Solved: WinAntiSpyware 2007 Removal

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

JohnIV

Thread Starter
Joined
Jul 11, 2007
Messages
9
Hello everyone.
This morning my father somehow had WinAntiSpyware 2007 installed on the desktop. I found this forum:

http://forums.techguy.org/security/556561-removing-winantispyware-2007-hjt-log.html

and followed the instructions. I have yet to remove the program on the Add/Remove programs window. Here is my hijackthis entry.

Logfile of HijackThis v1.99.1
Scan saved at 1:59:10 PM, on 7/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Symantec AntiVirus CE 9.0.1\DefWatch.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1.1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\svhost.exe
C:\WINDOWS\retadpu77.exe
C:\Program Files\Symantec AntiVirus CE 9.0.1\Rtvscan.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Owner\APPLIC~1\STEM~1\javaw.exe
C:\Program Files\Common Files\?ppPatch\j?vaw.exe
C:\WINDOWS\retadpu77.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\Desktop\Downloads\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/go/listen-eLife
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1.1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [WinAntiSpyware 2007 Free] "C:\Program Files\WinAntiSpyware 2007\was7.exe" /min
O4 - HKLM\..\Run: [uwas7cw] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe" -c
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\APPLIC~1\STEM~1\javaw.exe" -vt yazb
O4 - HKCU\..\Run: [Esnduzb] "C:\Program Files\Common Files\?ppPatch\j?vaw.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus CE 9.0.1\DefWatch.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus CE 9.0.1\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus CE 9.0.1\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

___________________________________________________________________

Here is my VundoFix.txt:

VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 1:36:14 PM 7/11/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\vycdd.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\ddcyv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\vycdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\vycdd.ini Has been deleted!

Performing Repairs to the registry.
Done!


________________________________________________________________________

SmitFraudFix just brings up a blank window.


Does anyone have any suggestions as to what to do next? Should I remove the program now? Thanks.
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi, Welcome to TSG!!


Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
 

JohnIV

Thread Starter
Joined
Jul 11, 2007
Messages
9
The ComboFix scan took about an hour and displayed this log:

"Owner" - 2007-07-11 14:58:49 - ComboFix 07-07-10.1 - Service Pack 2


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\dfhkj.bak1
C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\efccbcd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\Owner\APPLIC~1.\stem~1
C:\DOCUME~1\Owner\APPLIC~1.\stem~1\javaw.exe
C:\DOCUME~1\Owner\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\Owner\APPLIC~1.\winantispyware 2007\Logs\update.log
C:\Documents and Settings\Owner.\err.log
C:\Program Files\Common Files\pppatc~1
C:\Program Files\Common Files\pppatc~1\j?vaw.exe
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
C:\Program Files\Common Files\Yazzle1549OinAdmin.exe
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\poolsv
C:\Program Files\poolsv\k11u72.exe
C:\Program Files\poolsv\svhost.exe
C:\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe
C:\Program Files\poolsv\wr-1-0000077.exe
C:\Program Files\poolsv\YazzleBundle-1549.exe
C:\Program Files\svhost
C:\Program Files\svhost\wr-1-0000077.exe
C:\Program Files\winantispyware 2007
C:\Program Files\winantispyware 2007\Activate.dat
C:\Program Files\winantispyware 2007\appupdate.dat
C:\Program Files\winantispyware 2007\AsAgents.dll
C:\Program Files\winantispyware 2007\AsAgents.xml
C:\Program Files\winantispyware 2007\atl71.dll
C:\Program Files\winantispyware 2007\AutoProcess.dat
C:\Program Files\winantispyware 2007\bnlink.dat
C:\Program Files\winantispyware 2007\database\enemies.dat
C:\Program Files\winantispyware 2007\database\knownfiles.dat
C:\Program Files\winantispyware 2007\database\TEBase.dat
C:\Program Files\winantispyware 2007\database\vbpv.dat
C:\Program Files\winantispyware 2007\dbupdate.dat
C:\Program Files\winantispyware 2007\fopnl.dll
C:\Program Files\winantispyware 2007\InstHelp.exe
C:\Program Files\winantispyware 2007\InstUp.exe
C:\Program Files\winantispyware 2007\lapv.dat
C:\Program Files\winantispyware 2007\license.rtf
C:\Program Files\winantispyware 2007\manual.pdf
C:\Program Files\winantispyware 2007\manual.url
C:\Program Files\winantispyware 2007\mfc71.dll
C:\Program Files\winantispyware 2007\monstate.dat
C:\Program Files\winantispyware 2007\msvcp71.dll
C:\Program Files\winantispyware 2007\msvcr71.dll
C:\Program Files\winantispyware 2007\ps.dat
C:\Program Files\winantispyware 2007\pv.dat
C:\Program Files\winantispyware 2007\quaratine.dat\#post_quarantine
C:\Program Files\winantispyware 2007\readme.rtf
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\01393b72314944b32eb5dab3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\01393b72314944b32eb5dab3\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\021921ab1f654f086c4652b3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\021921ab1f654f086c4652b3\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\0e2a636a52b24c679db41288\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\0e2a636a52b24c679db41288\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\0e2a636a52b24c679db41288\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\0efbfdf4d52d4c49d64b9493\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\0efbfdf4d52d4c49d64b9493\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\12ae2f47fb474cb748a798b6\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\12ae2f47fb474cb748a798b6\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\138c0011d86145df72f4839a\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\138c0011d86145df72f4839a\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\1a82d9212a7741198be5aaae\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\1a82d9212a7741198be5aaae\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\1bbe0bb35c664ff0d42e5c83\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\1bbe0bb35c664ff0d42e5c83\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\21058c07fbeb4dbc266f12b4\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\21058c07fbeb4dbc266f12b4\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\221d637745a848e4bdd2d992\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\221d637745a848e4bdd2d992\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\2467256c2d6844ebf1616694\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\2467256c2d6844ebf1616694\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\290b190bab9b4d66ca4df68c\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\290b190bab9b4d66ca4df68c\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\2afb42323e0b48c242f8ddaa\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\2afb42323e0b48c242f8ddaa\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\3948c24022a1475ddcbbcb8f\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\3948c24022a1475ddcbbcb8f\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\39497a3208b240c94b2b28a2\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\39497a3208b240c94b2b28a2\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\42e1bc11b7ae4466f793c297\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\42e1bc11b7ae4466f793c297\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\449b12f353aa4833464e2094\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\449b12f353aa4833464e2094\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\4646fa8fea9848ca8c228aa6\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\4646fa8fea9848ca8c228aa6\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\54227bf9115848cd97b5368a\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\54227bf9115848cd97b5368a\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\5bfda32586cb46cf5487ba83\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\5bfda32586cb46cf5487ba83\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\5d3b2602de244fb08e8603a9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\5d3b2602de244fb08e8603a9\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\64d8cf65278e45a359e2b786\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\64d8cf65278e45a359e2b786\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\66b91e95eead4f97afa0b789\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\66b91e95eead4f97afa0b789\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\6cc27b580d2e488a787025b3\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\6cc27b580d2e488a787025b3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\6cc27b580d2e488a787025b3\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\738dc4df61d74744bb1b99a8\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\738dc4df61d74744bb1b99a8\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\79ce88f2ce6d4f4667c93c82\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\79ce88f2ce6d4f4667c93c82\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\7dbc0b2f5532418181eb2095\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\7dbc0b2f5532418181eb2095\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\8716c73f412a471a95c43592\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\8716c73f412a471a95c43592\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\88239379bf75411a500f8abb\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\88239379bf75411a500f8abb\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\8a5dc06dee584eaced164791\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\8a5dc06dee584eaced164791\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\8b8075f224df4acfa8198d9a\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\8b8075f224df4acfa8198d9a\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\8ca78ac62ba94f65a2b9059b\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\8ca78ac62ba94f65a2b9059b\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\900c7bf88bf2499f82a0d293\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\900c7bf88bf2499f82a0d293\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\900c7bf88bf2499f82a0d293\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\9533f5cb096842f6f4f1eca0\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\9533f5cb096842f6f4f1eca0\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\9728791746984dc092860483\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\9728791746984dc092860483\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\a7b02dfcfc6847a8733b42af\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\a7b02dfcfc6847a8733b42af\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\ab24cd5ad4f643d1f86849ae\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\ab24cd5ad4f643d1f86849ae\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\ae53e05e3b5e407eefc63181\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\ae53e05e3b5e407eefc63181\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\bb9330a24f7740dd4bda8583\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\bb9330a24f7740dd4bda8583\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\bfa323e7cbd64239c23e50ad\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\bfa323e7cbd64239c23e50ad\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\c4e33004f6764d76c0851484\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\c4e33004f6764d76c0851484\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\c6fde9c6f4c940b3138008b9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\c6fde9c6f4c940b3138008b9\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\cadf02c6a126459443ce66a2\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\cadf02c6a126459443ce66a2\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\dd3db0ae69ea48fd0db58c91\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\dd3db0ae69ea48fd0db58c91\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\e19496ca5f8343515dd4259c\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\e19496ca5f8343515dd4259c\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\eb70745270c346fab690eaa1\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\eb70745270c346fab690eaa1\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\f1134d7f0f4e4292d9d2a789\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\f1134d7f0f4e4292d9d2a789\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\f16c6b983cfc4e8f10fefcb6\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\f16c6b983cfc4e8f10fefcb6\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\f2f216cdc4ff4267457c4bb4\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\f2f216cdc4ff4267457c4bb4\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\f6d27f9630c243d76d6823be\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\f6d27f9630c243d76d6823be\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\8c1d7e1dd32440163d834795\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\8c1d7e1dd32440163d834795\42b8c37a1d584ec90d7733a5\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\8c1d7e1dd32440163d834795\42b8c37a1d584ec90d7733a5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\8c1d7e1dd32440163d834795\42b8c37a1d584ec90d7733a5\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\8c1d7e1dd32440163d834795\4c079a051bd2442184b313b9\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\8c1d7e1dd32440163d834795\4c079a051bd2442184b313b9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\8c1d7e1dd32440163d834795\4c079a051bd2442184b313b9\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\8c1d7e1dd32440163d834795\c87e4777c01143916d805299\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\8c1d7e1dd32440163d834795\c87e4777c01143916d805299\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\8c1d7e1dd32440163d834795\c87e4777c01143916d805299\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\041c57d48b4246cc02fb8ba2\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\041c57d48b4246cc02fb8ba2\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\041c57d48b4246cc02fb8ba2\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\041c57d48b4246cc02fb8ba2\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\0a7f6eb4a03f4041aa0ec694\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\0a7f6eb4a03f4041aa0ec694\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\0a7f6eb4a03f4041aa0ec694\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\0b1d903770f14f56075eae9a\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\0b1d903770f14f56075eae9a\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\0b1d903770f14f56075eae9a\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\1131dd9332ce495cb6ec8481\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\1131dd9332ce495cb6ec8481\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\1131dd9332ce495cb6ec8481\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\116cf38126ae452ca72b6788\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\116cf38126ae452ca72b6788\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\116cf38126ae452ca72b6788\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\18a38a9643ab4fc39ce03280\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\18a38a9643ab4fc39ce03280\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\18a38a9643ab4fc39ce03280\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\18a38a9643ab4fc39ce03280\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\1ba79fd355c14b0ccce113b5\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\1ba79fd355c14b0ccce113b5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\1ba79fd355c14b0ccce113b5\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\1f9096cff89a4335e98008a6\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\1f9096cff89a4335e98008a6\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\1f9096cff89a4335e98008a6\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\2192123fab4940483cba07b6\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\2192123fab4940483cba07b6\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\2192123fab4940483cba07b6\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\23e6aeb12cb047e9ac2ee593\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\23e6aeb12cb047e9ac2ee593\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\23e6aeb12cb047e9ac2ee593\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\23e6aeb12cb047e9ac2ee593\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\26d8e72e59284afe198a448f\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\26d8e72e59284afe198a448f\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\26d8e72e59284afe198a448f\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\28b6d6a85dec420d5ebd2e80\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\28b6d6a85dec420d5ebd2e80\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\28b6d6a85dec420d5ebd2e80\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\2bbe13fdcef142a67167208c\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\2bbe13fdcef142a67167208c\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\2bbe13fdcef142a67167208c\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\2bbe13fdcef142a67167208c\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\306da7879e0246a43b61ceb3\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\306da7879e0246a43b61ceb3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\306da7879e0246a43b61ceb3\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\306da7879e0246a43b61ceb3\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\45470a377c1d4b6288fe3388\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\45470a377c1d4b6288fe3388\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\45470a377c1d4b6288fe3388\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\45470a377c1d4b6288fe3388\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\454bb40e8ffc4987a87e3a82\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\454bb40e8ffc4987a87e3a82\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\454bb40e8ffc4987a87e3a82\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\46c6dba5461c48485ecadfa6\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\46c6dba5461c48485ecadfa6\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\46c6dba5461c48485ecadfa6\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\46c6dba5461c48485ecadfa6\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\4cea7044cb3244015bcb1886\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\4cea7044cb3244015bcb1886\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\4cea7044cb3244015bcb1886\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\53b5cd68391240bc14d9d3b1\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\53b5cd68391240bc14d9d3b1\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\53b5cd68391240bc14d9d3b1\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\5521b8d821d349830b36679a\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\5521b8d821d349830b36679a\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\5521b8d821d349830b36679a\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\5521b8d821d349830b36679a\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\59cce168413548ffd5347882\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\59cce168413548ffd5347882\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\59cce168413548ffd5347882\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\5be5467cc6c84081e3daaa9a\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\5be5467cc6c84081e3daaa9a\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\5be5467cc6c84081e3daaa9a\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\5da519e4ee7946696c362bba\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\5da519e4ee7946696c362bba\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\5da519e4ee7946696c362bba\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6072f65f2b3b4fc48682eea5\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6072f65f2b3b4fc48682eea5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6072f65f2b3b4fc48682eea5\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\63b00cf1b39d49418574eea6\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\63b00cf1b39d49418574eea6\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\63b00cf1b39d49418574eea6\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6aa09be99a7340234302d0b7\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6aa09be99a7340234302d0b7\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6aa09be99a7340234302d0b7\#name
C:\Program Files\winantispyware
 

JohnIV

Thread Starter
Joined
Jul 11, 2007
Messages
9
2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6bc98dee600b4c05a1a2f0a5\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6bc98dee600b4c05a1a2f0a5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6bc98dee600b4c05a1a2f0a5\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6c15952ea7d74aa1bc82448a\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6c15952ea7d74aa1bc82448a\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6c15952ea7d74aa1bc82448a\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6c15952ea7d74aa1bc82448a\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\7233ffdb1e5a4b0bad24a981\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\7233ffdb1e5a4b0bad24a981\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\7233ffdb1e5a4b0bad24a981\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\746c0275185444662e4bb89d\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\746c0275185444662e4bb89d\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\746c0275185444662e4bb89d\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\796aa385c8874737db10719d\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\796aa385c8874737db10719d\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\796aa385c8874737db10719d\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\796aa385c8874737db10719d\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\7b158a89ef5c46c6709c8f86\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\7b158a89ef5c46c6709c8f86\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\7b158a89ef5c46c6709c8f86\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\873a331e086f4a073db17bb0\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\873a331e086f4a073db17bb0\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\873a331e086f4a073db17bb0\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\93e1dc9ae0df418fbfff5cbf\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\93e1dc9ae0df418fbfff5cbf\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\93e1dc9ae0df418fbfff5cbf\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\952ab3f75b6b4a0085f04cbd\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\952ab3f75b6b4a0085f04cbd\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\952ab3f75b6b4a0085f04cbd\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\a0afab16f2fa4b7c98e0a182\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\a0afab16f2fa4b7c98e0a182\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\a0afab16f2fa4b7c98e0a182\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\a5bff74483bd4b93bb7b2eb4\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\a5bff74483bd4b93bb7b2eb4\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\a5bff74483bd4b93bb7b2eb4\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\aae5a2e41fb748b063751590\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\aae5a2e41fb748b063751590\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\aae5a2e41fb748b063751590\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\af0472248a74480598fe2797\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\af0472248a74480598fe2797\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\af0472248a74480598fe2797\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\af0472248a74480598fe2797\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\b40522ac60a943587cfaaaac\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\b40522ac60a943587cfaaaac\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\b40522ac60a943587cfaaaac\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\b40522ac60a943587cfaaaac\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\b7f5fcf2d40c451ccaf4b6a7\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\b7f5fcf2d40c451ccaf4b6a7\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\b7f5fcf2d40c451ccaf4b6a7\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\bb0da214507144aa92fcb58f\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\bb0da214507144aa92fcb58f\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\bb0da214507144aa92fcb58f\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\be0902c900454078ac7ffa81\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\be0902c900454078ac7ffa81\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\be0902c900454078ac7ffa81\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\bf9f765288424b622c715aa5\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\bf9f765288424b622c715aa5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\bf9f765288424b622c715aa5\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\bf9f765288424b622c715aa5\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\cd12ece671fe442462f2d3be\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\cd12ece671fe442462f2d3be\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\cd12ece671fe442462f2d3be\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\cd12ece671fe442462f2d3be\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d077a048441b4cd5c0b0b394\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d077a048441b4cd5c0b0b394\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d077a048441b4cd5c0b0b394\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d266937df25541ace1385ca5\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d266937df25541ace1385ca5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d266937df25541ace1385ca5\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d54ee53019d34c79f264049c\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d54ee53019d34c79f264049c\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d54ee53019d34c79f264049c\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d54ee53019d34c79f264049c\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d5666d65b7d044a1f7d33aab\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d5666d65b7d044a1f7d33aab\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d5666d65b7d044a1f7d33aab\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d5666d65b7d044a1f7d33aab\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\e1201332655b421960d5e09d\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\e1201332655b421960d5e09d\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\e1201332655b421960d5e09d\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\e79faf36a1694c8d0b80fdab\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\e79faf36a1694c8d0b80fdab\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\e79faf36a1694c8d0b80fdab\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ec14792949bb4dae5392ba87\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ec14792949bb4dae5392ba87\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ec14792949bb4dae5392ba87\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ed3ef3895a424697643fbba4\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ed3ef3895a424697643fbba4\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ed3ef3895a424697643fbba4\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ee1d51f70f8642bf8c50559c\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ee1d51f70f8642bf8c50559c\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ee1d51f70f8642bf8c50559c\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ee1d51f70f8642bf8c50559c\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ee3d9ce7349141555eabfa8b\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ee3d9ce7349141555eabfa8b\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ee3d9ce7349141555eabfa8b\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ee3d9ce7349141555eabfa8b\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\eed0c43035da4094882150a2\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\eed0c43035da4094882150a2\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\eed0c43035da4094882150a2\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\eed0c43035da4094882150a2\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ef3a4001768e4dcb9ec1eb8e\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ef3a4001768e4dcb9ec1eb8e\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ef3a4001768e4dcb9ec1eb8e\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ef3a4001768e4dcb9ec1eb8e\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ef47d835adaf42ee21412185\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ef47d835adaf42ee21412185\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ef47d835adaf42ee21412185\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\f2d7186ef6a142942bcbf5ad\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\f2d7186ef6a142942bcbf5ad\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\f2d7186ef6a142942bcbf5ad\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\f2d7186ef6a142942bcbf5ad\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\f530ba9482274a284f4fa3b1\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\f530ba9482274a284f4fa3b1\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\f530ba9482274a284f4fa3b1\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\f556298ec4634abe4d864a86\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\f556298ec4634abe4d864a86\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\f556298ec4634abe4d864a86\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\fd99af679c9648818be072a8\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\fd99af679c9648818be072a8\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\fd99af679c9648818be072a8\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\fe78bdd0eae74ee724342e82\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\fe78bdd0eae74ee724342e82\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\fe78bdd0eae74ee724342e82\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\fe78bdd0eae74ee724342e82\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\fe7fa68cc66a4c84df8a6cb4\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\fe7fa68cc66a4c84df8a6cb4\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\fe7fa68cc66a4c84df8a6cb4\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ffca3648cd294b1b16cbebbe\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ffca3648cd294b1b16cbebbe\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ffca3648cd294b1b16cbebbe\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\495120051df546c8b63e9693\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\495120051df546c8b63e9693\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\495120051df546c8b63e9693\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\4de676d5ea5a45656957fe85\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\4de676d5ea5a45656957fe85\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\4de676d5ea5a45656957fe85\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\7e1c809d1e1b4a1394d522b2\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\7e1c809d1e1b4a1394d522b2\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\7e1c809d1e1b4a1394d522b2\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\e69598f41dbc4bac4c07d481\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\e69598f41dbc4bac4c07d481\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\e69598f41dbc4bac4c07d481\#name
C:\Program Files\winantispyware 2007\scanlog.xml
C:\Program Files\winantispyware 2007\settings.ini
C:\Program Files\winantispyware 2007\shellext.dll
C:\Program Files\winantispyware 2007\shellext.xml
C:\Program Files\winantispyware 2007\sr.log
C:\Program Files\winantispyware 2007\Summary.dat
C:\Program Files\winantispyware 2007\support.url
C:\Program Files\winantispyware 2007\tasks.dat
C:\Program Files\winantispyware 2007\threatnet.dat
C:\Program Files\winantispyware 2007\threatnet.ini
C:\Program Files\winantispyware 2007\unins000.dat
C:\Program Files\winantispyware 2007\unins000.exe
C:\Program Files\winantispyware 2007\uninstall.ico
C:\Program Files\winantispyware 2007\UnWizard.exe
C:\Program Files\winantispyware 2007\unwizard.xml
C:\Program Files\winantispyware 2007\up.dat
C:\Program Files\winantispyware 2007\updater.dat
C:\Program Files\winantispyware 2007\was7.exe
C:\Program Files\winantispyware 2007\WAS7.url
C:\Program Files\winantispyware 2007\WAS7.xml
C:\WINDOWS\poolsv.exe
C:\WINDOWS\retadpu77.exe
C:\WINDOWS\svhost.exe
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\stera.exe
C:\WINDOWS\system32\tamlj.dll
C:\WINDOWS\system32\wcpsvtr.exe
C:\WINDOWS\wr.txt


((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))


2007-07-11 14:47 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-11 14:05 <DIR> d-------- C:\SmitfraudFix
2007-07-11 14:03 884,299 --a------ C:\SmitfraudFix.exe
2007-07-11 13:36 <DIR> d-------- C:\VundoFix Backups
2007-07-11 12:26 <DIR> d-------- C:\DOCUME~1\Owner\.SunDownloadManager
2007-07-11 08:59 18,432 --a------ C:\WINDOWS\system32\drivers\ApiMon.sys
2007-07-09 15:49 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\ImgBurn
2007-07-09 14:00 <DIR> d-------- C:\Program Files\ImgBurn
2007-06-21 14:24 <DIR> d-------- C:\Program Files\DVD Decrypter
2007-06-21 13:43 <DIR> d-------- C:\Program Files\DVD Shrink
2007-06-21 13:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-06-13 03:14 43,602 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2007-06-13 03:14 <DIR> d-------- C:\Program Files\Gabest
2007-06-13 03:14 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-06-13 03:13 <DIR> d-------- C:\Program Files\AutoGK
2007-06-13 02:44 <DIR> d-------- C:\Program Files\DVDx
2007-06-13 02:44 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Aladdin Systems


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-11 20:00:38 -------- d-----w C:\Program Files\Symantec AntiVirus CE 9.0.1
2007-07-10 20:43:08 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
2007-06-03 02:13:22 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Move Networks
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-01-12 20:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{371A1EDB-834C-8196-1860-FF8DB056859E}]
C:\WINDOWS\system32\tamlj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-06-14 18:32 509592 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}]
2004-06-30 16:52 28745 --a------ C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C269530B-2E11-4464-BB13-230388445C4E}]
C:\WINDOWS\system32\ddcyv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 07:23]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 23:02]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 12:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-01-20 23:22]
"VTTimer"="VTTimer.exe" [2004-10-22 12:53 C:\WINDOWS\system32\VTTimer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 C:\WINDOWS\AGRSMMSG.exe]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 11:17]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 C:\WINDOWS\ALCXMNTR.EXE]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-02-05 08:24]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-06-09 20:31]
"vptray"="C:\PROGRA~1\SYMANT~1.1\VPTray.exe" [2004-07-07 19:29]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-06-25 01:24]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-06-02 01:34]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"Steam"="" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"Notn"="C:\DOCUME~1\Owner\APPLIC~1\STEM~1\javaw.exe" []
"Esnduzb"="C:\Program Files\Common Files\?ppPatch\j?vaw.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4567AB12-B980-44A5-B259-9B09EBEA6331}"="C:\Program Files\WinAntiSpyware 2007\shellext.dll" []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Organize.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Organize.lnk
backup=C:\WINDOWS\pss\Organize.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=C:\WINDOWS\pss\spamsubtract.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0b736f0-191f-11dc-a062-000ea6be8c67}]
AutoRun\command- F:\wd_windows_tools\setup.exe


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-11 16:00:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-11 16:01:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-11 16:01

--- E O F ---
 

JohnIV

Thread Starter
Joined
Jul 11, 2007
Messages
9
HijackThis posted this:

Logfile of HijackThis v1.99.1
Scan saved at 4:08:57 PM, on 7/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus CE 9.0.1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec AntiVirus CE 9.0.1\Rtvscan.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1.1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owner\Desktop\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/go/listen-eLife
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {371A1EDB-834C-8196-1860-FF8DB056859E} - C:\WINDOWS\system32\tamlj.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: (no name) - {C269530B-2E11-4464-BB13-230388445C4E} - C:\WINDOWS\system32\ddcyv.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1.1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\APPLIC~1\STEM~1\javaw.exe" -vt yazb
O4 - HKCU\..\Run: [Esnduzb] "C:\Program Files\Common Files\?ppPatch\j?vaw.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus CE 9.0.1\DefWatch.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus CE 9.0.1\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus CE 9.0.1\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

________________________________________________________________________

Should I delete the WinAntiSpyware program from the Add/Remove window now?

Thanks,
John
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
JohnIV said:
Should I delete the WinAntiSpyware program from the Add/Remove window now?

Thanks,
John
If you can.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

Click Exit on the Main menu to close the program.



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
  • Click Close to exit the program.
 

JohnIV

Thread Starter
Joined
Jul 11, 2007
Messages
9
Hey, thanks again for the help.

Here's the SUPERAntiSpyware Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/11/2007 at 06:12 PM

Application Version : 3.9.1008

Core Rules Database Version : 3267
Trace Rules Database Version: 1278

Scan type : Complete Scan
Total Scan Time : 01:20:59

Memory items scanned : 472
Memory threats detected : 0
Registry items scanned : 6702
Registry threats detected : 199
File items scanned : 82255
File threats detected : 22

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}#AppID
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\InprocServer32
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\InprocServer32#ThreadingModel
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\ProgID
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\Programmable
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\TypeLib
HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\VersionIndependentProgID
C:\PROGRAM FILES\WINANTISPYWARE 2007\SHELLEXT.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{4567AB12-B980-44A5-B259-9B09EBEA6331}
HKCR\washellext.ShellHook.1
HKCR\washellext.ShellHook.1\CLSID
HKCR\washellext.ShellHook
HKCR\washellext.ShellHook\CLSID
HKCR\washellext.ShellHook\CurVer
HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}
HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0
HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0\0
HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0\0\win32
HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0\FLAGS
HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0\HELPDIR

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{C269530B-2E11-4464-BB13-230388445C4E}
HKCR\CLSID\{C269530B-2E11-4464-BB13-230388445C4E}
HKCR\CLSID\{C269530B-2E11-4464-BB13-230388445C4E}\InprocServer32
HKCR\CLSID\{C269530B-2E11-4464-BB13-230388445C4E}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\DDCYV.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C269530B-2E11-4464-BB13-230388445C4E}

Adware.Viewpoint Toolbar
HKLM\Software\Classes\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\InProcServer32
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\InProcServer32#ThreadingModel
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\ProgID
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\Programmable
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\TypeLib
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\VersionIndependentProgID
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
HKCR\ViewBar.ViewBar.1
HKCR\ViewBar.ViewBar.1\CLSID
HKCR\ViewBar.ViewBar
HKCR\ViewBar.ViewBar\CLSID
HKCR\ViewBar.ViewBar\CurVer
HKCR\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}
HKCR\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}\1.0
HKCR\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}\1.0\0
HKCR\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}\1.0\0\win32
HKCR\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}\1.0\FLAGS
HKCR\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}\1.0\HELPDIR

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
HKCR\CLSID\{_CLSID_WAShellExecuteCheck}
HKCR\CLSID\{_CLSID_WAShellExecuteCheck}#AppID
HKCR\CLSID\{_CLSID_WAShellExecuteCheck}\LocalServer32
HKCR\CLSID\{_CLSID_WAShellExecuteCheck}\Programmable
HKCR\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}
HKCR\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}\1.0
HKCR\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}\1.0\0
HKCR\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}\1.0\0\win32
HKCR\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}\1.0\FLAGS
HKCR\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}\1.0\HELPDIR
HKCR\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}
HKCR\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}\ProxyStubClsid
HKCR\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}\ProxyStubClsid32
HKCR\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}\TypeLib
HKCR\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}\TypeLib#Version
HKLM\SYSTEM\CurrentControlSet\Services\FOPN
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Type
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Start
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Tag
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Group
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Overflow
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\blocked
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\QOOBOX\QUARANTINE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DRIVERS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\OWNER
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\QOOBOX\QUARANTINE\C\PROGRAM FILES\WINANTISPYWARE 2007
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\QOOBOX\QUARANTINE\C\PROGRAM FILES\SVHOST
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\QOOBOX\QUARANTINE\C\WINDOWS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\452RCXAN
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\T73BHXSE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\COMBOFIX
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\EXPUJIP4
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\M9SJQ1E5
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\09YRSDYN
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CJLZE6VX
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\VYGZJL4D
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\SMITFRAUDFIX
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\DESKTOP
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\50DTBKWX
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\OWNER\LOCALS~1\TEMP\WER13E4.DIR00
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\1ZBZ5X0E
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ETT63QP0
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\1GU7XONI
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\052V4PEJ
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CF9FMAJL
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D33N9D4E
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\QTDAFM9W
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\320BF9K9
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\SD0FKNOZ
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\BYWJFPG1
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CT6V45QF
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\RECYCLER\S-1-5-21-3171369646-1100356267-3300897209-1003
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\OWNER\LOCALS~1\TEMP\WER8B06.DIR00
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\OWNER\LOCALS~1\TEMP\WER7665.DIR00
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\OWNER\LOCALS~1\TEMP\WER7785.DIR00
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\DOWNLOADS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\RECENT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\8TMVKD23
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\DR WATSON
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\YAHOO! COMPANION\DATA\DEFAULT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WP2ZGXA3
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\VIEWPOINT\VIEWBAR\THUMBNAILS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\OWNER\LOCALS~1\TEMP\PLUGTMP
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\8H4J0V4N
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\49S1IV8D
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\Y32FYXMF
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\0FFR6GTD
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\MPROTK3U
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\XSCZ91O1
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\GTMZ8XYF
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\F3ABTDZM.DEFAULT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\TALKBACK\MOZILLAORG\FIREFOX10\WIN32\2005031717
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\PREFETCH
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\WBEM\REPOSITORY\FS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\NETWORKSERVICE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\LOCALSERVICE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\SOFTWAREDISTRIBUTION\DATASTORE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\SOFTWAREDISTRIBUTION\DATASTORE\LOGS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\WINANTISPYWARE 2007
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\SENDTO
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\SVHOST
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\S-1-5-21-3171369646-1100356267-3300897209-1003
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\OWNER\LOCALS~1\TEMP\ENIS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\BJT3B9GW
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\G1UR4P6B
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\SYMANTEC ANTIVIRUS CE 9.0.1\SAVRT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\LOGS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\COOKIES
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\SYMANTEC ANTIVIRUS CE 9.0.1
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\WBEM\LOGS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\WBEM\REPOSITORY
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\LIVEUPDATE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRA~1\SYMANTEC\LIVEUP~1
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\SYSTEM VOLUME INFORMATION\_RESTORE{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\SONIC\UPDATE MANAGER
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\OWNER\LOCALS~1\TEMP
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\HP\KBD
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\TASKS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\COMMON CLIENT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\TEMP
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\CONFIG
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\VUNDOFIX BACKUPS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\OWNER\LOCALS~1\TEMP\WER6D83.DIR00
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\OWNER\LOCALS~1\TEMP\WER702F.DIR00
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\OWNER\LOCALS~1\TEMP\WER7502.DIR00
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\JAVA\JRE1.6.0_02
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\CONFIG.MSI
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\JAVA\JRE1.6.0_02\LIB
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\JAVA\JRE1.6.0_02\BIN
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\CHROME\LOCALE\ZH-TW\FFJCEXT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\CHROME\LOCALE\ZH-CN\FFJCEXT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\CHROME\LOCALE\SV-SE\FFJCEXT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\CHROME\LOCALE\KO-KR\FFJCEXT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\CHROME\LOCALE\JA-JP\FFJCEXT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\CHROME\LOCALE\IT-IT\FFJCEXT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\CHROME\LOCALE\FR-FR\FFJCEXT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\CHROME\LOCALE\ES-ES\FFJCEXT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\CHROME\LOCALE\EN-US\FFJCEXT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\CHROME\LOCALE\DE-DE\FFJCEXT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\CHROME\CONTENT\FFJCEXT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA.ORG\MOZILLA\PLUGINS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\JAVA\JRE1.6.0_02\LIB\ZI\AFRICA
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\JAVA\JRE1.6.0_02\LIB\ZI\AUSTRALIA
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\JAVA\JRE1.6.0_02\LIB\ZI\ATLANTIC
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\JAVA\JRE1.6.0_02\LIB\ZI\AMERICA\INDIANA
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\JAVA\JRE1.6.0_02\LIB\ZI\AMERICA
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Security
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum#NextInstance

Adware.ClickSpring/Outer Info Network
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo

Adware.ClickSpring-Variant
C:\QOOBOX\QUARANTINE\C\DOCUME~1\OWNER\APPLIC~1\STEM~1\JAVAW.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP163\A0041347.EXE

Adware.ClickSpring
C:\QooBox\Quarantine\C\Program Files\Common Files\PPPATC~1\JVAWEX~1.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP163\A0041348.EXE

Adware.ClickSpring/Yazzle
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1549OINADMIN.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1549OINUNINSTALLER.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\POOLSV\YAZZLEBUNDLE-1549.EXE.VIR

Trojan.WinAntiSpyware/WinAntiVirus 2006
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\POOLSV\WINANTISPYWARE2007FREEINSTALL.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP163\A0041353.EXE

Trojan.Downloader-Stera/WinSoftware
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\STERA.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP163\A0041374.EXE

Adware.ClickSpring/Resident
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TAMLJ.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP163\A0041346.DLL

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WCPSVTR.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP163\A0041345.EXE

Trojan.Downloader-Gen/HitItQuitIt
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP163\A0041376.DLL

_________________________________________________________________________
 

JohnIV

Thread Starter
Joined
Jul 11, 2007
Messages
9
And here's the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:13:35 PM, on 7/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus CE 9.0.1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Symantec AntiVirus CE 9.0.1\Rtvscan.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1.1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/go/listen-eLife
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {371A1EDB-834C-8196-1860-FF8DB056859E} - C:\WINDOWS\system32\tamlj.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1.1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\APPLIC~1\STEM~1\javaw.exe" -vt yazb
O4 - HKCU\..\Run: [Esnduzb] "C:\Program Files\Common Files\?ppPatch\j?vaw.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus CE 9.0.1\DefWatch.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus CE 9.0.1\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus CE 9.0.1\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


Thanks,
John
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Run HJT again and put a check in the following:

O2 - BHO: (no name) - {371A1EDB-834C-8196-1860-FF8DB056859E} - C:\WINDOWS\system32\tamlj.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\APPLIC~1\STEM~1\javaw.exe" -vt yazb
O4 - HKCU\..\Run: [Esnduzb] "C:\Program Files\Common Files\?ppPatch\j?vaw.exe"

Close all applications and browser windows before you click "fix checked".


Run Panda ActiveScan here

Post a new HiJack This log along with the results from ActiveScan.
 

JohnIV

Thread Starter
Joined
Jul 11, 2007
Messages
9
Hey again; here are the results from the ActiveScan:


Incident Status Location

Spyware:spyware/searchcentrix Not disinfected Windows Registry
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[ads.pointroll.com/PRServe/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.overture.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.go.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[winantispyware.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[go.winantispyware.com/MTg4NQ==/2/702/antispyware/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.go.winantispyware.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[go.winantispyware.com/MTg4NQ==/2/702/antispyware/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.com.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.target.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.club.cdfreaks.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.fastclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.serving-sys.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.mediaplex.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.maxserving.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.maxserving.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.bfast.com/]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.linksynergy.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.belnk.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.realmedia.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.overture.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.go.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.statcounter.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Virus:Generic Malware Disinfected C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\QooBox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe.vir
Virus:Generic Malware Disinfected C:\QooBox\Quarantine\C\Program Files\poolsv\svhost.exe.vir
Spyware:Application/ErrorProtector Not disinfected C:\QooBox\Quarantine\C\Program Files\WinAntiSpyware 2007\InstHelp.exe.vir
Virus:Generic Malware Disinfected C:\QooBox\Quarantine\C\WINDOWS\svhost.exe.vir
Potentially unwanted tool:Application/Processor Not disinfected C:\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\SmitfraudFix\restart.exe

________________________________________________________________________
 

JohnIV

Thread Starter
Joined
Jul 11, 2007
Messages
9
And here is the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 3:42:35 PM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus CE 9.0.1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec AntiVirus CE 9.0.1\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1.1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/go/listen-eLife
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1.1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus CE 9.0.1\DefWatch.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus CE 9.0.1\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus CE 9.0.1\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Thanks,
John
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Looks fine. Most of that is cookies and files that have already been handled by your anti-virus.

You can remove all of the tools I requested you to download and/or folders associated with them now. It is pointless for them to keep these tools around as they are updated so frequently that the tools can be outdated within a few days, sometimes within just hours.

The OTMoveIt by OldTimer has a CleanUp! option you can use to remove most of the fixes and associated files and folders if you want to use that. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. Also remove OTMoveIt.

SUPERAntiSpyware is a trial version so you can keep that until the trial is over and then uninstall.


It's a good idea to Flush your System Restore after removing malware:
Turn off system restore and then turn it back on: http://support.microsoft.com/kb/310405

After you have done all of that let me know if you have any problems.
 

JohnIV

Thread Starter
Joined
Jul 11, 2007
Messages
9
It worked great. Thanks for all the help. I never would have been able to figure any of that out on my own. The computer seems fine now. Thanks!

-John
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top