« previous next »
Pages: [1]

Author Topic: WebSiteViewer  (Read 3474 times)

Offline bk0566

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
WebSiteViewer
« on: March 12, 2005, 09:58:15 PM »
I am running Windows XP Pro and am having trouble removing WebSiteViewer.  I have run AdAware SE and Spybot and a full system scan with Norton AntiVirus 2004 with current virus file, but when I reboot it reinstalls itself.  Not sure what else to do.  I have attached the HiJack this log below.  Thanks in advance for your help...bk0566

Logfile of HijackThis v1.99.1
Scan saved at 9:55:28 PM, on 3/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Microsoft BizTalk Server\MSCIS.exe
C:\Program Files\Microsoft BizTalk Server\XLANG Scheduler\WFSVCMGR.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\WebSiteViewer\125235.dlr
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/chsi.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.comcast.net/chsi.html
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [aoawzrobvj] C:\WINDOWS\System32\jonxefa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} - http://download.35mb.com/images/dlapplet.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
WebSiteViewer
« Reply #1 on: March 12, 2005, 10:33:06 PM »
===Open Notepad (START>>>RUN>>>type in notepad) hit Enter
Copy the contents of the Quote box to notepad, not including the word quote
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop, well need this later, don't run it yet

 
Quote
REGEDIT4

[-HKEY_CURRENT_USER\Software\WebSiteViewer]


Print the rest of this out or save too a notepad file on your desktop

RESTART your Computer in SAFE MODE

Access your Add/Remove programs and remove if found
Ebates_MoeMoneyMaker

Find and delete this folder
C:\Program Files\WebSiteViewer <--this folder
C:\Program Files\Ebates_MoeMoneyMaker <--folder

and this file if found
C:\WINDOWS\System32\jonxefa.exe <--this file

Stay in safe mode

Go to START>>RUN>>type in
%temp
Hit OK

In the new window click on EDIT>>Select All
Delete the selected

Do another scan with Hijackthis and put a check next to these entries:

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [aoawzrobvj] C:\WINDOWS\System32\jonxefa.exe

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} - http://download.35mb.com/images/dlapplet.cab

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Double click on fix.reg and allow to merge to the registry

Restart back to Normal mode

Post back a fresh Hijackthis log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline bk0566

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
WebSiteViewer
« Reply #2 on: March 12, 2005, 10:56:53 PM »
Guestolo,
I followed your instructions.  A couple of notes:
- Ebates_MoeMoneyMaker was not in the add/Remove list
- The Ebates_MoeMoneyMaker folder was not there
- The jonxefa.exe file was not there
- When I did start run %temp was not found
- I did the fix in HiJackThis as you stated
- I ran the registry fix

The WebSiteViewer folder is back after restarting in Normal Mode.  I have attached the new Hijack log below.  Thanks again for the help, let me know what the next steps should be.  bk0566

Logfile of HijackThis v1.99.1
Scan saved at 10:50:35 PM, on 3/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Microsoft BizTalk Server\MSCIS.exe
C:\Program Files\Microsoft BizTalk Server\XLANG Scheduler\WFSVCMGR.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\WebSiteViewer\125235.dlr
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/chsi.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.comcast.net/chsi.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
WebSiteViewer
« Reply #3 on: March 12, 2005, 11:18:30 PM »
I forgot to add in the other % sign, sorry about that
should of looked like this
%temp%

Let's try this instead
==Download and Install this small program
to help clean your temp folders,cookies,prefetch folder, etc...
Windows Cleanup
Install for now, don't run a scan yet

Restart in safe mode

Delete this folder
C:\Program Files\WebSiteViewer

Double click on fix.reg <<allow to merge

Open Windows CleanUp>>START>>All programs>>Cleanup
Click on the CleanUp button, let it finish scanning for files
Restart back to Normal mode

Post back a fresh Hijackthis log afterwards
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline bk0566

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
WebSiteViewer
« Reply #4 on: March 13, 2005, 07:23:57 AM »
Hi Guestolo,

I followed your last instructions and things appear to be getting better. When the machine boots now a dialog appears that says cannot prepare plugin.  The WebSiteViewer folder is still created, but there are no files in it.  Attached is the HiJack log.  Thanks again for the help......bk0566

Logfile of HijackThis v1.99.1
Scan saved at 7:19:14 AM, on 3/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Microsoft BizTalk Server\MSCIS.exe
C:\Program Files\Microsoft BizTalk Server\XLANG Scheduler\WFSVCMGR.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/chsi.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.comcast.net/chsi.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Logged

Offline bk0566

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
WebSiteViewer
« Reply #5 on: March 13, 2005, 09:57:35 AM »
I spoke too soon.  The second time I got on this morning the directory was again populated with all the files.  I ran another HiJack after this in case there was a change and attached the log below.  Thanks for the help.....bk0566

Logfile of HijackThis v1.99.1
Scan saved at 9:53:48 AM, on 3/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Microsoft BizTalk Server\MSCIS.exe
C:\Program Files\Microsoft BizTalk Server\XLANG Scheduler\WFSVCMGR.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\WebSiteViewer\125235.dlr
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/chsi.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.comcast.net/chsi.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
WebSiteViewer
« Reply #6 on: March 13, 2005, 12:27:01 PM »
Quote
The second time I got on this morning the directory was again populated with all the files
Can you let me know what files your talking about

Download and save to desktop
HSFIX.zip
Unzip the contents of HSFix.zip and an HSFix directory will be created
We'll need this later

Please print this out or save to a Notepad file on the desktop

Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.

Important>>Restart your computer into safe mode

Delete the Websiteviewer folder again

If  you see this folder delete it too
C:\WINDOWS\System32\Cache <--this folder, let me know if you find it

Navigate to the HSFix directory and double-click on HSFix.bat.
* It will produce a log file, located here: C:\hslog.txt. <--we'll need this later

Restart back to Normal mode

Post a fresh hijackthis log and the hslog.txt
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline bk0566

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
WebSiteViewer
« Reply #7 on: March 13, 2005, 05:48:47 PM »
Hi Guestolo,

Sorry I wasn't clear, the files I was referring to reappearing were the files in the websiteviewer folder.  I have followed your latest instructions.

The hslog had only the following in it:
cerbmod.dll


This is the latest hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 5:43:50 PM, on 3/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Microsoft BizTalk Server\MSCIS.exe
C:\Program Files\Microsoft BizTalk Server\XLANG Scheduler\WFSVCMGR.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\WebSiteViewer\125235.dlr
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/chsi.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.comcast.net/chsi.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
WebSiteViewer
« Reply #8 on: March 13, 2005, 07:08:57 PM »
Not sure if you understand

If you find this folder
C:\WINDOWS\System32\Cache <--this folder, exact location I want you to delete the Cache folder

I need you to properly download and run HSFix from the instructions I gave you previously and then post back the log from the location I pointed out to you

Again>>Restart into safe mode
Delete the Websiteviewer folder and then  run HSFix.bat

Restart back into Normal mode
Post this log
C:\hslog.txt <--this log

Along with a fresh Hijackthis log
« Last Edit: March 13, 2005, 07:51:28 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline bk0566

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
WebSiteViewer
« Reply #9 on: March 13, 2005, 08:12:04 PM »
Guestsolo,

This is exactly what I did.  I did delete the C;\Windows\System32\cache folder.  It was empty by the way.  I ran the hsfix and the only file that came up in the log file was cerbmod.dll.  I did all of this is safe mode.

bk0566
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
WebSiteViewer
« Reply #10 on: March 13, 2005, 08:50:16 PM »
But I want you too post the log from HSFix.bat

I know, call me vain, I just like too see it for my self
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
WebSiteViewer
« Reply #11 on: March 13, 2005, 08:53:27 PM »
Here's what I suggest, this should help nail it

Download this virus checker from eScan
Mwav.exe
There's nothing to install, save it and then double click to run
It will self extract

Select all local drives, scan all files, press 'SCAN' and when it is completed, anything found will be displayed in the lower pane.
In the Virus Log Information Pane
Left click and Highlight all the info in the Lower pane---  Use "CTRL  C" on your Keyboard to copy all found in the lower pane  and save it too a notepad file

****If prompted that a Virus was found and you need to purchase the product  to remove the malware, just close out the prompt and let it continue scanning
We just want to see where the bad guys are

You may want to run it in safe mode, so ensure you save the log to a Notepad file
And please post the log back here

Post back a fresh hijackthis log afterwards too
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline bk0566

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
WebSiteViewer
« Reply #12 on: March 14, 2005, 04:47:18 AM »
Guestolo,
Wow, the mwav scan took 3 hours in safe mode.  Attached below is the log produced followed by the HiJack log.  Thank again for the help...bk056

===============================================
File C:\WINDOWS\ibs.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action

Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TIBS.zip infected by "Password-protected-EXE" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\bk0566\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv124.jar-7b537c95-2e1ab25b.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus. Action Taken: No Action Taken.
File C:\misb.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\Program Files\ArcSoft\Software Suite\Funhouse\CdaLMS.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\ArcSoft\Software Suite\Greeting Card Creator\CdaLMS.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\ArcSoft\Software Suite\PhotoStudio\CdaLMS.exe tagged as
not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\HsFix\Process.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\032C59AB.htm infected by "Exploit.HTML.DialogArg" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\07E200F3.dll infected by "Trojan.Win32.StartPage.mz" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10AE34BE infected by "not-a-virus:AdWare.BiSpy.s" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\14F73CAF infected by "Trojan-Downloader.Win32.Agent.ae" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\208778AE infected by "Trojan-Downloader.Win32.WinShow.al" Virus. Action Taken: No Action Taken
File C:\Program Files\Norton AntiVirus\Quarantine\23800C1B Infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\23866014 infected by "not-a-virus:AdWare.PowerScan.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\23A703F0 infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\23AA2DEC infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\23AE57E9 infected by "not-a-virus:AdWare.ToolBar.ImiBar.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\23B101E5 infected by "Trojan-Downloader.Win32.WinShow.al" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\258B5FAB.zip infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\263C2C4F.zip infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\27317942.zip infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2735233E.zip infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\295B4940.class infected by "Trojan.Java.ClassLoader.k" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\32784EBF.class infected by "Trojan.Java.ClassLoader.d" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\36362AEF.htm infected by "Exploit.HTML.DialogArg" Virus. Action Taken: No Action Taken
File C:\Program Files\Norton AntiVirus\Quarantine\36A96B79.dll infected by "Trojan-Downloader.Win32.Small.ajp" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\38FF6EE8 infected by "Trojan-Downloader.Win32.Small.qo" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\39EA3DE5 infected by "Trojan-Downloader.Win32.Ani.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\3A3F0188 infected by "Exploit.VBS.Phel.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\3ACB0EED infected by "Trojan-Dropper.Win32.Small.sa" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\47865039 infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4BBF0645 infected by "Trojan-Dropper.Win32.Small.sa" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4DDB6ECF infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\549B59BD.php infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\549B59BD.zip infected by "Trojan.Java.ClassLoader.Dummy.e" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\549F03BA.class infected by "Trojan.Java.ClassLoader.h" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\567612BD infected by "Trojan-Downloader.Win32.IstBar.fy" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\58A55614 infected by "not-a-virus:PornWare.Dialer.Tibs" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\58A80011 infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\58AB2A0D infected by "not-a-virus:AdWare.SaveNow.z" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\5ABF1AAE infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\664F56AD infected by "Trojan-Downloader.Win32.Agent.ab" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7BF779B3.class infected by "Trojan.Java.ClassLoader.i" Virus. Action Taken: No Action Taken.
File C:\Program Files\WebSiteViewer\125235.dlr infected by "not-a-virus:PornWare.Dialer.Tibs" Virus. Action Taken: No Action Taken.
File C:\Program Files\WebSiteViewer\125235.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus.
Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7483E547-531E-4595-8D9C-0B459D280732}\RP29\A0011766.exe infected by "not-a-virus:AdWare.PowerScan.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7483E547-531E-4595-8D9C-0B459D280732}\RP29\A0011767.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7483E547-531E-4595-8D9C-0B459D280732}\RP29\A0011769.exe infected by "not-a-virus:AdWare.WebRebates.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7483E547-531E-4595-8D9C-0B459D280732}\RP30\A0011801.dll infected by "not-a-virus:AdWare.ToolBar.YourSiteBar.a" Virus. Action Taken: No Action Taken.
File C:\System Volume
Information\_restore{7483E547-531E-4595-8D9C-0B459D280732}\RP30\A0011814.dll infected by "not-a-virus:AdWare.ToolBar.SideFind" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7483E547-531E-4595-8D9C-0B459D280732}\RP30\A0011817.dll infected by "not-a-virus:AdWare.ToolBar.SideFind" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7483E547-531E-4595-8D9C-0B459D280732}\RP40\A0048032.dll infected by "not-a-virus:AdWare.BiSpy.s" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7483E547-531E-4595-8D9C-0B459D280732}\RP41\A0048062.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7483E547-531E-4595-8D9C-0B459D280732}\RP41\A0048162.exe
infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7483E547-531E-4595-8D9C-0B459D280732}\RP42\A0049180.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7483E547-531E-4595-8D9C-0B459D280732}\RP42\A0049188.dll infected by "Trojan-Downloader.Win32.Small.ajp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7483E547-531E-4595-8D9C-0B459D280732}\RP42\A0050174.exe infected by "Trojan-Dropper.Win32.Small.sa" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7483E547-531E-4595-8D9C-0B459D280732}\RP42\A0050176.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7483E547-531E-4595-8D9C-0B459D280732}\RP42\A0051188.exe
infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7483E547-531E-4595-8D9C-0B459D280732}\RP42\A0051244.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7483E547-531E-4595-8D9C-0B459D280732}\RP42\A0052416.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7483E547-531E-4595-8D9C-0B459D280732}\RP42\A0055456.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7483E547-531E-4595-8D9C-0B459D280732}\RP42\A0055469.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7483E547-531E-4595-8D9C-0B459D280732}\RP42\A0055483.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7483E547-531E-4595-8D9C-0B459D280732}\RP42\A0056491.exe
infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{7483E547-531E-4595-8D9C-0B459D280732}\RP42\A0056519.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.



=================================================
Logfile of HijackThis v1.99.1
Scan saved at 4:44:58 AM, on 3/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft BizTalk Server\MSCIS.exe
C:\Program Files\Microsoft BizTalk Server\XLANG Scheduler\WFSVCMGR.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\WebSiteViewer\125235.dlr
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/chsi.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.comcast.net/chsi.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
« Last Edit: March 14, 2005, 07:30:13 PM by guestolo »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
WebSiteViewer
« Reply #13 on: March 14, 2005, 08:12:21 PM »
Well, that's showing some entries,
Can you first enter your Control Panel and Double click the Java Plugin Icon
Click on the Cache tab and clear the cache

Next: Would you please Disable System Restore
Leave it disabled until Asked to reenable it
Here's instructions how to Disable this feature
How to Disable and Re-enable System Restore feature

Restart into Safe mode

Find and delete these files or folders
C:\misb.exe <--this file
C:\WINDOWS\ibs.exe <--file, if found

C:\Program Files\WebSiteViewer <--this folder

Look for any of these files and delete them
you may want to do a search for the bolded files too
C:\Documents and Settings\YOUR USER\desktop\sexcam.lnk <--file
C:\Documents and Settings\YOUR USER\start menu\sexcam.lnk <--file

Also check other user accounts including All Users account

For cleanup purposes you can enter Norton's Quarantine area and delete the files found in there too...

Run Windows CleanUp! again

Double click on Fix.reg and allow to merge to the registry

Run HSFix.bat again

Restart back to Normal mode

Re-enable System Restore and then Post back a fresh Hijackthis log

Hopefully that gets it all
« Last Edit: March 14, 2005, 08:12:38 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline bk0566

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
WebSiteViewer
« Reply #14 on: March 14, 2005, 09:03:36 PM »
Guestolo,

I think you got it!!!!!!!!!!!!!  I am attaching the HiJack log after restarting in normal mode.  Thanks, bk0566

Logfile of HijackThis v1.99.1
Scan saved at 8:56:06 PM, on 3/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Microsoft BizTalk Server\MSCIS.exe
C:\Program Files\Microsoft BizTalk Server\XLANG Scheduler\WFSVCMGR.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Hijack This\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/chsi.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.comcast.net/chsi.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
WebSiteViewer
« Reply #15 on: March 14, 2005, 09:08:31 PM »
That may have taken care of it, thanks for running MWav

You should set up protection against future attacks

SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html

IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply enable all protection
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline CROW

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
WebSiteViewer
« Reply #16 on: April 05, 2005, 12:34:46 PM »
I didn't really haft to do any hjack to remove the websiteviewer virus. Heres the steps I took
I scanned my pc for adware/viruses delated them.
I uploaded the 128292.exe to my server and edited its contents. There I found the real name of the prog: tibsloader.EXE
I done a full system search on the SEXSEX.EXE and deleated it. I deleated the process of the SEXSEX.EXE when I hit ALT-CTRL-DELETE
I went through the redgedit and deleated the values of the websiteviewer and tibsloader.EXE I deleated the websiteviewer folder as well here is what the program looks like behind the beautiful but deadly face:

MZ       ÿÿ  ¸       @                                   à   º ´   Í!¸LÍ!This program cannot be run in DOS mode.

$       +K Òo*bo*bo*bì6li*b95qf*bo*b`*bo*c*b
5qd*bi   if*b¨,dn*bRicho*b                PE  L ¬«¶>        à    @      p  0½   €   À    @                      Ð     ÁÚ                                 Ì  ¨   À              T  ¸                                                                                          UPX0     p                        €  àUPX1     @   €   @                 @  à.rsrc       À      D              @  À                                                                                                                                                                                                                                                                                                                                                                                                           1.20 UPX!       Äu‹k92¯u'™  0=   ‚  & ÒÿÿÿÿSŠ\$V‹ñöÃt5‹FüW~ü @H4ŽxUhÿ·ÿÿÿvôƒî ÿ0q@ Muñ](tWè ?°YƒŒÍþ‹Ç_ëÿ6VÆßþÿÿ^[ U‹ìQ‹E SV-  W„ Hugö¿ýo·ÈIteé.guVÁèf="ÿ»ßýuM‹5€J3ÛSShG2ÿuÿÖ‹ø;û~ÛÛûSWhPë3À£ð‡*~Ͷµÿ;Ã~j[SŠ„P{÷mˆFÀ^òj Œ·ÿìŸï‹=cÿ×Ðþÿÿ8™+¿sÿö‹ðÑ
׃èdŽ0fSÑø+΍m7cÿPd+ÐRQPVB¸hS°÷Û jÿ˜è™}l¶öYÃhX€ÅCP‰¶Í}+´SPhQ üÕ Û~Øm=оj:JP!YÅYÍÝ~tBWˆ—ÿ j
ì»Û ± ƒÄ ótΈl¶ÅfWGX
†}{Gë­ÖuühN^¸X_žÉŸƒì¿á…†S
V‰ªWj   ‹8ÅÞ™îEðW+
ˆ]øP’ÎÝ9³×¿'Yÿ0ÂÖv»]p4   9t¯ëB˜Çþî]öƒÇ   jfS‰â‰§×š9ف |ìüö¶º¡8‹M‰ëG÷Ý/È [M n_‹Ã¥Ã›kL6~‹‹ …À\PpÝhp<^ÃbÜtÀhÉ3¾r¡îq ˆ:ÔzáÍöáìªVWQð‘¾~o¸…ìóVP¡è•p³þ¬ð]3ÿ9{t©9Cuy?ÝìÜ+èý3¼Æuø…gQ‚Z?{Y¸ €p›ýÿÌS;ÇtAƒøWt<<·u7»\ëm
BClFvÇwÿ6ƒÀ$ü>Q|‹ÜVNf‰;p²Y7yë6óÄ   7BӍ­%W¼ S¼°†Ï…  /ôŽÿP
   `YYVhìŸê
ß8­‹T;÷th½÷¬[ñPƒÆëé9}hØ-+4Pljüº’û»ë~+‹
ýþ¥ÜÈf‹Tëþ ¡‹L$f‹fÓ°AAfƒ:nÏnÿ'ufÇ' BBuä! ûÂój(ƒfÅÇF
ÁU>…ãë؉Vó ƒeô ØÊÖÛ÷‹ùjq¥€Y…ö^ªïãÜû‹ôÓ°DgfëNr üøø¾ð­=øS‹‰F(É[tZsë›V&:Q.¬ Axé1ƒ
‹G‚9G} oßÀ‰ Áà–7~,··-º›> ‹O‰4ˆÿ$ëÝÒíãÇEô‹ëìüyQ1æZ`L$¸¶P˜3"!´ñw|Ûo%9^~%ß-+Wô<˜ÿ:Ö¶w.ÕdpCØzøÖ&"|å_]^Þ[¸£°{
S8] göë.h'ü|柭sk û´WV?–/uµ
¸py·Ek´ãé'Ye쐮] ^(9ì‰M-]ôd˜­½äjÞ   4-·õɉ}üu(J0:Ú]
2Gðæ2ºÎ\±ö¤ E/eÜeígë—W=`ð;ó:M²µîu‹i™[\¥Ã#»ÝëÝQëDÖBeÿ ‘8t"F¸º» ‹üP¶WëkÚoÃpˆ7*Üô–7ÁhüÆBôeèˆÚ„pS~q~l;¸ ŸVEüW¶áÛ®'   Ôí…ÿ}#ŽÏùõvãüSÇ€8L„µ ßüï/´²{‹ÎP'›ƒ±d”ntiíïÛÈ-+|s€½{uLÖÜ0·ð t j2œ(‚°æþý+ #|0ëÊF¯< #,
SÇÇÀ…ÂÉÄ¿   ˆjF˜½ì°/‰1žü &}Ç[O¾³Ð@Ðré6à.8tû®.‘Gþ s
räc°û­,Ëý”'ëô)Š¼¼¼ý€ù   |
~
t u ®
?x»Aöïà`QIŸ>Š„WضÕÁh<s=)qìÛ]×UtGÈ   º°½›Ûp<‹$P Pø…
ÍB   ¿0SÁ æ¸ýf«;Ñs9s
f‹l}·ÿ@ˆ C;rö+ë´; ñ¸ÝîÞ#?€#ÙFë2<¯ <]g»®'<­#< tW¬;s;f¶·
œGˆC>¨uÑ9ûn9ž÷~‹Þ-a …ÝÃr‡N &,|éK­QîÂFK0}ÑàPʍøƒ7&Bu
¾Â
˜†•>€?P“Ð6÷
5[í^%%º¦_+/•Pè-à…OèÆÓ)hëÙúMpã­ðW<%yÇÓëï$tJñK\(aÖ+Á6@PîAn\ÔQ‹N
 x°†Ú"R /9>t©V[¸´5XuTÇKÞaíð€S>|…BÆ‹Kø>ƒÛ¦ ü¶KFÎ1i¤KûÚÐZí9K¹ú   ]zè*…¿àæFP|$tmû®;Šˆ¿<B±ggl
W7\Á(Õül÷   8t³üVÃÂ’{FëðZøðÔc{èï›k¬ùnÜjdÝø9‰Þ~[{÷
lõ°‹…Û|Àë5Sz]ØÚ|P¶& ,´³öS   {‹F‹cOÒæPVF;Z|8 ²µ¥4‰ìf@r„6ÌìNQpœÁüJ˜Õ‘[–ðìF±Qn¨ršG}ãz·Dmÿ5XrnÛŸmÖPØ÷ÛFC¶6ÌoÃUWFÕ¢Y…ö/ƒ€ß.|ÑݦËeΊä„ÉtµÒKÙ\tj£_­©¶DCˆ¾v6WÝÖ2Y32|6ÛÆ£èã<ªL¯ìöO4t?tؽ©;;Ùª‰SЗ99Vî(Rp\™-Ù­ Ft   ÞT¬Ð•’€,I!#ÖoÉæXC&L½ÀÎB³þÍä-íá”p*^=4Ν~¸,tî%ÛT~MgAWlF09ˆ™ÏÏIJ³f{0k8'|„„/añ&£lPn
#%Ã{»ú ð
Œ}c¾gÐÑØ8‡ÙWÐ̽ö†Uh (6bn;@›è“¢QSÝÏŒ™$… YaÕÀ™˜<,üVü)§„[s«BCÀÄì Š1ÀžoÖkýðV‰èâÙ8¾9Þ
o‰A–r‰‰h œûfu-ô¯A"](—5ì!§ÙÜÆ+ÙÀ¿nIf[âü«[aH=˜“ßü #;€·°lR1Ñì;o ÖQÛ¶°½Ÿ,ùŽ'ÿžt<Œ¤3 Âe„£ƒà.Éâ LIn}K–h9uu:l®Vï\Þ!ÌÃk•à·K©¤CrÈêƒ |tºA·¹öôû˜ðEëW¯Ù6˜…Ûj3a„Cé|:[Þ³;|+› Z‚h ™v[™¬ë:–~
Œ-s6l_’]Øþë6]8‰…±Û^™Órr;’NÒ™så–‹s Ï»Ôx‹7
Qn&],àÀ· r|Žwhl³ÙhFÛзbÿ3®tÌh þr¹¥Ç†vîá)ð=PVó ¶Á€ø{Ç
 In֍‘ÈׂHVÜFC„Pº¥E¾>Ù±Í*?8ëÅr¼æº
š,p
„ÏÅ
[£ê3àÁ±ßØÊ‹Ã-ȏ‚™ çA[0taßÕ'P;ܨD› <¹sbû›ÝEöP¦õYºY`´‹ÐDiîè$æ ¹"†<PÀ5pSöƒèp ÄÞÆ·etkHH2%V/H‚w[5
#   Lp6 j ,ÖÅCÆÙS4 ÝÎ4 j1PåNØ×™ÈT¨YáŽh¶'ØÑû^«ßkk%ü¹ Tì6b/\£9]ß­ß+8.4lŒ~4Þ<)v£­Ñ`4„=Y£ÿ¿ý|Y‹ÏoƒáÁá¹ÑY+ÊÒàêÔÑíG;4|Ì?SÌÅX03ÌPÂ.Zë'šQ6®ÅC2D0*ƒðc»MìQ|¸cr©2àߨö´;Öý….u@¡@r­

£Ý›o·¡D£˜   HfÇ” fìÖ|œ ˆ¤<B©©ˆ¨ˆæNm—Lf®­‹ß‚XëéŠDì<0| <9,ÿ÷~<@F~ <`~<f ƒèWÃ79ÜÝ0Ã2ÒQÄñ4Â QM˜­}
   Ő‡ñÀ÷Ø«Å2uXSÜ S ¸vÊ;é>u7Éfé-5#zSøï÷ÉöÌ,)
8lº¥jÄ
u[v¥
9 /ã6ku/ÒA|'úf»%' ðWý£wø 7OFPv` ³€D{z¶ˆ‘­îoƆŒD@ Þ‡ fŸ=L
SÛK³Fô&¾hˆ-ˆc†ž¥é8uÌ6Ûà×9^ÜÒKHÊ‘m+á„°q6ç;7ÃQìŠ $TBé5e¡†2ˆ ×¾´ðëÌTVhk&!a;ÌP<YþS_ûÑ×ÏÔÑWyzѨ«-Txl[¹r‹@:í]´as 8tBÅsôéï3ôÙH°¹±Ú
ëøá@ìgd@Ž\e~|è\ÑÑzp¶»
|n¶_ñËh€°),¾‚l8.™þcŠ
›Ì„ß·ïø¥¤Y}݈MÜä«f«
åƒmÛ`íìþ
ÿ'6»…ª\8Eh hx^Ư^´×Á0j9Eº»Øܸhø"€È3ȇäh€ðˆéÝ&Oìhˆ
þhœô·{ú§”ÀÆô‡Ÿø£üÎt¶Ìð±ôèÞZÀ€áuY_/þÏöº
ä_P[¹ØµÌ™3)Äx‡=æ {ohÔ/u¹®Ö ŽãPÌ™äÛëpо'ïäëÞÌìëÁYȾçäBþÄe°ïI€%ç ÕéÞ ÄÃ;ÉjdSØuç>Ûùšj¿7ÌH    ·ëàõcº‡*6€=XtbÏ…„Z¤ÅéíÌÃQ3ˆP$h´ï2ÒAº¨¬ë¹¯G9d5A­·~Øí¹[”'µÀV×Ìtît
@´ëçf¶—Ë:ŠXædƒ± Σäšk2bôt^ ;ÞÀ ÅñÇFpH8‰5ítãAÓóǶgµÜd \d³!„+¡jeÌ&Øl®`çì~t¿”­rëÂFW‘Hÿþî=Ò‰½Ä÷Ùâ¹p+÷ül½XÈÄÍvu   LsVKÿïþoÚvNƒNtÿÀ3É©V€u ÑntÑàAƒù ÐjÐÝ|î
‹FtÖg¡#WvÍhFx]ÿ²‹Nx‰¹ ~tvëë‰zàŠ·^
^t_ô½Â ­0t=ªÄ«)QWãk;‚­3½H
0¶òÛVà FPh×­AóÝ4PL‹g»ßæþh;ûÆFl]|fž€–tÿªÔ9<W ƒ>duƒÇ—;ÄÛëí$ëè|‚¿Úm0×’-‘w×DÇÖ,:!@ ËË÷‡~wƒ?CÆ߃ÆÚ՝Ñ^_*Qc8|Í¥§&<ÜWQhXtðK4ÅvÇÐcñЁ"÷†6°kÁ³
ðøð2‹®ìKÅQøÉ”([±™Kþvô¡y&+äßSáM‘
a²UW%–2l”x'™GÂÛ
ÃsS‰_ÞáP.<ف€pnku‡!¾VHÔ/t z‹oÓ;ëýuëGßþ…9›t%8^lt    x‹-|1~ÃÁkÿ4¸ÿÕêUۏò)Õ_Ï]]¸½¬Ûa\ëÛ¬NÁs >¡bƒ
 xk«ÐmB
Mlj놓M›â çUL&á•8=ÂVgC;5WÛQî½eR(ƒ;ë~f.]u¢a|j-€¤
x§ ¢m f4“Ç› Êxë] V;ÞWA„‹‰ [.{Yxßr0r whhºìq7Ú_ÊÏÄëa93tXů}ìæZ3À¥¥<±·§ZøUìxRÏPÿQZ°•<–í¹À#¢Ã#alÙ¨2Ç$n ã3H‚èSšÃpP8GkŽ°°¡÷ûQ9tT;Ã6<BSS?M ak¶) ÐR-uÏd{®©P{#î«tñ“•@÷*9xÐó
$!<(P†—´77²4]ºñ RP»>2   /LT ‚ˆpÈÝâP]h nå!¶„ŠtCq¶»Û†QRRQ›V#8‰ÚOc   0 G%„^ L0<æ⃼ÀÕ=W ´0
1ð«nÊsÿp `‹¬xMK<¿$[ƒY’ E*
Œò«$òÿðþjVˆ~ µ`²ìòSSm£DäBJ<q   ŠÙ÷Š'¤:Ë1m±mV.uœðëa'üÚuì-h0J”Žœî| 8¡ÑÊ   ª˜f…8,má!ŠÒêø¶âi   IÙVdœ†eDPDýîÞûßl!3fƒ¤E
Ì{8ð^æ@’ç ²þøüÆ^­z«UÒ5‹ÊÅ-Ǎ[ 'VF1fl†æîÛÁþ\t /t:8Ë—¶Á9   Û^ ·‰^(‘j$¿oTd•½™(
TÀÔ+”x[
•Ãã\ö6xð #IàÉ Ò§í•† ãt   ëLz«."`{9J7õ/A3Ò;ʸUt79 KÿR;£‰]9u9P“J¸íéxÀœ    ‹?——æ QO¶P ô¥ËQ‚ß
hˆž:uóSë
¹WÆ£W8˜T›ÿOø·99Pj#¨ë”(_϶_mF ¼÷ÙÙÒÉ…¸¹à#ÈÇ¡^ÁB`®–€ö8=³a&îDPxd>pž($
9ÀýžA ho”ߘðꔹV;ØW>²§#‹}!9>áàu߁á¨EËYpën‹7UؾN;ÈtIcI”Â…¶üÿÂÒ‰au‹;u5‹P;W-µØþËu%‹@ ;G÷à‚°Þ.ü+J­Ð±ÑX3[= غ´Q   8ÉÛN*÷u«¸ÿ‹-+µ›aVîS‰3²1‘{!;6»¿0âq8£_;¦‰>/=c4“8-1عÃëÁ'A&¼¬Êx rŽ¢8£=ãŽM î$oV¹H‚$Aªà=a«Fÿp·-d0 )y
Æ ‡Àcs[ƒVÇ%^3.X»s~ tÿ÷¨%sSh™»Ü™%C<l(…³ÏpéH6ôPcF
<ý³dhJDØ;ߌ¡_€8 UüR‰}#zâ7’´|aWǃ±®ì   3ø\   …L(‚ÉIÔeØ…Fø.šéî%ygQ&* *Üä]C;Çt|é ô€ü?KÅ–Ëò$h6ªð0‚@ž%¢e·r¼ä3W°‡ ]CËhŒÂ¤Ð*G[XÂj úmÇp
¦®™êë4çK§ê‡Oèè_ðSB‹€?‰YC¿‡‰N³0“eÚI\­2V‹à­hËvfâjÑ
üjèÚÙ烛pX¹ýñDÉ‚s†ôA/9Ô%àK´… ·x,‹CjƒÆ~ñæ¾Ñ b·vø‰8Hým-ßGÝÑ|
@‰ƒ[££°…H|±É£lƒ»   ~zc¥RS‘µp­aŸ_
zíÿQ‹ã5°Ê5·1R0,³ lt56Hð{W‰D,‹   ‰L“Œ€á½ìØPCìF¥F½ª„|†GadôL%±©`jÆXæøF–v“j¹Ô'C¬)RM I§
á"u¥wD    z¢…Z<þ§@ô‡2?
Ž›¬+ÈS`sÐJÜÔnS0ª ͸kß ¿ÁßþKvÁã?GË29Ó]¢ÀMô¿³ÉùÓ-!q‚Nƒëfiá¶q}Ôë OåUuvÄ®[hméWµkkæ‹G Ø·Û(6–ˆ§f¸|ÿ5z;££ —•ŒuÄø WsÇàL
TôÓž¼I\ÒáuT~$ÿÐq$qΰ $i”QK:¸°Ñ,$ ìv|¼ tÿèÈÊ)ç`Pã1ÿÜ™&^ª   L†q
`®À3\–>N~"8`H0&B2XzáÁé@PY
`ær[Šp&   Z{Lfªÿ@É@æ ŽLKü¯lE090u29p§-:È!$u;ÎõõS•Œë&œ54ˆ{šœq
±±%2ÏPÌ]f³7ë¡]ÒŸ,²Ã³É|‡ øÀ¤Ú }›q»[æ\MÎ;Ðtõ_W¼V[;r±ðm
j;ñÀ׳œ½ÏF“
j /6 +E@   m¿ä¥˜•ÀˆFH IÐÛnˆ¸rj(P-*/:¡Íü]ûÐKt¡üÇF;¬Y¢5¸\裤F0¾0þh¤ÇVˆËÖŠ4ÆÍf$¨hˆÚ~³V3NM;1$C/¢àO*vàÖ£‚=<`€Ô
÷Ù¸¼;­VêW‰âææ6^ð´ô¬ÆEÿ”ŠT[ØOû'€ïÖ§ÄS¿5¤ºìľ6§Oè
×P7Y
„¡T† qD7Z¨ã„eŽŠEÛž-㤡qDJ ð8Ê`”e ¥%#n0[1PV¾'ôjl“€~H SI¼Ç ÃYY<c:Ç‹
G.º+5 +ˆóõ3 ¿­SÌ,ô+û5806¿t4ƒ½…ó'Û+t"ÿµxÛFžøÈŒ~ƒ¥,ÁÁQOë V&KæÆžÄÇ^ž0qÅ Ã,ç}·'«è-   ƒ &`Ò8:pÀÀ˜äºp¥“(]
‘êjAQÓ>0éñ¸st&‰AIÀäáâ4J
˜…·²ƒø)©A;G­mk Ö6Ζ.–ÂPUM¨¡æÆŠÆ-ª8ìÊ "ÏŠjWcûÇ2<cE¦Fžo=åV¤ðà×ø˜°qAVô‚€t”i“ðÐÞµ_uœZ®OÅ2ˆL·]àvÜX€/Z#Vñej_S,ùÃUo*¨Mƒ!Ÿ 9à;¬sS/ï$}Ž(&:S€ÏÅ
b9B x>™s-   
m;F¡_ìÀ‡ºÂ¶Â®Ó²j,‹7@æÚáÜâ‡CBÏþÜ¹Ç >D‡
?]ÖbÖÌð@Tµ„‰FéÀ |æ0×nÊ(}d6b gïãø}[—g ×µ›ãƒÃ   @ÿQ2Qàe¥m|ÄSh[­œÔõ±±k‹L‡†Pa)8¸Þ_J
×;va`@;l„GCp}9—Èë‚0q=מּÍíDh–ÑÕì1­»Uè ýÊ^3ŒÂB T˪ÔK·˜YÊ;Á™‰¼Ñ΍µÔ\v `Ùt*L2ë‚Ñ€ äŒS܁ÃñZÏå$A#…_hÚõÅ ý9qQ š%Bñ
…-`3é
u漎t ¸hu"’q ¨òWÀu|î ø­`!í.I
Î@\èûŽg¢,&P|Ž±1ƒXµÑ çÆfÂèdY–´rJN 3Ç^-ðÄ\¾éHÀ5GpÈñ¯à‰7 ´Ä)bÜÌ9m2ü¶8Øt Ç„¥4YA²
‡ 4øÝ‚j8WP8f;Æèk|Q ÏJ™3t1çʵ‹?
Jüہ‹3á; ONý€{Ph¬0*P=Èbf€ZëŠ._xü` Ã¤½ãÁË‘k¡+[ùK„ø‚IÆdlwf«Âxl   ¡€/XŽ=—ô䍶•YtäÃìz¹M¤ûPQ+-±ŽE¯éà~4æuKW³—iì~C*þŒ|U$Âœ Í@
Á‘6ôñ6³êd8ă¿ÝºÚ0$J;r|Æäj
™YBã¥Ú÷ù,ÚÀÁà)&­Ü"æª+šY8wp Zv×âº+{Hwjÿ&m hò9ê
Dqûjkv5"Ÿ‚̝µ£é¨ÙØ Vž¢ž97a–ùtC
Kx…¨¯mrSCµè¶
€%ՍàNV]~_`k±vfAèÉÿ;Â}»oü‰Uès&ŠÙâÿã3o¿Ýj|Áé8“3Ê@îèrÝÖœmoà÷ÑE TËpÒû¾³^•¼ÖâRAx'Æ&9<ÿ>&4˜G,V-‡NÐ&ëY>\£IIH³ÑV.tÿv^ÈM†5èh”ëñ½:àp"&ŸíòXˆë6Q#v ³¹Í!xë·
%»17lÙ›4$†®ÅF[÷Áà ˆë,jdžôgb„Å:ö-¥’xÇÙ8}H,ðÖÇ$úX Óxó§2Ä’ÍAÍÁ¤XhÅ~/Á]Ö–‹KØ=,.\g±0S™{+v3À$; aôW …    ÏvF6ŠA]häµÖ‚bNˆ®Å¿ÐZöÁü
Ñéñ­Aolí¸íÄ   JÕ‹‰° 
±q==|Ú°ƒÅè$À‹ùu@mÜ.¾fèbPøýØÎÖHÒ­¹è!¼=²†tEtYöu|ˆ)6­•WJNRˆÊ€³Yø9ÓÉdKýˁ»þ
0¢~EWhØÁËœ›-7:8ƶgm"ÐÐE‡C(;W÷ë µÈ8ëXŒ=WrÜhÀÜ:;¸6vÈ…°’‰a†Qþ|4©8ЍâµÌW"ƒåL΁k"99| Šå‚8% 6ñkþ(t2…ö›h<’
Vƒlœ(%WšÉœ8U„é?G;stçÞwųèq—ÿwhðº¸èÆ%ڃƆî¸4õzðÝbƒ‹×ÿëïeÁ;Ès%¿lŠ‹Þ#×#ßt{p;ò ÁîòAræîÂ>c~÷Ö;w „hw ¸%,`lè!Ô{`œb£«8_LºN
é±Wñ¬îNl7|ÝÒ9SKhä[Q
¼£|*N-*ž<÷ÛÛ·ÆÇv@þÃb„Ût'³•F®F87P±ÌŒԁ±Ç_!=“ËmâמûG‘ µ˜ïñÛth(„­MìtEg:±‰×)+x»$„G>f{°Eà±ë €®×%ÿxPS¯Áø{÷ $h „¿¿>al ÏØùƒ<}zWî—ë·ˆRu&+¹×anhEšø'Þf¦âa^Ø%ðhÝF|I9YÜ‹äd`2ŒÊ…€¸6øôaƒvþ8·›„£øÿ+zIÅ̪ryŒ–‚ î¬9Q7§[TÛ(ÿ^ ùÖ|ƒàØ"‰85ëd‹Á½Í
=Ì%9³0d6   Z]~hÂhL)˜Ðà7dƒbðô j‘
[    o_c!è€ßêAàì>uþ;ÇY¢
Dn8‰xR©¦†lã;ljŠ1aòpÕa(^W;8„¶lYwWºW‚sIƒ! Ú}ÈCˆ\„öø 3èMòQÄ°peÄ¡zÀ„
;{‚sÁ ÌþÇY1R³¦^
Ö!5…‘¹QÝ‘ÊÐÃm¥–0÷fŠ¬‡!p2½
eGPÙàµÀ%ï<Ï×
êèæâE%µ¹ÌqØý4„ûhæEüÝ<h0Ýž+EüÅ>Ö’mïø,øGñ]Ö`X ^SM³
²È¨ÿ¤^2b< “Œ \-äüÈ?¹˜ÔÛåûühÌ’)HO!ù_72wà!Ïœ·F÷Þ¢‰ŠµöDÙcÖ ÿøSø#âBqWݨûþÀ„a6¼$´þÓ=)8‰Í¸„´ìd)´$¤< ÍoÆNP¤ú˜ —ý0°ShŒG:ì®±,G®Î´hp?l„‹—! æ}ðj…Ùƒð[ÿ7$EåYkÚ›4·€d¬üdEÙÙd¯Pe¶PP‹0á숧H4`¸hw°Ku£vNqjÇYgûðVÑB
¥³p×,+¦Q*ÚÛ;~
+O:P&¨Ì²‰@-À£êôó´Åâ•¡j
ÖSÝÿ¿Pj™^÷þ‹UôÑùѱðÌÉBÁÜKJ@Љ0ù@lO>äD‹¼u#Po ÖÓŠW<n­µâ"u
tÙÞŠÏñ€>ë< åök¤
 ö#„À¶µ´uáÔ¼ÅPjè]-TrÕ¸.
xUí%8!f
XPu &µ'¶UèuŸ¢¡x©V¥
\©’¹»»QÄjŒ
|
‹tkŽúï #Ñ‹4úê,ºZìPR)>§0Zˆæ2}Ã7ª×ʾßS°ÁÞ?˜YÃ9
ifQgZàmæÀ/TOSÂø¬…* HÁN¶¡#ÁNtC½3÷°
?ë62ÄH¨<lÒn
?{Ö ¬éžñT¤äϯ ÉЈ!ퟱܠ  iH-›Æ9ˆ0¤ü¶ÑO†@
šVExèˆ1Vhó
ûtFuc*02m4È6½$æzä²]Ð0 ÔØPuÀ­   ®Üà‰ÎèÓ&"K®` ÐP2F+r.JÒ£4Ô‹–dتJ
»yZ” ˜Î/ce;[Û9ð ôÚèÂ@BY¸œ…­Gt…öÜm.žЄP…@LñŽ9Ü$à äðo ¾ƒ­ZìËt*]ÐUCý@‹C$ÃÄ
Ô.òuåù>DÅÔ™Žæh„uuy¨0½4"ôœjdDozœvrÑø5`…!Òù<Dcò´Zè:§ø“
óKè +²¡ø‡M”;£N Þ€¢\Äs%&¸DØr8ê];:
¤AuOŒÔZnBæh¬…÷³ŽOQçu_ÐW£°Y
Wñàtjy!ª@ᙑ°H-V 1ÓÝÌ(â
þÒ¥º]ŠµAt9<Ru“»z¢I³Hjèh¤hRåÜh ­¬îLÍFµÁ ëw«¬øx<?»ƒÏÈÑÅ·3·ŸPÚÄ£Øê
=|Lák[‹óÅ‚’Ȫâ9;ÛøhS@*îÈñ?¸¾h„Q,"Vá¶w*Pý^xÀ|S0| 9Ê
–ÄXt°[†Y=½l×Çêü¢Šó« ‰1ˆ*º±H !¡ó#Úªp_Y(Ú›ü1x¿Ù‚u3luh8†üiN.ëS,CÿµpözÍ‹WBÓl‡}u=+44pZ   ógO  vh¤û!5$hü…XêÖƒe'ì…&´G˜x»h¼„.‹˜µ.¹Ä»@Q…tÜ <þ™ì[²´…PrŒâ½–,£
Ò²³de»(Tqj²Sà:¤AS˜È3l¿]œPÇdI(Ïvô$¾ð0öm ­è^u!ãœ~IÆÊ5yPGëcÈ\ ˜Œ…p€4ÊÁ=ú¤ÈåÌ\t¶®ÝVEôƒÚA¸Fº{Pz €Ãö÷uT ç cq©kP„Rp   .4¬è¶H9|·ˆMà­¡ÜY_‡¸D†Á¯2Qû›EaŠ\p†}cËV0QàG·™¨ReLd<lk5Ÿ8;¼ ÜŒè&ž
D^   [|<sÆ`cüˆÉó– M(Ð×s¯ùr@ŠTÌ> |(!X)yxžçø]:˜×Óé²ckƒ†g€†Û"!ÀæØÊNDŒ:EB6¶é˜Ô¾Pl†VŽX²Ù™è«Úl»`ü·_uÌðýC~³%Êðý[£·¶2܃   Þ!Ø"’3ÃfZ1½1©;jWÐF6Þ ö7܃Øz-vWBG’'ø0L¨tëàdDƒ% y vKÐõ
‹èj(ôq÷ÖA°ä@G4ôTÞ»š+•©ÐKÀÃwÜYΨ‰zßsS   à hý ÉB;] ^ž‚÷Û[!v"‹Q‹   Š”&ýÁ–“‘3òÐÑð rãJÙEñr8p£˜÷ÐjÑ<‡Ù¡ø¥hÖæŠZ&›öWðöÓ0ŠÕ.ŒŒ¤ºÁ)rq WÙ D9}8OÁØt ©,{ n)¤ˆQP¡Òñ|6'ý2#VÀö3l¯•†Rð 6¤ÀœÆ’l¼$aBuü¥ä0>ýéü@ `   i€$ÃÅÊ1$Ú³[F©dVN“[5s(h'I%‹YÊHô~$yâû.Ѝj£-ŒŠtLè[ý¤#àÍ+€¥ü2´¹!¼ýÓ@î¨¾ûŽ([³lkÇá¹ÀUƒ:Ü`öa&   Èq…v ­Àµ8‡•Ð1&YGb’·(QøýBñ:õ3âØþW¼†¸Ò@>{¿ÃC#Â=¥XÃÇ]·DÖ†¹M\ëXŒ„éf¥rYOÀ5Ì
ðô™ß8¡¶5ÓÄB5Ä–HJÊР  ¶!±øÕè^èØÊ&ºÂÑ ¿{%ÐCGtL?Ø&/±!ZCõB¯us8ýhOP»ÈIØ®rˆaºÔaÄ49gM/gK5àF·vP(PE‰ R†[·¿uZÔ
3ÒY÷ñ~`Î
ó]D1{Oô§Íäë­[±ØÉ„‘¬ Dr7ZÁe0v—6QoB€‰›l Èr4#º€d5œTœø0‡ N‹¢-‹9àYÌÙ€wì­ä#6:Ìs#Öˆ¸Þ¢v£¸8]þÀ£!Ì–qSÀD,5êøƒ†áušDÿŽìM6 MìSQšãl&hÂø|-ôkjý pUìP”Á;Ëý¡Û^£e4^Všk»ÚàÊlf_W`·î6Vò]ô Ï`Ïö
øá6"Ï ú{H ©¦È5Òä9Úðû¢ƒ¤ðSvu V6¡ì·Û9£YìIXò¨Ò±#0j؆ÜÐhXDÀW*P¤P _ûCm
ÇDôƒMè€ì.º¥ì¬|¼{j WNÙè@òÏüá€ÖNpfE6
Ð̘ ZŸdEJªð†CÔøCó•Áe¬C€­~1ÄPŽôtO:‰\‡Häjön’“48&,Z¸Áߌ€8 uÆh@8Åóåšš¹)vÜ4X°Œ:u ;(wqØh‡G/a:G<ºï 6¿‰„¾bñ‚/:WÑ?è@M¿&]ā
P·†NQ‚ˆÿvuïU(Xä~8P'¾*Ù"” ®‘nYŽÂæÄWÄ’“3&ÜÄ#'àÓÈÄÓ‡Þ`€ÀÊ±Ëø^Ÿ17Õ[ð‹Š´Ü£fí]ìCëìó„ëÅëSéµÂÃÞ\•3   PQ™jC =¯å.A+_µT]DÝTû[b_ƒî‹Î"O†ì$†þ—ëx{L&9üüKö²‘ÅïX¨\ÐQߤ¥Rñ~’   :LÃt@ëïÄ`£ÏÓU Ø\°Yê%¶7ÞÁ <   Ö<
º
þ[û/ôBëëÆ
BVƒù-‹ñ:+ÿöÖÞu@
0|9
€/µÐçDAÐëé*-í÷ØD´ƒæPGZ°Ð˜ðSVkÒ&~…ZÞ¾f1€ú? €úC¤b!þ|î^À$1ØSUì¾lW-ÒMŠ :€m
€fŠ¥Ê²[ ÏÒ<Ïaz^öAZ…Í<YgÛ0ñB¦ÂÀ;Ð|¹“™àž$:³›¢tHót ΩßøY.= †Ó| =?BÈØa@}Ì Q=ß÷†'}Vré -…ºý±sì+È‹Ä ‹áK"5µP;(WðÒÕ4Á‹Ñ’;þv2Ħo^ø‚x?÷Çoý·Â_ØÁéƒâ]V)ó¥ÿ$•øbƒÿ׺ºƒér ƒà·¼™[…cSìºfŒb LpbsÛ|ŠˆŠJˆGV“Œ-[YÆÇ\̍,ËزI+%םMò¦#F!G?M×ÈŒïÜÔÌMÓ4ļ´¬¿DŽäÓ4M÷‰DäèèììMÓ4Mððôôøø ·Ñ4üü^öé¾Cxðø   ÿð^]¦0…^b\°ÙÀ ù£>̐
+t1½dÞg|9ü$
ýÎÛg·ãüwd÷Ùï@dÈçdù+˜c6Óu¿,¨ Èðm’¯»http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/ohmy.gif\' class=\'bbc_emoticon\' alt=\':o\' />NXOV¶v   ÃÞK£î-ïï)Œ'¼²%á$«-®º smEZi[DLiš¦éT\dltMÓŒ°‡d—4MÓ4 Ò4MÓ éº ¨¸ç–°Ìd—·µ‡` a¶ƒ
H   a·o¥/Å —g…ÒtG‹áP Ší•ƒú_Øza-™ƒá·+GIuÁÐ|ÿú‹ÈÁàÁÊÍ*]Wª”G:#J’¨3>_Ãbë@ä D ˆŸx÷«òŠ ×<t2©ï ŠÿÛÿ:uRFGHt
Š8ÑuEŠNÞtêd   ;06èuãü90Èu+ó§în° NWü%8õaé¾µ Áê
¸F×ÞàƒØÿ4}Ä‹‹8ÊrôöÛuçc8îuàáU1wû6µâ;4ÍH^¯·ï]yW2Š¨„ÙiŠ¥ÝFñq„öÒ÷Š©¢osð8ÐtѶ

ÿçÚZ±õÿ_Æðuë~ÿŠNü®üa„ät(º8àuÄŠA]{÷¢fÿƒÁtßë±/4Š¹´¡ÂùV’ú íwû·ÜǍBÿ[¤$Ád‘aƒ   “²Ø}|ƒŸ6;÷Â"tŠ8ÙtÑ~ágƒQuí Ø_ÃÁãV8nàß‹
¿ÿþþ~÷3ËO~÷¿-Ññ{ðÿ3Ï3ƃÂûu%ª.ðütÓفæ…Íý˜Ä^äBY]áîØt6·ï8ÜkÏ盦é”ÜÔëIçžµ–-±Bþ7ýPaÏü  Ót­http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />€B<8ˆÌ4M, ¾Ôÿß ‡ö‰·…Lžü4¹n?â…c‡dȆ¬7€š¦iº¤œ˜iš¦iˆ€d°¦l7XDdA8 ¦[žü€Õ2š«¹Ù“ÛÑ1·28‚K·[«„ %E9Ã8ͶY.4$'7‹º³9Rx?:!¬d³èø9ƒd£„Ÿ;ìÉØGÖÀFîa/›…à/XÈ yà ­("J]MDºöÏÿ7TYPELIB CLSIDelete`©ÿNoRemove”orceüŸîýVal B'GSY/¶(eÑ–î·¿A…ø

(P?ase sGýï·ÿct your cntry)K128292儵BÙd€ro² ËÀv‹@`näs1@½ RÿX×ý E G I›T YM o d u·ÿŸµ ¹sHKEY_CURRENTON {ûìFIGDYNATA#í„ý/RFORMANCEUSÙ/°S#LOCAL_CHINE[¿=Ù 'oLASS_ROOäìÙ±TCC‹DDP`m²U LMH"üÂÏRInv}id acQ¶å_ØÑl#cm: lc:ka»k¿`¦gServ/Unr
û'TiBsLc SkAÿ…ÝÛ-/'5is‘rTypeLibüû74oÆut32.dll{.tlbáB€×ß`·À!„®p² !ï/´Í³Ï½%s /¿l
cm +´Ím\ %„¾¡;<lrexe%ã·noßi!en (mp¿5>Øì);/Can'Š{Û­½¥epaluìnO[í®}ãhˆp://+?v=Y;Ƕ&tid—÷bÛlCg   7downloaµ† …d.sy;mmkÛöÍ}4.fc) 0 £²×Ú³& ,3à ±3[ud µjÙØlx sò؄׎ë.b‚ Üî{ånicoŸ_lØ£µÆtx8%4fÞçx/K€+ÍcÊѝ Ǐclø—_uÏÉ«'3l¶ÜÏïl=k•04d2þqXJÎ ,\*.*@0Ÿð[ƒlnkç°7ì±Á'Æ ã ÂßWebSiYViewÏËþName3…
íno¬~¶ls_ä ^ãÂogãss¸‡ÚÃæA¸wíWêß.9.uF. éjl dßØz
 wâd"gest­«‹-tS™A¤n#ý`3]>azion»£lÝdGi1PrëÊòÿosím vyèkejtnKž?pímí,at. '2º·vwa0hil
e–ˆ¹“qthšcz{㆏NTŸSt;Ô¹Âî»;Softw3\M3vvk®Õ
\Ó˜WExDm"´Ë.«s®àhÍ®ûS®n>'Ÿû¹.958 ÖJvã9x ²90+½.ì9ÚKÐS „Ì|3.51‡¨Än…Ö\q7%gs·"«ì\P˜» FÁ˜söÊÃz k­Á\C2ϽŽ=ö"[;:DirW L§Ö±™|! E(ﯵìp
aboÄ6©m
HÛ‘-b^ãH®ÛÇ!=Õr&5
$ÝšÚoF &fo÷ês&F2i0-6Êvš w…i–¶XmkŽm! rèú{-û06dp'‚,MÉ_ClW ¼`è
\cᶉTYphy\cZ„]s4w$ÄUȨé6PLBCx>ò}À È€
È $ Pz‘î‡Ca s lä–qt
Óo©Ít#Ýr   cnr{c]×-Mu as   eO–r f+P#ÊÝ5¤“
5ÈŸ\« !ÂhùÍ– € è…ó‘Q "h#G
íÏbG-åÝoçdá(££àgÑ °,`{Get`T»ýØ·hadIdLastEor
0TiraryExû»ß¶Alrcmpi
IsDBCSL6rî²½Byte8SEvJƶÿŽlockedDecXmCPªîßseHandl,W{kÔZS+Obj&a³æ^!ƒ9Š
>»u±RmS&epResd­ÛYcEF>
û6÷ÙAÎommb²nHAÀ˜{pAl‰SªI&T¬PëSÕÞìÅÖ(o½šnëÚ Ôize   c
S,´6s)&ÑEyne‡ -#Y‚«¾Q³cAdd‹AÛ?fA$cINInp)Widph¿m\h5ToMulZcÝ-`“~Aφfa L"L¸Q«IDiŸ3ÕÏ
Next;1TÍÞ¬µifP8 $plX¡   %¾ivÌкΠ  ÅfSq¤qÜa!upBpˆÅ9iêæÂö¡Šl FÒe$Ö&ÎVª‡sO© ÍÙ†¡-ŠHy.ƒ­,MR%t†/ö
=S²#o›Í+>!Sèôx,+, ´Ø¬] OfHWê^j(|lÞ¡Modh2
ïÍÁ]n!ŒZÞðè ³ ØZlÈCbrÀÌUhom‡`ÛPmhänM/—   Wqv!{\vEN…à4Kéí äܤgÑKeÈ›ÜÀ.Ôue!n;Ì .aum½GÀd+ Q{É­Bõ<-ZìÅ g
=0ÄÙ–•ú£pë¡8½T|kM¨KI*}gaU’h³„}I
Ö±R   qF’µµ`СJs[`!+ívolmÛaÙŒ·Ë•Ë¿m–0ÿÿ ÿ¡£xͶ,¢P³ÃÑZ[¿e>ÆQÌØríáHÓp£âl,@¨«–Zíê`¨®Lð:]ç§ýI`+H˜Û0QrGÆ0E7ê›%é– ;ÖU8 HRÞPo?ÃŽ…Bh,MÂag}÷^Ž†KogBoxµH% ^,F˜ZÏ‚(IDlP1;`Zablf
d;±]- µ7$csÁÍÊeCS4‡%/{ÃÚC˜'wsK[°Ëprtfvkîpf]°a*&¨A7hmÙ =Œ>Á––]chcv­„à4 Z(À$JöÔAUc-FÀ™¯ŽAÀZnnVÀ
®‹H
X2Za÷*ƒaË—ùÉ9”PEL ¬«¶>xÖl  X(HNœ}‰ep
@ ¤›s˜3  7°3·4¥‹÷² ˜t2YØ.È€
§¶9W.ízûW›.ì ë# .r¹-7aûn‹uö+\'@.&'”4Msµ€lÝ`¥ÛÀOsrÞëO¿•4t<w
—    €  @ ÿ`¾ €@ ¾ ÿÿWƒÍÿ됐ŠFˆGÛu‹ƒîüÛrí¸   Ûu‹ƒîüÛÀÛsïu   ‹ƒîüÛsä1Ƀèr
ÁàŠFƒðÿtt‰ÅÛu‹ƒîüÛÉÛu‹ƒîüÛÉu AÛu‹ƒîüÛÉÛsïu   ‹ƒîüÛsäƒÁý óÿÿƒÑ/ƒýüvŠBˆGIu÷écÿÿÿ‹ƒÂ‰ƒÇƒéwñÏéLÿÿÿ^‰÷¹°  ŠG,è<w÷€?uò‹Š_fÁèÁÀ†Ä)ø€ëèð‰ƒÇ‰Øâٍ¾   ‹   ÀtE‹_„0 ¼  óPƒÇÿ–@½  •ŠGÀt܉ùy·GPG¹WHò®Uÿ–D½     Àt‰ƒÃëØÿ–H½  a黏ÿÿ                                                                                                                                                                                                                                                                                                                                                                                                 ð €@  € €°  €   ð  €   0 €   p €   ° €               d   `  €É   ˆ  €                    x     ·                                   Ô  Y                            È  €                    à   4Å  h                             €                        É  è                         f   H €                    `   ’  ¦                             ˆ €                       H  4                          Ë   È €                    à  ŒÌ              R E G I S T R Y  T Y P E L I B ““È’  HKCR
{
   NoRemove AppID
   {
      {1E89F684-B78D-4C85-9EFC-3474516E3FE2} = s 'tibsloader'
      'tibsloader.EXE'
      {
         val AppID = s {1E89F684-B78D-4C85-9EFC-3474516E3FE2}
      }
   }
}
 €“  HKCR
{
   LoaderCon.LoaderCon.1 = s 'TIBS Loader module'
   {
      CLSID = s '{1E89F686-B78D-4C85-9EFC-3474516E3FE2}'
   }
   LoaderCon.LoaderCon = s 'TIBS Loader module'
   {
      CLSID = s '{1E89F686-B78D-4C85-9EFC-3474516E3FE2}'
      CurVer = s 'LoaderCon.LoaderCon.1'
   }
   NoRemove CLSID
   {
      ForceRemove {1E89F686-B78D-4C85-9EFC-3474516E3FE2} = s 'TIBS Loader module'
      {
         ProgID = s 'LoaderCon.LoaderCon.1'
         VersionIndependentProgID = s 'LoaderCon.LoaderCon'
         ForceRemove 'Programmable'
         LocalServer32 = s '%MODULE%'
         val AppID = s '{1E89F684-B78D-4C85-9EFC-3474516E3FE2}'
      }
   }
}
   à˜  MSFT               A                                       ÿÿÿÿ       €   ÿÿÿÿ    ÿÿÿÿ    ÿÿÿÿ   ÿÿÿÿ    ÿÿÿÿ   ÿÿÿÿ    ÿÿÿÿ   ÿÿÿÿ    ÿÿÿÿ   D  €   ÿÿÿÿ   Ä  H   ÿÿÿÿ        ÿÿÿÿ        ÿÿÿÿ   $     ÿÿÿÿ   ÿÿÿÿ    ÿÿÿÿ   ÿÿÿÿ    ÿÿÿÿ   @     ÿÿÿÿ   P     ÿÿÿÿ   ÿÿÿÿ    ÿÿÿÿ   ÿÿÿÿ    ÿÿÿÿ       ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿ0   ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ   …ö‰·…Lžü4tQn?âþÿÿÿÿÿÿÿcºwÞ|QÑ¢Ú  øw<éÿÿÿÿÿÿÿÿdºwÞ|QÑ¢Ú  øw<éÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ    ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
ÿ
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ     yLOADERLibWWW loader 1.0 Type LibraryWWW ƒé=WW ¤ WW       ÿÿÿÿ0          à•  (       @                            -Eq d†» 8X™ ¨Ìé •ºè ƹ¹ «¼æ Ñîï xˆ© 6 †šà {¥Ö {œÎ s”Æ Jk¢ Œ­Þ wO±î"   ""êÿ±.îááwO±îáâ"áÊÿËâá.îwô®á«úÝ¡Ïú̲.â.wôÞ.ÚÌÌÍÿúݱ".wÿá­ÌʽÿñݬÂîwJâÿ­ºÞÝÍ""3J"áÜÿMÍÑÚÊ" 3®"áÚßMÔAÝÝÜÎ D"î¤DJßmÝÝʺ O.ÄDýÏOÊÝÚª";â!OüÏÿÌѯJ"!ÑÔDûËÿ­¿²="!¡¯ôÿËÿÝÌòN"áÑôOÌüŽîÿ®A áÑÜÿDÊÿ".èËþò"áŽá¿D¼ø  èŒþþ"!â"Ûôü¼   ™˜éèò !Ñ" èôMÿ™™˜‰Â !܈à ôýÍà™™Î (È     î­î .Â!Ð éîÑÑî ˆÿ¾    R™î"á     î áÝÝÿöÞ"興áÝÝÚÿDÎ O»ÑàÑÑÝÝÝÜÿÿ¾"6Í荭ÝÑÝÝÝÚÿÿ¾ !Áèß¼ÍÑÝÝÝÑÜÿÿ¾",DOÿ¼ÌÝÝÝÜÏû¸ ¤Dû¼ÍÝÝÝÝÿÿý".ÿû»ÍÑÝÑÝÝÌÏÿDíôÿû»ÝÝÝÝÝÏÿtìíDÿû¼ÑÑÑÝÍÝÌñ                                                                                                                                È˜           è               €Í  @Í              Í  PÍ              šÍ  XÍ              ¤Í  `Í              ±Í  hÍ              ½Í  pÍ              ÈÍ  xÍ                      ÔÍ  âÍ  òÍ       Î      Î        €    Î      ,Î      8Î      KERNEL32.DLL ADVAPI32.dll ole32.dll OLEAUT32.dll SHELL32.dll USER32.dll WININET.dll   LoadLibraryA  GetProcAddress  ExitProcess   RegCloseKey   CoInitialize  ShellExecuteA   CharNextA   InternetOpenA                                                                                                                                                                                                                                                                                                                                                                                                                                                         ¸    0‚¦   *†H†÷
 ‚—0‚“1 0   + 0h
+‚7 Z0X03
+‚70%   ¢€ < < < O b s o l e t e > > >0!0   + ²m%7ŒJÔrðaœ
ÌÕÖÚ ‚0‚'0‚ 0
   *†H†÷
 0Î1 0   UZA10U Western Cape10U   Cape Town10U
Thawte Consulting cc1(0&U Certification Services Division1!0UThawte Premium Server CA1(0&   *†H†÷
   [email protected]
960801000000Z
201231235959Z0Î1 0   UZA10U Western Cape10U   Cape Town10U
Thawte Consulting cc1(0&U Certification Services Division1!0UThawte Premium Server CA1(0&   *†H†÷
   [email protected]Ÿ0
   *†H†÷
  0‰ Ò66j‹×Â[žÚAb8îIUÖÐï•GïH5:Rô+j;/êV㯆ž÷ž´euMïË   ¢!QØ›Ðgк
’sÔ“Ë—* œ\N ¼úRüòDnÚJnŸ/-ãùª:†s¶FSXȉ½ƒ¸s?ªôBMç@7 £00Uÿ0ÿ0
   *†H†÷
  &H,ÂXúèt ªª_T?ò×Éx`^^n7c"w6~²Ä4¹õ…üÉ8ÿM¾òBCç»ZFûÁÆñJ°(FÉÃÄB}¼ú«YnÕ·Qˆ㤅k‚L¤ ­é¤®?ñÃIešŒÅÈ>%·”™»’2qð†^íP'¦
¦#ù»Ë¦B0‚N0‚· 
0
   *†H†÷
 0Î1 0   UZA10U Western Cape10U   Cape Town10U
Thawte Consulting cc1(0&U Certification Services Division1!0UThawte Premium Server CA1(0&   *†H†÷
   [email protected]
030806000000Z
130805235959Z0U1 0   UZA1%0#U
Thawte Consulting (Pty) Ltd.10UThawte Code Signing CA0Ÿ0
   *†H†÷
  0‰ Ƹ¹'`¯ ã‘ieÛ~í‘æªñ¾ÕíþmÔ,Ñpwû&™W´Ý?0¸Ü!êh’ü.K‘5„ òÚJº´üæÚˆò Å!’   G•    ¦y¾±LüñŠnTÒi¡ñL“:Aþ}Ôd{cE÷``1¤éÓ‹ûn&$³¨ÿååÔ´ÂÜP`®Y £³0°0Uÿ0ÿ 0@U90705 3 1†/http://crl.thawte.com/ThawtePremiumServerCA.crl0U%0++0Uÿ0)U"0 ¤010UPrivateLabel2-1440
   *†H†÷
  v²œîŸö-4’”Es4ÜŽk.\üL}‰ëÃhñ×™.ȵ‹¾ÍŠòI:[É ŽmRáv ÃeŠ"gäSS7F¿¼×/ë{žÐEl@!â]uvf0ôß‚Š/½ó¢ ¿ÛŸ¢šr7M°wHèJ?   ÎU,ïæ$á¯ì0‚Ä0‚- G¿•ßRFC÷ÛmH
1¤0
   *†H†÷
 0‹1 0   UZA10U Western Cape10U Durbanville10
U
Thawte10U Thawte Certification10UThawte Timestamping CA0
031204000000Z
131203235959Z0S1 0   UUS10U
VeriSign, Inc.1+0)U"VeriSign Time Stamping Services CA0‚"0
   *†H†÷
 ‚ 0‚
‚ ©Ê²¤ÌÍ ¯
}‰¬‡uð´NñßÁ¿ga½£dÚ»ùÊ3«„0‰X~ŒÛkÝ6ž¿Ñìxòw¦~o<¿“¯
ºhôl”ʽR-«H=õ¶Õ]_Ÿú/k¤÷£š¦ÈáLRã`ì@~¹
Þ?Ǵ߇½_zj1.™¨G Î1s
W-Íx43•™¹Þh/ªæ㊌*Ë!‡f½ƒXWou¿<ª&‡]Ê<Ÿ„êTÁ
nÄþÅJݹ—"|Û>'ÑxìŸ1Éñæ"ÛijGCš_ ä^õî|ñ}«bõM ÞÐ"V¨•Í®ˆv®îº
óäMÙ ûh ®;³‡Á» £Û0Ø04+(0&0$+0†http://ocsp.verisign.com0Uÿ0ÿ 0AU:0806 4 2†0http://crl.verisign.com/ThawteTimestampingCA.crl0U% 0
+0Uÿ0$U0¤010U TSA2048-1-530
   *†H†÷
  JkùêXÂD1‰y™+–¿‚¬ÖLÍ°ŠXnß)£^ÈÊ“çR
ïG'/ 8°äÉ“NšÔ"b÷?7!Op1€ñ‹8‡³èè— þÏU–N$Ò©'Nz®·aAó*ÎçÉÙ^Ý»+…>µµÙáWÿ¾´Å~õÏ žð—þ+Ó;R8'÷?J0‚Í0‚6 >Õp0
   *†H†÷
 0U1 0   UZA1%0#U
Thawte Consulting (Pty) Ltd.10UThawte Code Signing CA0
041208202317Z
061126175019Z0€1 0   UUK10U Lincolnshire10
UBoston10U
Browser Plugin10U Website Viewer10UBrowser Plugin0‚"0
   *†H†÷
 ‚ 0‚
‚ ΥƏf<ÁJðñçRMG±`1—`8Ò½€ãÀ³bèÝò pŸÙé»Ä`êíy?¾ÄÃ6ô·úåFa4ékGdžÔl9Fg
θ!†"@ÿbÿÙ_Ú?ì¶r4ëóEyd:ðiÂL@"ªB’ßkäF„e†™nY   !XMäu³ØåWý²¶xõ0à Dæâ<æØ _Ìx†ËQàÑRì¼½Ù0|É?ÌEXw
!ëÓ’]é{u¼÷úAJ[…DJÖ–™sK?04F„ƒÝ&щ<BX9ÉÏX¯&1Ò XÊ°Õz?„W«S€Ã•¬ Η\ˆ¿š…ŽL$ôi½êc £ú0÷0U%0+
+‚70   `†H†øB0U000 
+‚7€0 U0‚www.browserplugin.biz0>U70503 1 /†-http://crl.thawte.com/ThawteCodeSigningCA.crl02+&0$0"+0†http://ocsp.thawte.com0 Uÿ0 0
   *†H†÷
  UÝÝØ7‘r›ÌŸ>:‘ žœåñNIô U «žŒc{>Gzel w 7†=CÝÇóIØ.G€»ÆÄ!½Ço½Î ¦‘Ù|¿ãlº½ÎFÆyjRSø>qËb¨mxE\Ís î>$©_R90]Û÷åÅ’ûºí3D½r5é—0‚ÿ0‚ç 
é+ðÔØ)ˆ2   ^švˆ0
   *†H†÷
 0S1 0   UUS10U
VeriSign, Inc.1+0)U"VeriSign Time Stamping Services CA0
031204000000Z
081203235959Z0W1 0   UUS10U
VeriSign, Inc.1/0-U&VeriSign Time Stamping Services Signer0‚"0
   *†H†÷
 ‚ 0‚
‚ ²P(HÝÓhz„Dfu]~ĸŸc&ÿ=Cœ|8%UsÙu'iýN¹ \Ó
ù *íUV!aØÛä¼3kÇïÝ£7eŽ“ ¶S\|f5_ŠEþvNßS€¢ ®ˆ\¢÷å0ùî"7LB
ÎßÆÄÖUé?µR£,ªzò¢ª5þŸæ]jŸ=kã¿–ÀþÌ`ù@ç DëQn¥*ò¶Š(íÜ †Pš{J
0Êžk÷éX®©@™²(菬<ãSoKÓ5µod³–,»=çyëmzùæ&­¯ï™S·@,•¸yªþÔR«)t~Bì9¢jæY»$hØ €C‡€k £Ê0Ç04+(0&0$+0†http://ocsp.verisign.com0 Uÿ0 03U,0*0( & $†"http://crl.verisign.com/tss-ca.crl0U%ÿ 0
+0UÿÀ0$U0¤010U TSA2048-1-540
   *†H†÷
 ‚ ‡xpÚNR [àyÉ‚0Äý¹–½‘ ýÍÍÆôØÿùMÀ3b0ÅõtÔ’Þ_œ ±|E¾P̓瀃§'“gFûʸ˜AÌ›Q[‹¨oóP$.òil"÷»Ê•í tÀhwÙë™b‡Ásø‰tz#«£˜{—±÷)qM.uHAÚðµ
 TÖw —‚ciý   ÏŠðu»   ›ÙùU&ša2¾z°{†¾¢Ã‹",xÑ5v¼’s\ù¹æL
#ÌäÒÔ4.I@<`z$Æ¥fï–Ïpë>çô
~ÜÑ|£vqiÁœOG05!±¢¯b<+ÙŽª*{س\{❥oþ<‰­1‚ø0‚ô0\0U1 0   UZA1%0#U
Thawte Consulting (Pty) Ltd.10UThawte Code Signing CA>Õp0   +  p0
+‚7 10 0   *†H†÷
   1 
+‚70
+‚7 10 
+‚70#   *†H†÷
   1c̈H(26=ðÎ 7`* "+0
   *†H†÷
 ‚ ‚kî>®9”ÄfÖ[õò¹ÊºËVg1:0vB{7O‘W>Ì.ÙùÈ•Ãy!«¿À×Å<˜Ãªnww‚YÚ†õ7ሑä‰9Ã_¤N-|¼f«+åû×{‚‰FUý“r^•öy|]nøŒX¾U'óÝDàl‹ÙéenJÂuJÏ¡ ]Ön·íÇ8Ê¢L«n´@¹ºÞF·åXύŸþ™)ìÂźNª%ƒ6±ãtC:˜}Ηd%Ð/?×ä©,þ2a)`z­mŽ%òí§ÑŽQ_>ߪ†Ýg)Z!µ¹÷‚¯á–C¸Ã8ã0ÑüªS³ááÆÆŸ*ïØ¿aèiîwÆ¡‚ÿ0‚û   *†H†÷
   1‚ì0‚è0g0S1 0   UUS10U
VeriSign, Inc.1+0)U"VeriSign Time Stamping Services CA
é+ðÔØ)ˆ2   ^švˆ0 *†H†÷
  Y0   *†H†÷
   1    *†H†÷
0   *†H†÷
   1
050323183004Z0   *†H†÷
   1ù­‚Y6ÖƒÐ-0ùƒñ«í0
   *†H†÷
 ‚ htd²î~üû½áí—]I22<O>1¤kUF¶­³ï‘Tu¢#áSÏ8
K€ç‡Ù.}ê}QøæðÊýégK·wl@~£ŽÑuó“!NBµšü!1É>Ÿzªß–¿ 0£Dªr¾fÏór @³ Ž'V=U±~~`D5máÈ‘Jî›iµtÍkÍpҍdŤT9¾m<¡‹s(ã0ÐÜÿW•‰#<¢òÝñq
™+½ft€¯ñ¾Ÿ^š¹%–°ÛScéné)_¹2®Ó]*CB©ƒÁ¿ìîôϽMþÓ²ú›ÖÅ,È1q®¤¼h   Cx³ðqFœ_ð·ßzi›7      




HAVE FUN DELEATING!
Logged
Pages: [1]
« previous next »