1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: WinAntiSpyware 2007 Removal

Discussion in 'Virus & Other Malware Removal' started by JohnIV, Jul 11, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. JohnIV

    JohnIV Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    9
    Hello everyone.
    This morning my father somehow had WinAntiSpyware 2007 installed on the desktop. I found this forum:

    http://forums.techguy.org/security/556561-removing-winantispyware-2007-hjt-log.html

    and followed the instructions. I have yet to remove the program on the Add/Remove programs window. Here is my hijackthis entry.

    Logfile of HijackThis v1.99.1
    Scan saved at 1:59:10 PM, on 7/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Symantec AntiVirus CE 9.0.1\DefWatch.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1.1\VPTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\svhost.exe
    C:\WINDOWS\retadpu77.exe
    C:\Program Files\Symantec AntiVirus CE 9.0.1\Rtvscan.exe
    C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\DOCUME~1\Owner\APPLIC~1\STEM~1\javaw.exe
    C:\Program Files\Common Files\?ppPatch\j?vaw.exe
    C:\WINDOWS\retadpu77.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Documents and Settings\Owner\Desktop\Downloads\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/go/listen-eLife
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1.1\VPTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
    O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
    O4 - HKLM\..\Run: [WinAntiSpyware 2007 Free] "C:\Program Files\WinAntiSpyware 2007\was7.exe" /min
    O4 - HKLM\..\Run: [uwas7cw] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe" -c
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\APPLIC~1\STEM~1\javaw.exe" -vt yazb
    O4 - HKCU\..\Run: [Esnduzb] "C:\Program Files\Common Files\?ppPatch\j?vaw.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus CE 9.0.1\DefWatch.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus CE 9.0.1\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus CE 9.0.1\Rtvscan.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    ___________________________________________________________________

    Here is my VundoFix.txt:

    VundoFix V6.5.4

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 1:36:14 PM 7/11/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\ddcyv.dll
    C:\WINDOWS\system32\vycdd.bak1
    C:\WINDOWS\system32\vycdd.ini

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\ddcyv.dll
    C:\WINDOWS\system32\ddcyv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vycdd.bak1
    C:\WINDOWS\system32\vycdd.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vycdd.ini
    C:\WINDOWS\system32\vycdd.ini Has been deleted!

    Performing Repairs to the registry.
    Done!


    ________________________________________________________________________

    SmitFraudFix just brings up a blank window.


    Does anyone have any suggestions as to what to do next? Should I remove the program now? Thanks.
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!


    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
  3. JohnIV

    JohnIV Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    9
    The ComboFix scan took about an hour and displayed this log:

    "Owner" - 2007-07-11 14:58:49 - ComboFix 07-07-10.1 - Service Pack 2


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\jkhfd.dll
    C:\WINDOWS\system32\dfhkj.bak1
    C:\WINDOWS\system32\dfhkj.ini
    C:\WINDOWS\system32\efccbcd.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
    C:\DOCUME~1\Owner\APPLIC~1.\stem~1
    C:\DOCUME~1\Owner\APPLIC~1.\stem~1\javaw.exe
    C:\DOCUME~1\Owner\APPLIC~1.\winantispyware 2007
    C:\DOCUME~1\Owner\APPLIC~1.\winantispyware 2007\Logs\update.log
    C:\Documents and Settings\Owner.\err.log
    C:\Program Files\Common Files\pppatc~1
    C:\Program Files\Common Files\pppatc~1\j?vaw.exe
    C:\Program Files\Common Files\winantispyware 2007
    C:\Program Files\Common Files\winantispyware 2007\err.log
    C:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
    C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
    C:\Program Files\Common Files\Yazzle1549OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\Terms.rtf
    C:\Program Files\poolsv
    C:\Program Files\poolsv\k11u72.exe
    C:\Program Files\poolsv\svhost.exe
    C:\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe
    C:\Program Files\poolsv\wr-1-0000077.exe
    C:\Program Files\poolsv\YazzleBundle-1549.exe
    C:\Program Files\svhost
    C:\Program Files\svhost\wr-1-0000077.exe
    C:\Program Files\winantispyware 2007
    C:\Program Files\winantispyware 2007\Activate.dat
    C:\Program Files\winantispyware 2007\appupdate.dat
    C:\Program Files\winantispyware 2007\AsAgents.dll
    C:\Program Files\winantispyware 2007\AsAgents.xml
    C:\Program Files\winantispyware 2007\atl71.dll
    C:\Program Files\winantispyware 2007\AutoProcess.dat
    C:\Program Files\winantispyware 2007\bnlink.dat
    C:\Program Files\winantispyware 2007\database\enemies.dat
    C:\Program Files\winantispyware 2007\database\knownfiles.dat
    C:\Program Files\winantispyware 2007\database\TEBase.dat
    C:\Program Files\winantispyware 2007\database\vbpv.dat
    C:\Program Files\winantispyware 2007\dbupdate.dat
    C:\Program Files\winantispyware 2007\fopnl.dll
    C:\Program Files\winantispyware 2007\InstHelp.exe
    C:\Program Files\winantispyware 2007\InstUp.exe
    C:\Program Files\winantispyware 2007\lapv.dat
    C:\Program Files\winantispyware 2007\license.rtf
    C:\Program Files\winantispyware 2007\manual.pdf
    C:\Program Files\winantispyware 2007\manual.url
    C:\Program Files\winantispyware 2007\mfc71.dll
    C:\Program Files\winantispyware 2007\monstate.dat
    C:\Program Files\winantispyware 2007\msvcp71.dll
    C:\Program Files\winantispyware 2007\msvcr71.dll
    C:\Program Files\winantispyware 2007\ps.dat
    C:\Program Files\winantispyware 2007\pv.dat
    C:\Program Files\winantispyware 2007\quaratine.dat\#post_quarantine
    C:\Program Files\winantispyware 2007\readme.rtf
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\01393b72314944b32eb5dab3\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\01393b72314944b32eb5dab3\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\021921ab1f654f086c4652b3\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\021921ab1f654f086c4652b3\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\0e2a636a52b24c679db41288\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\0e2a636a52b24c679db41288\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\0e2a636a52b24c679db41288\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\0efbfdf4d52d4c49d64b9493\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\0efbfdf4d52d4c49d64b9493\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\12ae2f47fb474cb748a798b6\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\12ae2f47fb474cb748a798b6\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\138c0011d86145df72f4839a\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\138c0011d86145df72f4839a\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\1a82d9212a7741198be5aaae\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\1a82d9212a7741198be5aaae\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\1bbe0bb35c664ff0d42e5c83\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\1bbe0bb35c664ff0d42e5c83\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\21058c07fbeb4dbc266f12b4\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\21058c07fbeb4dbc266f12b4\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\221d637745a848e4bdd2d992\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\221d637745a848e4bdd2d992\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\2467256c2d6844ebf1616694\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\2467256c2d6844ebf1616694\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\290b190bab9b4d66ca4df68c\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\290b190bab9b4d66ca4df68c\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\2afb42323e0b48c242f8ddaa\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\2afb42323e0b48c242f8ddaa\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\3948c24022a1475ddcbbcb8f\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\3948c24022a1475ddcbbcb8f\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\39497a3208b240c94b2b28a2\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\39497a3208b240c94b2b28a2\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\42e1bc11b7ae4466f793c297\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\42e1bc11b7ae4466f793c297\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\449b12f353aa4833464e2094\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\449b12f353aa4833464e2094\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\4646fa8fea9848ca8c228aa6\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\4646fa8fea9848ca8c228aa6\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\54227bf9115848cd97b5368a\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\54227bf9115848cd97b5368a\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\5bfda32586cb46cf5487ba83\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\5bfda32586cb46cf5487ba83\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\5d3b2602de244fb08e8603a9\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\5d3b2602de244fb08e8603a9\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\64d8cf65278e45a359e2b786\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\64d8cf65278e45a359e2b786\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\66b91e95eead4f97afa0b789\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\66b91e95eead4f97afa0b789\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\6cc27b580d2e488a787025b3\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\6cc27b580d2e488a787025b3\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\6cc27b580d2e488a787025b3\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\738dc4df61d74744bb1b99a8\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\738dc4df61d74744bb1b99a8\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\79ce88f2ce6d4f4667c93c82\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\79ce88f2ce6d4f4667c93c82\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\7dbc0b2f5532418181eb2095\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\7dbc0b2f5532418181eb2095\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\8716c73f412a471a95c43592\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\8716c73f412a471a95c43592\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\88239379bf75411a500f8abb\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\88239379bf75411a500f8abb\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\8a5dc06dee584eaced164791\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\8a5dc06dee584eaced164791\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\8b8075f224df4acfa8198d9a\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\8b8075f224df4acfa8198d9a\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\8ca78ac62ba94f65a2b9059b\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\8ca78ac62ba94f65a2b9059b\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\900c7bf88bf2499f82a0d293\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\900c7bf88bf2499f82a0d293\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\900c7bf88bf2499f82a0d293\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\9533f5cb096842f6f4f1eca0\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\9533f5cb096842f6f4f1eca0\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\9728791746984dc092860483\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\9728791746984dc092860483\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\a7b02dfcfc6847a8733b42af\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\a7b02dfcfc6847a8733b42af\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\ab24cd5ad4f643d1f86849ae\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\ab24cd5ad4f643d1f86849ae\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\ae53e05e3b5e407eefc63181\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\ae53e05e3b5e407eefc63181\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\bb9330a24f7740dd4bda8583\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\bb9330a24f7740dd4bda8583\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\bfa323e7cbd64239c23e50ad\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\bfa323e7cbd64239c23e50ad\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\c4e33004f6764d76c0851484\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\c4e33004f6764d76c0851484\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\c6fde9c6f4c940b3138008b9\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\c6fde9c6f4c940b3138008b9\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\cadf02c6a126459443ce66a2\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\cadf02c6a126459443ce66a2\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\dd3db0ae69ea48fd0db58c91\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\dd3db0ae69ea48fd0db58c91\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\e19496ca5f8343515dd4259c\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\e19496ca5f8343515dd4259c\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\eb70745270c346fab690eaa1\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\eb70745270c346fab690eaa1\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\f1134d7f0f4e4292d9d2a789\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\f1134d7f0f4e4292d9d2a789\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\f16c6b983cfc4e8f10fefcb6\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\f16c6b983cfc4e8f10fefcb6\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\f2f216cdc4ff4267457c4bb4\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\f2f216cdc4ff4267457c4bb4\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\f6d27f9630c243d76d6823be\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\02f8e271c424479ad1170782\f6d27f9630c243d76d6823be\#startup
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\8c1d7e1dd32440163d834795\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\8c1d7e1dd32440163d834795\42b8c37a1d584ec90d7733a5\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\8c1d7e1dd32440163d834795\42b8c37a1d584ec90d7733a5\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\8c1d7e1dd32440163d834795\42b8c37a1d584ec90d7733a5\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\8c1d7e1dd32440163d834795\4c079a051bd2442184b313b9\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\8c1d7e1dd32440163d834795\4c079a051bd2442184b313b9\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\8c1d7e1dd32440163d834795\4c079a051bd2442184b313b9\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\8c1d7e1dd32440163d834795\c87e4777c01143916d805299\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\8c1d7e1dd32440163d834795\c87e4777c01143916d805299\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\8c1d7e1dd32440163d834795\c87e4777c01143916d805299\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\041c57d48b4246cc02fb8ba2\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\041c57d48b4246cc02fb8ba2\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\041c57d48b4246cc02fb8ba2\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\041c57d48b4246cc02fb8ba2\Owner
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\0a7f6eb4a03f4041aa0ec694\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\0a7f6eb4a03f4041aa0ec694\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\0a7f6eb4a03f4041aa0ec694\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\0b1d903770f14f56075eae9a\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\0b1d903770f14f56075eae9a\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\0b1d903770f14f56075eae9a\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\1131dd9332ce495cb6ec8481\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\1131dd9332ce495cb6ec8481\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\1131dd9332ce495cb6ec8481\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\116cf38126ae452ca72b6788\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\116cf38126ae452ca72b6788\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\116cf38126ae452ca72b6788\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\18a38a9643ab4fc39ce03280\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\18a38a9643ab4fc39ce03280\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\18a38a9643ab4fc39ce03280\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\18a38a9643ab4fc39ce03280\Owner
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\1ba79fd355c14b0ccce113b5\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\1ba79fd355c14b0ccce113b5\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\1ba79fd355c14b0ccce113b5\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\1f9096cff89a4335e98008a6\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\1f9096cff89a4335e98008a6\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\1f9096cff89a4335e98008a6\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\2192123fab4940483cba07b6\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\2192123fab4940483cba07b6\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\2192123fab4940483cba07b6\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\23e6aeb12cb047e9ac2ee593\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\23e6aeb12cb047e9ac2ee593\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\23e6aeb12cb047e9ac2ee593\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\23e6aeb12cb047e9ac2ee593\Owner
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\26d8e72e59284afe198a448f\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\26d8e72e59284afe198a448f\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\26d8e72e59284afe198a448f\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\28b6d6a85dec420d5ebd2e80\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\28b6d6a85dec420d5ebd2e80\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\28b6d6a85dec420d5ebd2e80\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\2bbe13fdcef142a67167208c\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\2bbe13fdcef142a67167208c\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\2bbe13fdcef142a67167208c\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\2bbe13fdcef142a67167208c\Owner
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\306da7879e0246a43b61ceb3\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\306da7879e0246a43b61ceb3\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\306da7879e0246a43b61ceb3\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\306da7879e0246a43b61ceb3\Owner
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\45470a377c1d4b6288fe3388\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\45470a377c1d4b6288fe3388\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\45470a377c1d4b6288fe3388\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\45470a377c1d4b6288fe3388\Owner
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\454bb40e8ffc4987a87e3a82\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\454bb40e8ffc4987a87e3a82\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\454bb40e8ffc4987a87e3a82\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\46c6dba5461c48485ecadfa6\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\46c6dba5461c48485ecadfa6\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\46c6dba5461c48485ecadfa6\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\46c6dba5461c48485ecadfa6\Owner
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\4cea7044cb3244015bcb1886\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\4cea7044cb3244015bcb1886\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\4cea7044cb3244015bcb1886\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\53b5cd68391240bc14d9d3b1\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\53b5cd68391240bc14d9d3b1\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\53b5cd68391240bc14d9d3b1\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\5521b8d821d349830b36679a\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\5521b8d821d349830b36679a\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\5521b8d821d349830b36679a\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\5521b8d821d349830b36679a\Owner
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\59cce168413548ffd5347882\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\59cce168413548ffd5347882\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\59cce168413548ffd5347882\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\5be5467cc6c84081e3daaa9a\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\5be5467cc6c84081e3daaa9a\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\5be5467cc6c84081e3daaa9a\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\5da519e4ee7946696c362bba\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\5da519e4ee7946696c362bba\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\5da519e4ee7946696c362bba\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6072f65f2b3b4fc48682eea5\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6072f65f2b3b4fc48682eea5\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6072f65f2b3b4fc48682eea5\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\63b00cf1b39d49418574eea6\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\63b00cf1b39d49418574eea6\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\63b00cf1b39d49418574eea6\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6aa09be99a7340234302d0b7\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6aa09be99a7340234302d0b7\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6aa09be99a7340234302d0b7\#name
    C:\Program Files\winantispyware
     
  4. JohnIV

    JohnIV Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    9
    2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6bc98dee600b4c05a1a2f0a5\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6bc98dee600b4c05a1a2f0a5\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6bc98dee600b4c05a1a2f0a5\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6c15952ea7d74aa1bc82448a\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6c15952ea7d74aa1bc82448a\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6c15952ea7d74aa1bc82448a\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\6c15952ea7d74aa1bc82448a\Owner
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\7233ffdb1e5a4b0bad24a981\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\7233ffdb1e5a4b0bad24a981\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\7233ffdb1e5a4b0bad24a981\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\746c0275185444662e4bb89d\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\746c0275185444662e4bb89d\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\746c0275185444662e4bb89d\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\796aa385c8874737db10719d\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\796aa385c8874737db10719d\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\796aa385c8874737db10719d\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\796aa385c8874737db10719d\Owner
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\7b158a89ef5c46c6709c8f86\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\7b158a89ef5c46c6709c8f86\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\7b158a89ef5c46c6709c8f86\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\873a331e086f4a073db17bb0\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\873a331e086f4a073db17bb0\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\873a331e086f4a073db17bb0\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\93e1dc9ae0df418fbfff5cbf\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\93e1dc9ae0df418fbfff5cbf\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\93e1dc9ae0df418fbfff5cbf\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\952ab3f75b6b4a0085f04cbd\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\952ab3f75b6b4a0085f04cbd\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\952ab3f75b6b4a0085f04cbd\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\a0afab16f2fa4b7c98e0a182\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\a0afab16f2fa4b7c98e0a182\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\a0afab16f2fa4b7c98e0a182\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\a5bff74483bd4b93bb7b2eb4\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\a5bff74483bd4b93bb7b2eb4\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\a5bff74483bd4b93bb7b2eb4\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\aae5a2e41fb748b063751590\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\aae5a2e41fb748b063751590\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\aae5a2e41fb748b063751590\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\af0472248a74480598fe2797\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\af0472248a74480598fe2797\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\af0472248a74480598fe2797\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\af0472248a74480598fe2797\Owner
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\b40522ac60a943587cfaaaac\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\b40522ac60a943587cfaaaac\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\b40522ac60a943587cfaaaac\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\b40522ac60a943587cfaaaac\Owner
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\b7f5fcf2d40c451ccaf4b6a7\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\b7f5fcf2d40c451ccaf4b6a7\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\b7f5fcf2d40c451ccaf4b6a7\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\bb0da214507144aa92fcb58f\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\bb0da214507144aa92fcb58f\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\bb0da214507144aa92fcb58f\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\be0902c900454078ac7ffa81\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\be0902c900454078ac7ffa81\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\be0902c900454078ac7ffa81\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\bf9f765288424b622c715aa5\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\bf9f765288424b622c715aa5\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\bf9f765288424b622c715aa5\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\bf9f765288424b622c715aa5\Owner
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\cd12ece671fe442462f2d3be\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\cd12ece671fe442462f2d3be\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\cd12ece671fe442462f2d3be\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\cd12ece671fe442462f2d3be\Owner
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d077a048441b4cd5c0b0b394\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d077a048441b4cd5c0b0b394\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d077a048441b4cd5c0b0b394\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d266937df25541ace1385ca5\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d266937df25541ace1385ca5\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d266937df25541ace1385ca5\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d54ee53019d34c79f264049c\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d54ee53019d34c79f264049c\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d54ee53019d34c79f264049c\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d54ee53019d34c79f264049c\Owner
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d5666d65b7d044a1f7d33aab\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d5666d65b7d044a1f7d33aab\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d5666d65b7d044a1f7d33aab\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\d5666d65b7d044a1f7d33aab\Owner
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\e1201332655b421960d5e09d\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\e1201332655b421960d5e09d\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\e1201332655b421960d5e09d\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\e79faf36a1694c8d0b80fdab\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\e79faf36a1694c8d0b80fdab\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\e79faf36a1694c8d0b80fdab\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ec14792949bb4dae5392ba87\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ec14792949bb4dae5392ba87\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ec14792949bb4dae5392ba87\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ed3ef3895a424697643fbba4\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ed3ef3895a424697643fbba4\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ed3ef3895a424697643fbba4\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ee1d51f70f8642bf8c50559c\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ee1d51f70f8642bf8c50559c\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ee1d51f70f8642bf8c50559c\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ee1d51f70f8642bf8c50559c\Owner
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ee3d9ce7349141555eabfa8b\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ee3d9ce7349141555eabfa8b\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ee3d9ce7349141555eabfa8b\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ee3d9ce7349141555eabfa8b\Owner
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\eed0c43035da4094882150a2\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\eed0c43035da4094882150a2\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\eed0c43035da4094882150a2\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\eed0c43035da4094882150a2\Owner
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ef3a4001768e4dcb9ec1eb8e\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ef3a4001768e4dcb9ec1eb8e\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ef3a4001768e4dcb9ec1eb8e\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ef3a4001768e4dcb9ec1eb8e\Owner
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ef47d835adaf42ee21412185\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ef47d835adaf42ee21412185\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ef47d835adaf42ee21412185\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\f2d7186ef6a142942bcbf5ad\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\f2d7186ef6a142942bcbf5ad\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\f2d7186ef6a142942bcbf5ad\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\f2d7186ef6a142942bcbf5ad\Owner
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\f530ba9482274a284f4fa3b1\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\f530ba9482274a284f4fa3b1\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\f530ba9482274a284f4fa3b1\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\f556298ec4634abe4d864a86\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\f556298ec4634abe4d864a86\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\f556298ec4634abe4d864a86\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\fd99af679c9648818be072a8\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\fd99af679c9648818be072a8\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\fd99af679c9648818be072a8\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\fe78bdd0eae74ee724342e82\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\fe78bdd0eae74ee724342e82\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\fe78bdd0eae74ee724342e82\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\fe78bdd0eae74ee724342e82\Owner
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\fe7fa68cc66a4c84df8a6cb4\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\fe7fa68cc66a4c84df8a6cb4\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\fe7fa68cc66a4c84df8a6cb4\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ffca3648cd294b1b16cbebbe\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ffca3648cd294b1b16cbebbe\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\c5dbaf49c55b485f292999a7\ffca3648cd294b1b16cbebbe\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\495120051df546c8b63e9693\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\495120051df546c8b63e9693\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\495120051df546c8b63e9693\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\4de676d5ea5a45656957fe85\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\4de676d5ea5a45656957fe85\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\4de676d5ea5a45656957fe85\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\7e1c809d1e1b4a1394d522b2\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\7e1c809d1e1b4a1394d522b2\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\7e1c809d1e1b4a1394d522b2\#name
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\e69598f41dbc4bac4c07d481\#data
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\e69598f41dbc4bac4c07d481\#internal
    C:\Program Files\winantispyware 2007\RTMonitor.dat\d2f0f82496d045ba553b4ea9\d9f74c07809e4b1b84bf00a7\e69598f41dbc4bac4c07d481\#name
    C:\Program Files\winantispyware 2007\scanlog.xml
    C:\Program Files\winantispyware 2007\settings.ini
    C:\Program Files\winantispyware 2007\shellext.dll
    C:\Program Files\winantispyware 2007\shellext.xml
    C:\Program Files\winantispyware 2007\sr.log
    C:\Program Files\winantispyware 2007\Summary.dat
    C:\Program Files\winantispyware 2007\support.url
    C:\Program Files\winantispyware 2007\tasks.dat
    C:\Program Files\winantispyware 2007\threatnet.dat
    C:\Program Files\winantispyware 2007\threatnet.ini
    C:\Program Files\winantispyware 2007\unins000.dat
    C:\Program Files\winantispyware 2007\unins000.exe
    C:\Program Files\winantispyware 2007\uninstall.ico
    C:\Program Files\winantispyware 2007\UnWizard.exe
    C:\Program Files\winantispyware 2007\unwizard.xml
    C:\Program Files\winantispyware 2007\up.dat
    C:\Program Files\winantispyware 2007\updater.dat
    C:\Program Files\winantispyware 2007\was7.exe
    C:\Program Files\winantispyware 2007\WAS7.url
    C:\Program Files\winantispyware 2007\WAS7.xml
    C:\WINDOWS\poolsv.exe
    C:\WINDOWS\retadpu77.exe
    C:\WINDOWS\svhost.exe
    C:\WINDOWS\system32\drivers\fopn.sys
    C:\WINDOWS\system32\stera.exe
    C:\WINDOWS\system32\tamlj.dll
    C:\WINDOWS\system32\wcpsvtr.exe
    C:\WINDOWS\wr.txt


    ((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))


    2007-07-11 14:47 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-11 14:05 <DIR> d-------- C:\SmitfraudFix
    2007-07-11 14:03 884,299 --a------ C:\SmitfraudFix.exe
    2007-07-11 13:36 <DIR> d-------- C:\VundoFix Backups
    2007-07-11 12:26 <DIR> d-------- C:\DOCUME~1\Owner\.SunDownloadManager
    2007-07-11 08:59 18,432 --a------ C:\WINDOWS\system32\drivers\ApiMon.sys
    2007-07-09 15:49 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\ImgBurn
    2007-07-09 14:00 <DIR> d-------- C:\Program Files\ImgBurn
    2007-06-21 14:24 <DIR> d-------- C:\Program Files\DVD Decrypter
    2007-06-21 13:43 <DIR> d-------- C:\Program Files\DVD Shrink
    2007-06-21 13:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
    2007-06-13 03:14 43,602 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
    2007-06-13 03:14 <DIR> d-------- C:\Program Files\Gabest
    2007-06-13 03:14 <DIR> d-------- C:\Program Files\AviSynth 2.5
    2007-06-13 03:13 <DIR> d-------- C:\Program Files\AutoGK
    2007-06-13 02:44 <DIR> d-------- C:\Program Files\DVDx
    2007-06-13 02:44 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Aladdin Systems


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-11 20:00:38 -------- d-----w C:\Program Files\Symantec AntiVirus CE 9.0.1
    2007-07-10 20:43:08 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
    2007-06-03 02:13:22 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Move Networks
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-01-12 20:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{371A1EDB-834C-8196-1860-FF8DB056859E}]
    C:\WINDOWS\system32\tamlj.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2007-06-14 18:32 509592 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}]
    2004-06-30 16:52 28745 --a------ C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C269530B-2E11-4464-BB13-230388445C4E}]
    C:\WINDOWS\system32\ddcyv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 07:23]
    "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 23:02]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 12:01]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-01-20 23:22]
    "VTTimer"="VTTimer.exe" [2004-10-22 12:53 C:\WINDOWS\system32\VTTimer.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 C:\WINDOWS\AGRSMMSG.exe]
    "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 11:17]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 C:\WINDOWS\ALCXMNTR.EXE]
    "mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-02-05 08:24]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-06-09 20:31]
    "vptray"="C:\PROGRA~1\SYMANT~1.1\VPTray.exe" [2004-07-07 19:29]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-06-25 01:24]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AIM"="C:\Program Files\AIM\aim.exe" [2005-06-02 01:34]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
    "Steam"="" []
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
    "Notn"="C:\DOCUME~1\Owner\APPLIC~1\STEM~1\javaw.exe" []
    "Esnduzb"="C:\Program Files\Common Files\?ppPatch\j?vaw.exe" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{4567AB12-B980-44A5-B259-9B09EBEA6331}"="C:\Program Files\WinAntiSpyware 2007\shellext.dll" []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
    backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
    backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Organize.lnk]
    path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Organize.lnk
    backup=C:\WINDOWS\pss\Organize.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
    path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
    backup=C:\WINDOWS\pss\spamsubtract.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0b736f0-191f-11dc-a062-000ea6be8c67}]
    AutoRun\command- F:\wd_windows_tools\setup.exe


    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-11 16:00:19
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-11 16:01:55 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-11 16:01

    --- E O F ---
     
  5. JohnIV

    JohnIV Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    9
    HijackThis posted this:

    Logfile of HijackThis v1.99.1
    Scan saved at 4:08:57 PM, on 7/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus CE 9.0.1\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Symantec AntiVirus CE 9.0.1\Rtvscan.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1.1\VPTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Owner\Desktop\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/go/listen-eLife
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {371A1EDB-834C-8196-1860-FF8DB056859E} - C:\WINDOWS\system32\tamlj.dll (file missing)
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
    O2 - BHO: (no name) - {C269530B-2E11-4464-BB13-230388445C4E} - C:\WINDOWS\system32\ddcyv.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1.1\VPTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\APPLIC~1\STEM~1\javaw.exe" -vt yazb
    O4 - HKCU\..\Run: [Esnduzb] "C:\Program Files\Common Files\?ppPatch\j?vaw.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus CE 9.0.1\DefWatch.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus CE 9.0.1\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus CE 9.0.1\Rtvscan.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    ________________________________________________________________________

    Should I delete the WinAntiSpyware program from the Add/Remove window now?

    Thanks,
    John
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    If you can.

    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.
     
  7. JohnIV

    JohnIV Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    9
    Hey, thanks again for the help.

    Here's the SUPERAntiSpyware Log:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/11/2007 at 06:12 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3267
    Trace Rules Database Version: 1278

    Scan type : Complete Scan
    Total Scan Time : 01:20:59

    Memory items scanned : 472
    Memory threats detected : 0
    Registry items scanned : 6702
    Registry threats detected : 199
    File items scanned : 82255
    File threats detected : 22

    Trojan.WinFixer
    HKLM\Software\Classes\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}#AppID
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\InprocServer32
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\InprocServer32#ThreadingModel
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\ProgID
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\Programmable
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\TypeLib
    HKCR\CLSID\{4567AB12-B980-44A5-B259-9B09EBEA6331}\VersionIndependentProgID
    C:\PROGRAM FILES\WINANTISPYWARE 2007\SHELLEXT.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{4567AB12-B980-44A5-B259-9B09EBEA6331}
    HKCR\washellext.ShellHook.1
    HKCR\washellext.ShellHook.1\CLSID
    HKCR\washellext.ShellHook
    HKCR\washellext.ShellHook\CLSID
    HKCR\washellext.ShellHook\CurVer
    HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}
    HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0
    HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0\0
    HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0\0\win32
    HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0\FLAGS
    HKCR\TypeLib\{4567AB12-7DFC-4C46-BD8F-41259D169A0D}\1.0\HELPDIR

    Adware.Vundo Variant
    HKLM\Software\Classes\CLSID\{C269530B-2E11-4464-BB13-230388445C4E}
    HKCR\CLSID\{C269530B-2E11-4464-BB13-230388445C4E}
    HKCR\CLSID\{C269530B-2E11-4464-BB13-230388445C4E}\InprocServer32
    HKCR\CLSID\{C269530B-2E11-4464-BB13-230388445C4E}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\DDCYV.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C269530B-2E11-4464-BB13-230388445C4E}

    Adware.Viewpoint Toolbar
    HKLM\Software\Classes\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
    HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
    HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
    HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\InProcServer32
    HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\InProcServer32#ThreadingModel
    HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\ProgID
    HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\Programmable
    HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\TypeLib
    HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\VersionIndependentProgID
    C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
    HKCR\ViewBar.ViewBar.1
    HKCR\ViewBar.ViewBar.1\CLSID
    HKCR\ViewBar.ViewBar
    HKCR\ViewBar.ViewBar\CLSID
    HKCR\ViewBar.ViewBar\CurVer
    HKCR\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}
    HKCR\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}\1.0
    HKCR\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}\1.0\0
    HKCR\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}\1.0\0\win32
    HKCR\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}\1.0\FLAGS
    HKCR\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}\1.0\HELPDIR

    Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
    HKCR\CLSID\{_CLSID_WAShellExecuteCheck}
    HKCR\CLSID\{_CLSID_WAShellExecuteCheck}#AppID
    HKCR\CLSID\{_CLSID_WAShellExecuteCheck}\LocalServer32
    HKCR\CLSID\{_CLSID_WAShellExecuteCheck}\Programmable
    HKCR\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}
    HKCR\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}\1.0
    HKCR\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}\1.0\0
    HKCR\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}\1.0\0\win32
    HKCR\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}\1.0\FLAGS
    HKCR\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}\1.0\HELPDIR
    HKCR\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}
    HKCR\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}\ProxyStubClsid
    HKCR\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}\ProxyStubClsid32
    HKCR\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}\TypeLib
    HKCR\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}\TypeLib#Version
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Type
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Start
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN#ErrorControl
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Tag
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN#ImagePath
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN#DisplayName
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Group
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Overflow
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\blocked
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\QOOBOX\QUARANTINE
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DRIVERS
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\OWNER
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\QOOBOX\QUARANTINE\C\PROGRAM FILES\WINANTISPYWARE 2007
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\QOOBOX\QUARANTINE\C\PROGRAM FILES\SVHOST
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\QOOBOX\QUARANTINE\C\WINDOWS
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\452RCXAN
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\T73BHXSE
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\COMBOFIX
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\EXPUJIP4
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\M9SJQ1E5
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\09YRSDYN
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CJLZE6VX
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\VYGZJL4D
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\SMITFRAUDFIX
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\DESKTOP
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\50DTBKWX
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\OWNER\LOCALS~1\TEMP\WER13E4.DIR00
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\1ZBZ5X0E
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ETT63QP0
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\1GU7XONI
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\052V4PEJ
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CF9FMAJL
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D33N9D4E
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\QTDAFM9W
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\320BF9K9
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\SD0FKNOZ
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\BYWJFPG1
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CT6V45QF
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\RECYCLER\S-1-5-21-3171369646-1100356267-3300897209-1003
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\OWNER\LOCALS~1\TEMP\WER8B06.DIR00
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\OWNER\LOCALS~1\TEMP\WER7665.DIR00
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\OWNER\LOCALS~1\TEMP\WER7785.DIR00
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\DOWNLOADS
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\RECENT
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\8TMVKD23
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\DR WATSON
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\YAHOO! COMPANION\DATA\DEFAULT
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WP2ZGXA3
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\VIEWPOINT\VIEWBAR\THUMBNAILS
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\OWNER\LOCALS~1\TEMP\PLUGTMP
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\8H4J0V4N
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\49S1IV8D
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\Y32FYXMF
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\0FFR6GTD
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\MPROTK3U
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\XSCZ91O1
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\GTMZ8XYF
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\F3ABTDZM.DEFAULT
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\TALKBACK\MOZILLAORG\FIREFOX10\WIN32\2005031717
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\PREFETCH
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\WBEM\REPOSITORY\FS
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\NETWORKSERVICE
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\LOCALSERVICE
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\SOFTWAREDISTRIBUTION\DATASTORE
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\SOFTWAREDISTRIBUTION\DATASTORE\LOGS
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\WINANTISPYWARE 2007
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\SENDTO
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\SVHOST
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\S-1-5-21-3171369646-1100356267-3300897209-1003
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\OWNER\LOCALS~1\TEMP\ENIS
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\BJT3B9GW
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\G1UR4P6B
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\SYMANTEC ANTIVIRUS CE 9.0.1\SAVRT
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\SYMANTEC ANTIVIRUS CORPORATE EDITION\7.5\LOGS
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\COOKIES
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\SYMANTEC ANTIVIRUS CE 9.0.1
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\WBEM\LOGS
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\WBEM\REPOSITORY
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\LIVEUPDATE
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRA~1\SYMANTEC\LIVEUP~1
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\SYSTEM VOLUME INFORMATION\_RESTORE{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\SONIC\UPDATE MANAGER
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\OWNER\LOCALS~1\TEMP
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\HP\KBD
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\TASKS
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\COMMON CLIENT
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\TEMP
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\CONFIG
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\WINDOWS
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\VUNDOFIX BACKUPS
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\OWNER\LOCALS~1\TEMP\WER6D83.DIR00
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\OWNER\LOCALS~1\TEMP\WER702F.DIR00
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\DOCUME~1\OWNER\LOCALS~1\TEMP\WER7502.DIR00
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\JAVA\JRE1.6.0_02
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\CONFIG.MSI
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\JAVA\JRE1.6.0_02\LIB
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\JAVA\JRE1.6.0_02\BIN
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\CHROME\LOCALE\ZH-TW\FFJCEXT
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\CHROME\LOCALE\ZH-CN\FFJCEXT
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\CHROME\LOCALE\SV-SE\FFJCEXT
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\CHROME\LOCALE\KO-KR\FFJCEXT
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\CHROME\LOCALE\JA-JP\FFJCEXT
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\CHROME\LOCALE\IT-IT\FFJCEXT
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\CHROME\LOCALE\FR-FR\FFJCEXT
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\CHROME\LOCALE\ES-ES\FFJCEXT
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\CHROME\LOCALE\EN-US\FFJCEXT
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\CHROME\LOCALE\DE-DE\FFJCEXT
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\CHROME\CONTENT\FFJCEXT
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA.ORG\MOZILLA\PLUGINS
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\JAVA\JRE1.6.0_02\LIB\ZI\AFRICA
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\JAVA\JRE1.6.0_02\LIB\ZI\AUSTRALIA
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\JAVA\JRE1.6.0_02\LIB\ZI\ATLANTIC
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\JAVA\JRE1.6.0_02\LIB\ZI\AMERICA\INDIANA
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\JAVA\JRE1.6.0_02\LIB\ZI\AMERICA
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Security
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Security#Security
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum#0
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum#Count
    HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum#NextInstance

    Adware.ClickSpring/Outer Info Network
    C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Terms.lnk
    C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Uninstall.lnk
    C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo

    Adware.ClickSpring-Variant
    C:\QOOBOX\QUARANTINE\C\DOCUME~1\OWNER\APPLIC~1\STEM~1\JAVAW.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP163\A0041347.EXE

    Adware.ClickSpring
    C:\QooBox\Quarantine\C\Program Files\Common Files\PPPATC~1\JVAWEX~1.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP163\A0041348.EXE

    Adware.ClickSpring/Yazzle
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1549OINADMIN.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1549OINUNINSTALLER.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\POOLSV\YAZZLEBUNDLE-1549.EXE.VIR

    Trojan.WinAntiSpyware/WinAntiVirus 2006
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\POOLSV\WINANTISPYWARE2007FREEINSTALL.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP163\A0041353.EXE

    Trojan.Downloader-Stera/WinSoftware
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\STERA.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP163\A0041374.EXE

    Adware.ClickSpring/Resident
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TAMLJ.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP163\A0041346.DLL

    Trojan.Unknown Origin
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WCPSVTR.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP163\A0041345.EXE

    Trojan.Downloader-Gen/HitItQuitIt
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP163\A0041376.DLL

    _________________________________________________________________________
     
  8. JohnIV

    JohnIV Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    9
    And here's the hijackthis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 8:13:35 PM, on 7/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus CE 9.0.1\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Symantec AntiVirus CE 9.0.1\Rtvscan.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1.1\VPTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Owner\Desktop\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/go/listen-eLife
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {371A1EDB-834C-8196-1860-FF8DB056859E} - C:\WINDOWS\system32\tamlj.dll (file missing)
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1.1\VPTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\APPLIC~1\STEM~1\javaw.exe" -vt yazb
    O4 - HKCU\..\Run: [Esnduzb] "C:\Program Files\Common Files\?ppPatch\j?vaw.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus CE 9.0.1\DefWatch.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus CE 9.0.1\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus CE 9.0.1\Rtvscan.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


    Thanks,
    John
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O2 - BHO: (no name) - {371A1EDB-834C-8196-1860-FF8DB056859E} - C:\WINDOWS\system32\tamlj.dll (file missing)
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\APPLIC~1\STEM~1\javaw.exe" -vt yazb
    O4 - HKCU\..\Run: [Esnduzb] "C:\Program Files\Common Files\?ppPatch\j?vaw.exe"

    Close all applications and browser windows before you click "fix checked".


    Run Panda ActiveScan here

    Post a new HiJack This log along with the results from ActiveScan.
     
  10. JohnIV

    JohnIV Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    9
    Hey again; here are the results from the ActiveScan:


    Incident Status Location

    Spyware:spyware/searchcentrix Not disinfected Windows Registry
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.advertising.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.fastclick.net/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.adrevolver.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.bs.serving-sys.com/]
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[ads.pointroll.com/PRServe/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.overture.com/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[citi.bridgetrack.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.go.com/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.ehg-dig.hitbox.com/]
    Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[winantispyware.com/]
    Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[go.winantispyware.com/MTg4NQ==/2/702/antispyware/]
    Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.go.winantispyware.com/]
    Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[go.winantispyware.com/MTg4NQ==/2/702/antispyware/]
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[statse.webtrendslive.com/]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.com.com/]
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.zedo.com/]
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.trafficmp.com/]
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.target.com/]
    Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.cdfreaks.com/]
    Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3abtdzm.default\cookies.txt[.club.cdfreaks.com/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.casalemedia.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.tradedoubler.com/]
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.fastclick.net/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.atdmt.com/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.mediaplex.com/]
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.advertising.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[servedby.advertising.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.advertising.com/]
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.maxserving.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.maxserving.com/]
    Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.bfast.com/]
    Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.linksynergy.com/]
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.belnk.com/]
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.ath.belnk.com/]
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.belnk.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.realmedia.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.overture.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.2o7.net/]
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.bluestreak.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.go.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\solf2pvm.slt\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
    Virus:Generic Malware Disinfected C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
    Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\QooBox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe.vir
    Virus:Generic Malware Disinfected C:\QooBox\Quarantine\C\Program Files\poolsv\svhost.exe.vir
    Spyware:Application/ErrorProtector Not disinfected C:\QooBox\Quarantine\C\Program Files\WinAntiSpyware 2007\InstHelp.exe.vir
    Virus:Generic Malware Disinfected C:\QooBox\Quarantine\C\WINDOWS\svhost.exe.vir
    Potentially unwanted tool:Application/Processor Not disinfected C:\SmitfraudFix\Process.exe
    Virus:Trj/Shutdown.Z Disinfected C:\SmitfraudFix\restart.exe

    ________________________________________________________________________
     
  11. JohnIV

    JohnIV Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    9
    And here is the new HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 3:42:35 PM, on 7/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus CE 9.0.1\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Symantec AntiVirus CE 9.0.1\Rtvscan.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1.1\VPTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\AIM\aim.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Owner\Desktop\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/go/listen-eLife
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1.1\VPTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus CE 9.0.1\DefWatch.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus CE 9.0.1\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus CE 9.0.1\Rtvscan.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Thanks,
    John
     
  12. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Looks fine. Most of that is cookies and files that have already been handled by your anti-virus.

    You can remove all of the tools I requested you to download and/or folders associated with them now. It is pointless for them to keep these tools around as they are updated so frequently that the tools can be outdated within a few days, sometimes within just hours.

    The OTMoveIt by OldTimer has a CleanUp! option you can use to remove most of the fixes and associated files and folders if you want to use that. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. Also remove OTMoveIt.

    SUPERAntiSpyware is a trial version so you can keep that until the trial is over and then uninstall.


    It's a good idea to Flush your System Restore after removing malware:
    Turn off system restore and then turn it back on: http://support.microsoft.com/kb/310405

    After you have done all of that let me know if you have any problems.
     
  13. JohnIV

    JohnIV Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    9
    It worked great. Thanks for all the help. I never would have been able to figure any of that out on my own. The computer seems fine now. Thanks!

    -John
     
  14. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/594521

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice