2004 07:00 AM 3,456 oprghdlr.sys
04/13/2008 01:31 PM 42,752 p3.sys
04/13/2008 01:40 PM 80,128 parport.sys
04/13/2008 01:40 PM 19,712 partmgr.sys
08/04/2004 07:00 AM 6,784 parvdm.sys
01/05/2006 11:57 AM 13,440 pcdrndisuio.sys
04/13/2008 01:36 PM 68,224 pci.sys
08/17/2001 03:51 PM 3,328 pciide.sys
04/13/2008 01:40 PM 24,960 pciidex.sys
04/13/2008 01:36 PM 120,192 pcmcia.sys
08/17/2001 04:07 PM 27,296 perc2.sys
08/17/2001 04:07 PM 5,504 perc2hib.sys
05/31/2000 10:29 PM 7,012 PMEMNT.SYS
04/13/2008 02:19 PM 146,048 portcls.sys
03/23/2006 04:03 AM 5,120 PROCDD.SYS
04/13/2008 01:31 PM 35,840 processr.sys
05/27/2006 12:03 PM 16,256 psadd.sys
05/27/2006 12:03 PM 32,256 psasrv.exe
04/13/2008 01:56 PM 69,120 psched.sys
08/04/2004 07:00 AM 17,792 ptilink.sys
10/26/2005 03:12 PM 20,640 pxhelp20.sys
08/17/2001 03:52 PM 40,320 ql1080.sys
08/17/2001 03:52 PM 33,152 ql10wnt.sys
08/17/2001 03:52 PM 45,312 ql12160.sys
08/17/2001 03:52 PM 40,448 ql1240.sys
08/17/2001 03:52 PM 49,024 ql1280.sys
08/04/2004 07:00 AM 8,832 rasacd.sys
04/13/2008 02:19 PM 51,328 rasl2tp.sys
04/13/2008 01:57 PM 41,472 raspppoe.sys
04/13/2008 02:19 PM 48,384 raspptp.sys
08/04/2004 07:00 AM 16,512 raspti.sys
08/04/2004 07:00 AM 34,432 rawwan.sys
04/13/2008 02:28 PM 175,744 rdbss.sys
08/04/2004 07:00 AM 4,224 rdpcdd.sys
04/13/2008 01:32 PM 196,224 rdpdr.sys
04/13/2008 07:13 PM 139,656 rdpwd.sys
08/03/2004 09:41 PM 13,776 recagent.sys
04/13/2008 01:40 PM 57,600 redbook.sys
04/13/2008 01:46 PM 59,136 rfcomm.sys
08/04/2004 07:00 AM 12,032 rio8drv.sys
08/04/2004 07:00 AM 12,032 riodrv.sys
05/08/2008 09:02 AM 203,136 rmcast.sys
04/13/2008 01:56 PM 30,592 rndismp.sys
04/13/2008 01:56 PM 30,592 rndismpx.sys
08/04/2004 07:00 AM 5,888 rootmdm.sys
02/17/2006 06:41 PM 13,568 s24trans.sys
08/03/2004 09:29 PM 166,912 s3gnbm.sys
04/13/2008 01:40 PM 96,384 scsiport.sys
04/13/2008 01:36 PM 79,232 sdbus.sys
11/13/2007 05:25 AM 20,480 secdrv.sys
04/13/2008 01:40 PM 15,744 serenum.sys
04/13/2008 02:15 PM 64,512 serial.sys
04/13/2008 01:40 PM 11,904 sffdisk.sys
04/13/2008 01:40 PM 10,240 sffp_mmc.sys
04/13/2008 01:40 PM 11,008 sffp_sd.sys
04/13/2008 01:40 PM 11,392 sfloppy.sys
06/20/2005 02:18 PM 4,736 ShockMgr.sys
11/30/2005 05:58 PM 85,760 shockprf.sys
04/13/2008 07:12 PM 3,901 siint5.dll
04/13/2008 01:36 PM 40,960 sisagp.sys
04/13/2008 02:46 PM 11,136 SLIP.sys
08/03/2004 09:41 PM 129,535 slnt7554.sys
08/03/2004 09:41 PM 404,990 slntamr.sys
08/03/2004 09:41 PM 95,424 slnthal.sys
08/03/2004 09:41 PM 13,240 slwdmsup.sys
01/17/2006 03:52 AM 14,848 SMAPINT.SYS
04/13/2008 01:36 PM 5,888 smbali.sys
08/04/2004 07:00 AM 14,592 smclib.sys
04/13/2008 01:46 PM 25,344 sonydcam.sys
08/17/2001 04:07 PM 19,072 sparrow.sys
04/13/2008 01:45 PM 6,272 splitter.sys
04/13/2008 01:36 PM 73,472 sr.sys
12/11/2008 05:57 AM 333,952 srv.sys
07/03/2007 04:54 PM 80,552 sscdbus.sys
07/03/2007 04:56 PM 9,256 sscdcm.sys
07/03/2007 04:56 PM 9,256 sscdcmnt.sys
07/03/2007 04:57 PM 11,944 sscdmdfl.sys
07/03/2007 04:58 PM 106,792 sscdmdm.sys
07/03/2007 05:00 PM 9,256 sscdwh.sys
07/03/2007 05:00 PM 9,256 sscdwhnt.sys
07/24/2006 04:05 PM 5,632 StarOpen.sys
04/13/2008 01:45 PM 49,408 stream.sys
04/13/2008 02:46 PM 15,232 StreamIP.sys
04/13/2008 01:39 PM 4,352 swenum.sys
04/13/2008 01:45 PM 56,576 swmidi.sys
08/17/2001 04:07 PM 16,256 symc810.sys
08/17/2001 04:07 PM 32,640 symc8xx.sys
04/05/2005 01:16 PM 11,512 symdns.sys
04/01/2005 10:36 PM 123,200 SYMEVENT.SYS
04/05/2005 01:16 PM 173,208 symfw.sys
04/05/2005 01:16 PM 36,984 symids.sys
04/05/2005 01:16 PM 47,192 symndis.sys
04/05/2005 01:08 PM 20 SymRedir.cat
04/05/2005 01:08 PM 1,133 SymRedir.inf
04/05/2005 01:17 PM 17,976 symredrv.sys
04/05/2005 01:17 PM 267,192 symtdi.sys
08/17/2001 04:07 PM 28,384 sym_hi.sys
08/17/2001 04:07 PM 30,688 sym_u3.sys
02/14/2006 04:04 PM 177,664 SynTP.sys
04/13/2008 02:15 PM 60,800 sysaudio.sys
04/13/2008 01:40 PM 14,976 tape.sys
06/20/2008 06:51 AM 361,600 tcpip.sys
06/20/2008 06:08 AM 225,856 tcpip6.sys
04/13/2008 02:00 PM 19,072 tdi.sys
04/13/2008 07:13 PM 12,040 tdpipe.sys
01/17/2006 03:52 AM 9,343 TDSMAPI.SYS
04/13/2008 07:13 PM 21,896 tdtcp.sys
04/13/2008 07:13 PM 40,840 termdd.sys
08/04/2004 07:00 AM 51,712 tosdvd.sys
08/17/2001 03:51 PM 4,992 toside.sys
07/05/2005 04:57 PM 17,699 TPHKDRV.sys
03/23/2006 03:13 AM 4,442 TPPWRIF.SYS
08/04/2004 07:00 AM 21,376 tsbvcap.sys
02/27/2006 04:52 AM 7,168 TSMAPIP.SYS
04/13/2008 01:56 PM 12,288 tunmp.sys
04/13/2008 01:36 PM 44,672 uagp35.sys
04/13/2008 01:32 PM 66,048 udfs.sys
08/17/2001 03:52 PM 36,736 ultra.sys
07/17/2008 05:13 PM UMDF
04/13/2008 01:39 PM 384,768 update.sys
04/13/2008 01:56 PM 12,800 usb8023.sys
04/13/2008 01:56 PM 12,800 usb8023x.sys
04/13/2008 02:45 PM 60,032 USBAUDIO.sys
04/13/2008 01:45 PM 25,600 usbcamd.sys
04/13/2008 01:45 PM 25,728 usbcamd2.sys
04/13/2008 02:45 PM 32,128 usbccgp.sys
08/04/2004 07:00 AM 4,736 usbd.sys
04/13/2008 01:45 PM 30,208 usbehci.sys
04/13/2008 01:45 PM 59,520 usbhub.sys
04/13/2008 01:45 PM 15,872 usbintel.sys
01/05/2006 11:50 AM 28,848 USBkey.sys
04/13/2008 01:45 PM 143,872 usbport.sys
04/13/2008 01:47 PM 25,856 usbprint.sys
04/13/2008 01:45 PM 15,104 usbscan.sys
04/13/2008 01:45 PM 26,368 usbstor.sys
04/13/2008 01:45 PM 20,608 usbuhci.sys
04/13/2008 01:46 PM 121,984 usbvideo.sys
04/13/2008 07:12 PM 11,325 vchnt5.dll
08/04/2004 07:00 AM 58,112 vdmindvd.sys
04/13/2008 01:44 PM 20,992 vga.sys
04/13/2008 01:36 PM 42,240 viaagp.sys
04/13/2008 01:40 PM 5,376 viaide.sys
04/13/2008 01:44 PM 81,664 videoprt.sys
04/13/2008 01:41 PM 52,352 volsnap.sys
12/05/2005 02:55 AM 1,428,096 w39n51.sys
04/13/2008 01:43 PM 14,208 wacompen.sys
08/03/2004 09:29 PM 11,807 wadv07nt.sys
08/03/2004 09:29 PM 11,295 wadv08nt.sys
08/03/2004 09:29 PM 11,871 wadv09nt.sys
08/03/2004 09:29 PM 11,935 wadv11nt.sys
04/13/2008 01:57 PM 34,560 wanarp.sys
08/03/2004 09:29 PM 22,271 watv06nt.sys
08/03/2004 09:29 PM 25,471 watv10nt.sys
04/13/2008 02:17 PM 83,072 wdmaud.sys
08/04/2004 07:00 AM 4,352 wmilib.sys
10/18/2006 07:00 PM 38,528 wpdusb.sys
08/04/2004 07:00 AM 12,032 ws2ifsl.sys
04/13/2008 02:46 PM 19,200 WSTCODEC.SYS
09/28/2006 05:55 PM 77,568 WudfPf.sys
09/28/2006 06:00 PM 82,944 WudfRd.sys
383 File(s) 36,721,212 bytes

Directory of C:\Windows\System32\Drivers\disdn

08/09/2004 03:12 PM .
08/09/2004 03:12 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\etc

11/04/2009 08:09 PM .
11/04/2009 08:09 PM ..
11/04/2009 08:09 PM 21 hosts
08/04/2004 07:00 AM 3,683 lmhosts.sam
08/04/2004 07:00 AM 407 networks
08/04/2004 07:00 AM 799 protocol
08/04/2004 07:00 AM 7,116 services
5 File(s) 12,026 bytes

Directory of C:\Windows\System32\Drivers\UMDF

07/17/2008 05:13 PM .
07/17/2008 05:13 PM ..
10/18/2006 08:47 PM 671,232 wpdmtpdr.dll
1 File(s) 671,232 bytes

Total Files Listed:
389 File(s) 37,404,470 bytes
11 Dir(s) 19,006,709,760 bytes free


***********************Hidden Drivers********************
Volume in drive C is IBM_PRELOAD
Volume Serial Number is 6850-E046

Directory of C:\Windows\System32\Drivers

05/27/2006 11:41 AM 0 IBM_9462_W11_TP.MRK
1 File(s) 0 bytes
0 Dir(s) 19,006,717,952 bytes free


*********************Processes*******************


PROCESS PID PRIO PATH
smss.exe 844 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 892 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 924 High C:\WINDOWS\system32\winlogon.exe
services.exe 968 Normal C:\WINDOWS\system32\services.exe
lsass.exe 980 Normal C:\WINDOWS\system32\lsass.exe
ibmpmsvc.exe 1164 Normal C:\WINDOWS\system32\ibmpmsvc.exe
Ati2evxx.exe 1192 Normal C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe 1208 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1292 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1456 Normal C:\WINDOWS\System32\svchost.exe
EvtEng.exe 1524 Normal C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
S24EvMon.exe 1632 Normal C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe 1816 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1848 Normal C:\WINDOWS\system32\svchost.exe
ccProxy.exe 184 Normal C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
ccSetMgr.exe 172 Normal C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
ISSVC.exe 212 Normal C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
SNDSrvc.exe 248 Normal C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
ccEvtMgr.exe 344 Normal C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
spoolsv.exe 780 Normal C:\WINDOWS\system32\spoolsv.exe
svchost.exe 260 Normal C:\WINDOWS\system32\svchost.exe
IPSSVC.EXE 440 Normal C:\WINDOWS\system32\IPSSVC.EXE
AcPrfMgrSvc.exe 456 Normal C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
guard.exe 656 Normal C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
DefWatch.exe 676 Normal C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
DkService.exe 696 Normal C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
svchost.exe 944 Normal C:\WINDOWS\System32\svchost.exe
MDM.EXE 1112 Normal C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
RegSrvc.exe 1404 Normal C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe 1764 Normal C:\WINDOWS\system32\svchost.exe
Rtvscan.exe 1920 Idle C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
SymSPort.exe 1956 Normal C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
TPHDEXLG.EXE 1996 Normal C:\WINDOWS\System32\TPHDEXLG.EXE
TpKmpSVC.exe 2012 Normal C:\WINDOWS\system32\TpKmpSVC.exe
ibmtcsd.exe 2044 Normal C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
rrservice.exe 2080 Normal C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
tvtsched.exe 2092 Normal C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
UCLauncherService.exe 2116 Normal C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
AcSvc.exe 2184 Normal C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
WMPNetwk.exe 2312 Normal C:\Program Files\Windows Media Player\WMPNetwk.exe
alg.exe 3020 Normal C:\WINDOWS\System32\alg.exe
logmon.exe 3036 Normal C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
SvcGuiHlpr.exe 3728 Normal C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
wscntfy.exe 3904 Normal C:\WINDOWS\system32\wscntfy.exe
Ati2evxx.exe 4036 Normal C:\WINDOWS\system32\Ati2evxx.exe
Explorer.EXE 388 Normal C:\WINDOWS\Explorer.EXE
SynTPLpr.exe 3796 Normal C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh.exe 3892 Normal C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
TpShocks.exe 4004 Normal C:\WINDOWS\system32\TpShocks.exe
EzEjMnAp.Exe 1392 Normal C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
TPHKMGR.exe 1400 Above Normal C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
TPONSCR.exe 1756 Normal C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
TpScrex.exe 1976 Normal C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
smax4pnp.exe 2236 Normal C:\Program Files\Analog Devices\Core\smax4pnp.exe
cli.exe 2272 Normal C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
LPMGR.exe 1472 Normal C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
Amsg.exe 292 Normal C:\Program Files\ThinkVantage\AMSG\Amsg.exe
DLACTRLW.EXE 4028 Normal C:\WINDOWS\System32\DLA\DLACTRLW.EXE
issch.exe 1428 Normal C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
AwaySch.EXE 3644 Normal C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
ccApp.exe 3772 Normal C:\Program Files\Common Files\Symantec Shared\ccApp.exe
VPTray.exe 4052 Normal C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
pdservice.exe 1640 Normal C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
PicasaMediaDetector.exe 960 Normal C:\Program Files\Picasa2\PicasaMediaDetector.exe
GoogleDesktop.exe 268 Normal C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
ACTray.exe 1940 Normal C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
ACWLIcon.exe 1312 Normal C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
GoogleDesktopIndex.exe 2032 Normal C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
rundll32.exe 3212 Normal C:\WINDOWS\system32\rundll32.exe
GoogleDesktopDisplay.exe 3528 Normal C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
avgas.exe 4272 Normal C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
cli.exe 5100 Normal C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
ctfmon.exe 6028 Normal C:\WINDOWS\system32\ctfmon.exe
WMPNSCFG.exe 6040 Normal C:\Program Files\Windows Media Player\WMPNSCFG.exe
cmd.exe 6016 Normal C:\WINDOWS\system32\cmd.exe
processes.exe 2640 Normal C:\Documents and Settings\Admin\Desktop\SpiderKill\SpiderKill\processes.exe


Module information for 'Explorer.EXE'(388)
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1044480 C:\WINDOWS\Explorer.EXE 6.00.2900.5512 (xpsp.080413-2105) Windows Explorer
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Light-weight Utility Library
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
SHDOCVW.dll 7e290000 1511424 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 610304 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.5512 (xpsp.080413-2113) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.5875 (xpsp_sp3_gdr.090904-1413) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust UI Provider
NETAPI32.dll 5b860000 348160 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) Net Win32 API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
WININET.dll 3d930000 942080 C:\WINDOWS\system32\WININET.dll 8.00.6001.18828 (longhorn_ie8_gdr.090826-1700) Internet Extensions for Win32
Normaliz.dll 400000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
urlmon.dll 78130000 1253376 C:\WINDOWS\system32\urlmon.dll 8.00.6001.18828 (longhorn_ie8_gdr.090826-1700) OLE32 Extensions for Win32
iertutil.dll 3dfd0000 1998848 C:\WINDOWS\system32\iertutil.dll 8.00.6001.18828 (longhorn_ie8_gdr.090826-1700) Run time utility for Internet Explorer
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.5512 (xpsp.080413-2105) Windows NT Image Helper
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
PROCHLP.DLL 10000000 143360 C:\WINDOWS\system32\PROCHLP.DLL 2, 0, 0, 0 IPS Helper DLL
msctfime.ime 755c0000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442) Microsoft Text Frame Work Service IME
appHelp.dll 77b40000 139264 C:\WINDOWS\system32\appHelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
themeui.dll 5ba60000 462848 C:\WINDOWS\system32\themeui.dll 6.00.2900.5512 (xpsp.080413-2105) Windows Theme API
MSIMG32.dll 76380000 20480 C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.5512 (xpsp.080413-2105) GDIEXT Client DLL
xpsp2res.dll 11b0000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
actxprxy.dll 71d40000 110592 C:\WINDOWS\system32\actxprxy.dll 6.00.2900.5512 (xpsp.080413-2113) ActiveX Interface Marshaling Library
msutb.dll 5fc10000 208896 C:\WINDOWS\system32\msutb.dll 5.1.2600.5512 (xpsp.080413-2105) MSUTB Server DLL
MSCTF.dll 74720000 311296 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.5512 (xpsp.080413-2105) MSCTF Server DLL
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.5512 (xpsp.080413-2105) Windows Volume Tracking
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.5512 (xpsp.080413-2105) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
msi.dll 7d1e0000 2867200 C:\WINDOWS\system32\msi.dll 3.1.4001.5512 Windows Installer
ieframe.dll 3e1c0000 11087872 C:\WINDOWS\system32\ieframe.dll 8.00.6001.18828 (longhorn_ie8_gdr.090826-1700) Internet Explorer
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
NETSHELL.dll 76400000 1724416 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Shell
credui.dll 76c00000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.5512 (xpsp.080413-2113) Credential Manager User Interface
dot3api.dll 478c0000 40960 C:\WINDOWS\system32\dot3api.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 Autoconfiguration API
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.5512 (xpsp.080413-0852) Routing Utilities
dot3dlg.dll 736d0000 24576 C:\WINDOWS\system32\dot3dlg.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 UI Helper
OneX.DLL 5dca0000 163840 C:\WINDOWS\system32\OneX.DLL 5.1.2600.5512 (xpsp.080413-0852) IEEE 802.1X supplicant library
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Terminal Server SDK APIs
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
eappcfg.dll 745b0000 139264 C:\WINDOWS\system32\eappcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Eap Peer Config
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
eappprxy.dll 5dcd0000 57344 C:\WINDOWS\system32\eappprxy.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPHost Peer Client DLL
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
webcheck.dll 1ea0000 249856 C:\WINDOWS\system32\webcheck.dll 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) Web Site Monitor
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.5512 (xpsp.080413-2105) Multi Language Support DLL
stobject.dll 76280000 135168 C:\WINDOWS\system32\stobject.dll 5.1.2600.5512 (xpsp.080413-2105) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINDOWS\system32\BatMeter.dll 6.00.2900.5512 (xpsp.080413-2105) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINDOWS\system32\POWRPROF.dll 6.00.2900.5512 (xpsp.080413-2105) Power Profile Helper DLL
WPDShServiceObj.dll 164a0000 143360 C:\WINDOWS\system32\WPDShServiceObj.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device Shell Service Object
WINHTTP.dll 4d4f0000 364544 C:\WINDOWS\system32\WINHTTP.dll 5.1.2600.5727 (xpsp_sp3_gdr.081215-1359) Windows HTTP Services
cscui.dll 77a20000 344064 C:\WINDOWS\system32\cscui.dll 5.1.2600.5512 (xpsp.080413-2105) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\system32\CSCDLL.dll 5.1.2600.5512 (xpsp.080413-2111) Offline Network Agent
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.5512 (xpsp.080413-2108) WDM Audio driver mapper
mydocs.dll 72410000 106496 C:\WINDOWS\system32\mydocs.dll 6.00.2900.5512 (xpsp.080413-2105) My Documents Folder UI
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft MIDI Mapper
PortableDeviceTypes.dll 109c0000 180224 C:\WINDOWS\system32\PortableDeviceTypes.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device (Parameter) Types Component
PortableDeviceApi.dll 10930000 299008 C:\WINDOWS\system32\PortableDeviceApi.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device API Components
SynTPFcs.dll 63000000 81920 C:\WINDOWS\system32\SynTPFcs.dll 7.5.17.20 14Feb06 SynTPFcs
WZCSAPI.DLL 73030000 65536 C:\WINDOWS\system32\WZCSAPI.DLL 5.1.2600.5512 (xpsp.080413-0852) Wireless Zero Configuration service API
PWRMGRTR.DLL df0000 159744 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL 1, 0, 0, 0 ThinkPad Power Manager Background Monitor and Tray Battery Gauge
MFC42u.DLL 5f800000 991232 C:\WINDOWS\system32\MFC42u.DLL 6.02.8071.0 MFCDLL Shared Library - Retail Version
PWRMGRRT.DLL ee0000 36864 C:\PROGRA~1\ThinkPad\UTILIT~1\US\PWRMGRRT.DLL
PWRMGRIF.DLL ef0000 73728 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL
Sensor.dll f20000 69632 C:\WINDOWS\system32\Sensor.dll 1.40 ThinkVantage Active Protection System - Shock Sensor Module
GoogleDesktopDeskbar2.dll 66000000 163840 C:\Program Files\Google\Google Desktop Search\GoogleDesktopDeskbar2.dll
GoogleDesktopHyper.dll f50000 159744 C:\Program Files\Google\Google Desktop Search\GoogleDesktopHyper.dll
GoogleDesktopResources_en.dll 62000000 544768 C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
rsaenh.dll 68000000 221184 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
wzcdlg.dll 5df10000 393216 C:\WINDOWS\system32\wzcdlg.dll 5.1.2600.5512 (xpsp.080413-0852) Wireless Zero Configuration Service UI
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.5512 (xpsp.080413-0852) Multiple Provider Router DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft® Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.5512 (xpsp.080413-2113) Net Remote Admin Protocol DLL
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
davclnt.dll 75f70000 40960 C:\WINDOWS\System32\davclnt.dll 5.1.2600.5512 (xpsp.080413-2111) Web DAV Client DLL
browselc.dll 71600000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
DUSER.dll 6c1b0000 315392 C:\WINDOWS\system32\DUSER.dll 5.1.2600.5512 (xpsp.080413-2105) Windows DirectUser Engine
mslbui.dll 605d0000 36864 C:\WINDOWS\system32\mslbui.dll 5.1.2600.5512 (xpsp.080413-2105) LangageBar Add In
zipfldr.dll 73380000 356352 C:\WINDOWS\system32\zipfldr.dll 6.00.2900.5512 (xpsp.080413-2105) Compressed (zipped) Folders
PDFShell.dll 38c0000 372736 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 9.1.0.2009022700 PDF Shell Extension
MSVCR80.dll 3930000 634880 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll 8.00.50727.3053 Microsoft® C Runtime Library
shellexecutehook.dll 3a20000 77824 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll 7, 5, 0, 47 AVG Anti-Spyware shellexecutehook
MSISIP.DLL 605f0000 28672 C:\WINDOWS\system32\MSISIP.DLL 3.1.4001.5512 MSI Signature SIP Provider
wshext.dll 7dfa0000 90112 C:\WINDOWS\system32\wshext.dll 5.7.0.18066 Microsoft (R) Shell Extension for Windows script Host
MCPS.DLL 36d30000 110592 C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL 11.0.8164 Media Catalog Proxy/Stub



******************************************
EOF

jys
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-11-04
OS OS : windows xp
Points Points : 25918
# Likes # Likes : 0

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by Dr Jay on Sat Nov 07, 2009 2:51 pm

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13812
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302439
# Likes # Likes : 10

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by jys on Sun Nov 08, 2009 2:43 pm

Malwarebytes' Anti-Malware 1.41
Database version: 3128
Windows 5.1.2600 Service Pack 3

11/8/2009 2:37:58 PM
mbam-log-2009-11-08 (14-37-58).txt

Scan type: Full Scan (C:\|)
Objects scanned: 178713
Time elapsed: 57 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jys
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-11-04
OS OS : windows xp
Points Points : 25918
# Likes # Likes : 0

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by Dr Jay on Sun Nov 08, 2009 6:27 pm

Please use Internet Explorer and run a [You must be registered and logged in to see this link.]

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan
Please post the results in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13812
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302439
# Likes # Likes : 10

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by jys on Mon Nov 09, 2009 11:46 pm

sorry it took so long,..please let me know if this post is ok for you to read. I saved it before copying it and some of it was in a table.

Scan path: C:\;D:\;

Statistics

Time

01:18:09

Files

393591

Folders
8970

Boot Sectors


0

Archives


11019

Packed Files


19805

Results

Identified Viruses


2

Infected Files


2

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


4


Engines Info

Virus Definitions


4482645

Engine build


AVCORE v2.1 Windows/i386 11.0.0.26 (Oct 20 2009)

Scan plugins


17

Archive plugins


44

Unpack plugins


8

E-mail plugins


6

System plugins


4







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EDC0000\4FDEEE9D.VBN=>(Quarantine-PE)


Detected with: Gen:Adware.Heur.umLfQSiaobai

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EDC0000\4FDEEE9D.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EDC0000\4FDEEE9D.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EDC0000\4FDEEE9D.VBN


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14CC0000\5DCDA8F7.VBN=>(Quarantine-PE)


Detected with: Gen:Adware.Heur.pu9@QOnSwIhi

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14CC0000\5DCDA8F7.VBN=>(Quarantine-PE)


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14CC0000\5DCDA8F7.VBN=>(Quarantine-PE)


Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14CC0000\5DCDA8F7.VBN


Deleted

jys
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-11-04
OS OS : windows xp
Points Points : 25918
# Likes # Likes : 0

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by Dr Jay on Tue Nov 10, 2009 12:22 am

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13812
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302439
# Likes # Likes : 10

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by jys on Tue Nov 10, 2009 7:12 am

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG Anti-Spyware 7.5
Multi Virus Cleaner 2009
``````````````````````````````
Anti-malware/Other Utilities Check:

AVG Anti-Spyware 7.5
HijackThis 2.0.2
Multi Virus Cleaner 2009
IBM 32-bit Runtime Environment for Java 2, v1.4.2
IBM 32-bit Runtime Environment for Java 2, v1.4.2
Adobe Flash Player 10
Adobe Reader 9.2
``````````````````````````````
Process Check:
objlist.exe by Laurent

Symantec Client Security Symantec AntiVirus DefWatch.exe
Symantec Client Security Symantec AntiVirus Rtvscan.exe
Symantec Client Security Symantec Client Firewall ISSVC.exe
Symantec Client Security Symantec Client Firewall SymSPort.exe
``````````````````````````````
DNS Vulnerability Check:

Unknown. This method cannot test your vulnerability to DNS cache poisoning.

`````````End of Log```````````

jys
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-11-04
OS OS : windows xp
Points Points : 25918
# Likes # Likes : 0

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by Dr Jay on Tue Nov 10, 2009 10:30 am

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version.
  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • [You must be registered and logged in to see this link.]: free and excellent firewall.


AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13812
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302439
# Likes # Likes : 10

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by jys on Tue Nov 10, 2009 5:21 pm

I'm good to go? Nothing there now? Thank you so very much for your reliable and consistent help. I appreciate it a lot.

jys
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-11-04
OS OS : windows xp
Points Points : 25918
# Likes # Likes : 0

View user profile

Back to top Go down

Re: returning bankerfox.a and win32nugel.e - please help...

Post by Dr Jay on Wed Nov 11, 2009 3:06 pm

You are welcome.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13812
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302439
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum