Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved]Need Help, Heres My Hijack Log


  • This topic is locked This topic is locked
11 replies to this topic

#1 JMG2K3SRT4

JMG2K3SRT4

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 30 June 2007 - 06:14 PM

Hi, Im new to the forums here and have been trying to help a friend out with an infected PC. Ive removed alot with AVG and spybot and VundoFix but theres still alot running and I need help removing whats left. Im running Hijack this but at this point I just dont know whats safe to remove. heres the log.

Logfile of HijackThis v1.99.1
Scan saved at 8:05:53 PM, on 6/30/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system32\dwdsregt.exe
C:\WINDOWS\System32\scchk32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\cfg32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Documents and Settings\All Users\Application Data\abynipkx.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\cfg32a.exe
C:\Program Files\DV Series\Console\Watch.exe
C:\WINDOWS\j86759.exe
C:\Documents and Settings\Owner\Desktop\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {17CF7F0B-1951-4D47-A9AD-9A4800743BC0} - C:\WINDOWS\System32\sstqr.dll (file missing)
O2 - BHO: (no name) - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BE87FC15-F5D2-4257-A58A-9914C2ED8931} - \
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [{8D-D8-8D-D6-ZN}] C:\windows\system32\dwdsregt.exe CHD003
O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.8.5.0\SbWeatherOnTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SC2] C:\WINDOWS\System32\scchk32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe
O4 - HKLM\..\Run: [Netscape] C:\Program Files\Common Files\ISPCOMP\InstallService.exe
O4 - HKLM\..\Run: [j86759] C:\WINDOWS\j86759
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [abynipkx.exe] C:\Documents and Settings\All Users\Application Data\abynipkx.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Startup: 360Share Pro On Startup.lnk = C:\Program Files\360Share Pro\Gui\360Share Pro.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\mjdsregk.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\twinkndt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\DV Series\Console\Watch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\rlls.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (14.0)) - http://166.82.128.23...ls/LTOCX14N.cab
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinn...rabblecubes.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast....wareControl.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinn...ck/bjattack.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinn...d/bejeweled.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://vhost.oddcast...ostClientIE.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.taxsimpl...tsweb/msrdp.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spam...ckerutility.cab
O16 - DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} (Pegasus PrintPRO Control v2.0) - http://166.82.128.23...ls/prntpro2.CAB
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinn...man/hangman.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.co...GameManager.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystan...acheManager.CAB
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinn...es/wwspades.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winliw32 - winliw32.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\hmeuhdgt.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe

    Advertisements

Register to Remove


#2 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 30 June 2007 - 07:11 PM

Hello JMG2K3SRT4 and welcome to the TomCoyote Forums

My name is Trevuren and I will be helping you with your problem.


Please download this file - combofix.exe by sUBs
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

Regards,

Trevuren

Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#3 JMG2K3SRT4

JMG2K3SRT4

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 01 July 2007 - 10:06 AM

Heres the new HJT Log first then the Combo Fix, thans for your help.

Logfile of HijackThis v1.99.1
Scan saved at 11:58:02 AM, on 7/1/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Documents and Settings\All Users\Application Data\abynipkx.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
C:\Program Files\DV Series\Console\Watch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BE87FC15-F5D2-4257-A58A-9914C2ED8931} - \
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.8.5.0\SbWeatherOnTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe
O4 - HKLM\..\Run: [Netscape] C:\Program Files\Common Files\ISPCOMP\InstallService.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [abynipkx.exe] C:\Documents and Settings\All Users\Application Data\abynipkx.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Startup: 360Share Pro On Startup.lnk = C:\Program Files\360Share Pro\Gui\360Share Pro.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\DV Series\Console\Watch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.amaena.com (HKLM)
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (14.0)) - http://166.82.128.23...ls/LTOCX14N.cab
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinn...rabblecubes.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast....wareControl.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinn...ck/bjattack.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinn...d/bejeweled.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://vhost.oddcast...ostClientIE.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.taxsimpl...tsweb/msrdp.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spam...ckerutility.cab
O16 - DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} (Pegasus PrintPRO Control v2.0) - http://166.82.128.23...ls/prntpro2.CAB
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinn...man/hangman.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.co...GameManager.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystan...acheManager.CAB
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinn...es/wwspades.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winliw32 - winliw32.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe


ComboFix
"Owner" - 2007-07-01 11:41:42 - ComboFix 07-07-01.3 - Service Pack 1 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\envgsmeu.exe


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\atwsettl1.exe
C:\atwsettl2.exe
C:\atwsettl3.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ErrorProtector Free
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ErrorProtector Free\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ErrorProtector Free\Data\ActivationCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ErrorProtector Free\Data\HOURS
C:\DOCUME~1\ALLUSE~1\APPLIC~1\ErrorProtector Free\Data\ProductCode
C:\DOCUME~1\Dekeita\APPLIC~1\ErrorProtector Free
C:\DOCUME~1\Dekeita\APPLIC~1\ErrorProtector Free\Logs\update.log
C:\DOCUME~1\Justin\APPLIC~1\ErrorProtector Free
C:\DOCUME~1\Justin\APPLIC~1\ErrorProtector Free\Logs\update.log
C:\DOCUME~1\Justin\APPLIC~1\WinAntiSpyware 2007
C:\DOCUME~1\Justin\APPLIC~1\WinAntiSpyware 2007\Logs\update.log
C:\DOCUME~1\Owner\APPLIC~1.\.rdr.ini
C:\DOCUME~1\Owner\APPLIC~1.\stem~1
C:\DOCUME~1\Owner\Desktop\internet.lnk
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\TTC.dll
C:\Program Files\Ultimate Fixer
C:\Program Files\winantispyware 2007
C:\Program Files\winantispyware 2007\Activate.dat
C:\Program Files\winantispyware 2007\appupdate.dat
C:\Program Files\winantispyware 2007\AsAgents.xml
C:\Program Files\winantispyware 2007\AutoProcess.dat
C:\Program Files\winantispyware 2007\bnlink.dat
C:\Program Files\winantispyware 2007\database\enemies.dat
C:\Program Files\winantispyware 2007\database\knownfiles.dat
C:\Program Files\winantispyware 2007\database\TEBase.dat
C:\Program Files\winantispyware 2007\database\vbpv.dat
C:\Program Files\winantispyware 2007\dbupdate.dat
C:\Program Files\winantispyware 2007\lapv.dat
C:\Program Files\winantispyware 2007\license.rtf
C:\Program Files\winantispyware 2007\manual.pdf
C:\Program Files\winantispyware 2007\manual.url
C:\Program Files\winantispyware 2007\monstate.dat
C:\Program Files\winantispyware 2007\ps.dat
C:\Program Files\winantispyware 2007\pv.dat
C:\Program Files\winantispyware 2007\quaratine.dat\#post_quarantine
C:\Program Files\winantispyware 2007\readme.rtf
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c913e6a4db10e74cfa68b208bf\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c913e6a4db10e74cfa68b208bf\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c9179fb21afd684dbb84cf01af\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c9179fb21afd684dbb84cf01af\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91b876c934b1d47ceef63b288\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91b876c934b1d47ceef63b288\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\1510c2479590439cc60458b2\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\1510c2479590439cc60458b2\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\154f03da16d444be5a167489\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\154f03da16d444be5a167489\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\1b7edebf2b1e4f491cf55b82\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\1b7edebf2b1e4f491cf55b82\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\1bf61a9f3b15477056586db2\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\1bf61a9f3b15477056586db2\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\2130f369c0d442a536f8749a\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\2130f369c0d442a536f8749a\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\260c9401477d45f549f674be\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\260c9401477d45f549f674be\#settings
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\260c9401477d45f549f674be\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\2cb73bc9f5954d3df42fa0bc\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\2cb73bc9f5954d3df42fa0bc\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\31fae92a31f84699d3e9dfbb\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\31fae92a31f84699d3e9dfbb\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\34b104411a6b42a40a32ca80\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\34b104411a6b42a40a32ca80\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\5892a1f7103843c3a3e63c97\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\5892a1f7103843c3a3e63c97\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\5a46e279d15e4f7f3267f5b4\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\5a46e279d15e4f7f3267f5b4\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\5a7ec57d97fa4e49f1a12c80\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\5a7ec57d97fa4e49f1a12c80\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\5a7ec57d97fa4e49f1a12c80\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\62a3b599c06047790fad989d\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\62a3b599c06047790fad989d\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\648986c828624229cec7d499\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\648986c828624229cec7d499\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\6673bbc6d18c477639ffea8b\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\6673bbc6d18c477639ffea8b\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\75c9f00bbd9343b7620e9781\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\75c9f00bbd9343b7620e9781\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\861a4cbf62ad44bfba4338b0\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\861a4cbf62ad44bfba4338b0\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\888b19d632374cb4377c8f94\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\888b19d632374cb4377c8f94\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\88e72e1a892f4ce985e92591\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\88e72e1a892f4ce985e92591\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\89f931a5bee14abb247725aa\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\89f931a5bee14abb247725aa\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\8d33146c8d65498021784085\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\8d33146c8d65498021784085\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\96f018ff143344fd4d50d58a\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\96f018ff143344fd4d50d58a\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\9c94c38749364712bd18918d\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\9c94c38749364712bd18918d\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\a006e050f74349851ba95381\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\a006e050f74349851ba95381\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\a309ee3ec38e45b82e4ec0ba\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\a309ee3ec38e45b82e4ec0ba\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\a79012d32e7d4d2ba4a610b9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\a79012d32e7d4d2ba4a610b9\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\ab318de48d9a4edb329e6a94\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\ab318de48d9a4edb329e6a94\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\b627c959579342aa587e9f85\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\b627c959579342aa587e9f85\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\bcb4f9b3113d4cd85dd3e7b1\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\bcb4f9b3113d4cd85dd3e7b1\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\be21ea8da04d42943d5696a2\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\be21ea8da04d42943d5696a2\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\c1a9c119ead843e7cc9569a1\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\c1a9c119ead843e7cc9569a1\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\c7b2eb6a6a8145192df72fb9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\c7b2eb6a6a8145192df72fb9\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\caa64f83782e4ab8705c5f96\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\caa64f83782e4ab8705c5f96\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\cbfb524d2e51448987dd9d95\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\cbfb524d2e51448987dd9d95\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\cc9cdbe1641c465437a9999d\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\cc9cdbe1641c465437a9999d\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\d5b4605a31fe410f06fcf78a\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\d5b4605a31fe410f06fcf78a\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\d9c4dd1fb7d1458c936e199b\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\d9c4dd1fb7d1458c936e199b\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\d9c4dd1fb7d1458c936e199b\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\db1c5b508b4a4e5c44851796\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\db1c5b508b4a4e5c44851796\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\dd9c5fdee58f48937a6bc081\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\dd9c5fdee58f48937a6bc081\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\de1ca69506a048efd5ae2c8a\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\de1ca69506a048efd5ae2c8a\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\df259774b28c467993da8d9e\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\df259774b28c467993da8d9e\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\e7d84c10d120473ad6fb02ba\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\e7d84c10d120473ad6fb02ba\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\ec4e2cbbd5de44b6e26c0699\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\ec4e2cbbd5de44b6e26c0699\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\f2dd9cca9d30440b18985ea6\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\f2dd9cca9d30440b18985ea6\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\f367426fef0d42f8c7895fad\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\f367426fef0d42f8c7895fad\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\f6ce753349b64543cdb2cd93\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\f6ce753349b64543cdb2cd93\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\f6ce753349b64543cdb2cd93\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\f9812b79443643fbb051bdb1\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ec9a42d67b174d41d9da2c91\f9812b79443643fbb051bdb1\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\3130ee21932d4a286c8f63af\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\3130ee21932d4a286c8f63af\41bace3eea77457cd54093a7\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\3130ee21932d4a286c8f63af\41bace3eea77457cd54093a7\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\3130ee21932d4a286c8f63af\41bace3eea77457cd54093a7\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\3130ee21932d4a286c8f63af\4842c2f06e4940e36589658e\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\3130ee21932d4a286c8f63af\4842c2f06e4940e36589658e\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\3130ee21932d4a286c8f63af\4842c2f06e4940e36589658e\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\3130ee21932d4a286c8f63af\628498dfd6c743f0d6b7d088\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\3130ee21932d4a286c8f63af\628498dfd6c743f0d6b7d088\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\3130ee21932d4a286c8f63af\628498dfd6c743f0d6b7d088\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\3130ee21932d4a286c8f63af\f5e05e42694b4064ef0f309b\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\3130ee21932d4a286c8f63af\f5e05e42694b4064ef0f309b\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\3130ee21932d4a286c8f63af\f5e05e42694b4064ef0f309b\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\322f024a5d024c4af3779db6\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\322f024a5d024c4af3779db6\9009d5f8adc045f1f44f9bab\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\322f024a5d024c4af3779db6\9009d5f8adc045f1f44f9bab\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\322f024a5d024c4af3779db6\9009d5f8adc045f1f44f9bab\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\322f024a5d024c4af3779db6\dc870ff3353b4eb32668ecbc\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\322f024a5d024c4af3779db6\dc870ff3353b4eb32668ecbc\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\322f024a5d024c4af3779db6\dc870ff3353b4eb32668ecbc\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\322f024a5d024c4af3779db6\f848b297d9a145bea04df0b6\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\322f024a5d024c4af3779db6\f848b297d9a145bea04df0b6\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\322f024a5d024c4af3779db6\f848b297d9a145bea04df0b6\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a412aed5c0e914f4e7c7728be\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a412aed5c0e914f4e7c7728be\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a412aed5c0e914f4e7c7728be\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a412aed5c0e914f4e7c7728be\Justin
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a433279e23846454e7bec85af\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a433279e23846454e7bec85af\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a433279e23846454e7bec85af\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a45a8d38be0a64a37c8c8aca3\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a45a8d38be0a64a37c8c8aca3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a45a8d38be0a64a37c8c8aca3\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a45a8d38be0a64a37c8c8aca3\Justin
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a46da7bdf10fe4d44464bcc91\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a46da7bdf10fe4d44464bcc91\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a46da7bdf10fe4d44464bcc91\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a49608f6c0436468ebf69ca91\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a49608f6c0436468ebf69ca91\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a49608f6c0436468ebf69ca91\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a49608f6c0436468ebf69ca91\Justin
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4ff0325e94244fb828c79b80\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4ff0325e94244fb828c79b80\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4ff0325e94244fb828c79b80\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\10dc6485bc4444fe7661ec8f\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\10dc6485bc4444fe7661ec8f\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\10dc6485bc4444fe7661ec8f\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\10dc6485bc4444fe7661ec8f\Justin
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\161e00b9dffc4293ab85f987\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\161e00b9dffc4293ab85f987\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\161e00b9dffc4293ab85f987\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\194e81ac68284310257ae0ae\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\194e81ac68284310257ae0ae\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\194e81ac68284310257ae0ae\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\194e81ac68284310257ae0ae\Justin
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\1c79b9e3ee2047d8ff720cbe\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\1c79b9e3ee2047d8ff720cbe\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\1c79b9e3ee2047d8ff720cbe\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\207a3212bade4007ca13c3a9\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\207a3212bade4007ca13c3a9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\207a3212bade4007ca13c3a9\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\24dd8660fb9d44d04afbb888\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\24dd8660fb9d44d04afbb888\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\24dd8660fb9d44d04afbb888\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\2971ba1f6ab846a7050217a5\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\2971ba1f6ab846a7050217a5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\2971ba1f6ab846a7050217a5\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\2d56345849034c528659338f\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\2d56345849034c528659338f\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\2d56345849034c528659338f\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\2d56345849034c528659338f\Justin
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\31763e788e45455a3e5ec283\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\31763e788e45455a3e5ec283\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\31763e788e45455a3e5ec283\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\33b59447b5cf401158904b88\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\33b59447b5cf401158904b88\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\33b59447b5cf401158904b88\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\33b59447b5cf401158904b88\Justin
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\3b59d743f64e4b9a67a3748a\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\3b59d743f64e4b9a67a3748a\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\3b59d743f64e4b9a67a3748a\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\3d97f38692484591733e7997\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\3d97f38692484591733e7997\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\3d97f38692484591733e7997\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\417c30308e714a433b313aa3\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\417c30308e714a433b313aa3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\417c30308e714a433b313aa3\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\466f83b36dc74fed0d6196a2\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\466f83b36dc74fed0d6196a2\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\466f83b36dc74fed0d6196a2\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\49a914e35f0e49caa6d240b7\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\49a914e35f0e49caa6d240b7\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\49a914e35f0e49caa6d240b7\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\5982f2f2ba5f46cb666c0399\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\5982f2f2ba5f46cb666c0399\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\5982f2f2ba5f46cb666c0399\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\6252bd2fb11e4044e7a645b3\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\6252bd2fb11e4044e7a645b3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\6252bd2fb11e4044e7a645b3\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\63e9e056b47540eab932c196\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\63e9e056b47540eab932c196\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\63e9e056b47540eab932c196\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\6918dd0662394b01afffda9a\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\6918dd0662394b01afffda9a\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\6918dd0662394b01afffda9a\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\6918dd0662394b01afffda9a\Justin
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\70564744aaa14e496ceeb0bc\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\70564744aaa14e496ceeb0bc\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\70564744aaa14e496ceeb0bc\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\71d46c9215604c69fb4315bc\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\71d46c9215604c69fb4315bc\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\71d46c9215604c69fb4315bc\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\71fa6f9ff0814af09e460c90\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\71fa6f9ff0814af09e460c90\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\71fa6f9ff0814af09e460c90\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\71fa6f9ff0814af09e460c90\Justin
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\72723624a2d34b4f917a13ab\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\72723624a2d34b4f917a13ab\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\72723624a2d34b4f917a13ab\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\72fd37d856d54b2e21d0b6a3\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\72fd37d856d54b2e21d0b6a3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\72fd37d856d54b2e21d0b6a3\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\75d438c5fb1a41336dd635a8\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\75d438c5fb1a41336dd635a8\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\75d438c5fb1a41336dd635a8\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\7bb6f76ba0e34c78779d8484\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\7bb6f76ba0e34c78779d8484\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\7bb6f76ba0e34c78779d8484\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\86799376dafb4324fd307998\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\86799376dafb4324fd307998\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\86799376dafb4324fd307998\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\86799376dafb4324fd307998\Justin
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\87b27a93eecd4ead453768b6\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\87b27a93eecd4ead453768b6\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\87b27a93eecd4ead453768b6\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\8a287027be2543a1020b9a95\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\8a287027be2543a1020b9a95\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\8a287027be2543a1020b9a95\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\8abc4ef0c5b649f5672770b9\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\8abc4ef0c5b649f5672770b9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\8abc4ef0c5b649f5672770b9\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\8abc4ef0c5b649f5672770b9\Justin
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\8cad8e75bb0c4609d9a00f93\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\8cad8e75bb0c4609d9a00f93\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\8cad8e75bb0c4609d9a00f93\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\9cb2f6657f8a4a67c1f05885\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\9cb2f6657f8a4a67c1f05885\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\9cb2f6657f8a4a67c1f05885\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\9cb2f6657f8a4a67c1f05885\Justin
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\9cb7956b185e4ff0c8a71e9d\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\9cb7956b185e4ff0c8a71e9d\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\9cb7956b185e4ff0c8a71e9d\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\9f8e27c04ad84eded474aaac\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\9f8e27c04ad84eded474aaac\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\9f8e27c04ad84eded474aaac\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\a2faafda57d44ff7d1faaa97\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\a2faafda57d44ff7d1faaa97\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\a2faafda57d44ff7d1faaa97\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\a2faafda57d44ff7d1faaa97\Justin
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\a43b507794fc488b8ecd9585\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\a43b507794fc488b8ecd9585\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\a43b507794fc488b8ecd9585\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\a43b507794fc488b8ecd9585\Justin
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\b0b609e51313485d4d1ec183\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\b0b609e51313485d4d1ec183\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\b0b609e51313485d4d1ec183\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\b6fc85c267544929f97c119e\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\b6fc85c267544929f97c119e\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\b6fc85c267544929f97c119e\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\b8b188cdaee742776877e397\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\b8b188cdaee742776877e397\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\b8b188cdaee742776877e397\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\b8d4576a72d44cd51f4313a3\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\b8d4576a72d44cd51f4313a3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\b8d4576a72d44cd51f4313a3\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\b8d4576a72d44cd51f4313a3\Justin
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\ba3719cbbe27448791a167a1\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\ba3719cbbe27448791a167a1\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\ba3719cbbe27448791a167a1\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\bb1963aa4c564c4bdf9967af\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\bb1963aa4c564c4bdf9967af\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\bb1963aa4c564c4bdf9967af\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\bdfca10aa6664f7fec391384\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\bdfca10aa6664f7fec391384\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\bdfca10aa6664f7fec391384\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\bdfca10aa6664f7fec391384\Justin
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\beaad9fbbd1a47e5bb9ed286\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\beaad9fbbd1a47e5bb9ed286\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\beaad9fbbd1a47e5bb9ed286\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\c55a06e8962a49d28aaf34b4\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\c55a06e8962a49d28aaf34b4\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\c55a06e8962a49d28aaf34b4\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\c55a06e8962a49d28aaf34b4\Justin
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\d0bb7087ab504025e04015b2\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\d0bb7087ab504025e04015b2\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\d0bb7087ab504025e04015b2\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\d4df024a919e464ddf89b6ad\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\d4df024a919e464ddf89b6ad\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\d4df024a919e464ddf89b6ad\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\d4df024a919e464ddf89b6ad\Justin
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\d834828ec63a4e876132708d\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\d834828ec63a4e876132708d\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\d834828ec63a4e876132708d\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\d834828ec63a4e876132708d\Justin
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\d9a74009bdbe4b23df11fa9f\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\d9a74009bdbe4b23df11fa9f\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\d9a74009bdbe4b23df11fa9f\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\dba635eea9c64abfa081a49c\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\dba635eea9c64abfa081a49c\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\dba635eea9c64abfa081a49c\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\dba635eea9c64abfa081a49c\Justin
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\dc29b520019f4f4211e2fd82\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\dc29b520019f4f4211e2fd82\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\dc29b520019f4f4211e2fd82\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\ec82e486b5854d95bcc3b3a5\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\ec82e486b5854d95bcc3b3a5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\ec82e486b5854d95bcc3b3a5\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\ec82e486b5854d95bcc3b3a5\Justin
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\ed9e06467a1941612daf6d87\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\ed9e06467a1941612daf6d87\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\ed9e06467a1941612daf6d87\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\ed9e06467a1941612daf6d87\Justin
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\f0b6df6abd3540330170a397\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\f0b6df6abd3540330170a397\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\f0b6df6abd3540330170a397\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\f6f50ff821e140cb15845bac\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\f6f50ff821e140cb15845bac\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\f6f50ff821e140cb15845bac\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\f9ad411f86ad41e32f0aa28b\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\f9ad411f86ad41e32f0aa28b\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\f9ad411f86ad41e32f0aa28b\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\fb6732709ce24744b82630a4\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\fb6732709ce24744b82630a4\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\fb6732709ce24744b82630a4\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\fed88f3a71274d3f5882439a\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\fed88f3a71274d3f5882439a\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\f8b1232421ac469d6903619c\d8368111518e4105659468a4\fed88f3a71274d3f5882439a\#name
C:\Program Files\winantispyware 2007\scanlog.xml
C:\Program Files\winantispyware 2007\shellext.xml
C:\Program Files\winantispyware 2007\sr.log
C:\Program Files\winantispyware 2007\Summary.dat
C:\Program Files\winantispyware 2007\support.url
C:\Program Files\winantispyware 2007\tasks.dat
C:\Program Files\winantispyware 2007\threatnet.dat
C:\Program Files\winantispyware 2007\unins000.dat
C:\Program Files\winantispyware 2007\unwizard.xml
C:\Program Files\winantispyware 2007\up.dat
C:\Program Files\winantispyware 2007\updater.dat
C:\Program Files\winantispyware 2007\WAS7.url
C:\Program Files\winantispyware 2007\WAS7.xml
C:\tempb9
C:\tempb9\tmpTF.log
C:\temp\17o7
C:\temp\17o7\tmpTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\b122.exe
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\cfg32.exe
C:\WINDOWS\cfg32a.exe
C:\WINDOWS\cfg32o.dll
C:\WINDOWS\cfg32r.dll
C:\WINDOWS\cfg32s.dll
C:\WINDOWS\cs_cache.ini
C:\WINDOWS\dialerexe.ini
C:\WINDOWS\DOWNLO~1\UDC6_0001_D19M1908NetInstaller.exe
C:\WINDOWS\DOWNLO~1\USDR6_0001_D19M2108NetInstaller.exe
C:\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\itpb_11.exe
C:\WINDOWS\itpb_3.exe
C:\WINDOWS\monterreyf_unknown.exe
C:\WINDOWS\monterreyg_unknown.exe
C:\WINDOWS\monterreyh_unknown.exe
C:\WINDOWS\monterreyi_unknown.exe
C:\WINDOWS\monterreym_unknown.exe
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\pbar.dll
C:\WINDOWS\saiemod.dll
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\180ax.exe
C:\WINDOWS\system32\atwsettl
C:\WINDOWS\system32\atwsettl\bg1.gif
C:\WINDOWS\system32\atwsettl\bgtop.gif
C:\WINDOWS\system32\atwsettl\bottom1.gif
C:\WINDOWS\system32\atwsettl\essentials.gif
C:\WINDOWS\system32\atwsettl\icon1.ico
C:\WINDOWS\system32\atwsettl\install1.gif
C:\WINDOWS\system32\atwsettl\left1.gif
C:\WINDOWS\system32\atwsettl\li.gif
C:\WINDOWS\system32\atwsettl\logo.gif
C:\WINDOWS\system32\atwsettl\main.htm
C:\WINDOWS\system32\atwsettl\mainframe.htm
C:\WINDOWS\system32\atwsettl\reinstall1.gif
C:\WINDOWS\system32\atwsettl\right1.gif
C:\WINDOWS\system32\atwsettl\s1.htm
C:\WINDOWS\system32\atwsettl\s2.htm
C:\WINDOWS\system32\atwsettl\s3.htm
C:\WINDOWS\system32\atwsettl\SMTop1.gif
C:\WINDOWS\system32\atwsettl\SMTop2.gif
C:\WINDOWS\system32\atwsettl\SMTop3.gif
C:\WINDOWS\system32\atwsettl\SMTop4.gif
C:\WINDOWS\system32\atwsettl\soft1_off.gif
C:\WINDOWS\system32\atwsettl\soft1_off_ext.gif
C:\WINDOWS\system32\atwsettl\soft1_on.gif
C:\WINDOWS\system32\atwsettl\soft1_on_ext.gif
C:\WINDOWS\system32\atwsettl\soft2_off.gif
C:\WINDOWS\system32\atwsettl\soft2_off_ext.gif
C:\WINDOWS\system32\atwsettl\soft2_on.gif
C:\WINDOWS\system32\atwsettl\soft2_on_ext.gif
C:\WINDOWS\system32\atwsettl\soft3_off.gif
C:\WINDOWS\system32\atwsettl\soft3_off_ext.gif
C:\WINDOWS\system32\atwsettl\soft3_on.gif
C:\WINDOWS\system32\atwsettl\soft3_on_ext.gif
C:\WINDOWS\system32\atwsettl\softbottom_off.gif
C:\WINDOWS\system32\atwsettl\softbottom_on.gif
C:\WINDOWS\system32\atwsettl\softleft_off.gif
C:\WINDOWS\system32\atwsettl\softleft_on.gif
C:\WINDOWS\system32\atwsettl\top1.gif
C:\WINDOWS\system32\atwsettl\top2.gif
C:\WINDOWS\system32\atwsettl\turnoff1.gif
C:\WINDOWS\system32\atwsettl\turnon1.gif
C:\WINDOWS\system32\biprep.exe
C:\WINDOWS\system32\driverf.dll
C:\WINDOWS\system32\driverg.dll
C:\WINDOWS\system32\driverj.dll
C:\WINDOWS\system32\driverm.dll
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\ldpackage.dll
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\monterreyf_unknown.exe
C:\WINDOWS\system32\monterreyg_unknown.exe
C:\WINDOWS\system32\monterreyh_unknown.exe
C:\WINDOWS\system32\monterreyi_unknown.exe
C:\WINDOWS\system32\monterreyj_unknown.exe
C:\WINDOWS\system32\monterreyk_unknown.exe
C:\WINDOWS\system32\monterreyl_unknown.exe
C:\WINDOWS\system32\monterreym_unknown.exe
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\o05PrEz
C:\WINDOWS\system32\rlvknlg.exe
C:\WINDOWS\system32\rlxf.dll
C:\WINDOWS\system32\S1
C:\WINDOWS\system32\S2
C:\WINDOWS\system32\S2\cogyaga58441.exe
C:\WINDOWS\system32\S6
C:\WINDOWS\system32\S7
C:\WINDOWS\system32\S7\wbb22.exe
C:\WINDOWS\system32\salm.exe
C:\WINDOWS\system32\satmat.exe
C:\WINDOWS\system32\silc_dll.dll
C:\WINDOWS\system32\sl.bin
C:\WINDOWS\system32\susp.exe
C:\WINDOWS\system32\updatetc.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\wnsapiicom.exe
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\uninst2.htm
C:\WINDOWS\unist1.htm
C:\WINDOWS\vcttc012.exe
C:\WINDOWS\voiceip.dll
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-06-01 to 2007-07-01 )))))))))))))))))))))))))))))))


2007-07-01 11:41 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-30 18:03 <DIR> d-------- C:\VundoFix Backups
2007-06-30 17:57 34,474 --a------ C:\smitfrau.reg
2007-06-30 17:57 3,451 --a------ C:\delfiles.cmd
2007-06-30 17:57 16,572 --a------ C:\replace.cmd
2007-06-28 23:52 9,759 --a------ C:\WINDOWS\system32\HSF_INST.dll
2007-06-28 23:52 73,279 --a------ C:\WINDOWS\system32\drivers\HSF_SPKP.sys
2007-06-28 23:52 67,167 --a------ C:\WINDOWS\system32\drivers\hsf_bsc2.sys
2007-06-28 23:52 57,471 --a------ C:\WINDOWS\system32\drivers\hsf_samp.sys
2007-06-28 23:52 542,879 --a------ C:\WINDOWS\system32\drivers\hsf_msft.sys
2007-06-28 23:52 50,751 --a------ C:\WINDOWS\system32\drivers\hsf_tone.sys
2007-06-28 23:52 488,383 --a------ C:\WINDOWS\system32\drivers\hsf_v124.sys
2007-06-28 23:52 44,863 --a------ C:\WINDOWS\system32\drivers\hsf_soar.sys
2007-06-28 23:52 391,199 --a------ C:\WINDOWS\system32\drivers\hsf_k56k.sys
2007-06-28 23:52 289,887 --a------ C:\WINDOWS\system32\drivers\hsf_fall.sys
2007-06-28 23:52 199,711 --a------ C:\WINDOWS\system32\drivers\hsf_faxx.sys
2007-06-28 23:52 115,807 --a------ C:\WINDOWS\system32\drivers\hsf_fsks.sys
2007-06-28 23:51 150,239 --a------ C:\WINDOWS\system32\drivers\hsf_amos.sys
2007-06-28 21:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-28 17:32 <DIR> d-------- C:\WINDOWS\pss
2007-06-27 21:35 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-06-27 17:28 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-27 17:24 57,344 --a------ C:\WINDOWS\Unwash6.exe
2007-06-27 17:24 486,400 --a------ C:\WINDOWS\system32\wwSecure.exe
2007-06-27 17:24 <DIR> d-------- C:\Program Files\Webroot
2007-06-27 17:24 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
2007-06-27 17:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1.SHE\APPLIC~1\Webroot
2007-06-27 17:22 <DIR> d-------- C:\Program Files\RegScrubXP
2007-06-27 17:04 786,432 --ah----- C:\DOCUME~1\ADMINI~1.SHE\NTUSER.DAT
2007-06-27 16:47 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-06-27 16:47 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-06-25 17:43 <DIR> d-------- C:\Program Files\SpyAway
2007-06-25 09:01 <DIR> d-------- C:\Program Files\Registry Defender
2007-06-25 08:50 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-06-24 20:53 <DIR> d-------- C:\DOCUME~1\LOCALS~1\UserData
2007-06-24 08:51 <DIR> d-------- C:\DOCUME~1\Dekeita\APPLIC~1\BearShare
2007-06-21 18:22 2,711,552 --a------ C:\DOCUME~1\Owner\ntuser.dat
2007-06-21 11:19 <DIR> d--hs---- C:\WINDOWS\c2hlbGlh
2007-06-21 10:46 286,208 --a------ C:\WINDOWS\system32\scchk32.exe
2007-06-21 10:44 57,344 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\abynipkx.exe
2007-06-21 10:44 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-06-16 09:08 191,003 --a------ C:\WINDOWS\system32\mjdsregk.exe
2007-06-15 15:43 53,248 --a------ C:\WINDOWS\uni_eh43.exe
2007-06-15 15:38 192,512 --a------ C:\WINDOWS\j86759.exe
2007-06-11 12:43 <DIR> d-------- C:\Temp\x2b
2007-06-07 16:54 <DIR> d-------- C:\Program Files\MumboJumbo


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-01 15:39:57 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-30 20:51:30 -------- d-----w C:\Program Files\ArcadeRockstar
2007-06-29 19:43:21 -------- d-----w C:\Program Files\ProfileWatcher
2007-06-29 17:18:25 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-29 17:18:05 -------- d-----w C:\Program Files\BearShare MediaBar
2007-06-26 03:26:27 71 ----a-w C:\WINDOWS\popcinfo.dat
2007-05-26 19:00:35 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\AdobeUM
2007-05-16 21:10:29 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\MySpace
2007-05-14 21:39:11 65,045 ----a-w C:\WINDOWS\b138.exe
2007-05-10 03:58:54 -------- d-----w C:\Program Files\DV Series
2007-05-07 21:32:21 -------- d-----w C:\Program Files\Bejeweled 2 Deluxe
2007-05-07 21:32:13 720,896 ----a-w C:\WINDOWS\iun6002ev.exe
2007-05-04 22:33:56 -------- d-----w C:\Program Files\Tradewinds2
2007-05-04 22:29:20 -------- d-----w C:\Program Files\LimeWire
2007-05-04 22:28:40 -------- d-----w C:\Program Files\Zapu
2007-05-04 22:28:40 -------- d-----w C:\Program Files\Share_Accelerator_MM
2007-05-04 22:27:42 -------- d-----w C:\Program Files\Virtual Laguna Beach
2007-05-04 22:25:40 -------- d-----w C:\Program Files\Abrosoft
2007-05-04 22:19:24 -------- d-----w C:\Program Files\ErrorProtector Free(2)
2007-05-04 22:19:00 -------- d-----w C:\Program Files\Common Files\mrmf
2007-05-04 20:39:37 1,484,799 --sh--w C:\WINDOWS\system32\qrutv.bak2
2007-04-26 01:21:03 1,373,610 --sh--w C:\WINDOWS\system32\qrutv.bak1
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-06 19:27:01 139,264 ----a-w C:\TTC.dll
2005-08-02 20:46:54 187,904 --sha-r C:\WINDOWS\c2hlbGlh\asappsrv.dll
2005-08-02 20:58:38 293,888 --sha-r C:\WINDOWS\c2hlbGlh\command.exe
2005-07-29 20:24:26 472 --sha-r C:\WINDOWS\c2hlbGlh\wZ15v351.vbs


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-10-26 11:28 440384 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-04-16 17:39 37808 --a------ C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38847C4B-1AB1-4A47-9026-9A6CF7B43D31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-10-31 16:29 198136 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2003-08-06 04:04 106548 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
2002-11-15 00:09 112248 --a------ C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE87FC15-F5D2-4257-A58A-9914C2ED8931}]
2007-07-01 11:47 0 d-ahs---- \

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetscapeClient"="" []
"WinTouch"="C:\Program Files\WinTouch\WinTouch.exe" []
"WeatherOnTray"="C:\Program Files\SpamBlockerUtility\Bin\4.8.5.0\SbWeatherOnTray.exe" []
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-10-31 11:12]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 04:01]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 03:24]
"ProfileWatcher"="C:\Program Files\ProfileWatcher\profilewatcher.exe" []
"Netscape"="C:\Program Files\Common Files\ISPCOMP\InstallService.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 14:54]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-26 19:50]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-20 01:23]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-08-20 01:22]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"abynipkx.exe"="C:\Documents and Settings\All Users\Application Data\abynipkx.exe" [2007-06-21 10:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 22:49]
"Sonic RecordNow!"="" []
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 21:34]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winliw32]
winliw32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
*Newly Created Service* - SHAREDACCESS

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D02300B4E999}
C:\WINDOWS\system32\tmrsrv32.exe

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}
C:\WINDOWS\System32\msorcl32.exe

Contents of the 'Scheduled Tasks' folder
2007-06-23 14:36:47 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-09 00:14:07 C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1163034658.job
2007-06-26 19:46:33 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
2007-06-29 06:06:01 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-01 11:51:11
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-01 11:54:21 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-01 11:54

--- E O F ---

#4 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 01 July 2007 - 10:57 AM

Please provide a list of uninstallable programs.

To Provide a List of Installed Programs
  • Run HijackThis.
  • Click Config>>Miscellaneous Tools>>Open Uninstall Manager>>Save List
  • Save list to Desktop
  • Copy the Notepad list and Paste it into this thread.

Trevuren
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#5 JMG2K3SRT4

JMG2K3SRT4

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 01 July 2007 - 01:39 PM

Ok, heres that list... Abrosoft FantaMorph 3.7 Ad-aware 6 Personal Adobe Acrobat 5.0 Adobe Download Manager 2.0 (Remove Only) Adobe Flash Player 9 ActiveX Adobe Reader 7.0.8 Adobe Shockwave Player Adobe® Photoshop® Album Starter Edition 3.0 Apple Software Update Bejeweled 2 Deluxe Broadcom Advanced Control Suite Broadcom Driver Installer Dell ResourceCD DV Series HijackThis 1.99.1 HP Photo & Imaging 3.1 HP PSC & OfficeJet 3.0 HP Software Update Intel® Extreme Graphics Driver iTunes Java 2 Runtime Environment, SE v1.4.2 LiveReg (Symantec Corporation) LiveUpdate 1.80 (Symantec Corporation) Memories Disc Creator 2.0 Memory Key Boot Utility Microsoft .NET Framework 1.1 MySpaceIM Norton AntiVirus 2003 QuickTime RealArcade RegScrubXP 3.25 RelevantKnowledge Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 8 (KB917734) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905495) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924496) Sonic DLA Sonic MyDVD Sonic RecordNow! Sonic Update Manager Sound'Em 1.0 SoundMAX Spybot - Search & Destroy 1.4 Super Collapse! Super Glinx! Super Nisqually! The Next Tetris Ulead Photo Explorer 6.0 Ulead Photo Express 4.0 My Custom Edition Update for Windows XP (KB835409) Update for Windows XP (KB898461) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Virtools 3D Life Player Window Washer Windows Installer 3.1 (KB893803) Windows XP Hotfix - KB835732 Windows XP Hotfix - KB842773 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB911567 Windows XP Hotfix - KB918439 Windows XP Hotfix - KB918899 Windows XP Hotfix - KB925486 Yahoo! Browser Services Yahoo! Install Manager Yahoo! Internet Mail Yahoo! Messenger Yahoo! Toolbar

#6 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 01 July 2007 - 03:23 PM

A. There is a file in your log of which I am unsure. For that reason, I need you to submit it to Jotti's for analysis.

1. Click HERE to get to Jotti's site.

2. At the top of the Jotti window, use the Browse button to locate the following file on your system:

C:\WINDOWS\system32\stfv.bin

3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.

4. Please provide me with the results of the analysis.

5. Now please repeat the same procedure with the following files:

C:\WINDOWS\uni_eh43.exe
C:\WINDOWS\j86759.exe



B. Please copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
  • Please RUN HijackThis

    1. Click the SCAN button to produce a log.


    2. Place a check mark beside each one of the following items:

    O2 - BHO: (no name) - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - (no file)
    O2 - BHO: (no name) - {BE87FC15-F5D2-4257-A58A-9914C2ED8931} - \
    O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.8.5.0\SbWeatherOnTray.exe
    O4 - HKLM\..\Run: [abynipkx.exe] C:\Documents and Settings\All Users\Application Data\abynipkx.exe
    O15 - Trusted Zone: *.amaena.com (HKLM)
    O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinn...rabblecubes.cab
    O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spam...ckerutility.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O20 - Winlogon Notify: winliw32 - winliw32.dll (file missing)



    3. Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.


  • Now to Remove some malware:

    1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the code box below into the Notepad window:

File::
C:\WINDOWS\system32\qrutv.bak2
C:\WINDOWS\system32\qrutv.bak1
C:\Windows\system32\scchk32.exe
C:\WINDOWS\popcinfo.dat
C:\WINDOWS\system32\mjdsregk.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\j86759.exe
C:\WINDOWS\iun6002ev.exe
C:\TTC.dll

Folder::
C:\WINDOWS\c2hlbGlh
C:\Temp\x2b
C:\Program Files\Common Files\mrmf
C:\Program Files\SpamBlockerUtility

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]


3. Save the above as ComboFix-Do.txt

4. Then drag the ComboFix-Do.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. If the tool does not initiate a reboot itself, please restart the system yourself, then post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#7 JMG2K3SRT4

JMG2K3SRT4

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 01 July 2007 - 04:01 PM

Ok, Im removing the things you said to and running the Combo Fix again but the PC that Im having trouble with does not have internet access so I cant upload it to that site. Ive tried to install my netscape internet to it but it wont download the access numbers, I think all the carp** on it is stopping it from connecting. Good news is the PC has speed up alot and as soon as combo fix stops scanning Ill post a new log.

Edited by JMG2K3SRT4, 01 July 2007 - 04:15 PM.


#8 JMG2K3SRT4

JMG2K3SRT4

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 01 July 2007 - 04:13 PM

Ok, new logs.........

Logfile of HijackThis v1.99.1
Scan saved at 6:08:14 PM, on 7/1/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DV Series\Console\Watch.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe
O4 - HKLM\..\Run: [Netscape] C:\Program Files\Common Files\ISPCOMP\InstallService.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - Startup: 360Share Pro On Startup.lnk = C:\Program Files\360Share Pro\Gui\360Share Pro.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\DV Series\Console\Watch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (14.0)) - http://166.82.128.23...ls/LTOCX14N.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast....wareControl.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinn...ck/bjattack.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinn...d/bejeweled.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://vhost.oddcast...ostClientIE.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.taxsimpl...tsweb/msrdp.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} (Pegasus PrintPRO Control v2.0) - http://166.82.128.23...ls/prntpro2.CAB
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinn...man/hangman.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.co...GameManager.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystan...acheManager.CAB
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinn...es/wwspades.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\System32\wwSecure.exe

COMBO FIX
"Owner" - 2007-07-01 17:57:38 - ComboFix 07-07-01.3 - Service Pack 1 NTFS
Command switches used :: G:\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\mrmf
C:\Program Files\Common Files\mrmf\mrmfd\class-barrel
C:\Program Files\Common Files\mrmf\mrmfd\vocabulary
C:\Program Files\Common Files\mrmf\mrmfh
C:\temp\tn3
C:\Temp\x2b
C:\TTC.dll
C:\WINDOWS\b138.exe
C:\WINDOWS\c2hlbGlh
C:\WINDOWS\c2hlbGlh\asappsrv.dll
C:\WINDOWS\c2hlbGlh\command.exe
C:\WINDOWS\c2hlbGlh\wZ15v351.vbs
C:\WINDOWS\iun6002ev.exe
C:\WINDOWS\j86759.exe
C:\WINDOWS\popcinfo.dat
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\mjdsregk.exe
C:\WINDOWS\system32\qrutv.bak1
C:\WINDOWS\system32\qrutv.bak2
C:\Windows\system32\scchk32.exe
C:\WINDOWS\uninst2.htm
C:\WINDOWS\unist1.htm


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\core


((((((((((((((((((((((((( Files Created from 2007-06-01 to 2007-07-01 )))))))))))))))))))))))))))))))


2007-07-01 11:41 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-30 18:03 <DIR> d-------- C:\VundoFix Backups
2007-06-30 17:57 34,474 --a------ C:\smitfrau.reg
2007-06-30 17:57 3,451 --a------ C:\delfiles.cmd
2007-06-30 17:57 16,572 --a------ C:\replace.cmd
2007-06-28 23:52 9,759 --a------ C:\WINDOWS\system32\HSF_INST.dll
2007-06-28 23:52 73,279 --a------ C:\WINDOWS\system32\drivers\HSF_SPKP.sys
2007-06-28 23:52 67,167 --a------ C:\WINDOWS\system32\drivers\hsf_bsc2.sys
2007-06-28 23:52 57,471 --a------ C:\WINDOWS\system32\drivers\hsf_samp.sys
2007-06-28 23:52 542,879 --a------ C:\WINDOWS\system32\drivers\hsf_msft.sys
2007-06-28 23:52 50,751 --a------ C:\WINDOWS\system32\drivers\hsf_tone.sys
2007-06-28 23:52 488,383 --a------ C:\WINDOWS\system32\drivers\hsf_v124.sys
2007-06-28 23:52 44,863 --a------ C:\WINDOWS\system32\drivers\hsf_soar.sys
2007-06-28 23:52 391,199 --a------ C:\WINDOWS\system32\drivers\hsf_k56k.sys
2007-06-28 23:52 289,887 --a------ C:\WINDOWS\system32\drivers\hsf_fall.sys
2007-06-28 23:52 199,711 --a------ C:\WINDOWS\system32\drivers\hsf_faxx.sys
2007-06-28 23:52 115,807 --a------ C:\WINDOWS\system32\drivers\hsf_fsks.sys
2007-06-28 23:51 150,239 --a------ C:\WINDOWS\system32\drivers\hsf_amos.sys
2007-06-28 21:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-28 17:32 <DIR> d-------- C:\WINDOWS\pss
2007-06-27 21:35 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-06-27 17:28 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-27 17:24 57,344 --a------ C:\WINDOWS\Unwash6.exe
2007-06-27 17:24 486,400 --a------ C:\WINDOWS\system32\wwSecure.exe
2007-06-27 17:24 <DIR> d-------- C:\Program Files\Webroot
2007-06-27 17:24 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
2007-06-27 17:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1.SHE\APPLIC~1\Webroot
2007-06-27 17:22 <DIR> d-------- C:\Program Files\RegScrubXP
2007-06-27 17:04 786,432 --ah----- C:\DOCUME~1\ADMINI~1.SHE\NTUSER.DAT
2007-06-27 16:47 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-06-27 16:47 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-06-25 17:43 <DIR> d-------- C:\Program Files\SpyAway
2007-06-25 09:01 <DIR> d-------- C:\Program Files\Registry Defender
2007-06-25 08:50 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-06-24 20:53 <DIR> d-------- C:\DOCUME~1\LOCALS~1\UserData
2007-06-24 08:51 <DIR> d-------- C:\DOCUME~1\Dekeita\APPLIC~1\BearShare
2007-06-21 18:22 2,711,552 --a------ C:\DOCUME~1\Owner\ntuser.dat
2007-06-21 10:44 57,344 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\abynipkx.exe
2007-06-21 10:44 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-06-15 15:43 53,248 --a------ C:\WINDOWS\uni_eh43.exe
2007-06-07 16:54 <DIR> d-------- C:\Program Files\MumboJumbo


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-01 21:26:08 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-30 20:51:30 -------- d-----w C:\Program Files\ArcadeRockstar
2007-06-29 19:43:21 -------- d-----w C:\Program Files\ProfileWatcher
2007-06-29 17:18:25 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-29 17:18:05 -------- d-----w C:\Program Files\BearShare MediaBar
2007-05-26 19:00:35 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\AdobeUM
2007-05-16 21:10:29 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\MySpace
2007-05-10 03:58:54 -------- d-----w C:\Program Files\DV Series
2007-05-07 21:32:21 -------- d-----w C:\Program Files\Bejeweled 2 Deluxe
2007-05-04 22:33:56 -------- d-----w C:\Program Files\Tradewinds2
2007-05-04 22:29:20 -------- d-----w C:\Program Files\LimeWire
2007-05-04 22:28:40 -------- d-----w C:\Program Files\Zapu
2007-05-04 22:28:40 -------- d-----w C:\Program Files\Share_Accelerator_MM
2007-05-04 22:27:42 -------- d-----w C:\Program Files\Virtual Laguna Beach
2007-05-04 22:25:40 -------- d-----w C:\Program Files\Abrosoft
2007-05-04 22:19:24 -------- d-----w C:\Program Files\ErrorProtector Free(2)
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-10-26 11:28 440384 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-04-16 17:39 37808 --a------ C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-10-31 16:29 198136 --a------ C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2003-08-06 04:04 106548 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
2002-11-15 00:09 112248 --a------ C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetscapeClient"="" []
"WinTouch"="C:\Program Files\WinTouch\WinTouch.exe" []
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-10-31 11:12]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 04:01]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 03:24]
"ProfileWatcher"="C:\Program Files\ProfileWatcher\profilewatcher.exe" []
"Netscape"="C:\Program Files\Common Files\ISPCOMP\InstallService.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 14:54]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-26 19:50]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-20 01:23]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-08-20 01:22]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"C:\Program Files\BearShare\BearShare.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D02300B4E999}
C:\WINDOWS\system32\tmrsrv32.exe

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}
C:\WINDOWS\System32\msorcl32.exe

Contents of the 'Scheduled Tasks' folder
2007-06-23 14:36:47 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-09 00:14:07 C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1163034658.job
2007-06-26 19:46:33 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
2007-06-29 06:06:01 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-01 18:04:15
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-01 18:06:10 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-01 18:05
C:\ComboFix2.txt ... 2007-07-01 11:54

--- E O F ---

#9 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 01 July 2007 - 06:21 PM

Your log looks go but we had better make sure the entire system is clean.


First download AVG AntiSpyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG AntiSpyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete, run AVG AntiSpyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG AntiSpyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG AntiSpyware is scanning, it may interfere with the scanning proccess:
  • Launch AVG AntiSpyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG AntiSpyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG AntiSpyware and reboot your system back into Normal Mode and post the results of the report scan along with a fresh HJT log for review.

Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#10 JMG2K3SRT4

JMG2K3SRT4

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 03 July 2007 - 09:17 PM

Ok, the PC seems to be running great now. Its back to starting up quickly and is not being sluggish plus all the fake spyware warnings are gone. Im giving it back to my friend to try it out. THanks alot for all your help, I really apreciate it.

#11 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 03 July 2007 - 10:03 PM

Please provide me with a final HijackThis log for review. Trevuren
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#12 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 16 July 2007 - 09:30 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users