Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » Annoying Virus

[Fixed] Hijackthis! Logs - Annoying Virus posted in the Security & Safety forums; Hey PanCake thanx so much for helping me out the logs are attached...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 3 of 5 < 1 2 3 4 5 >
  #15  
Old 10-21-2007
Silver Member
  
Join Date: Dec 2005
Location: New York City
Posts: 105
egyprincessnyc - See this Members User comments on their Profile page
Default Re: Annoying Virus
Hey PanCake thanx so much for helping me out the logs are attached
Attached Files
File Type: log hijackthis.log (14.4 KB, 1 views)
File Type: txt log.txt (15.9 KB, 1 views)


  #16  
Old 10-21-2007
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,073
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Annoying Virus
Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
O4 - HKCU\..\Run: [Widp] "C:\DOCUME~1\Dina\MYDOCU~1\CROSOF~1.NET\smss.e xe" --ru -vt yazb
O4 - HKCU\..\Run: [Tafrnj] C:\WINDOWS\system32\??stem32\n?lookup.exe
O20 - Winlogon Notify: cbxvsrr - C:\WINDOWS\SYSTEM32\cbxvsrr.dll

=====================

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\omjgytbv.dll

Folder::
C:\Program Files\Viewpoint

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Widp"=-
"Tafrnj"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxvsrr]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"=-
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #17  
Old 10-21-2007
Silver Member
  
Join Date: Dec 2005
Location: New York City
Posts: 105
egyprincessnyc - See this Members User comments on their Profile page
Default Re: Annoying Virus
ComboFix 07-10-21.1** - Dina 2007-10-21 12:56:54.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.486 [GMT -4:00]
Running from: C:\Documents and Settings\Dina\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dina\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\omjgytbv.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Common\VistaBoot.sdll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305001C.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\VETScriptInterpreter.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
C:\Program Files\Viewpoint\Viewpoint Manager\CPtask.xml
C:\Program Files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCP.cpl
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\s.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_av.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_cp.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_up.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bg.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bottom.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab_bg.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_off.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_on.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_off.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_on.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vwpt_logo.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\options.ini
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\viewpoint.ico
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\vmctrl.html
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPexe.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\eula.txt
C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe
C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarSystemInfo.dll
C:\WINDOWS\system32\omjgytbv.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-21 to 2007-10-21 )))))))))))))))))))))))))))))))
.

2007-10-20 22:59 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-20 22:54 4,672 --a------ C:\WINDOWS\system32\fctrrawv.exe
2007-10-19 22:36 4,672 --a------ C:\WINDOWS\system32\ronfcwci.exe
2007-10-18 22:43 4,672 --a------ C:\WINDOWS\system32\yrevgemk.exe
2007-10-17 20:39 22,130 --a------ C:\WINDOWS\system32\instdump.zip
2007-10-17 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-17 14:07 <DIR> d-------- C:\Program Files\CCleaner
2007-10-17 14:06 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-17 13:05 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-17 12:56 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-10-10 16:42 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-06 13:26 34,816 --a------ C:\WINDOWS\system32\cbxvsrr.dll
2007-10-05 19:44 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-10-05 19:44 <DIR> d-------- C:\Program Files\Autodesk
2007-10-05 17:04 <DIR> d-------- C:\Documents and Settings\Dina\Application Data\Autodesk
2007-10-05 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2007-10-05 16:52 <DIR> d-------- C:\Program Files\Revit Architecture 2008
2007-10-04 23:30 2,284,605 --a------ C:\WINDOWS\screensaver1.scr
2007-09-28 22:56 <DIR> d-------- C:\Documents and Settings\Rowan\Application Data\Apple Computer
2007-09-28 17:23 <DIR> d-------- C:\Program Files\IrfanView

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-21 17:01 --------- d-----w C:\Documents and Settings\Dina\Application Data\BitTorrent DNA
2007-10-17 19:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-10 03:04 --------- d-----w C:\Program Files\AIM6
2007-10-10 03:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-09 04:59 5,082 ----a-w C:\Documents and Settings\Dina\Application Data\wklnhst.dat
2007-10-07 01:42 --------- d-----w C:\Documents and Settings\Dina\Application Data\BitTorrent
2007-10-06 07:05 6,164 ----a-w C:\Documents and Settings\Amr\Application Data\wklnhst.dat
2007-09-28 21:08 --------- d-----w C:\Documents and Settings\Dina\Application Data\Viewpoint
2007-09-26 05:09 --------- d-----w C:\Documents and Settings\Amr\Application Data\LimeWire
2007-09-26 03:36 --------- d-----w C:\Program Files\LimeWire
2007-09-22 01:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-09-19 03:39 --------- d-----w C:\Program Files\Common Files\AOL
2007-09-19 03:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-09-19 03:37 --------- d-----w C:\Program Files\Your Uninstaller 2006
2007-09-19 00:43 --------- d-----w C:\Program Files\BitTorrent
2007-09-19 00:42 --------- d-----w C:\Program Files\BitTorrent_DNA
2007-09-14 20:57 --------- d-----w C:\Program Files\Zekr
2007-09-09 23:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-09 23:49 --------- d-----w C:\Program Files\Google
2007-09-09 18:11 --------- d-----w C:\Program Files\QuickTime
2007-09-09 18:08 --------- d-----w C:\Program Files\Apple Software Update
2007-09-07 01:17 --------- d-----w C:\Documents and Settings\Dina\Application Data\LimeWire
2007-09-06 17:28 30,336 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2007-08-31 01:15 --------- d-----w C:\Program Files\DISC
2007-08-31 01:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
2007-08-29 23:56 --------- d-----w C:\Program Files\3D Home Architect
2007-05-29 02:01 156 ----a-w C:\Documents and Settings\Rowan\Application Data\wklnhst.dat
2007-03-11 22:53 439,296 ----a-w C:\Documents and Settings\Amr\GoToAssist_phone__317_en.exe
2006-11-28 04:27 439,296 ----a-w C:\Documents and Settings\Dina\remote.exe
.

((((((((((((((((((((((((((((( snapshot@2007-10-20_23.47.13.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-21 03:43:11 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
+ 2007-10-21 17:01:43 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
- 2007-09-05 00:45:05 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
+ 2007-10-21 04:55:58 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
- 2007-09-05 00:45:05 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-10-21 04:55:58 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-09-05 00:45:05 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-21 04:55:58 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-21 17:03:26 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_344.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2005-10-14 13:21 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 23:47]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 16:56]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-04-05 14:21]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-04-05 14:21]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-04-05 14:21]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 00:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 21:24]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 17:12]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 00:36]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 19:46 C:\WINDOWS\system32\ico.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-08 13:50]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 15:11]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 16:58]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-06-01 20:55]
"NS Agnt"="msagnts.exe" [2007-01-04 21:50 C:\WINDOWS\system32\msagnts.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-15 08:00 C:\WINDOWS\system32\bthprops.cpl]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-17 16:13]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-04-10 12:25]
"Athan"="C:\Program Files\Athan\Athan.exe" [2007-07-07 06:09]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 19:15]
"PartSeal"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 00:08]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-10-17 15:08]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 08:00]
"Aim6"="" []
"BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-09-18 20:42]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-24 17:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\R oyale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale. theme

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-03-09 17:51 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"C:\Program Files\Zune\ZuneLauncher.exe"

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21 sony.sys
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d8435c48-225e-11db-b383-806d6172696f}]
AutoRun\command - E:\sony\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-19 22:58:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
************************************************** ************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-21 13:04:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-10-21 13:06:49 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-20 23:48
.
--- E O F ---









Thanx again
Attached Files
File Type: log hijackthis.log (13.9 KB, 0 views)


  #18  
Old 10-21-2007
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,073
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Annoying Virus
And a few more to remove..



Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\fctrrawv.exe
C:\WINDOWS\system32\ronfcwci.exe
C:\WINDOWS\system32\yrevgemk.exe
C:\WINDOWS\system32\instdump.zip
C:\WINDOWS\system32\msvcr80.dll
C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\system32\cbxvsrr.dll
Folder::
C:\Documents and Settings\All Users\Application Data\Viewpoint

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #19  
Old 10-22-2007
Silver Member
  
Join Date: Dec 2005
Location: New York City
Posts: 105
egyprincessnyc - See this Members User comments on their Profile page
Default Re: Annoying Virus
oops sorry, i cant add the combofix log, i tried copy and pasting and attaching it, its too long , wat should i do
Attached Files
File Type: log hijackthis.log (13.2 KB, 1 views)


  #20  
Old 10-22-2007
ih8bills's Avatar
Tech Team Leader
My PC
 
Join Date: Feb 2006
Location: coastal Rhode Island
Posts: 4,317
PC Experience: More Stubborn than any PC
ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page
Default Re: Annoying Virus
Originally Posted by egyprincessnyc View Post
oops sorry, i cant add the combofix log, i tried copy and pasting and attaching it, its too long , wat should i do

Post it in 2 parts


__________________


Without music, life would be a mistake
Friedrich Nietzsche
  #21  
Old 10-23-2007
Silver Member
  
Join Date: Dec 2005
Location: New York City
Posts: 105
egyprincessnyc - See this Members User comments on their Profile page
Default Re: Annoying Virus
oh yeaaa y didnt i think of that , ok now i feel stupid

ok i dont understand y this thing is so big the previous one wasnt like this, i might have to do it in 4 or 5 parts

ComboFix 07-10-21.1** - Dina 2007-10-21 20:14:10.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.411 [GMT -4:00]
Running from: C:\Documents and Settings\Dina\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dina\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\cbxvsrr.dll
C:\WINDOWS\system32\fctrrawv.exe
C:\WINDOWS\system32\instdump.zip
C:\WINDOWS\system32\msvcr80.dll
C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\system32\ronfcwci.exe
C:\WINDOWS\system32\yrevgemk.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\ComparativeSearch.xml
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\masteralerts.xml
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\Services_Registry2.xml
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\DynamicSearchTypes.j s
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\featureCommon.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\featureManager.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\global.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\moreManager.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\navigationEvents.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\notificationManager. js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\onCloseManager.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\images\inner _bl.gif
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\images\inner _bot.gif
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\images\inner _br.gif
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\images\inner _tl.gif
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\images\inner _top.gif
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\images\inner _tr.gif
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\images\s.gif
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\index.html
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\offline.html
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\offline.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\options.css
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\options.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\options.modu le
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\optionsManag er.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\options\optionsWindo w.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\pingManager.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\selectorManager.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\selectorManager_util .js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\ images\close.gif
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\ images\frame_bottom.gif
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\ images\frame_gradient.gif
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\ images\frame_left.gif
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\ images\frame_right.gif
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\ images\frame_top.gif
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\ images\header_back.gif
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\ images\icon.gif
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\ images\left_gradient.gif
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\ images\logo.gif
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\ images\offlinemsg.gif
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\ images\s.gif
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\offline\ index.html
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\tellafri end.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\tellafri end.module
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\tellafriend\tellafri endWindow.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\buttons\ button_glossy.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\buttons\ button_glossy_description.txt
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\buttons\ button_glossy_dropdown.html
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\buttons\ button_glossy_dropdown.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\ background.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\ background_framed.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\ buttonContainer.html
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\ buttonContainer.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\ contents.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\ dialog.module
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\ dialogs.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\ dlgIcons.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\ dlgIconsLarge.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\ field.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\ info.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\ info.module
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\ message.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\ message2.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\ message3.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\ progress.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\ progress.module
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\ progress.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\ slideShowDialog.module
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dialogs\ titlebar.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dropdown s\dropdown.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dropdown s\dropdown.module
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\dropdown s\dropdowns.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\htmldial og\htmldialog.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\htmldial og\htmldialog.module
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\list\lis t.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\listMenu \listMenu.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\listMenu \listMenu.module
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\listMenu \listMenu.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\notifica tion\notification.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\notifica tion\notification.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\options_ menu_button\graphics\viewpoint_logo.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\options_ menu_button\options_btn.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\preview\ preview.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\preview\ preview.module
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\preview\ preview.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\scrollba r\scrollbar.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\scrollba r\scrollbar.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\searchWi dget\DefaultSearchOptions.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\searchWi dget\search_buttons.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\searchWi dget\searchHistory.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\searchWi dget\searchhistory.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\searchWi dget\searchWidget.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\searchWi dget\searchWidget.module
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\searchWi dget\searchWidgetDefinition.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\selector s\selectors.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\selector s\selectors.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_g raphics\background.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_g raphics\highlight_bottom.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_g raphics\highlight_top.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_g raphics\popup_cursor.cur
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_g raphics\popupmoi.wav
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_g raphics\redeye_cursor.cur
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_g raphics\size_diagonal1_cursor.cur
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_g raphics\size_diagonal2_cursor.cur
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_g raphics\size_horizontal_cursor.cur
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_g raphics\size_move_cursor.cur
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_g raphics\size_vertival_cursor.cur
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_g raphics\thumbnail_404.jpg
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_g raphics\thumbnail_bookmarks.jpg
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\shared_g raphics\thumbnail_search.jpg
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\tray_scr oller\tray_scroller.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\UI_elements\tray_scr oller\trayScroller.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\utilities.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\core\ViewBarStringConstan ts.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\AdvancedOptions\ AdvancedOptions.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\AdvancedOptions\ AdvancedOptions.module
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\AdvancedOptions\ feature.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\AdvancedOptions\ options.html
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\alerts.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\alerts.mo dule
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\alertsDef inition.module
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\feature.m tx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\featureDe finition.js
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime\3.8.0\SkinEngine\features\alerts\graphics\ alerts_icon.gif
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar