nasty virus

Light Poster

25 posts since May 2008

Reputation Points: 10

Solved Threads: 0

Hi and welcome to the Daniweb forums :).

==========

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Most Valuable Poster

Moderator

20,095 posts since Feb 2004

Reputation Points: 1,142

Solved Threads: 985

SmitFraudFix v2.323

Scan done at 11:26:20.85, Fri 05/30/2008
Run from C:\Documents and Settings\audition account\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Blubster\Blubster.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\privacy_danger FOUND !
C:\WINDOWS\xmpstean.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\audition account

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\audition account\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\AUDITI~1\FAVORI~1

C:\DOCUME~1\AUDITI~1\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\AUDITI~1\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\AUDITI~1\FAVORI~1\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\AUDITI~1\Desktop\Error Cleaner.url FOUND !
C:\DOCUME~1\AUDITI~1\Desktop\Privacy Protector.url FOUND !
C:\DOCUME~1\AUDITI~1\Desktop\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

[!] Suspicious: vregfwlx.dll
SSODL: vregfwlx - {02B07299-96CF-4C31-AD41-533F842760BD}

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: SMC EZ Card PCI 10 Adapter (SMC1208) - Packet Scheduler Miniport
DNS Server Search Order: 68.87.72.130
DNS Server Search Order: 68.87.77.130

HKLM\SYSTEM\CCS\Services\Tcpip\..\{34E90C0E-4215-4040-A72C-A426D2BDA9EC}: DhcpNameServer=68.87.72.130 68.87.77.130
HKLM\SYSTEM\CS2\Services\Tcpip\..\{34E90C0E-4215-4040-A72C-A426D2BDA9EC}: DhcpNameServer=68.87.72.130 68.87.77.130
HKLM\SYSTEM\CS3\Services\Tcpip\..\{34E90C0E-4215-4040-A72C-A426D2BDA9EC}: DhcpNameServer=68.87.72.130 68.87.77.130
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.72.130 68.87.77.130
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.72.130 68.87.77.130
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.72.130 68.87.77.130

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Light Poster

25 posts since May 2008

Reputation Points: 10

Solved Threads: 0

my firefox browser crashes and i can t get on the internet so i have to use my wii... lol also my taskbar keeps disappearing and then it comes back

Light Poster

25 posts since May 2008

Reputation Points: 10

Solved Threads: 0

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Most Valuable Poster

Moderator

20,095 posts since Feb 2004

Reputation Points: 1,142

Solved Threads: 985

SmitFraudFix v2.323

Scan done at 17:23:31.66, Fri 05/30/2008
Run from C:\Documents and Settings\audition account\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\vregfwlx.dll deleted.

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\privacy_danger\ Deleted
C:\WINDOWS\xmpstean.exe Deleted
C:\DOCUME~1\AUDITI~1\Desktop\Error Cleaner.url Deleted
C:\DOCUME~1\AUDITI~1\Desktop\Privacy Protector.url Deleted
C:\DOCUME~1\AUDITI~1\Desktop\Spyware?Malware Protection.url Deleted
C:\DOCUME~1\AUDITI~1\FAVORI~1\Error Cleaner.url Deleted
C:\DOCUME~1\AUDITI~1\FAVORI~1\Privacy Protector.url Deleted
C:\DOCUME~1\AUDITI~1\FAVORI~1\Spyware?Malware Protection.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35 PM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Blubster\Blubster.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {0BB0AD19-01C1-4253-9EA9-20DF16CC4D44} - C:\Program Files\Common Files\lavuq599.dll (file missing)
O2 - BHO: (no name) - {0E54E68A-D735-4549-A01A-90EA188BD41A} - C:\Program Files\Online Services\cefyr821058.dll (file missing)
O2 - BHO: (no name) - {4A3F62A9-AFEB-4543-AE4D-DC2442444E64} - C:\WINDOWS\system32\qoMdDwVO.dll
O2 - BHO: (no name) - {744BAFC9-DC30-48D0-A491-67FE3B5AAD55} - C:\WINDOWS\system32\ddcCRICr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: QXK Olive - {B33B96B9-E0C2-4648-9819-A38DDCAFA33C} - C:\WINDOWS\boqnrwdmstg.dll (file missing)
O2 - BHO: TChkBHO Class - {B6F19F93-C313-4DDF-9152-E55E6FE37310} - C:\WINDOWS\system32\ykvjeev.dll (file missing)
O2 - BHO: (no name) - {BAF86C81-F962-F5B7-1196-A18F0E557CCD} - C:\WINDOWS\system32\oxgkd.dll (file missing)
O2 - BHO: (no name) - {CB8E467B-42C7-49FC-9CAF-F20C5974B415} - C:\WINDOWS\system32\jkkLCuuR.dll (file missing)
O2 - BHO: Windows Media Player - {D5A7151F-58D0-4AC8-9329-BEDD59625679} - (no file)
O2 - BHO: (no name) - {F7F6584C-864B-411D-A410-BB2DE0D33CA1} - (no file)
O3 - Toolbar: (no name) - {EA0D26BD-9029-431A-86E0-83152D67828A} - (no file)
O3 - Toolbar: The retnsrp - {757EFAE3-B160-4A69-95D7-46761353800B} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: atfxqogp - {9E6CD9DF-5EF9-40F4-84FA-C4842EB1F283} - C:\WINDOWS\atfxqogp.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKCU\..\Run: [Antispyware] C:\Program Files\AntiSpywareApp\Antispyware.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Pamela Rice\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10801} (FlyLoader Class) - http://www.flyword.com/loaderword_win.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: gEWqPHYP - gEWqPHYP.dll (file missing)
O20 - Winlogon Notify: qoMdDwVO - C:\WINDOWS\SYSTEM32\qoMdDwVO.dll
O20 - Winlogon Notify: smcss - smcss.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9923 bytes

Light Poster

25 posts since May 2008

Reputation Points: 10

Solved Threads: 0

Download
SDFix
and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the
following :Restart your computer
After hearing your computer beep once during startup, but before the
Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
In Safe Mode, right click the SDFix.zip folder and choose Extract
All,
Open the extracted folder and double click RunThis.bat to
start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the
registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool
will be running and removing files.
When the desktop loads the Fixtool will complete the removal and
display Finished, then press any key to end the script and load
your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the
contents of the results file Report.txt back onto the forum with
a new HijackThis log

Most Valuable Poster

Moderator

20,095 posts since Feb 2004

Reputation Points: 1,142

Solved Threads: 985

here SDfix

SDFix: Version 1.187
Run by audition account on Sat 05/31/2008 at 01:59 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\AUDITI~1\Desktop\SDFix

Checking Services :

Name :
msupdate
AEJ36
AGK83
ALP71
BHL50
BIM14
BIN36
BJO48
BKO37
DJN82
DNR50
EIN04
EKP61
FLP82
GMP72
GMQ47
GQT48
JOT72
JTX15
LRV37
NTX48
NXC48
SDH14
VBF50
WCF04
XGL83

Path :
c:\windows\system32\mssrv32.exe
\??\C:\WINDOWS\System32\drivers\aeJ36.sys
\??\C:\WINDOWS\System32\drivers\agK83.sys
\??\C:\WINDOWS\System32\drivers\alP71.sys
\??\C:\WINDOWS\System32\drivers\bhL50.sys
\??\C:\WINDOWS\System32\drivers\biM14.sys
\??\C:\WINDOWS\System32\drivers\biN36.sys
\??\C:\WINDOWS\System32\drivers\bjO48.sys
\??\C:\WINDOWS\System32\drivers\bkO37.sys
\??\C:\WINDOWS\System32\drivers\djN82.sys
\??\C:\WINDOWS\System32\drivers\dnR50.sys
\??\C:\WINDOWS\System32\drivers\eiN04.sys
\??\C:\WINDOWS\System32\drivers\ekP61.sys
\??\C:\WINDOWS\System32\drivers\flP82.sys
\??\C:\WINDOWS\System32\drivers\gmP72.sys
\??\C:\WINDOWS\System32\drivers\gmQ47.sys
\??\C:\WINDOWS\System32\drivers\gqT48.sys
\??\C:\WINDOWS\System32\drivers\joT72.sys
\??\C:\WINDOWS\System32\drivers\jtX15.sys
\??\C:\WINDOWS\System32\drivers\lrV37.sys
\??\C:\WINDOWS\System32\drivers\ntX48.sys
\??\C:\WINDOWS\System32\drivers\nxC48.sys
\??\C:\WINDOWS\System32\drivers\sdH14.sys
\??\C:\WINDOWS\System32\drivers\vbF50.sys
\??\C:\WINDOWS\System32\drivers\wcF04.sys
\??\C:\WINDOWS\System32\drivers\xgL83.sys

msupdate - Deleted
AEJ36 - Deleted
AGK83 - Deleted
ALP71 - Deleted
BHL50 - Deleted
BIM14 - Deleted
BIN36 - Deleted
BJO48 - Deleted
BKO37 - Deleted
DJN82 - Deleted
DNR50 - Deleted
EIN04 - Deleted
EKP61 - Deleted
FLP82 - Deleted
GMP72 - Deleted
GMQ47 - Deleted
GQT48 - Deleted
JOT72 - Deleted
JTX15 - Deleted
LRV37 - Deleted
NTX48 - Deleted
NXC48 - Deleted
SDH14 - Deleted
VBF50 - Deleted
WCF04 - Deleted
XGL83 - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\Documents and Settings\Pamela Rice\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\Pamela Rice\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\Pamela Rice\Favorites\Spyware&Malware Protection.url - Deleted
C:\Program Files\Antivirus 2008 PRO\vscan.tsi - Deleted
C:\Program Files\Antivirus 2008 PRO\zlib.dll - Deleted
C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe - Deleted
C:\WINDOWS\mrofinu1535.exe - Deleted
C:\WINDOWS\search_res.txt - Deleted
C:\WINDOWS\system32\cmd.com - Deleted
C:\WINDOWS\system32\mssrv32.exe - Deleted
C:\WINDOWS\system32\netstat.com - Deleted
C:\WINDOWS\system32\ping.com - Deleted
C:\WINDOWS\system32\taskkill.com - Deleted
C:\WINDOWS\system32\tasklist.com - Deleted
C:\WINDOWS\system32\tracert.com - Deleted
C:\WINDOWS\system32\web.dat - Deleted
C:\WINDOWS\system32\WinCtrl32.dll - Deleted
C:\WINDOWS\vltdfabw.dll - Deleted
C:\WINDOWS\system32\drivers\AEJ36.sys - Deleted
C:\WINDOWS\system32\drivers\AGK83.sys - Deleted
C:\WINDOWS\system32\drivers\ALP71.sys - Deleted
C:\WINDOWS\system32\drivers\BHL50.sys - Deleted
C:\WINDOWS\system32\drivers\BIM14.sys - Deleted
C:\WINDOWS\system32\drivers\BIN36.sys - Deleted
C:\WINDOWS\system32\drivers\BJO48.sys - Deleted
C:\WINDOWS\system32\drivers\BKO37.sys - Deleted
C:\WINDOWS\system32\drivers\DJN82.sys - Deleted
C:\WINDOWS\system32\drivers\DNR50.sys - Deleted
C:\WINDOWS\system32\drivers\EIN04.sys - Deleted
C:\WINDOWS\system32\drivers\EKP61.sys - Deleted
C:\WINDOWS\system32\drivers\FLP82.sys - Deleted
C:\WINDOWS\system32\drivers\GMP72.sys - Deleted
C:\WINDOWS\system32\drivers\GMQ47.sys - Deleted
C:\WINDOWS\system32\drivers\GQT48.sys - Deleted
C:\WINDOWS\system32\drivers\INS50.sys - Deleted
C:\WINDOWS\system32\drivers\JOS14.sys - Deleted
C:\WINDOWS\system32\drivers\JOT72.sys - Deleted
C:\WINDOWS\system32\drivers\JTX15.sys - Deleted
C:\WINDOWS\system32\drivers\LRV37.sys - Deleted
C:\WINDOWS\system32\drivers\NTX48.sys - Deleted
C:\WINDOWS\system32\drivers\NXC48.sys - Deleted
C:\WINDOWS\system32\drivers\SDH14.sys - Deleted
C:\WINDOWS\system32\drivers\VBF50.sys - Deleted
C:\WINDOWS\system32\drivers\WCF04.sys - Deleted
C:\WINDOWS\system32\drivers\WDG58.sys - Deleted
C:\WINDOWS\system32\drivers\XGL83.sys - Deleted
C:\WINDOWS\system32\drivers\YHM82.sys - Deleted

Folder C:\Program Files\Antivirus 2008 PRO - Removed
Folder C:\Program Files\Spcron - Removed
Folder C:\Program Files\Temporary - Removed

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 14:29:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{233cabe3-7257-4122-b48b-a5b1b16b26d4}\Confi

g\OSSProxy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{233cabe3-7257-4122-b48b-a5b1b16b26d4}\Confi

g\OSSProxy\Settings]
"Name"="x-ns1JTwR2aArm0L,x-ns2IwXf2KnLLLL"
"SendContentIDToServer"=dword:00000001
"Capabilities"=dword:00000001
"ExtCapabilities"=dword:00000001
"OptionsBitmask"=dword:00000100
"RevertPath"="C:\WINDOWS\system32\"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authori

zedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network

Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\javaw.exe"="C:\\WINDOWS\\system32\\javaw.exe:*:Enabled:javaw"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program

Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft

Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe

2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe

2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorize

dapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network

Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :

File Backups: - C:\DOCUME~1\AUDITI~1\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 10 Dec 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 25 May 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Sun 25 May 2008 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Sun 16 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Fri 28 Mar 2008 0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT12.tmp"
Fri 28 Mar 2008 0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT10.tmp"
Fri 28 Mar 2008 0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT14.tmp"
Fri 28 Mar 2008 0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\b04031f0b83ee952189dd8beb4ee929a\BITF.tmp"
Fri 28 Mar 2008 0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT13.tmp"
Fri 28 Mar 2008 0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT15.tmp"
Fri 28 Mar 2008 0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT11.tmp"
Wed 28 May 2008 131,072 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS00BD07AF-72CB-4120-B303-E0C3A4367979.tmp"
Wed 28 May 2008 1,572,864 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS02B854B8-6B79-4C83-B67F-9746CA1AB077.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS05857F5D-6CF9-4A2A-A79A-BC5FF8693523.tmp"
Wed 28 May 2008 2,752,512 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS06E24596-0FC2-4C4E-A4B2-A9AF372A5E27.tmp"
Wed 28 May 2008 393,216 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS07D252BC-AAB3-43C9-BEA4-FC41D2997B3E.tmp"
Wed 28 May 2008 1,572,864 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS08AB6066-1717-42BB-B752-93980DB02AE0.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS11A6FBEA-F6BA-41CA-A365-910F45F4D934.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS126A2AE6-7E23-4E2E-A2A1-B96615E2EE17.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS13C50A09-0C22-4B12-93A7-3AD4405C48E2.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS1304B55E-9116-4A5E-8154-08AB8A8D61B4.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS1766262C-5A69-4C73-BC62-4D8BFDDBC3AB.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS1B50C795-01D3-435E-8A3A-C12F8AC0B872.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS1BB599E8-60D4-4695-9859-395640A84B4E.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS1DEB0680-32DA-46D7-B299-45357B38BE50.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS226D4240-43FB-44B8-A2E7-80480827F001.tmp"
Wed 28 May 2008 196,608 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS263FBA69-EF8B-4F5B-9483-3B50D6002D46.tmp"
Wed 28 May 2008 393,216 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS29E60113-E4BB-4D8A-8039-23D800704D60.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS2972A9B4-1EA6-42FA-A153-0278B4ECDAB8.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS2986FF8F-3C7C-42FC-8464-858A0CC391AD.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS2A159358-DF06-4250-9199-6D87BFD27D8F.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS2EDEC3EB-036F-457A-859E-CF009B0798FA.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS2F3E3502-321B-47B8-84BC-758B3B49019C.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS2F6CAB55-1A8B-494F-87E0-728811D878B9.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS34D02B77-8BD5-4D97-8A11-718B2565A3C8.tmp"
Wed 28 May 2008 131,072 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS3472D34B-0B05-43C3-ABC7-5BBEB7EB5D7C.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS36508656-88E8-40B2-93E1-412C7F861156.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS37395740-C319-4932-B769-FD8C11AAB91B.tmp"
Wed 28 May 2008 327,680 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS3B6FB0F2-C5AA-44AB-B111-105244738767.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS40E535AF-0CB5-4599-A2E9-914C81B89147.tmp"
Wed 28 May 2008 1,179,648 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS45BC4CDC-94C9-481E-8B32-B30B5462BF31.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS4F658064-F359-49DB-B6F1-F6F0887DA6CE.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS4FA9AE07-AC08-4936-902E-0102AD08F580.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS515641F0-EF08-4880-B2D0-7D224DCB9600.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS526F98A0-F1FD-487B-95CD-611945E7CA05.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS57E6135D-D0B0-40B5-BDE3-570097EA6A04.tmp"
Wed 28 May 2008 1,245,184 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS5A4C7B6D-3456-4D4A-8B72-07E7C61B6FDB.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS5CB1AD8E-039B-4DF1-8C04-680D311D893E.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS5C66CABF-BB8C-4E65-84EF-421119478D46.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS5C118917-C6DB-44E2-A0BF-8535E3C504CC.tmp"
Wed 28 May 2008 1,572,864 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS5F954813-CB98-416E-82C1-34E53C1A8010.tmp"
Wed 28 May 2008 1,900,544 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS6614D3B2-82D3-4316-8866-053E1DB5F8E4.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS6A357A24-426B-468F-80BB-0C90A1B71146.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS6EABF415-95CD-4959-80FC-1028EDAE07CA.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS73F6A51D-E8D5-4FD0-BCBD-E89C2734A4AB.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS7314EF22-C344-48C6-8403-010145E9160E.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS760D4DE4-2859-4052-AD33-FAA104C87C1F.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS7649BA06-E6A7-4E5A-ABBC-32D0D20D8E8D.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS7B578F11-00FE-413D-88D3-F4E20E308266.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS7E2651C7-5A89-4D82-B404-431805131301.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS811D31A4-71EE-4E4F-845D-97E5D0D329B8.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS84003C86-3CA4-46A0-BAC9-497ECA9E6E3F.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS8949E5EF-3C1E-4517-AABF-847BF17F367E.tmp"
Wed 28 May 2008 131,072 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS8CB1AC4B-54E9-4847-8468-4F54428AD68F.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS90072A05-2943-449A-90DA-8455E2CF0623.tmp"
Wed 28 May 2008 196,608 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS921874C9-CADF-44EE-A2B6-D33306D5D8ED.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS9CC877AA-E2C9-4804-81F5-BC9F3363E1A1.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSA1D5E938-E1A6-4F1E-9767-E0E0C7AA19CE.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSA35DA55B-B6AC-4AA8-AA88-F341F3AC02D0.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSA6A8B00E-6355-460B-96B9-E783619B108D.tmp"
Wed 28 May 2008 196,608 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSA6D7881C-ACAA-4E4B-8936-2B8CC69B595A.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSA953D82F-CC0B-4481-A034-6B1B1699F091.tmp"
Wed 28 May 2008 5,177,344 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSAE140D3F-6578-4A9E-86AA-647BCB7C350B.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSB1AEA35F-08D6-41BF-BC75-65D21D063DD9.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSB35F86C4-759C-4458-850F-55B70E04B4F5.tmp"
Wed 28 May 2008 917,504 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSB4023B13-8C6B-4C97-A2A7-128BDC3C1C95.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSB640C98C-6254-4E53-BF83-D46D06D1F2EA.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSBCFC5E13-D6D7-4766-A042-817436AF05A2.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSBE832CCF-3620-4521-A379-16D45CBA74F6.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSC9BEB069-4FF4-4AFD-853B-ECB33588D51C.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSD04F90D4-180C-4911-95D7-42C6F70E460B.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSD65A413F-FBD8-441E-BF46-6CC7B2534D00.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSD797F661-E008-4942-962A-CFA2347D892F.tmp"
Wed 28 May 2008 851,968 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSDABB2E3B-F42E-441A-98D8-DAC90D3C044C.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSDAC982EB-EC82-4972-B339-6E3F478072B1.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSDA1440F3-7351-4FEF-8D63-B672FDECFECA.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSDDFFF497-0BF0-4419-A62E-50A9877664C6.tmp"
Wed 28 May 2008 131,072 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSE3515B7E-D3A9-4C7A-9612-8CDB2A2335E6.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSE51A3DC7-1D9D-4F52-AEEA-D464B03F3BCE.tmp"
Wed 28 May 2008 393,216 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSE634D1F3-1CE5-4719-A4D7-D594EA1896C7.tmp"
Wed 28 May 2008 1,900,544 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSE9C541A6-00C6-4946-BEC4-1A5A2AD24772.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSEAF34FBC-AEFF-4C89-BE27-D8EB28D41A12.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSEBFCF635-BAC1-41BB-A74A-368C33AF81F4.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSEEFAE0AC-0D85-4522-898B-C0C7DC67EFAD.tmp"
Wed 28 May 2008 2,162,688 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSF0127AF1-68E7-48E6-934B-76D6A52E47A0.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSF25E19F6-BE23-44D0-8A38-D806D38F16D6.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSF3490969-8442-49B6-B970-BD15FECC7C97.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSF4008E82-5EE1-4746-8ACA-93CCAAFBD739.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSF7B20E9D-FA7B-447E-86E8-E26F7A8CB3EE.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSF71D6F10-63E2-4305-AB26-42F6654F75DF.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS747CC63F-D258-4DC6-A27F-0C284AF57014.tmp"
Thu 29 May 2008 131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSFE15FE87-1665-43B7-BE21-F3102D80D200.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS347C107D-97FC-4A5D-9C38-358F58845CD3.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS45F14AD8-1F15-4DD3-99AF-2937C01B0458.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSFD5284C5-3F15-4F38-A6DE-B15A57B2D6FA.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS58C48D52-CED2-4645-9318-DD6FF91C9F82.tmp"
Thu 29 May 2008 327,680 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS59960407-FDFE-42E5-9B85-C1A8410E0B4C.tmp"
Thu 29 May 2008 4,521,984 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS58329D2F-66B6-4FC0-9629-220B2C285AE6.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSA1601AC5-4891-4E6E-98EA-03EA6E834AC3.tmp"
Thu 29 May 2008 196,608 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS9852AF26-EFD5-4AD6-87E7-6B5BD1318535.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS58928001-AC66-452A-B9C4-DE11C4E82985.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS15C5E280-403E-45BA-92AA-E756C8D4C09D.tmp"
Thu 29 May 2008 1,966,080 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS002A75DD-4E49-4E2B-B2CC-D871529F555A.tmp"
Thu 29 May 2008 1,245,184 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSCA440181-112B-4CA9-A907-BFB071F70B8E.tmp"
Thu 29 May 2008 3,670,016 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS5086E098-433F-4A53-8383-27FB5835B0FF.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS34FFDD70-0D06-4532-8A23-94FE8C21B60B.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS160E086F-24A7-4C07-A3DF-408B227D5696.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS005B99D4-119E-4787-A984-83F72C8BAFD5.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS74F8A358-25DE-464A-8994-E2016DF93E1D.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSF67FF1CA-05C0-4590-B14A-07EBB6E32464.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS007937F6-6D03-46A1-A071-8D9024CA9107.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS00B572E1-64C3-48B4-8282-BF5C42E7F173.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS0093EE6B-9D29-440A-BCC6-78EBEDAFCACE.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS03096E95-E42D-4D67-AA9B-10FD13E574DC.tmp"
Thu 29 May 2008 1,703,936 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS0434A6FD-47E5-4E08-9AE6-3AF74129F188.tmp"
Wed 28 May 2008 851,968 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS04CD0E94-AD64-47D6-9154-C2837A478A3E.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS043B4807-B23E-43A8-B94F-37F576210831.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS05D2B645-2CA4-4647-BD7F-B99FADF3CCE9.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS051BD672-1B8D-4906-BCF3-DDEC30948D2A.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS066202FA-3CB3-428F-8A11-988290B8DFB9.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS07FE4BEF-3D3A-4D94-A14A-BC1C5DB46381.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS0865CDE6-B64B-4C04-AE8F-1584DB3D4FB2.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS08B1AFE4-D52A-4657-8F89-66BB20E0571F.tmp"
Thu 29 May 2008 196,608 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS08B56740-2263-4694-AB6E-63CC606E12E9.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS0919FFDD-45FA-4D2F-A9ED-63DE2DD50BA0.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS09041C03-B617-4E55-A860-03C6E5FB9F0D.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS09DC8D43-CEE4-4A2F-B520-CDE715CCBD91.tmp"
Thu 29 May 2008 2,162,688 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS0BE8BEFF-5464-4B21-A5B2-E0E0D9A09475.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS0B14AB2A-7A0B-4D65-884F-CED696381975.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS0CE77D49-A443-4EE6-8DF1-738DE1CC1593.tmp"
Thu 29 May 2008 720,896 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS0DFD2621-89C9-4746-A6DD-E4694654922B.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS0D4A19E0-AF6C-42A5-B1AF-9DB222C35530.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS0F12B907-2C8C-445B-9B0F-AA566B78A42A.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS12844E10-D27C-47E4-A7E7-E58B4123818E.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS12456D81-4A76-414F-8CA5-D621A989F645.tmp"
Wed 28 May 2008 393,216 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS1235C0FD-A37F-4FFD-A371-0AB94CD7A3C9.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS120E0474-43E2-4A96-A88E-DF94E31D47B3.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS14788B5A-B83B-4C22-B1AD-B6AB231D0A77.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS14BD2C3E-CFA7-43F0-8956-44FE3946F16F.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS15621939-7AA9-4E2A-8478-2B27A22C0E49.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS1611F054-6003-4C18-870F-9E95DDB8FE5F.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS17012ACC-C453-4381-92FE-5203A405CE3C.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS18E8D06C-CE5D-4B3A-917A-954177C55051.tmp"
Thu 29 May 2008 3,145,728 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS1858C9C0-8351-4EEC-A1B0-61C8938CC58E.tmp"
Thu 29 May 2008 131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS196B7671-A6AD-47A8-BAA2-00DDD784C914.tmp"
Thu 29 May 2008 3,670,016 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS1A5C2B23-B0BF-4C21-B632-AEC2E4D3DFF3.tmp"
Wed 28 May 2008 131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS1A03FDC6-23BB-4EDC-AB9C-63C945302BE0.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS1A0FB20F-2132-47FA-B577-0332069AAC47.tmp"
Wed 28 May 2008 327,680 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS1BD124A0-8A85-46F2-9AE2-72C92092D698.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS1B3B5FA5-4E12-40FB-ADF5-137A2F8EF770.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS1C8E4D9F-3093-425A-AD81-8D72BC127FC7.tmp"
Wed 28 May 2008 196,608 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS1DB7890F-FB9D-45EC-AE85-20EC4D0B8E17.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS1DE480C4-3461-462D-94B2-7B190962BBCD.tmp"
Wed 28 May 2008 131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS1D47E700-EB63-4401-90EE-14D93BB1566E.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS1DFC38F7-50DF-4BAB-B636-255068801EC9.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS1EE8148C-CC1E-4F9E-AA03-D03AAA53AD81.tmp"
Wed 28 May 2008 393,216 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS1E2DC34A-AED0-49A4-B782-DB7FE4113459.tmp"
Wed 28 May 2008 131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS1FA40CD1-53B9-4865-BE8B-49592980BFFB.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS1F186C9F-7FB5-49CC-A3AA-EC21F93B8A70.tmp"
Thu 29 May 2008 720,896 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS1F0F0638-C723-4066-A976-2B5B93A3F9C5.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS20B68FF4-E1CE-426F-826C-8796EB5EF770.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS206D2DDA-A996-42F2-86F3-78689E2A67EC.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS21F2B256-98CE-4F4E-937B-8241353FBB66.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS21CA6DB4-89EF-4A2D-9FBE-DE6C588BC04C.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS222914BE-1FB7-40DD-B23F-15B0226DC1CF.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS24BA1BAB-55B6-4684-A1CC-E6C12DBB6071.tmp"
Wed 28 May 2008 393,216 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS24C9619F-44A9-4F1D-8FB7-1AEF211622DE.tmp"
Thu 29 May 2008 327,680 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS25287E76-8099-4E14-9444-C546109EBDB1.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS26F5E64A-CEA7-4A74-8D58-E39793C8E20B.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS27267B7F-730D-46A3-B960-482E9DBD5509.tmp"
Wed 28 May 2008 196,608 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS28D9075A-9BCA-4A3A-8F63-C8680275B225.tmp"
Wed 28 May 2008 1,572,864 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS2893E95F-FAF0-4E11-BB98-2801E6B538C6.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS28C95074-3D2E-49EC-BF53-59663647D742.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS290935D5-D2EF-4688-9A4F-5EE3F40DDAD8.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS2AC8C533-F0F8-4A95-AD6C-246AFB464B9E.tmp"
Thu 29 May 2008 917,504 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS2A0C77CE-F6CF-4E36-8A56-CC0B1D4A2655.tmp"
Wed 28 May 2008 393,216 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS2B1848A5-E163-4496-80BC-94A5BD7CF451.tmp"
Thu 29 May 2008 196,608 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS2CA05E49-DD46-41B0-B9B6-8A0BC5B2D299.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS2F0153EF-32CF-4C18-9213-96E6BF2D2A71.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS32E6510E-C0C4-400F-8F7C-8DCAA1CD488B.tmp"
Thu 29 May 2008 131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS3225AAF7-002D-4336-957C-30582D6DE776.tmp"
Thu 29 May 2008 196,608 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS3278EE41-460A-4124-A0E1-EAA47F7FBDA1.tmp"
Wed 28 May 2008 2,752,512 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS33633DC7-AC6D-44E8-B2AB-EA37A2600A8B.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS3329D113-AFE3-4B2D-BAE5-E52063AF6C70.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS34CEDA77-C811-41D5-A7DC-5DB52CE625B2.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS3498A776-7AB4-4299-BC0D-91C7FD22AE54.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS34F12974-A313-40C7-989C-7135B39BD098.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS35192E8D-718B-4B24-AF60-104003748C3B.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS36A2DA7A-9EFA-4C5B-B5F9-66AA4A93AB20.tmp"
Thu 29 May 2008 2,162,688 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS36F2070D-34DA-4454-9FA1-5BFEF90BF135.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS3613F19E-9375-4A7E-8C46-CC4265C98FDF.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS37BC8952-D8CC-4306-87E7-134DA096FE38.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS37E045ED-C62C-466A-B49C-46793B9C9439.tmp"
Thu 29 May 2008 3,145,728 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS3826CA62-7E5A-4795-A235-20A7DA8DA145.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS39B10FF1-C3B0-4CDD-847D-22D10D12BDD7.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS397FBB51-BD51-47BE-B738-3D21D8CC0D17.tmp"
Thu 29 May 2008 9,043,968 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS39875297-28E8-43F3-9967-3C7EEE8BF018.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS3A9BF5C2-277D-488C-AFEF-C9761D44F644.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS3B671AFB-5561-4AAF-A7C4-A16C4DFC7A4F.tmp"
Wed 28 May 2008 1,572,864 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS3C677B85-112A-4F0C-B0C9-695F098D6793.tmp"
Thu 29 May 2008 131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS3CB7B144-8257-4B61-BB7D-1EC3BDFD84C7.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS3CE5B753-915C-4AF1-AF6C-9A2783448618.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS3DB410B4-8913-4946-AA84-56BEF89CE021.tmp"
Thu 29 May 2008 1,245,184 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS3D53144E-BB5C-4806-90FB-465E2071B632.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS3EFABB62-1A9E-490F-B38E-AF39CA061899.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS3FD862C1-1B4C-4B8C-BCEF-2446BD2C639C.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS40695575-65DD-4B99-914E-A2EDF8311E00.tmp"
Thu 29 May 2008 1,245,184 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS40305DEA-37A8-4711-99CE-7A417E485169.tmp"
Thu 29 May 2008 589,824 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS406DC497-172E-4FBF-991A-BF44275BBFCE.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS419A53BA-62AE-44B4-ACBE-38744BD5E32D.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS42949D3A-FFE2-40F3-9BDC-355ACEB28D48.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS425D4E94-A13A-4BD2-B2C8-2B6DAE41D6F8.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS432287EC-6043-4427-8276-8251E58766C3.tmp"
Thu 29 May 2008 1,245,184 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS44C3A83B-A698-42F0-8DA1-37BC51DDF10E.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS444B894F-D83A-40AC-8384-014B79E70BEA.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS44125749-897E-4887-8FFE-C5D4DBF1585A.tmp"
Wed 28 May 2008 1,572,864 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS45AF70AA-B113-46BC-9662-BFBCB276B687.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS4523B604-F0FF-4BBF-8DDA-7FA7256DEEC9.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS45FBD4A8-E768-4899-98C3-F8569E58C881.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS464C22BD-E79D-41E2-91A4-6A2359B4AA53.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS4668FCC2-D665-4833-AEFF-635026D33AE1.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS47167DD1-AACE-4652-AE1B-29FCD878E9E0.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS47A71E96-9114-42DD-A2F7-DBEA4115EB10.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS476A3F18-5D47-483A-AC29-A8F05A175428.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS48FAC911-A755-4723-85AD-424F62C81D4F.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS49CDE208-C76E-4175-B599-D8C6442BED7A.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS4A248C0D-4A03-47FC-B1E1-5798C570F4A2.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS4ED557D8-4995-4962-AF82-93A2BA3B4956.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS4E818717-FC67-4848-ACA3-0516A13366B0.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS4FDF3F1D-6358-4279-BF8B-F9D11E6C52DE.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS5018C201-7682-4E27-B54E-36EEDCA2BF84.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS5034593E-FFF1-4CAF-A75C-079F013173D4.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS50DBA61D-64B0-4FEB-87F4-AB41E6407BAD.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS5020B8C4-CD11-416B-9E63-603BC0AFF329.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS51388171-D97C-4308-97BF-EAA2E252F73C.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS52CDCE1F-C1C9-433A-9000-35838E08B8ED.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS54F2271B-12D7-4B4E-B75D-D911291C8E35.tmp"
Thu 29 May 2008 131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS5426CCBE-84FA-4869-AE85-4A3E97CFC7C1.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS5583C5FF-987B-4374-8123-637FEB71FE6A.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS55748614-9660-4B12-8050-11D55CA323A6.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS559B3289-5A2F-4E4B-A563-AF9EDBF86ECF.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS55FA4E94-9E2C-4952-BE8C-AD727B5C344C.tmp"
Thu 29 May 2008 131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS568F7521-1097-46D3-9A11-97066730D445.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS5630C546-86E5-44F2-A0FF-3D94C327D3DC.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS56E7D153-78DE-43B6-B223-367477589B87.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS56EE12E7-25A0-45A6-B4FD-9A168AA60A40.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS57A4ECE6-A951-4AD9-99F0-E9C26BD04128.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS57D74DFF-10FB-42A0-8924-30BC0BD26B16.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS57700710-776D-4318-854C-690D4392117B.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS574A97AB-2409-4498-A6B7-3AA1F4CCCB7F.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS586A92BE-9EE8-4928-8175-8CF4F36323B8.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS58299613-11A2-4D8B-B065-ECDA53E86259.tmp"
Wed 28 May 2008 131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS587F9C71-2238-4F92-AEF3-64F611FE3113.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS592209E8-C097-4B6E-A1CB-C3BD5D523D99.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS59CFC17B-BB73-4FF6-A65A-BF53848EE8BC.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS5914ABBA-2E28-4217-840A-22223CE9F61D.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS5975D4A7-EEE4-45F8-86C4-CBA6D0981ECE.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS5AEABBCF-0928-4EDB-86E9-EA04AF6108A8.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS5ADBFF7B-618F-49E2-A0D7-DB212AB230AB.tmp"
Thu 29 May 2008 131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS5BA46758-41D4-43B5-9E61-6240680AB8A4.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS5C66630A-3617-4823-9513-0D0BA1E1C548.tmp"
Wed 28 May 2008 196,608 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS5DFE2A57-7F5E-4B79-956B-DDDE49797218.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS5EEF18BC-7E4E-40A4-BA36-149E31EBB7A0.tmp"
Thu 29 May 2008 1,245,184 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS5EF0D266-E263-487A-A66F-9CBF9C6BFEB4.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS5F65E177-D59B-4D7C-9E95-AA2B1D1CBCA8.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS602DAEBE-9EFB-4782-91D6-E9E639BC7B6A.tmp"
Wed 28 May 2008 1,900,544 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS623B7833-D193-45CE-A51A-1B7F5718D5E7.tmp"
Thu 29 May 2008 1,572,864 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS64063CC7-0604-4912-ACAF-C45E2415B9AE.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS641B92C2-AF2C-4726-8C6B-5D48C32E11B8.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS6580FD18-4E78-4901-AB15-2D37B5942B38.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS65ECD6D6-4464-473B-A18E-93E314AAC3DD.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS65FBF4ED-C76D-4C96-984E-328BF72824BB.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS66E3DB2C-A1A4-4DA2-9DFD-32212B4B0A07.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS66F71A09-F481-45F2-8310-03B79C242901.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS662B3E64-9E68-4901-B71D-4AE92D3432DF.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS676729A1-88BB-4AB3-B361-3B434BB65239.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS679BEBC2-1EEA-45DD-82E1-D0B4DD49DEB5.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS68A7E1DE-6EF6-4C13-ACD3-FAE42F778066.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS6992D2CA-587B-4EE7-8283-5C7EDAFD8769.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS6939DE25-2D52-4FA8-89F5-A164FD8B22C7.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS690A96A4-51BA-4B27-9408-EA34F8ADC91D.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS6CD741D8-CECD-41FD-B116-E0237F1DA032.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS6CE8F269-FF54-4E58-89EA-54B61A09D767.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS6D8678F5-B171-429A-AD21-537E952B4F65.tmp"
Thu 29 May 2008 131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS6DE8EB0A-9E13-4F24-9DCF-886A9BC21E9A.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS6EF1ED42-C99B-4CE0-8ACC-D2263E549DDA.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS6E8BFE1D-3271-4871-8587-746827935141.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS6F984ABD-3976-404D-9FFC-39CCAA3CE4EF.tmp"
Wed 28 May 2008 1,179,648 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS700C6C99-2BA8-4C6B-A2A6-F6254F228C18.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS70B28E96-D116-4627-8143-110EF6ED56F6.tmp"
Thu 29 May 2008 9,043,968 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS71E45338-1D03-4A78-9536-694596D45C9D.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS716D7FBB-FFDD-4379-A3B0-933913AFAE2A.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS72ED5604-070C-4B7B-A0FF-B102E20CA70F.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS727175A1-6851-46FB-B103-D2D0F33B5510.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS72309794-CF51-4829-9950-3D9ADC168999.tmp"
Thu 29 May 2008 720,896 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS73F7A0EC-5EAA-480A-9E9B-659976BD8068.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS74C37013-12CC-46B3-B1C2-6CDDC1A1E97C.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS74F79027-8CF6-4D73-9AE4-454884EC6A42.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS759CA4D6-ADC2-498F-BA97-F6D85E0F4A59.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS7514725B-222B-44A5-B1BA-893DA68F1BE9.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS756B04BE-F5F6-4F37-8CCF-F5B60AADFA8A.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS76A8F3C5-DA42-498F-A0FF-3884CB117B68.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS7792AC84-ED4B-4E73-95FB-25F98280BF22.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS77F6A498-EE31-4FB9-990C-A55057835501.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS7AC20427-8651-40B4-A145-FB87D5455117.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS7B7F5FBC-CC12-47BC-B6A3-5150A7B5AF2B.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS7C0D8B99-B0D7-43EF-AC4C-4AE1CC28B4DE.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS7CBCEF06-1B1C-430C-A6F8-52D01266D571.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS7C11AEF7-586C-4C3D-968E-C00C6109D73C.tmp"
Wed 28 May 2008 131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS7D44E99A-F3D0-49B5-932E-5739C60B8595.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS7D11B589-9DD7-4855-8C45-248B0A2004A8.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS7E2F0848-815C-4594-8ADD-DC5030AAF99A.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS7EF86687-0094-4C81-88CE-71EDFEBA9014.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS7E05A80D-09AA-4594-9562-5076FC90E327.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS7F4A2A4E-9F19-4B32-BB58-866535D95E72.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS7F1857B6-E1FE-48FC-990E-C64DF135E179.tmp"
Thu 29 May 2008 1,966,080 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS8032C93D-D492-40A7-8972-8F3E7B2D68AD.tmp"
Thu 29 May 2008 327,680 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS80E32EB3-4D4C-4C5B-A721-050915D6EDEB.tmp"
Thu 29 May 2008 3,145,728 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS81F8D6F4-7737-4264-A218-3667CE77E5CA.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS82B07835-8E90-4CFA-9A69-EECDDA829135.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS831E191A-D77E-4877-B083-8415DF51C1AB.tmp"
Wed 28 May 2008 1,900,544 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS84E17D68-B4FF-4F0F-AFD1-C289E4CE04AD.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS863D91BE-28C8-4A49-B673-35D0456E4D6F.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS8731342E-3AA9-4CF3-9097-18D0C4DDBEE5.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS881B1029-DFE2-4F48-8C17-DF0738B65D44.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS89D0812C-39E2-442B-ADF6-A340BF049F5A.tmp"
Thu 29 May 2008 262,144 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS89162A0F-0D66-42DA-AAE6-CEC5C7763F01.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS89BE6EC1-9933-419B-AD6C-901216DF6081.tmp"
Wed 28 May 2008 1,572,864 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS8AC06432-EC56-485E-9834-D4C61CFF094F.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS8A75C28D-0F4C-456B-A1BB-A1C9F0A7586A.tmp"
Thu 29 May 2008 131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS8A050568-C5F0-4F45-98DE-17D64DD74F8A.tmp"
Thu 29 May 2008 4,521,984 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS8BB11D94-1123-4BBD-9DCD-0D22598A9066.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS8B2D4CE5-7D63-43B9-B119-44B303918FEE.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS8CAB684A-97EC-4105-AC2B-02FADC788CA8.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS8E1D8F78-BC80-4FB6-B28A-CA20DF3977EB.tmp"
Thu 29 May 2008 1,572,864 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS8E587D25-FFAE-4A0E-9114-F9124E90CA30.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS8ECD2F76-D922-4463-84C6-D6E4D08D2C11.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS8E8ED836-C10E-4771-89C7-03A6CBF911A2.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS8F92547A-48FF-4C0B-B1C4-4462C0D8D2A6.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS8F0369A4-D04A-445D-9F5A-5AA950B8C338.tmp"
Wed 28 May 2008 2,162,688 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS907B1B8A-F678-4EF1-977B-FA8EC201AC63.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS91DD8802-2919-41B7-81E8-1E53B72CF12E.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS923847D0-9AB5-49BE-84DE-8A2FA497C2E5.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS928FA270-CA50-430A-8ACB-51507609519B.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS93594A9F-B7BF-425A-BEE2-E9074A9BC0FD.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS93954849-838F-4F19-B182-9E74962FA9BA.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS9497EFE8-8BA0-4052-99E4-C1239E3F39EB.tmp"
Thu 29 May 2008 1,572,864 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS94747796-A040-43F5-98C3-F20198E48B07.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS95EB9491-938E-48A6-A7DE-32F97FF4833A.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS95DA4579-FAC0-4939-829D-91188FB54CE9.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS96ABB8D8-1BA9-4CEC-918D-9D98A61BA18A.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS96D1E795-18D7-4E38-A617-60B555E53748.tmp"
Wed 28 May 2008 1,245,184 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS97161A73-6147-4935-A87A-B8F41BF968C4.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS9777C03B-05EA-4AF1-AE46-7C28D559C5CE.tmp"
Wed 28 May 2008 327,680 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS97054E67-86D2-4714-9BF3-0E76E02436A0.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS9715C207-AB01-4DC5-9D96-EF06578AFA82.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS98EAC53C-CE18-4C60-B0FA-2130AA0C64D1.tmp"
Thu 29 May 2008 720,896 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS98CDDC5F-0E54-460B-B87C-142B6D939BF7.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS989E528B-F67E-42E2-A7E9-33238852DE87.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS99ECCA95-7368-4A4C-B046-8BE641E4D1DA.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS9C71CE18-C464-475C-8211-AFA59A8E60C8.tmp"
Thu 29 May 2008 196,608 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS9C48110A-346C-48C8-95BD-EA0726E50F3C.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS9D065D38-B615-4881-BF0E-38D0F08BE69A.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS9D4716C4-AB51-426C-A5FC-6071A90E8113.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS9E8A42FD-5BA4-4F21-AD87-FC4F51A31369.tmp"
Thu 29 May 2008 131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS9E884263-3E44-4E69-8183-62067CC392C8.tmp"
Thu 29 May 2008 262,144 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMS9E6826AE-EDE0-403F-8B87-32DE3FD19264.tmp"
Thu 29 May 2008 720,896 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSA0646A41-72BA-4D88-BC39-1CD9547546B2.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSA0CA6E87-B128-4561-9EB5-68474A38177A.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSA13321F0-DBC3-426F-9B54-FC92AB78F062.tmp"
Wed 28 May 2008 2,752,512 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSA1088C7E-2C63-404C-A8EB-DDE8E238A8EB.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSA1B365F9-074C-409D-8103-B047E2AF804C.tmp"
Wed 28 May 2008 131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSA29EAB5D-DBB5-417C-9FF2-AEDE440BE400.tmp"
Thu 29 May 2008 131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSA29AE612-C963-478B-A196-A9280CBD381A.tmp"
Thu 29 May 2008 131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSA3150500-546A-4165-9EC7-315C7696FCF2.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSA4565BB7-3E0E-4E11-B001-D841B3070067.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSA4593AC2-7952-477E-B69C-F90AE7832A71.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSA4483678-435C-4EFB-9F28-12CCCE5CF22C.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSA4FA765E-2168-4D10-8C73-5E0D11C5102C.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSA554D43E-E330-4A9B-A7FD-4AD9F329DB24.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSA590224E-6B86-4A97-A12F-24AD29AA9F22.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSA7396E78-4360-4FA4-84BD-C99A5A3F8211.tmp"
Wed 28 May 2008 5,177,344 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSA8B056DD-03B2-44A4-B972-1276451636CE.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSA80634B7-D65C-4597-AB6C-4DE450641197.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSA915846C-A145-44AB-98E7-CD9EA446849F.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSAAF29967-9ED1-4673-81A1-D2F7DCB14DE3.tmp"
Thu 29 May 2008 196,608 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSAA0FF945-63E7-489A-90A3-A8C6DCCE2CC6.tmp"
Wed 28 May 2008 917,504 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSAB3973E7-33B1-4BE0-9D07-2C4386455AE2.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSAB213F89-4D00-4CBD-A21F-397AA18E423F.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSAC519FB4-F2A1-4B44-A886-B1790CEA3FCB.tmp"
Wed 28 May 2008 1,572,864 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSAC7993FB-B32D-45EE-B073-92322C159C7C.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSACEA4A77-014D-408C-A7FA-8E2758EE3BA5.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSAD893C63-FDEF-4FC2-BDB1-56AD8EB5B9D4.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSAE6D4984-BA83-4CE5-BAA5-6954CBEB407B.tmp"
Thu 29 May 2008 9,043,968 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSAE852F9B-6085-4D17-AFE0-EDD2D5958883.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSAE10957C-B3AF-423F-9278-01BAD2CCDE69.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSAF7DBD66-8FDF-4943-A276-EDC91211CE59.tmp"
Thu 29 May 2008 1,966,080 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSB002FC4D-3A38-4754-AFDA-7CF84625274E.tmp"
Thu 29 May 2008 131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSB0CCB68A-408E-41FA-8590-6656A844550F.tmp"
Wed 28 May 2008 5,177,344 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSB1FA15B5-F77D-44CE-A2E2-71A4610EECE1.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSB1BEFC53-F625-4E28-B494-14B792D890B5.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSB15856DB-392C-40CC-B02B-BD7D76E5018E.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSB20A81D9-CAB3-4978-AA8D-215DD8DBDE24.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSB329F0AB-15E8-4D85-81E8-FDF9711D2E06.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSB38985B1-6196-4B1F-BDC6-CC81B4545B7E.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSB4FE84A2-0436-4075-B7C6-354E26FCBC2D.tmp"
Thu 29 May 2008 131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSB4A75CC5-12FA-4625-9179-EFEDF70BD946.tmp"
Thu 29 May 2008 1,245,184 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSB41BFC92-DF9D-4018-A24F-5383ABFC3FF8.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSB5C621B9-95C0-4A34-993D-13DD69EF3ADB.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSB5CDB9F6-0081-4502-AC22-9E044F9E26FC.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSB61A6CFA-5B65-4A91-9C85-FA7E68201C69.tmp"
Wed 28 May 2008 196,608 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSB7567841-AF78-432C-A0CF-51F0387A3071.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSB803D1F3-4741-4DC6-B52C-DBD2F5EF8CED.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSB99C2AF9-2364-45B5-AD68-A8054F2CAFFD.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSB9B1B0CC-973C-4ADC-8EC9-1F1844A35FCB.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSBAAC0ACA-4B68-4783-AC28-9154DF49C483.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSBB0015A5-1C29-4795-9E6F-8F7EDDFC66CF.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSBB471F81-6305-4D62-ABB3-76B17FD90454.tmp"
Wed 28 May 2008 917,504 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSBB0B70E1-426C-4A4B-863C-373A3A223813.tmp"
Wed 28 May 2008 196,608 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSBDB3497E-FF13-4499-A72F-F52FACF7E8D8.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSBD7B316F-4B9F-4268-A61A-84B5D998959B.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSBECB68E8-86FF-420A-8154-65014BCD582F.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSBE436CE1-4F56-4ABC-A24E-50948988CCFF.tmp"
Thu 29 May 2008 4,521,984 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSBF81326E-DA37-41B6-A936-0103F4DC36C7.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSC0E6CB47-B293-4C19-9979-1BCB042B35F3.tmp"
Wed 28 May 2008 1,900,544 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSC04D0666-EFC6-4D91-A881-47E962E65ED3.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSC1253865-2663-418E-A480-BBFCA1B67D44.tmp"
Thu 29 May 2008 720,896 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSC1EEC287-1327-4691-80B2-CA6CFFB48810.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSC4267309-F210-41E6-8DCC-B77388937FE6.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSC431AE91-B890-40A3-8DF7-1496DCFD09A0.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSC5F2D59A-AD7C-4C64-8BBE-8BC9013051BD.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSC5B35FFD-4737-4ACF-9C0C-6BFC2FF90AB2.tmp"
Wed 28 May 2008 1,179,648 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSC5AD4925-6020-4EF5-897D-4B124C4A56C4.tmp"
Thu 29 May 2008 1,703,936 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSC5180583-6B9E-487C-A1A7-0C29369FFA9A.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSC6949DF1-EC63-44C1-B788-CBE75CE17C51.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSC6FF1521-CE95-4C7A-9060-FF0A9978B3BC.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSC6030B5A-1982-4BC2-93C0-6609B88FC0C2.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSC6E2D228-6AE6-420D-8E8C-753D272E4722.tmp"
Wed 28 May 2008 393,216 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSC727E100-0611-493C-A40C-4A28DBA5ABCD.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSC7F8725A-6DE6-441D-8BBA-9F24B76B1145.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSC8A348C8-D0E3-43CB-B7E4-3C7580FBBE95.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSC999EF11-4A1D-4242-8795-7C377E387D2D.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSC932A09C-275C-4286-9AEC-84EA20479AD6.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSC90B675E-6EA9-4DEF-88E3-0F621A9DA6CF.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSCAD5D30D-296C-4630-97AD-E74DB1371B41.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSCA25AED4-158D-4A49-A238-A2924F174616.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSCA34E9BC-794A-48A4-8EEC-3A078DF27F88.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSCA1B727E-1FCD-46A7-A36E-61B19FA10F04.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSCBBBB935-EBC2-4BEB-873F-98B624E70D45.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSCB84237A-63A0-4DCA-93B5-981751AD2B73.tmp"
Thu 29 May 2008 589,824 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSCB86782C-A787-41F3-88CB-AAA0F1B2244A.tmp"
Thu 29 May 2008 131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSCBF0D4E9-A0C4-4EB6-8134-FD14D48D4AF3.tmp"
Wed 28 May 2008 1,245,184 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSCC6114FC-A590-40AE-BEB4-D06071D159CC.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSCDDDFB07-91B6-4A99-8B4B-506245D8B313.tmp"
Wed 28 May 2008 1,900,544 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSCD051686-C418-4DC1-9F7E-BE9990AAF1B6.tmp"
Thu 29 May 2008 2,162,688 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSCE918393-605F-41D4-96F8-3DC56C37580E.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSCF6240B2-6D91-4062-8105-4A279607FD76.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSCF4ACDAB-D1D1-4460-9DC6-9D4B2745567E.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSCF71840B-32F4-4DE7-9564-5CEE6070FBF5.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSD0D4157F-1CC1-4ECD-9A38-40278C008B6B.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSD0ADB2A5-DCB0-47A9-846B-F3A45C0ECE7D.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSD074EDD3-F7B5-4F3F-AB80-7AA415C2E8D7.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSD1A8BB15-1F15-4BA7-8A7F-B4324C9173F3.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSD14EA769-0CB2-4A80-82FC-8DAB86A6BAB9.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSD2EBB297-313D-44BC-BD9F-90A472831A70.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSD2D6D819-650B-462D-9383-061747260984.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSD376ED2B-7D1F-4D8F-9100-8D9B1ABFC8F3.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSD4B75D13-4497-4133-A37C-8C8E3DE85365.tmp"
Thu 29 May 2008 1,966,080 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSD443B5F7-CE2D-4AFE-8BEB-96A76F7AC822.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSD616DA91-5EA5-4CB1-B8C7-CCCEA995E547.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSD6F695AF-26C3-4828-97A2-EB4239F7E58A.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSD7BDFB6D-613C-4414-A92C-42AAF168AD39.tmp"
Thu 29 May 2008 589,824 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSD7E7EFF1-C281-469B-86EE-7BBC0A7A6A71.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSD9D35978-A4D2-4E31-880A-493A91B86095.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSD9D8E2E6-E3EE-4652-8FCF-26FA7339634C.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSDA8E417D-C18A-464D-9DEC-A6879D4F0F2A.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSDA8B1844-C0E2-4E78-8C41-00AEB79DA20F.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSDA1DD5A1-A922-41A5-9521-4325C288A590.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSDB0118CA-9A9A-4596-9869-CD19D7D99E87.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSE011F388-CAE5-4192-B6FE-A4BEA633B0A5.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSE1720417-A97C-4A7E-978B-873B8313FAFC.tmp"
Thu 29 May 2008 1,966,080 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSE3EE7C1F-2BDA-4F73-B57D-2050E856744D.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSE3ECB98D-E6EE-4AFD-A3F7-66440D0D752D.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSE4017951-4F6E-49AC-9F3D-309BCD95D716.tmp"
Wed 28 May 2008 131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSE4882EAD-3FCA-49EC-8AE8-9D192543A46C.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSE41A8C95-7CCC-402D-99E3-89B042C53D00.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSE4A7605A-2EBC-444E-919E-448D4ECB46E8.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSE66CE2A0-7F76-4A75-91A7-E66282D8626B.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSE6A0E46A-BF02-493B-92D1-936CDBC21174.tmp"
Thu 29 May 2008 1,966,080 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSE791A193-07B6-4EC2-8ABA-B4E983A134EA.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSE93D78AC-D0FB-4523-A7C1-A94CFBD3E56C.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSE9455885-583E-47F9-8410-216C4FA21BB5.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSE97CC78C-386D-4F5C-99C9-CFA174AEDEB9.tmp"
Thu 29 May 2008 262,144 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSE91990FC-7922-448C-8891-EA93C79AE049.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSEA16297B-D7AB-41C6-893C-B2ECB95AA148.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSEAD9BEE3-D68E-425B-9CE0-33ACCADACA0F.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSEBBFCA1E-2A26-40E3-8B5F-2215F651C430.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSEC045A72-26D7-45E6-B17D-153CF8B3977E.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSEC305BF1-1996-4F49-8127-A651B9F65938.tmp"
Thu 29 May 2008 131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSED513C49-2981-4F5B-A979-792D17E29AF9.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSEE96F9BE-6F3D-4E0E-A3F6-FEA06233AD2A.tmp"
Wed 28 May 2008 1,572,864 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSEED4D6D8-CE63-4AD1-AE96-09F3EAA0B2CA.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSEE30A26D-D084-40E2-9CCA-953061FCAD03.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSEF897530-0697-4265-9B77-F3899A4DE104.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSF00A2EC3-6627-4DA1-9600-EE477B745410.tmp"
Wed 28 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSF02974A1-9AFF-4649-92E7-73A351B15E4A.tmp"
Wed 28 May 2008 851,968 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSF0024806-5B44-4D89-AA91-614F7E44106F.tmp"
Wed 28 May 2008 196,608 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSF15F83C3-0526-4B06-A502-03D4686C5B5E.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSF1049B8F-DD01-4BAB-9D8F-6B3548BEBE60.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSF25E5EA8-3D4F-4E65-8787-7690D4A8F954.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSF4E45B6D-B57C-48D5-B372-2B6B0F1BE447.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSF5E7A7E2-EE63-400C-AC80-4BEC51555F31.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSF6C1F620-15D3-463B-8409-8B1E9B9902CB.tmp"
Wed 28 May 2008 393,216 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSF66A6D2D-421D-451F-AD25-AC3FDA89666D.tmp"
Thu 29 May 2008 1,703,936 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSF64B00E0-7220-4DCA-87CF-F0F3378AE1A5.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSF7705090-5A6F-472F-9140-D4C86F4DB795.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSF8A3D5B0-DC30-4AA8-9B98-B151CF796DB5.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSF8502E7E-1BBB-48C9-A507-1775DDDD330E.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSF97AE93E-8762-4367-8D81-1E8A6D2CA44A.tmp"
Thu 29 May 2008 917,504 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSF9386847-035D-45DF-A913-2911955789D5.tmp"
Thu 29 May 2008 0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSFB2DDB3D-D23A-494A-83F6-B5A1BA65AB66.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSFCF894ED-25FB-4FD8-AC3B-F15A26BE73D6.tmp"
Thu 29 May 2008 3,670,016 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSFCDA7B4A-898B-4B23-8D5E-4ADEE03A70BF.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSFC029807-1486-43AC-971A-6A41DE6CB9BB.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSFC9C263E-3163-43AC-822F-7E733C32A467.tmp"
Wed 28 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSFD332C73-41D9-4AD4-8493-918F2E61C166.tmp"
Wed 28 May 2008 2,162,688 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSFDA0C102-28BD-4D50-8AE0-67A649E7BCFB.tmp"
Wed 28 May 2008 131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSFD1A1462-B61D-4761-95C9-690396EF9022.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSFD220CD0-9702-4809-B905-B4E822CA7C75.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSFEEF862A-4C82-436B-B9B5-8E7BFCAD9484.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSFE5593D3-992A-445D-AFDE-7648DF54C3C1.tmp"
Thu 29 May 2008 917,504 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSFE7FD4F3-557E-4486-ABB3-59AE4A712E22.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSFEF69FFF-D3C6-4539-AD11-9FB5910AD7BC.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSFF01FC60-60DD-4774-ACB6-483844B8B4AD.tmp"
Thu 29 May 2008 65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy

Sweeper\Temp\SSMSFF870F2E-4A83-42A9-8BD3-B200D103F6B9.tmp"

Finished!

and heres hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:55 PM, on 5/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {EA0D26BD-9029-431A-86E0-83152D67828A} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Antispyware] C:\Program Files\AntiSpywareApp\Antispyware.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web

Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web

Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Pamela Rice\Start

Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program

Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10801} (FlyLoader Class) - http://www.flyword.com/loaderword_win.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -

http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 6702 bytes

Light Poster

25 posts since May 2008

Reputation Points: 10

Solved Threads: 0

thanks crunchie my computer is more stable now but still if i turn it off then turn it back on my task bar or explore.exe keeps dissapearing and coming back. so ya i hope you can help me with that too as soon as you can you can marh this sovled

Light Poster

25 posts since May 2008

Reputation Points: 10

Solved Threads: 0

Next time you run hijackthis and save the log, make sure in Notepad that wordwrap in the Format Tab is unckecked first. There are a lot of gaps in your log that makes it very difficult to read.

Please download ComboFix by sUBs from HERE or HERE You must download it to and run it from your Desktop
Physically disconnect from the internet.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Most Valuable Poster

Moderator

20,095 posts since Feb 2004

Reputation Points: 1,142

Solved Threads: 985

ComboFix 08-05-29.1 - audition account 2008-05-31 20:31:27.1 - NTFSx86
Running from: C:\Documents and Settings\audition account\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\audition account\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\Pamela Rice\Application Data\macromedia\Flash Player\#SharedObjects\3HBA8PMQ\ www.broadcaster.com
C:\Documents and Settings\Pamela Rice\Application Data\macromedia\Flash Player\#SharedObjects\3HBA8PMQ\ www.broadcaster.com\played_list.sol
C:\Documents and Settings\Pamela Rice\Application Data\macromedia\Flash Player\#SharedObjects\3HBA8PMQ\ www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Pamela Rice\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\# www.broadcaster.com
C:\Documents and Settings\Pamela Rice\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\# www.broadcaster.com\settings.sol
C:\Documents and Settings\Pamela Rice\Application Data\SpeedRunner
C:\Documents and Settings\Pamela Rice\Application Data\SpeedRunner\config.cfg
C:\Documents and Settings\Pamela Rice\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\Pamela Rice\Application Data\WinAntiVirus Pro 2006\Logs\update.log
C:\Documents and Settings\Pamela Rice\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log
C:\Documents and Settings\Pamela Rice\Application Data\WinAntiVirus Pro 2006\Logs\winav.log
C:\Documents and Settings\Pamela Rice\Application Data\WinAntiVirus Pro 2006\PGE.dat
C:\Documents and Settings\Pamela Rice\err.log
C:\Documents and Settings\Pamela Rice\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\Pamela Rice\My Documents\SEMBLY~1
C:\Documents and Settings\Pamela Rice\My Documents\SEMBLY~1\??sembly\
C:\Documents and Settings\Pamela Rice\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Pamela Rice\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Pamela Rice\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\Pamela Rice\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Pamela Rice\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Pamela Rice\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Svconr
C:\Program Files\WinBudget
C:\WA6P
C:\WINDOWS\ecurit~1
C:\WINDOWS\system32\28463
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\awtsQHxv.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\ddcCRICr.dll
C:\WINDOWS\system32\eeeOUvut.ini
C:\WINDOWS\system32\eeeOUvut.ini2
C:\WINDOWS\system32\FffLknnn.ini2
C:\WINDOWS\system32\hQWGffii.ini
C:\WINDOWS\system32\KUBJPXyb.ini2
C:\WINDOWS\system32\NTBegMoq.ini
C:\WINDOWS\system32\NTBegMoq.ini2
C:\WINDOWS\system32\ppXxyGgh.ini2
C:\WINDOWS\system32\qoMdDwVO.dll
C:\WINDOWS\system32\qoMgeBTN.dll
C:\WINDOWS\system32\rCIRCcdd.ini
C:\WINDOWS\system32\rCIRCcdd.ini2
C:\WINDOWS\system32\RuuCLkkj.ini2
C:\WINDOWS\system32\sBKRBJlm.ini
C:\WINDOWS\system32\sBKRBJlm.ini2
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\vxHQstwa.ini
C:\WINDOWS\system32\vxHQstwa.ini2
C:\WINDOWS\system32\WINCNMDB.DLL
C:\WINDOWS\tk68.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN
-------\Legacy_NWSAPAGENT
-------\Legacy_POWERMANAGER
-------\Legacy_VSPF
-------\Legacy_VSPF_HK
-------\Service_NwSapAgent
-------\Service_vspf
-------\Service_vspf_hk

((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
.

2008-05-31 20:06 . 2008-05-31 20:06 324,864 --a------ C:\WINDOWS\system32\mlJBRKBs.dll
2008-05-31 13:38 . 2008-05-31 13:39 d-------- C:\WINDOWS\ERUNT
2008-05-30 16:43 . 2002-07-28 07:54 126,976 --a------ C:\WINDOWS\autoras.exe
2008-05-30 16:43 . 2002-06-19 17:55 36,864 --a------ C:\WINDOWS\Uninstall.exe
2008-05-30 16:43 . 2008-05-30 16:43 56 --a------ C:\WINDOWS\autmtst.ini
2008-05-30 11:25 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-29 20:46 . 2008-05-29 20:46 4,230 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-05-28 13:26 . 2008-05-28 13:26 d-------- C:\Documents and Settings\audition account\Application Data\Webroot
2008-05-28 12:49 . 2008-05-28 12:49 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-28 08:17 . 2008-05-28 08:17 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-05-28 08:16 . 2007-06-21 18:43 160,056 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-05-28 08:16 . 2007-06-21 18:43 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-05-28 08:16 . 2007-06-21 18:43 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-05-28 08:16 . 2007-06-21 18:43 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2008-05-28 08:14 . 2008-05-28 08:14 d-------- C:\Program Files\Webroot
2008-05-28 08:14 . 2008-05-28 08:14 d-------- C:\Documents and Settings\Pamela Rice\Application Data\Webroot
2008-05-28 08:14 . 2008-05-28 08:14 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-05-28 08:14 . 2007-06-21 18:57 1,520,952 --a------ C:\WINDOWS\WRSetup.dll
2008-05-28 07:27 . 2008-05-28 07:27 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-26 20:54 . 2008-05-26 20:54 d-------- C:\Program Files\Pivot Stickfigure Animator
2008-05-25 19:22 . 2008-05-28 03:35 344 --ahs---- C:\WINDOWS\system32\JllVDcfe.ini
2008-05-25 19:06 . 2008-05-25 19:06 27,140 --a------ C:\New Microsoft Office PowerPoint Presentation.pptx
2008-05-25 10:29 . 2008-05-29 21:15 7,945 --a------ C:\WINDOWS\system32\Config.MPF
2008-05-25 10:26 . 2006-03-03 07:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-05-25 10:11 . 2007-11-22 05:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-05-25 10:11 . 2007-11-22 05:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-05-25 10:11 . 2007-12-02 11:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-05-25 10:11 . 2007-11-22 05:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-05-25 10:11 . 2007-11-22 05:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-05-25 10:10 . 2007-07-13 05:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-05-25 10:05 . 2008-05-25 10:06 d-------- C:\Program Files\McAfee.com
2008-05-25 10:02 . 2008-05-25 10:11 d-------- C:\Program Files\Common Files\McAfee
2008-05-25 09:59 . 2008-05-25 10:28 d-------- C:\Program Files\McAfee
2008-05-24 16:48 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-24 16:48 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-24 16:48 . 2008-05-15 22:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-24 16:48 . 2008-05-18 20:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-24 16:48 . 2008-05-18 20:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-24 16:48 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-24 16:48 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-24 15:23 . 2008-05-30 17:24 2,702 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-24 14:49 . 2008-05-24 14:49 d-------- C:\Program Files\Trend Micro
2008-05-24 14:22 . 2008-05-12 13:10 22,528 --a------ C:\WINDOWS\system32\drivers\antispyware.sys
2008-05-24 14:21 . 2008-05-24 14:21 d-------- C:\Documents and Settings\audition account\Application Data\Antispyware
2008-05-24 12:53 . 2008-05-24 12:53 d-------- C:\WINDOWS\system32\QuickTime
2008-05-23 15:58 . 2008-05-23 16:17 d-------- C:\Documents and Settings\audition account\Application Data\ErrorSmart
2008-05-21 16:25 . 2008-05-21 16:25 d-------- C:\Documents and Settings\audition account\Application Data\HPAppData
2008-05-21 15:30 . 2008-05-21 15:30 d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-05-21 15:29 . 2008-05-21 15:29 d-------- C:\Documents and Settings\Pamela Rice\Application Data\HPAppData
2008-05-21 15:27 . 2008-05-21 15:27 d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-05-21 15:26 . 2008-05-21 15:26 d-------- C:\Program Files\Hewlett-Packard
2008-05-21 15:23 . 2008-05-21 15:36 141,260 --a------ C:\WINDOWS\hpoins14.dat
2008-05-21 15:23 . 2007-06-05 18:07 2,000 --------- C:\WINDOWS\hpomdl14.dat
2008-05-21 15:15 . 2008-05-31 21:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-21 15:15 . 2008-05-21 15:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-20 23:25 . 2008-05-20 23:25 4,286 --a------ C:\WINDOWS\system32\Jamster.ico
2008-05-20 20:37 . 2008-05-20 20:37 141,255 --------- C:\WINDOWS\hpoins14.dat.temp
2008-05-20 20:37 . 2007-06-05 18:07 2,000 --------- C:\WINDOWS\hpomdl14.dat.temp
2008-05-15 18:28 . 2008-05-18 11:21 d-------- C:\Documents and Settings\audition account\.gimp-2.4
2008-05-15 17:43 . 2008-05-15 17:43 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-05-13 15:03 . 2008-05-15 17:04 d-------- C:\Documents and Settings\Pamela Rice\Application Data\iolo
2008-05-13 03:16 . 2008-05-13 03:16 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-05-12 21:13 . 2008-05-12 21:13 432 --a------ C:\WINDOWS\system32\iolo.ini
2008-05-12 21:04 . 2008-05-12 21:04 d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-05-12 20:46 . 2007-07-25 08:42 126,976 --a------ C:\WINDOWS\system32\iavlsp.dll
2008-05-12 20:34 . 2008-05-12 20:34 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-05-12 20:32 . 2008-05-15 21:02 d-------- C:\Documents and Settings\audition account\Application Data\Uniblue
2008-05-12 20:31 . 2008-05-13 03:16 d-------- C:\Documents and Settings\audition account\Application Data\iolo
2008-05-12 20:31 . 2008-05-15 21:01 d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-05-10 11:03 . 2008-05-10 11:11 d-------- C:\Documents and Settings\Pamela Rice\.frugoo_file_store_32
2008-05-08 20:13 . 2008-05-08 20:13 d-------- C:\Program Files\ePSXe
2008-05-08 18:54 . 2008-05-08 18:54 d-------- C:\Documents and Settings\audition account\Application Data\fltk.org
2008-05-02 15:53 . 2008-05-08 18:32 d-------- C:\Program Files\ActMak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 18:35 --------- d-----w C:\Program Files\Blubster
2008-05-31 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-30 21:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-30 01:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-28 09:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-28 03:20 --------- d-----w C:\Program Files\HyCam2
2008-05-25 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-24 19:31 --------- d-----w C:\Program Files\StreamCast
2008-05-24 17:21 --------- d-----w C:\Documents and Settings\audition account\Application Data\LimeWire
2008-05-22 01:46 269 ----a-w C:\Program Files\Common Files\lavuq599
2008-05-21 20:30 --------- d-----w C:\Program Files\HP
2008-05-21 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-05-13 12:40 --------- d-----w C:\Program Files\MixMeister Express 6
2008-05-13 11:59 --------- d-----w C:\Program Files\WonderlandSecretWorldsTrial_at
2008-05-13 11:59 --------- d-----w C:\Program Files\Cheat Engine
2008-05-09 11:52 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-05-08 23:34 --------- d-----w C:\Program Files\Microsoft Bootvis
2008-05-07 08:34 --------- d-----w C:\Documents and Settings\Pamela Rice\Application Data\HP
2008-05-01 10:36 142 ----a-w C:\Program Files\Common Files\profsyfs.html
2008-04-27 20:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gtek
2008-04-27 20:15 --------- d-----w C:\Documents and Settings\audition account\Application Data\GTek
2008-04-19 05:31 448,384 ----a-w C:\WINDOWS\system32\drivers\EagleNt.sys
2008-04-09 22:18 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-07 22:15 --------- d-----w C:\Program Files\Google
2008-04-04 22:09 --------- d-----w C:\Documents and Settings\audition account\Application Data\Leadertech
2008-04-04 21:53 --------- d-----w C:\Documents and Settings\audition account\Application Data\HP
2008-03-20 01:47 718 ----a-w C:\Program Files\xFlaxPROGui$2.class
2008-03-16 22:20 52 ----a-w C:\xmp.bat
2007-06-21 18:33 378 -c--a-w C:\Documents and Settings\Pamela Rice\Application Data\internaldb1942.dat
2007-06-21 17:22 523 -c--a-w C:\Documents and Settings\Pamela Rice\Application Data\internaldb9948.dat
2007-06-21 17:22 177,152 -c--a-w C:\Documents and Settings\Pamela Rice\Application Data\internaldb4827.dat
2007-06-21 17:22 12,288 -c--a-w C:\Documents and Settings\Pamela Rice\Application Data\internaldb5436.dat
2007-06-21 17:22 0 -c--a-w C:\Documents and Settings\Pamela Rice\Application Data\internaldb4604.dat
2006-11-18 22:10 0 -c--a-w C:\Documents and Settings\Pamela Rice\Application Data\internaldb2391.dat
2006-11-16 19:40 0 -c--a-w C:\Documents and Settings\Pamela Rice\Application Data\internaldb153.dat
2006-11-13 00:55 0 -c--a-w C:\Documents and Settings\Pamela Rice\Application Data\internaldb9912.dat
2006-11-13 00:55 0 -c--a-w C:\Documents and Settings\Pamela Rice\Application Data\internaldb3902.dat
2005-12-15 08:07 1,116 -csha-w C:\WINDOWS\system32\sscms.dat
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 63,712 2007-03-09 16:09:58 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe

----a-w 39,792 2007-10-11 00:51:56 C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
----a-w 39,792 2008-01-12 02:16:38 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

----a-w 5,980,160 2007-04-13 14:35:40 C:\Program Files\Blubster\bak\Blubster.exe
----a-w 5,980,160 2007-04-13 15:35:40 C:\Program Files\Blubster\Blubster.exe

-c--a-w 180,269 2006-09-03 02:54:37 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

-c--a-w 90,112 2005-05-23 14:57:42 C:\Program Files\Common Files\Ulead Systems\Autodetector\bak\monitor.exe

-c--a-w 132,496 2007-07-12 08:00:36 C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe

-c--a-w 132,496 2007-09-25 05:11:35 C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe

-c--a-w 473,928 2005-11-15 17:12:14 C:\Program Files\Microsoft AntiSpyware\bak\gcasServ.exe

-c--a-w 8,192 2006-11-07 19:41:44 C:\Program Files\Musicmatch\Musicmatch Jukebox\bak\mimboot.exe

-c--a-w 110,592 2006-11-07 19:41:44 C:\Program Files\Musicmatch\Musicmatch Jukebox\bak\mm_tray.exe

-c--a-w 282,624 2007-04-27 13:41:54 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 385,024 2008-02-01 03:13:08 C:\Program Files\QuickTime\QTTask.exe

-c--a-w 57,344 2001-07-25 19:04:00 C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE

-c--a-w 290,816 2005-04-18 20:35:10 C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\bak\LYRAHD2TrayApp.exe

-c--a-w 15,360 2004-08-04 05:56:50 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 05:56:50 C:\WINDOWS\system32\ctfmon.exe

-c--a-w 36,864 2000-05-09 15:38:48 C:\WINDOWS\system32\spool\drivers\w32x86\2\bak\printray.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BB0AD19-01C1-4253-9EA9-20DF16CC4D44}]
C:\Program Files\Common Files\lavuq599.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E54E68A-D735-4549-A01A-90EA188BD41A}]
C:\Program Files\Online Services\cefyr821058.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6F19F93-C313-4DDF-9152-E55E6FE37310}]
C:\WINDOWS\system32\ykvjeev.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BAF86C81-F962-F5B7-1196-A18F0E557CCD}]
C:\WINDOWS\system32\oxgkd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB8E467B-42C7-49FC-9CAF-F20C5974B415}]
C:\WINDOWS\system32\jkkLCuuR.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [ ]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Antispyware"="C:\Program Files\AntiSpywareApp\Antispyware.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 22:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 12:10 267048]
"Blubster"="C:\Program Files\Blubster\Blubster.exe" [2007-04-13 10:35 5980160]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 20:34 49152]
"ErrorSmart"="C:\Program Files\ErrorSmart\ErrorSmart.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

C:\Documents and Settings\Pamela Rice\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
"LockTaskbar"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gEWqPHYP]
gEWqPHYP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\smcss]
smcss.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"hpqddsvc"=2 (0x2)
"hpqcxs08"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"606:TCP"= 606:TCP:VoIP On-Hold Server
"84:TCP"= 84:TCP:VRS Recording System Web Control Panel
"81:TCP"= 81:TCP:Axon Web Server
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)

R0 antispyware;antispyware;C:\WINDOWS\system32\DRIVERS\antispyware.sys [2008-05-12 13:10]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-11-25 01:35]
R3 kbdcap;kbdcap;C:\WINDOWS\system32\drivers\kbdcap.sys [2007-11-24 22:03]
S3 6250spi;Elan USB Bridge Service;C:\WINDOWS\system32\Drivers\6250spi.sys [2006-09-19 16:46]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 17:44]
S3 XDva008;XDva008;C:\WINDOWS\system32\XDva008.sys []
S3 XDva026;XDva026;C:\WINDOWS\system32\XDva026.sys []
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-08-17 13:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2008-05-31 08:00:00 C:\WINDOWS\Tasks\Antispyware Scheduled Scan.job"
- C:\Program Files\AntiSpywareApp\AntiSpyware.exe
- C:\Program Files\AntiSpywareApp
"2008-05-26 22:48:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-31 08:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
"2008-05-25 15:08:03 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-05-25 15:08:02 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 21:13:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LexBceS.exe
C:\WINDOWS\system32\Lexpps.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-05-31 21:39:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-01 02:38:47

Pre-Run: 8,974,405,632 bytes free
Post-Run: 8,885,854,208 bytes free

334 --- E O F --- 2008-05-18 10:09:55

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40 PM, on 5/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Blubster\Blubster.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {0BB0AD19-01C1-4253-9EA9-20DF16CC4D44} - C:\Program Files\Common Files\lavuq599.dll (file missing)
O2 - BHO: (no name) - {0E54E68A-D735-4549-A01A-90EA188BD41A} - C:\Program Files\Online Services\cefyr821058.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: TChkBHO Class - {B6F19F93-C313-4DDF-9152-E55E6FE37310} - C:\WINDOWS\system32\ykvjeev.dll (file missing)
O2 - BHO: (no name) - {BAF86C81-F962-F5B7-1196-A18F0E557CCD} - C:\WINDOWS\system32\oxgkd.dll (file missing)
O2 - BHO: (no name) - {CB8E467B-42C7-49FC-9CAF-F20C5974B415} - C:\WINDOWS\system32\jkkLCuuR.dll (file missing)
O3 - Toolbar: (no name) - {EA0D26BD-9029-431A-86E0-83152D67828A} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Antispyware] C:\Program Files\AntiSpywareApp\Antispyware.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Pamela Rice\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10801} (FlyLoader Class) - http://www.flyword.com/loaderword_win.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: gEWqPHYP - gEWqPHYP.dll (file missing)
O20 - Winlogon Notify: smcss - smcss.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 8341 bytes

Light Poster

25 posts since May 2008

Reputation Points: 10

Solved Threads: 0

Please download FindAWF:
http://noahdfear.net/downloads/FindAWF.exe

Save the file to the Desktop
Double-click the FindAWF icon.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.

When done, a text file, Find AWF report is produced.
Please provide Find AWF report in your reply.

Most Valuable Poster

Moderator

20,095 posts since Feb 2004

Reputation Points: 1,142

Solved Threads: 985

The current date is: Sat 05/31/2008
The current time is: 23:33:28.22

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\BLUBSTER\BAK

04/13/2007 09:35 AM 5,980,160 Blubster.exe
1 File(s) 5,980,160 bytes

Directory of C:\PROGRA~1\MICROS~2\BAK

11/15/2005 12:12 PM 473,928 gcasServ.exe
1 File(s) 473,928 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

04/27/2007 08:41 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\REGSHAVE\BAK

07/25/2001 02:04 PM 57,344 REGSHAVE.EXE
1 File(s) 57,344 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 12:56 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\WINDOWS\WIRELESS\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~1\BAK

11/07/2006 02:41 PM 8,192 mimboot.exe
11/07/2006 02:41 PM 110,592 mm_tray.exe
2 File(s) 118,784 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 07:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

09/02/2006 09:54 PM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\COMMON~1\ULEADS~1\AUTODE~1\BAK

05/23/2005 09:57 AM 90,112 monitor.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

07/12/2007 03:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

09/25/2007 12:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\THOMSON\LYRAJU~1\LYRAHD~1\BAK

04/18/2005 03:35 PM 290,816 LYRAHD2TrayApp.exe
1 File(s) 290,816 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.2\APPS\BAK

03/09/2007 11:09 AM 63,712 apdproxy.exe
1 File(s) 63,712 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\BAK

05/09/2000 10:38 AM 36,864 printray.exe
1 File(s) 36,864 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

5980160 Apr 13 2007 "C:\Program Files\Blubster\Blubster.exe"
5980160 Apr 13 2007 "C:\Program Files\Blubster\bak\Blubster.exe"
473928 Nov 15 2005 "C:\Program Files\Microsoft AntiSpyware\bak\gcasServ.exe"
385024 Jan 31 2008 "C:\Program Files\QuickTime\QTTask.exe"
282624 Apr 27 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
57344 Jul 25 2001 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
8192 Nov 7 2006 "C:\Program Files\Musicmatch\Musicmatch Jukebox\bak\mimboot.exe"
110592 Nov 7 2006 "C:\Program Files\Musicmatch\Musicmatch Jukebox\bak\mm_tray.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
180269 Sep 2 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
90112 May 23 2005 "C:\Program Files\Common Files\Ulead Systems\Autodetector\bak\monitor.exe"
144784 Feb 22 2008 "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
126976 Sep 24 2007 "C:\Program Files\Java\jdk1.6.0_03\jre\bin\jusched.exe"
139264 Feb 22 2008 "C:\Program Files\Java\jdk1.6.0_05\jre\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
144784 Feb 22 2008 "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
126976 Sep 24 2007 "C:\Program Files\Java\jdk1.6.0_03\jre\bin\jusched.exe"
139264 Feb 22 2008 "C:\Program Files\Java\jdk1.6.0_05\jre\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
290816 Apr 18 2005 "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\bak\LYRAHD2TrayApp.exe"
63712 Mar 9 2007 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe"
36864 May 9 2000 "C:\WINDOWS\system32\spool\drivers\w32x86\PrinTray.exe"
36864 May 9 2000 "C:\WINDOWS\system32\spool\drivers\w32x86\2\bak\printray.exe"

end of report

Light Poster

25 posts since May 2008

Reputation Points: 10

Solved Threads: 0

Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders

A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:

C:\Program Files\Blubster\bak\Blubster.exe
C:\Program Files\Microsoft AntiSpyware\bak\gcasServ.exe
C:\Program Files\QuickTime\bak\qttask.exe"
C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE
C:\WINDOWS\system32\bak\ctfmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\bak\mimboot.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\bak\mm_tray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
C:\Program Files\Common Files\Ulead Systems\Autodetector\bak\monitor.exe
C:\Program Files\Java\jdk1.6.0_03\jre\bin\jusched.exe
C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe
C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe
C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe
C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\bak\LYRAHD2TrayApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\2\bak\printray.exe

Next, close and clickYes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

Most Valuable Poster

Moderator

20,095 posts since Feb 2004

Reputation Points: 1,142

Solved Threads: 985

by the way my computer is realy stable and the taskbar is not blinking anymore so after this you can put solved on it thanks ^_^

Light Poster

25 posts since May 2008

Reputation Points: 10

Solved Threads: 0

The current date is: Sun 06/01/2008
The current time is: 0:46:10.02

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\BLUBSTER\BAK

04/13/2007 09:35 AM 5,980,160 Blubster.exe
1 File(s) 5,980,160 bytes

Directory of C:\PROGRA~1\MICROS~2\BAK

11/15/2005 12:12 PM 473,928 gcasServ.exe
1 File(s) 473,928 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

04/27/2007 08:41 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\REGSHAVE\BAK

07/25/2001 02:04 PM 57,344 REGSHAVE.EXE
1 File(s) 57,344 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 12:56 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\WINDOWS\WIRELESS\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~1\BAK

11/07/2006 02:41 PM 8,192 mimboot.exe
11/07/2006 02:41 PM 110,592 mm_tray.exe
2 File(s) 118,784 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 07:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

09/02/2006 09:54 PM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\COMMON~1\ULEADS~1\AUTODE~1\BAK

05/23/2005 09:57 AM 90,112 monitor.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

07/12/2007 03:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

09/25/2007 12:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\THOMSON\LYRAJU~1\LYRAHD~1\BAK

04/18/2005 03:35 PM 290,816 LYRAHD2TrayApp.exe
1 File(s) 290,816 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.2\APPS\BAK

03/09/2007 11:09 AM 63,712 apdproxy.exe
1 File(s) 63,712 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\BAK

05/09/2000 10:38 AM 36,864 printray.exe
1 File(s) 36,864 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

end of report

Light Poster

25 posts since May 2008

Reputation Points: 10

Solved Threads: 0

Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\Program Files\Blubster\bak
C:\Program Files\Microsoft AntiSpyware\bak
C:\Program Files\QuickTime\bak
C:\Program Files\REGSHAVE\bak
C:\WINDOWS\system32\bak
C:\Program Files\Musicmatch\Musicmatch Jukebox\bak
C:\Program Files\Adobe\Reader 8.0\Reader\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Common Files\Ulead Systems\Autodetector\bak
C:\Program Files\Java\jre1.6.0_02\bin\bak
C:\Program Files\Java\jre1.6.0_03\bin\bak
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\bak
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak
C:\WINDOWS\system32\spool\drivers\w32x86\2\bak

Next, close and clickYes to save the changes.

Once folders.txt is saved, FindAWF does the following:
-It deletes the contents of the bak folders
-Removes the bak folders

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

Most Valuable Poster

Moderator

20,095 posts since Feb 2004

Reputation Points: 1,142

Solved Threads: 985

srry wrong log...
the good one is below this one

Light Poster

25 posts since May 2008

Reputation Points: 10

Solved Threads: 0

The current date is: Sun 06/01/2008
The current time is: 2:53:05.41

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\WINDOWS\WIRELESS\BAK

0 File(s) 0 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

end of report

Light Poster

25 posts since May 2008

Reputation Points: 10

Solved Threads: 0

Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 4 then Enter to reset domain zones

This removes all entries from the domain zones.
When the program returns to the main menu, use the following option:
Press E then Enter to EXIT

Reboot when done and post another hijackthis log please.

Let me know how your PC is.