nasty virus

Question

jamjam19 0 Light Poster

15 Years Ago

i need help there is a red blinking (x) taskbar i need help my log is...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10: VIRUS ALERT!, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Blubster\Blubster.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {0BB0AD19-01C1-4253-9EA9-20DF16CC4D44} - C:\Program Files\Common Files\lavuq599.dll (file missing)
O2 - BHO: (no name) - {0E54E68A-D735-4549-A01A-90EA188BD41A} - C:\Program Files\Online Services\cefyr821058.dll (file missing)
O2 - BHO: (no name) - {4A3F62A9-AFEB-4543-AE4D-DC2442444E64} - C:\WINDOWS\system32\qoMdDwVO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: QXK Olive - {B33B96B9-E0C2-4648-9819-A38DDCAFA33C} - C:\WINDOWS\boqnrwdmstg.dll (file missing)
O2 - BHO: TChkBHO Class - {B6F19F93-C313-4DDF-9152-E55E6FE37310} - C:\WINDOWS\system32\ykvjeev.dll (file missing)
O2 - BHO: (no name) - {BAF86C81-F962-F5B7-1196-A18F0E557CCD} - C:\WINDOWS\system32\oxgkd.dll (file missing)
O2 - BHO: (no name) - {CB8E467B-42C7-49FC-9CAF-F20C5974B415} - C:\WINDOWS\system32\jkkLCuuR.dll (file missing)
O2 - BHO: Windows Media Player - {D5A7151F-58D0-4AC8-9329-BEDD59625679} - (no file)
O2 - BHO: (no name) - {F7F6584C-864B-411D-A410-BB2DE0D33CA1} - (no file)
O3 - Toolbar: (no name) - {EA0D26BD-9029-431A-86E0-83152D67828A} - (no file)
O3 - Toolbar: The retnsrp - {757EFAE3-B160-4A69-95D7-46761353800B} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: atfxqogp - {9E6CD9DF-5EF9-40F4-84FA-C4842EB1F283} - C:\WINDOWS\atfxqogp.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKCU\..\Run: [Antispyware] C:\Program Files\AntiSpywareApp\Antispyware.exe -boot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Pamela Rice\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10801} (FlyLoader Class) - http://www.flyword.com/loaderword_win.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: gEWqPHYP - gEWqPHYP.dll (file missing)
O20 - Winlogon Notify: qoMdDwVO - C:\WINDOWS\SYSTEM32\qoMdDwVO.dll
O20 - Winlogon Notify: smcss - smcss.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O21 - SSODL: vregfwlx - {02B07299-96CF-4C31-AD41-533F842760BD} - C:\WINDOWS\vregfwlx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 10122 bytes

windows-virus

2 Contributors
22 Replies
209 Views
2 Days Discussion Span
Latest Post 15 Years Ago Latest Post by crunchie

All 22 Replies

crunchie 990 Most Valuable Poster

15 Years Ago

Hi and welcome to the Daniweb forums :).

==========

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

crunchie 990 Most Valuable Poster

15 Years Ago

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

crunchie 990 Most Valuable Poster

15 Years Ago

Download
SDFix
and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the
following :

Restart your computer
After hearing your computer beep once during startup, but before the
Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract
All,
Open the extracted folder and double click RunThis.bat to
start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the
registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool
will be running and removing files.
When the desktop loads the Fixtool will complete the removal and
display Finished, then press any key to end the script and load
your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the
contents of the results file Report.txt back onto the forum with
a new HijackThis log

crunchie 990 Most Valuable Poster

15 Years Ago

Next time you run hijackthis and save the log, make sure in Notepad that wordwrap in the Format Tab is unckecked first. There are a lot of gaps in your log that makes it very difficult to read.

==

Please download ComboFix by sUBs from HERE or HERE

You must download it to and run it from your Desktop
Physically disconnect from the internet.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

crunchie 990 Most Valuable Poster

15 Years Ago

Please download FindAWF:
http://noahdfear.net/downloads/FindAWF.exe

Save the file to the Desktop
Double-click the FindAWF icon.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.

When done, a text file, Find AWF report is produced.
Please provide Find AWF report in your reply.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

jamjam19 0 Light Poster · Answer 1 · 2008-05-30T23:00:34+00:00

SmitFraudFix v2.323

Scan done at 11:26:20.85, Fri 05/30/2008
Run from C:\Documents and Settings\audition account\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Blubster\Blubster.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\privacy_danger FOUND !
C:\WINDOWS\xmpstean.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\audition account

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\audition account\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\AUDITI~1\FAVORI~1

C:\DOCUME~1\AUDITI~1\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\AUDITI~1\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\AUDITI~1\FAVORI~1\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\AUDITI~1\Desktop\Error Cleaner.url FOUND !
C:\DOCUME~1\AUDITI~1\Desktop\Privacy Protector.url FOUND !
C:\DOCUME~1\AUDITI~1\Desktop\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

[!] Suspicious: vregfwlx.dll
SSODL: vregfwlx - {02B07299-96CF-4C31-AD41-533F842760BD}

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: SMC EZ Card PCI 10 Adapter (SMC1208) - Packet Scheduler Miniport
DNS Server Search Order: 68.87.72.130
DNS Server Search Order: 68.87.77.130

HKLM\SYSTEM\CCS\Services\Tcpip\..\{34E90C0E-4215-4040-A72C-A426D2BDA9EC}: DhcpNameServer=68.87.72.130 68.87.77.130
HKLM\SYSTEM\CS2\Services\Tcpip\..\{34E90C0E-4215-4040-A72C-A426D2BDA9EC}: DhcpNameServer=68.87.72.130 68.87.77.130
HKLM\SYSTEM\CS3\Services\Tcpip\..\{34E90C0E-4215-4040-A72C-A426D2BDA9EC}: DhcpNameServer=68.87.72.130 68.87.77.130
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.72.130 68.87.77.130
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.72.130 68.87.77.130
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.72.130 68.87.77.130

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

jamjam19 0 Light Poster · Answer 2 · 2008-05-31T02:03:44+00:00

my firefox browser crashes and i can t get on the internet so i have to use my wii... lol also my taskbar keeps disappearing and then it comes back

jamjam19 0 Light Poster · Answer 3 · 2008-05-31T05:09:34+00:00

SmitFraudFix v2.323

Scan done at 17:23:31.66, Fri 05/30/2008
Run from C:\Documents and Settings\audition account\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\vregfwlx.dll deleted.

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\privacy_danger\ Deleted
C:\WINDOWS\xmpstean.exe Deleted
C:\DOCUME~1\AUDITI~1\Desktop\Error Cleaner.url Deleted
C:\DOCUME~1\AUDITI~1\Desktop\Privacy Protector.url Deleted
C:\DOCUME~1\AUDITI~1\Desktop\Spyware?Malware Protection.url Deleted
C:\DOCUME~1\AUDITI~1\FAVORI~1\Error Cleaner.url Deleted
C:\DOCUME~1\AUDITI~1\FAVORI~1\Privacy Protector.url Deleted
C:\DOCUME~1\AUDITI~1\FAVORI~1\Spyware?Malware Protection.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{34E90C0E-4215-4040-A72C-A426D2BDA9EC}: DhcpNameServer=68.87.72.130 68.87.77.130
HKLM\SYSTEM\CS2\Services\Tcpip\..\{34E90C0E-4215-4040-A72C-A426D2BDA9EC}: DhcpNameServer=68.87.72.130 68.87.77.130
HKLM\SYSTEM\CS3\Services\Tcpip\..\{34E90C0E-4215-4040-A72C-A426D2BDA9EC}: DhcpNameServer=68.87.72.130 68.87.77.130
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.72.130 68.87.77.130
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.72.130 68.87.77.130
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.72.130 68.87.77.130

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35 PM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Blubster\Blubster.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {0BB0AD19-01C1-4253-9EA9-20DF16CC4D44} - C:\Program Files\Common Files\lavuq599.dll (file missing)
O2 - BHO: (no name) - {0E54E68A-D735-4549-A01A-90EA188BD41A} - C:\Program Files\Online Services\cefyr821058.dll (file missing)
O2 - BHO: (no name) - {4A3F62A9-AFEB-4543-AE4D-DC2442444E64} - C:\WINDOWS\system32\qoMdDwVO.dll
O2 - BHO: (no name) - {744BAFC9-DC30-48D0-A491-67FE3B5AAD55} - C:\WINDOWS\system32\ddcCRICr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: QXK Olive - {B33B96B9-E0C2-4648-9819-A38DDCAFA33C} - C:\WINDOWS\boqnrwdmstg.dll (file missing)
O2 - BHO: TChkBHO Class - {B6F19F93-C313-4DDF-9152-E55E6FE37310} - C:\WINDOWS\system32\ykvjeev.dll (file missing)
O2 - BHO: (no name) - {BAF86C81-F962-F5B7-1196-A18F0E557CCD} - C:\WINDOWS\system32\oxgkd.dll (file missing)
O2 - BHO: (no name) - {CB8E467B-42C7-49FC-9CAF-F20C5974B415} - C:\WINDOWS\system32\jkkLCuuR.dll (file missing)
O2 - BHO: Windows Media Player - {D5A7151F-58D0-4AC8-9329-BEDD59625679} - (no file)
O2 - BHO: (no name) - {F7F6584C-864B-411D-A410-BB2DE0D33CA1} - (no file)
O3 - Toolbar: (no name) - {EA0D26BD-9029-431A-86E0-83152D67828A} - (no file)
O3 - Toolbar: The retnsrp - {757EFAE3-B160-4A69-95D7-46761353800B} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: atfxqogp - {9E6CD9DF-5EF9-40F4-84FA-C4842EB1F283} - C:\WINDOWS\atfxqogp.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKCU\..\Run: [Antispyware] C:\Program Files\AntiSpywareApp\Antispyware.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Pamela Rice\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10801} (FlyLoader Class) - http://www.flyword.com/loaderword_win.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: gEWqPHYP - gEWqPHYP.dll (file missing)
O20 - Winlogon Notify: qoMdDwVO - C:\WINDOWS\SYSTEM32\qoMdDwVO.dll
O20 - Winlogon Notify: smcss - smcss.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9923 bytes

jamjam19 0 Light Poster · Answer 4 · 2008-06-01T01:58:30+00:00

here SDfix

[b]SDFix: Version 1.187 [/b]
Run by audition account on Sat 05/31/2008 at 01:59 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\AUDITI~1\Desktop\SDFix

[b]Checking Services [/b]:

[b]Name [/b]: 
msupdate
AEJ36
AGK83
ALP71
BHL50
BIM14
BIN36
BJO48
BKO37
DJN82
DNR50
EIN04
EKP61
FLP82
GMP72
GMQ47
GQT48
JOT72
JTX15
LRV37
NTX48
NXC48
SDH14
VBF50
WCF04
XGL83

[b]Path [/b]:
c:\windows\system32\mssrv32.exe 
\??\C:\WINDOWS\System32\drivers\aeJ36.sys 
\??\C:\WINDOWS\System32\drivers\agK83.sys 
\??\C:\WINDOWS\System32\drivers\alP71.sys 
\??\C:\WINDOWS\System32\drivers\bhL50.sys 
\??\C:\WINDOWS\System32\drivers\biM14.sys 
\??\C:\WINDOWS\System32\drivers\biN36.sys 
\??\C:\WINDOWS\System32\drivers\bjO48.sys 
\??\C:\WINDOWS\System32\drivers\bkO37.sys 
\??\C:\WINDOWS\System32\drivers\djN82.sys 
\??\C:\WINDOWS\System32\drivers\dnR50.sys 
\??\C:\WINDOWS\System32\drivers\eiN04.sys 
\??\C:\WINDOWS\System32\drivers\ekP61.sys 
\??\C:\WINDOWS\System32\drivers\flP82.sys 
\??\C:\WINDOWS\System32\drivers\gmP72.sys 
\??\C:\WINDOWS\System32\drivers\gmQ47.sys 
\??\C:\WINDOWS\System32\drivers\gqT48.sys 
\??\C:\WINDOWS\System32\drivers\joT72.sys 
\??\C:\WINDOWS\System32\drivers\jtX15.sys 
\??\C:\WINDOWS\System32\drivers\lrV37.sys 
\??\C:\WINDOWS\System32\drivers\ntX48.sys 
\??\C:\WINDOWS\System32\drivers\nxC48.sys 
\??\C:\WINDOWS\System32\drivers\sdH14.sys 
\??\C:\WINDOWS\System32\drivers\vbF50.sys 
\??\C:\WINDOWS\System32\drivers\wcF04.sys 
\??\C:\WINDOWS\System32\drivers\xgL83.sys 

msupdate - Deleted
AEJ36 - Deleted
AGK83 - Deleted
ALP71 - Deleted
BHL50 - Deleted
BIM14 - Deleted
BIN36 - Deleted
BJO48 - Deleted
BKO37 - Deleted
DJN82 - Deleted
DNR50 - Deleted
EIN04 - Deleted
EKP61 - Deleted
FLP82 - Deleted
GMP72 - Deleted
GMQ47 - Deleted
GQT48 - Deleted
JOT72 - Deleted
JTX15 - Deleted
LRV37 - Deleted
NTX48 - Deleted
NXC48 - Deleted
SDH14 - Deleted
VBF50 - Deleted
WCF04 - Deleted
XGL83 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]: 

Trojan Files Found:

C:\Documents and Settings\Pamela Rice\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\Pamela Rice\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\Pamela Rice\Favorites\Spyware&Malware Protection.url - Deleted
C:\Program Files\Antivirus 2008 PRO\vscan.tsi - Deleted
C:\Program Files\Antivirus 2008 PRO\zlib.dll - Deleted
C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe - Deleted
C:\WINDOWS\mrofinu1535.exe - Deleted
C:\WINDOWS\search_res.txt  - Deleted
C:\WINDOWS\system32\cmd.com  - Deleted
C:\WINDOWS\system32\mssrv32.exe  - Deleted
C:\WINDOWS\system32\netstat.com  - Deleted
C:\WINDOWS\system32\ping.com  - Deleted
C:\WINDOWS\system32\taskkill.com  - Deleted
C:\WINDOWS\system32\tasklist.com  - Deleted
C:\WINDOWS\system32\tracert.com  - Deleted
C:\WINDOWS\system32\web.dat  - Deleted
C:\WINDOWS\system32\WinCtrl32.dll  - Deleted
C:\WINDOWS\vltdfabw.dll  - Deleted
C:\WINDOWS\system32\drivers\AEJ36.sys - Deleted
C:\WINDOWS\system32\drivers\AGK83.sys - Deleted
C:\WINDOWS\system32\drivers\ALP71.sys - Deleted
C:\WINDOWS\system32\drivers\BHL50.sys - Deleted
C:\WINDOWS\system32\drivers\BIM14.sys - Deleted
C:\WINDOWS\system32\drivers\BIN36.sys - Deleted
C:\WINDOWS\system32\drivers\BJO48.sys - Deleted
C:\WINDOWS\system32\drivers\BKO37.sys - Deleted
C:\WINDOWS\system32\drivers\DJN82.sys - Deleted
C:\WINDOWS\system32\drivers\DNR50.sys - Deleted
C:\WINDOWS\system32\drivers\EIN04.sys - Deleted
C:\WINDOWS\system32\drivers\EKP61.sys - Deleted
C:\WINDOWS\system32\drivers\FLP82.sys - Deleted
C:\WINDOWS\system32\drivers\GMP72.sys - Deleted
C:\WINDOWS\system32\drivers\GMQ47.sys - Deleted
C:\WINDOWS\system32\drivers\GQT48.sys - Deleted
C:\WINDOWS\system32\drivers\INS50.sys - Deleted
C:\WINDOWS\system32\drivers\JOS14.sys - Deleted
C:\WINDOWS\system32\drivers\JOT72.sys - Deleted
C:\WINDOWS\system32\drivers\JTX15.sys - Deleted
C:\WINDOWS\system32\drivers\LRV37.sys - Deleted
C:\WINDOWS\system32\drivers\NTX48.sys - Deleted
C:\WINDOWS\system32\drivers\NXC48.sys - Deleted
C:\WINDOWS\system32\drivers\SDH14.sys - Deleted
C:\WINDOWS\system32\drivers\VBF50.sys - Deleted
C:\WINDOWS\system32\drivers\WCF04.sys - Deleted
C:\WINDOWS\system32\drivers\WDG58.sys - Deleted
C:\WINDOWS\system32\drivers\XGL83.sys - Deleted
C:\WINDOWS\system32\drivers\YHM82.sys - Deleted



Folder C:\Program Files\Antivirus 2008 PRO - Removed
Folder C:\Program Files\Spcron - Removed
Folder C:\Program Files\Temporary - Removed


Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-05-31 14:29:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{233cabe3-7257-4122-b48b-a5b1b16b26d4}\Confi

g\OSSProxy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{233cabe3-7257-4122-b48b-a5b1b16b26d4}\Confi

g\OSSProxy\Settings]
"Name"="x-ns1JTwR2aArm0L,x-ns2IwXf2KnLLLL"
"SendContentIDToServer"=dword:00000001
"Capabilities"=dword:00000001
"ExtCapabilities"=dword:00000001
"OptionsBitmask"=dword:00000100
"RevertPath"="C:\WINDOWS\system32\"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authori

zedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network 

Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\javaw.exe"="C:\\WINDOWS\\system32\\javaw.exe:*:Enabled:javaw"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program 

Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft 

Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 

2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 

2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorize

dapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network 

Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\AUDITI~1\Desktop\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Sat 10 Dec 2005         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 25 May 2008        20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Sun 25 May 2008           265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Sun 16 Mar 2008             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Fri 28 Mar 2008             0 A..H. --- 

"C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT12.tmp"
Fri 28 Mar 2008             0 A..H. --- 

"C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT10.tmp"
Fri 28 Mar 2008             0 A..H. --- 

"C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT14.tmp"
Fri 28 Mar 2008             0 A..H. --- 

"C:\WINDOWS\SoftwareDistribution\Download\b04031f0b83ee952189dd8beb4ee929a\BITF.tmp"
Fri 28 Mar 2008             0 A..H. --- 

"C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT13.tmp"
Fri 28 Mar 2008             0 A..H. --- 

"C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT15.tmp"
Fri 28 Mar 2008             0 A..H. --- 

"C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT11.tmp"
Wed 28 May 2008       131,072 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS00BD07AF-72CB-4120-B303-E0C3A4367979.tmp"
Wed 28 May 2008     1,572,864 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS02B854B8-6B79-4C83-B67F-9746CA1AB077.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS05857F5D-6CF9-4A2A-A79A-BC5FF8693523.tmp"
Wed 28 May 2008     2,752,512 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS06E24596-0FC2-4C4E-A4B2-A9AF372A5E27.tmp"
Wed 28 May 2008       393,216 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS07D252BC-AAB3-43C9-BEA4-FC41D2997B3E.tmp"
Wed 28 May 2008     1,572,864 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS08AB6066-1717-42BB-B752-93980DB02AE0.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS11A6FBEA-F6BA-41CA-A365-910F45F4D934.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS126A2AE6-7E23-4E2E-A2A1-B96615E2EE17.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS13C50A09-0C22-4B12-93A7-3AD4405C48E2.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS1304B55E-9116-4A5E-8154-08AB8A8D61B4.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS1766262C-5A69-4C73-BC62-4D8BFDDBC3AB.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS1B50C795-01D3-435E-8A3A-C12F8AC0B872.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS1BB599E8-60D4-4695-9859-395640A84B4E.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS1DEB0680-32DA-46D7-B299-45357B38BE50.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS226D4240-43FB-44B8-A2E7-80480827F001.tmp"
Wed 28 May 2008       196,608 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS263FBA69-EF8B-4F5B-9483-3B50D6002D46.tmp"
Wed 28 May 2008       393,216 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS29E60113-E4BB-4D8A-8039-23D800704D60.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS2972A9B4-1EA6-42FA-A153-0278B4ECDAB8.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS2986FF8F-3C7C-42FC-8464-858A0CC391AD.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS2A159358-DF06-4250-9199-6D87BFD27D8F.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS2EDEC3EB-036F-457A-859E-CF009B0798FA.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS2F3E3502-321B-47B8-84BC-758B3B49019C.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS2F6CAB55-1A8B-494F-87E0-728811D878B9.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS34D02B77-8BD5-4D97-8A11-718B2565A3C8.tmp"
Wed 28 May 2008       131,072 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS3472D34B-0B05-43C3-ABC7-5BBEB7EB5D7C.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS36508656-88E8-40B2-93E1-412C7F861156.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS37395740-C319-4932-B769-FD8C11AAB91B.tmp"
Wed 28 May 2008       327,680 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS3B6FB0F2-C5AA-44AB-B111-105244738767.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS40E535AF-0CB5-4599-A2E9-914C81B89147.tmp"
Wed 28 May 2008     1,179,648 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS45BC4CDC-94C9-481E-8B32-B30B5462BF31.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS4F658064-F359-49DB-B6F1-F6F0887DA6CE.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS4FA9AE07-AC08-4936-902E-0102AD08F580.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS515641F0-EF08-4880-B2D0-7D224DCB9600.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS526F98A0-F1FD-487B-95CD-611945E7CA05.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS57E6135D-D0B0-40B5-BDE3-570097EA6A04.tmp"
Wed 28 May 2008     1,245,184 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS5A4C7B6D-3456-4D4A-8B72-07E7C61B6FDB.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS5CB1AD8E-039B-4DF1-8C04-680D311D893E.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS5C66CABF-BB8C-4E65-84EF-421119478D46.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS5C118917-C6DB-44E2-A0BF-8535E3C504CC.tmp"
Wed 28 May 2008     1,572,864 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS5F954813-CB98-416E-82C1-34E53C1A8010.tmp"
Wed 28 May 2008     1,900,544 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS6614D3B2-82D3-4316-8866-053E1DB5F8E4.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS6A357A24-426B-468F-80BB-0C90A1B71146.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS6EABF415-95CD-4959-80FC-1028EDAE07CA.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS73F6A51D-E8D5-4FD0-BCBD-E89C2734A4AB.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS7314EF22-C344-48C6-8403-010145E9160E.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS760D4DE4-2859-4052-AD33-FAA104C87C1F.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS7649BA06-E6A7-4E5A-ABBC-32D0D20D8E8D.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS7B578F11-00FE-413D-88D3-F4E20E308266.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS7E2651C7-5A89-4D82-B404-431805131301.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS811D31A4-71EE-4E4F-845D-97E5D0D329B8.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS84003C86-3CA4-46A0-BAC9-497ECA9E6E3F.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS8949E5EF-3C1E-4517-AABF-847BF17F367E.tmp"
Wed 28 May 2008       131,072 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS8CB1AC4B-54E9-4847-8468-4F54428AD68F.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS90072A05-2943-449A-90DA-8455E2CF0623.tmp"
Wed 28 May 2008       196,608 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS921874C9-CADF-44EE-A2B6-D33306D5D8ED.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS9CC877AA-E2C9-4804-81F5-BC9F3363E1A1.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSA1D5E938-E1A6-4F1E-9767-E0E0C7AA19CE.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSA35DA55B-B6AC-4AA8-AA88-F341F3AC02D0.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSA6A8B00E-6355-460B-96B9-E783619B108D.tmp"
Wed 28 May 2008       196,608 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSA6D7881C-ACAA-4E4B-8936-2B8CC69B595A.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSA953D82F-CC0B-4481-A034-6B1B1699F091.tmp"
Wed 28 May 2008     5,177,344 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSAE140D3F-6578-4A9E-86AA-647BCB7C350B.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSB1AEA35F-08D6-41BF-BC75-65D21D063DD9.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSB35F86C4-759C-4458-850F-55B70E04B4F5.tmp"
Wed 28 May 2008       917,504 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSB4023B13-8C6B-4C97-A2A7-128BDC3C1C95.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSB640C98C-6254-4E53-BF83-D46D06D1F2EA.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSBCFC5E13-D6D7-4766-A042-817436AF05A2.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSBE832CCF-3620-4521-A379-16D45CBA74F6.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSC9BEB069-4FF4-4AFD-853B-ECB33588D51C.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSD04F90D4-180C-4911-95D7-42C6F70E460B.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSD65A413F-FBD8-441E-BF46-6CC7B2534D00.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSD797F661-E008-4942-962A-CFA2347D892F.tmp"
Wed 28 May 2008       851,968 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSDABB2E3B-F42E-441A-98D8-DAC90D3C044C.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSDAC982EB-EC82-4972-B339-6E3F478072B1.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSDA1440F3-7351-4FEF-8D63-B672FDECFECA.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSDDFFF497-0BF0-4419-A62E-50A9877664C6.tmp"
Wed 28 May 2008       131,072 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSE3515B7E-D3A9-4C7A-9612-8CDB2A2335E6.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSE51A3DC7-1D9D-4F52-AEEA-D464B03F3BCE.tmp"
Wed 28 May 2008       393,216 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSE634D1F3-1CE5-4719-A4D7-D594EA1896C7.tmp"
Wed 28 May 2008     1,900,544 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSE9C541A6-00C6-4946-BEC4-1A5A2AD24772.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSEAF34FBC-AEFF-4C89-BE27-D8EB28D41A12.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSEBFCF635-BAC1-41BB-A74A-368C33AF81F4.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSEEFAE0AC-0D85-4522-898B-C0C7DC67EFAD.tmp"
Wed 28 May 2008     2,162,688 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSF0127AF1-68E7-48E6-934B-76D6A52E47A0.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSF25E19F6-BE23-44D0-8A38-D806D38F16D6.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSF3490969-8442-49B6-B970-BD15FECC7C97.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSF4008E82-5EE1-4746-8ACA-93CCAAFBD739.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSF7B20E9D-FA7B-447E-86E8-E26F7A8CB3EE.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSF71D6F10-63E2-4305-AB26-42F6654F75DF.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS747CC63F-D258-4DC6-A27F-0C284AF57014.tmp"
Thu 29 May 2008       131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSFE15FE87-1665-43B7-BE21-F3102D80D200.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS347C107D-97FC-4A5D-9C38-358F58845CD3.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS45F14AD8-1F15-4DD3-99AF-2937C01B0458.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSFD5284C5-3F15-4F38-A6DE-B15A57B2D6FA.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS58C48D52-CED2-4645-9318-DD6FF91C9F82.tmp"
Thu 29 May 2008       327,680 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS59960407-FDFE-42E5-9B85-C1A8410E0B4C.tmp"
Thu 29 May 2008     4,521,984 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS58329D2F-66B6-4FC0-9629-220B2C285AE6.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSA1601AC5-4891-4E6E-98EA-03EA6E834AC3.tmp"
Thu 29 May 2008       196,608 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS9852AF26-EFD5-4AD6-87E7-6B5BD1318535.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS58928001-AC66-452A-B9C4-DE11C4E82985.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS15C5E280-403E-45BA-92AA-E756C8D4C09D.tmp"
Thu 29 May 2008     1,966,080 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS002A75DD-4E49-4E2B-B2CC-D871529F555A.tmp"
Thu 29 May 2008     1,245,184 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSCA440181-112B-4CA9-A907-BFB071F70B8E.tmp"
Thu 29 May 2008     3,670,016 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS5086E098-433F-4A53-8383-27FB5835B0FF.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS34FFDD70-0D06-4532-8A23-94FE8C21B60B.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS160E086F-24A7-4C07-A3DF-408B227D5696.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS005B99D4-119E-4787-A984-83F72C8BAFD5.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS74F8A358-25DE-464A-8994-E2016DF93E1D.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMSF67FF1CA-05C0-4590-B14A-07EBB6E32464.tmp"
Thu 29 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS007937F6-6D03-46A1-A071-8D9024CA9107.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS00B572E1-64C3-48B4-8282-BF5C42E7F173.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS0093EE6B-9D29-440A-BCC6-78EBEDAFCACE.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS03096E95-E42D-4D67-AA9B-10FD13E574DC.tmp"
Thu 29 May 2008     1,703,936 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS0434A6FD-47E5-4E08-9AE6-3AF74129F188.tmp"
Wed 28 May 2008       851,968 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS04CD0E94-AD64-47D6-9154-C2837A478A3E.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS043B4807-B23E-43A8-B94F-37F576210831.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS05D2B645-2CA4-4647-BD7F-B99FADF3CCE9.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS051BD672-1B8D-4906-BCF3-DDEC30948D2A.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS066202FA-3CB3-428F-8A11-988290B8DFB9.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS07FE4BEF-3D3A-4D94-A14A-BC1C5DB46381.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS0865CDE6-B64B-4C04-AE8F-1584DB3D4FB2.tmp"
Thu 29 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS08B1AFE4-D52A-4657-8F89-66BB20E0571F.tmp"
Thu 29 May 2008       196,608 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS08B56740-2263-4694-AB6E-63CC606E12E9.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS0919FFDD-45FA-4D2F-A9ED-63DE2DD50BA0.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS09041C03-B617-4E55-A860-03C6E5FB9F0D.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS09DC8D43-CEE4-4A2F-B520-CDE715CCBD91.tmp"
Thu 29 May 2008     2,162,688 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS0BE8BEFF-5464-4B21-A5B2-E0E0D9A09475.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS0B14AB2A-7A0B-4D65-884F-CED696381975.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS0CE77D49-A443-4EE6-8DF1-738DE1CC1593.tmp"
Thu 29 May 2008       720,896 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS0DFD2621-89C9-4746-A6DD-E4694654922B.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS0D4A19E0-AF6C-42A5-B1AF-9DB222C35530.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS0F12B907-2C8C-445B-9B0F-AA566B78A42A.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS12844E10-D27C-47E4-A7E7-E58B4123818E.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS12456D81-4A76-414F-8CA5-D621A989F645.tmp"
Wed 28 May 2008       393,216 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS1235C0FD-A37F-4FFD-A371-0AB94CD7A3C9.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS120E0474-43E2-4A96-A88E-DF94E31D47B3.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS14788B5A-B83B-4C22-B1AD-B6AB231D0A77.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS14BD2C3E-CFA7-43F0-8956-44FE3946F16F.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS15621939-7AA9-4E2A-8478-2B27A22C0E49.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS1611F054-6003-4C18-870F-9E95DDB8FE5F.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS17012ACC-C453-4381-92FE-5203A405CE3C.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS18E8D06C-CE5D-4B3A-917A-954177C55051.tmp"
Thu 29 May 2008     3,145,728 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS1858C9C0-8351-4EEC-A1B0-61C8938CC58E.tmp"
Thu 29 May 2008       131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS196B7671-A6AD-47A8-BAA2-00DDD784C914.tmp"
Thu 29 May 2008     3,670,016 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS1A5C2B23-B0BF-4C21-B632-AEC2E4D3DFF3.tmp"
Wed 28 May 2008       131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS1A03FDC6-23BB-4EDC-AB9C-63C945302BE0.tmp"
Thu 29 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS1A0FB20F-2132-47FA-B577-0332069AAC47.tmp"
Wed 28 May 2008       327,680 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS1BD124A0-8A85-46F2-9AE2-72C92092D698.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS1B3B5FA5-4E12-40FB-ADF5-137A2F8EF770.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS1C8E4D9F-3093-425A-AD81-8D72BC127FC7.tmp"
Wed 28 May 2008       196,608 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS1DB7890F-FB9D-45EC-AE85-20EC4D0B8E17.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS1DE480C4-3461-462D-94B2-7B190962BBCD.tmp"
Wed 28 May 2008       131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS1D47E700-EB63-4401-90EE-14D93BB1566E.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS1DFC38F7-50DF-4BAB-B636-255068801EC9.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS1EE8148C-CC1E-4F9E-AA03-D03AAA53AD81.tmp"
Wed 28 May 2008       393,216 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS1E2DC34A-AED0-49A4-B782-DB7FE4113459.tmp"
Wed 28 May 2008       131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS1FA40CD1-53B9-4865-BE8B-49592980BFFB.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS1F186C9F-7FB5-49CC-A3AA-EC21F93B8A70.tmp"
Thu 29 May 2008       720,896 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS1F0F0638-C723-4066-A976-2B5B93A3F9C5.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS20B68FF4-E1CE-426F-826C-8796EB5EF770.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS206D2DDA-A996-42F2-86F3-78689E2A67EC.tmp"
Thu 29 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS21F2B256-98CE-4F4E-937B-8241353FBB66.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS21CA6DB4-89EF-4A2D-9FBE-DE6C588BC04C.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS222914BE-1FB7-40DD-B23F-15B0226DC1CF.tmp"
Thu 29 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS24BA1BAB-55B6-4684-A1CC-E6C12DBB6071.tmp"
Wed 28 May 2008       393,216 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS24C9619F-44A9-4F1D-8FB7-1AEF211622DE.tmp"
Thu 29 May 2008       327,680 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS25287E76-8099-4E14-9444-C546109EBDB1.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS26F5E64A-CEA7-4A74-8D58-E39793C8E20B.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS27267B7F-730D-46A3-B960-482E9DBD5509.tmp"
Wed 28 May 2008       196,608 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS28D9075A-9BCA-4A3A-8F63-C8680275B225.tmp"
Wed 28 May 2008     1,572,864 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS2893E95F-FAF0-4E11-BB98-2801E6B538C6.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS28C95074-3D2E-49EC-BF53-59663647D742.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS290935D5-D2EF-4688-9A4F-5EE3F40DDAD8.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS2AC8C533-F0F8-4A95-AD6C-246AFB464B9E.tmp"
Thu 29 May 2008       917,504 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS2A0C77CE-F6CF-4E36-8A56-CC0B1D4A2655.tmp"
Wed 28 May 2008       393,216 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS2B1848A5-E163-4496-80BC-94A5BD7CF451.tmp"
Thu 29 May 2008       196,608 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS2CA05E49-DD46-41B0-B9B6-8A0BC5B2D299.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS2F0153EF-32CF-4C18-9213-96E6BF2D2A71.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS32E6510E-C0C4-400F-8F7C-8DCAA1CD488B.tmp"
Thu 29 May 2008       131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS3225AAF7-002D-4336-957C-30582D6DE776.tmp"
Thu 29 May 2008       196,608 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS3278EE41-460A-4124-A0E1-EAA47F7FBDA1.tmp"
Wed 28 May 2008     2,752,512 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS33633DC7-AC6D-44E8-B2AB-EA37A2600A8B.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS3329D113-AFE3-4B2D-BAE5-E52063AF6C70.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS34CEDA77-C811-41D5-A7DC-5DB52CE625B2.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS3498A776-7AB4-4299-BC0D-91C7FD22AE54.tmp"
Thu 29 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS34F12974-A313-40C7-989C-7135B39BD098.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS35192E8D-718B-4B24-AF60-104003748C3B.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS36A2DA7A-9EFA-4C5B-B5F9-66AA4A93AB20.tmp"
Thu 29 May 2008     2,162,688 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS36F2070D-34DA-4454-9FA1-5BFEF90BF135.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS3613F19E-9375-4A7E-8C46-CC4265C98FDF.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS37BC8952-D8CC-4306-87E7-134DA096FE38.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS37E045ED-C62C-466A-B49C-46793B9C9439.tmp"
Thu 29 May 2008     3,145,728 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS3826CA62-7E5A-4795-A235-20A7DA8DA145.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS39B10FF1-C3B0-4CDD-847D-22D10D12BDD7.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS397FBB51-BD51-47BE-B738-3D21D8CC0D17.tmp"
Thu 29 May 2008     9,043,968 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS39875297-28E8-43F3-9967-3C7EEE8BF018.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS3A9BF5C2-277D-488C-AFEF-C9761D44F644.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS3B671AFB-5561-4AAF-A7C4-A16C4DFC7A4F.tmp"
Wed 28 May 2008     1,572,864 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS3C677B85-112A-4F0C-B0C9-695F098D6793.tmp"
Thu 29 May 2008       131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS3CB7B144-8257-4B61-BB7D-1EC3BDFD84C7.tmp"
Thu 29 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS3CE5B753-915C-4AF1-AF6C-9A2783448618.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS3DB410B4-8913-4946-AA84-56BEF89CE021.tmp"
Thu 29 May 2008     1,245,184 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS3D53144E-BB5C-4806-90FB-465E2071B632.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS3EFABB62-1A9E-490F-B38E-AF39CA061899.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS3FD862C1-1B4C-4B8C-BCEF-2446BD2C639C.tmp"
Thu 29 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS40695575-65DD-4B99-914E-A2EDF8311E00.tmp"
Thu 29 May 2008     1,245,184 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS40305DEA-37A8-4711-99CE-7A417E485169.tmp"
Thu 29 May 2008       589,824 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS406DC497-172E-4FBF-991A-BF44275BBFCE.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS419A53BA-62AE-44B4-ACBE-38744BD5E32D.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS42949D3A-FFE2-40F3-9BDC-355ACEB28D48.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS425D4E94-A13A-4BD2-B2C8-2B6DAE41D6F8.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS432287EC-6043-4427-8276-8251E58766C3.tmp"
Thu 29 May 2008     1,245,184 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS44C3A83B-A698-42F0-8DA1-37BC51DDF10E.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS444B894F-D83A-40AC-8384-014B79E70BEA.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS44125749-897E-4887-8FFE-C5D4DBF1585A.tmp"
Wed 28 May 2008     1,572,864 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS45AF70AA-B113-46BC-9662-BFBCB276B687.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS4523B604-F0FF-4BBF-8DDA-7FA7256DEEC9.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS45FBD4A8-E768-4899-98C3-F8569E58C881.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS464C22BD-E79D-41E2-91A4-6A2359B4AA53.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS4668FCC2-D665-4833-AEFF-635026D33AE1.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS47167DD1-AACE-4652-AE1B-29FCD878E9E0.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS47A71E96-9114-42DD-A2F7-DBEA4115EB10.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS476A3F18-5D47-483A-AC29-A8F05A175428.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS48FAC911-A755-4723-85AD-424F62C81D4F.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS49CDE208-C76E-4175-B599-D8C6442BED7A.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS4A248C0D-4A03-47FC-B1E1-5798C570F4A2.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS4ED557D8-4995-4962-AF82-93A2BA3B4956.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS4E818717-FC67-4848-ACA3-0516A13366B0.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS4FDF3F1D-6358-4279-BF8B-F9D11E6C52DE.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS5018C201-7682-4E27-B54E-36EEDCA2BF84.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS5034593E-FFF1-4CAF-A75C-079F013173D4.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS50DBA61D-64B0-4FEB-87F4-AB41E6407BAD.tmp"
Thu 29 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS5020B8C4-CD11-416B-9E63-603BC0AFF329.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS51388171-D97C-4308-97BF-EAA2E252F73C.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS52CDCE1F-C1C9-433A-9000-35838E08B8ED.tmp"
Thu 29 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS54F2271B-12D7-4B4E-B75D-D911291C8E35.tmp"
Thu 29 May 2008       131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS5426CCBE-84FA-4869-AE85-4A3E97CFC7C1.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS5583C5FF-987B-4374-8123-637FEB71FE6A.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS55748614-9660-4B12-8050-11D55CA323A6.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS559B3289-5A2F-4E4B-A563-AF9EDBF86ECF.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS55FA4E94-9E2C-4952-BE8C-AD727B5C344C.tmp"
Thu 29 May 2008       131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS568F7521-1097-46D3-9A11-97066730D445.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS5630C546-86E5-44F2-A0FF-3D94C327D3DC.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS56E7D153-78DE-43B6-B223-367477589B87.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS56EE12E7-25A0-45A6-B4FD-9A168AA60A40.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS57A4ECE6-A951-4AD9-99F0-E9C26BD04128.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS57D74DFF-10FB-42A0-8924-30BC0BD26B16.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS57700710-776D-4318-854C-690D4392117B.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS574A97AB-2409-4498-A6B7-3AA1F4CCCB7F.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS586A92BE-9EE8-4928-8175-8CF4F36323B8.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS58299613-11A2-4D8B-B065-ECDA53E86259.tmp"
Wed 28 May 2008       131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS587F9C71-2238-4F92-AEF3-64F611FE3113.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS592209E8-C097-4B6E-A1CB-C3BD5D523D99.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS59CFC17B-BB73-4FF6-A65A-BF53848EE8BC.tmp"
Thu 29 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS5914ABBA-2E28-4217-840A-22223CE9F61D.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS5975D4A7-EEE4-45F8-86C4-CBA6D0981ECE.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS5AEABBCF-0928-4EDB-86E9-EA04AF6108A8.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS5ADBFF7B-618F-49E2-A0D7-DB212AB230AB.tmp"
Thu 29 May 2008       131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS5BA46758-41D4-43B5-9E61-6240680AB8A4.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS5C66630A-3617-4823-9513-0D0BA1E1C548.tmp"
Wed 28 May 2008       196,608 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS5DFE2A57-7F5E-4B79-956B-DDDE49797218.tmp"
Thu 29 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS5EEF18BC-7E4E-40A4-BA36-149E31EBB7A0.tmp"
Thu 29 May 2008     1,245,184 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS5EF0D266-E263-487A-A66F-9CBF9C6BFEB4.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS5F65E177-D59B-4D7C-9E95-AA2B1D1CBCA8.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS602DAEBE-9EFB-4782-91D6-E9E639BC7B6A.tmp"
Wed 28 May 2008     1,900,544 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS623B7833-D193-45CE-A51A-1B7F5718D5E7.tmp"
Thu 29 May 2008     1,572,864 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS64063CC7-0604-4912-ACAF-C45E2415B9AE.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS641B92C2-AF2C-4726-8C6B-5D48C32E11B8.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS6580FD18-4E78-4901-AB15-2D37B5942B38.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS65ECD6D6-4464-473B-A18E-93E314AAC3DD.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS65FBF4ED-C76D-4C96-984E-328BF72824BB.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS66E3DB2C-A1A4-4DA2-9DFD-32212B4B0A07.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS66F71A09-F481-45F2-8310-03B79C242901.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS662B3E64-9E68-4901-B71D-4AE92D3432DF.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS676729A1-88BB-4AB3-B361-3B434BB65239.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS679BEBC2-1EEA-45DD-82E1-D0B4DD49DEB5.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS68A7E1DE-6EF6-4C13-ACD3-FAE42F778066.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS6992D2CA-587B-4EE7-8283-5C7EDAFD8769.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS6939DE25-2D52-4FA8-89F5-A164FD8B22C7.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS690A96A4-51BA-4B27-9408-EA34F8ADC91D.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS6CD741D8-CECD-41FD-B116-E0237F1DA032.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS6CE8F269-FF54-4E58-89EA-54B61A09D767.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS6D8678F5-B171-429A-AD21-537E952B4F65.tmp"
Thu 29 May 2008       131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS6DE8EB0A-9E13-4F24-9DCF-886A9BC21E9A.tmp"
Thu 29 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS6EF1ED42-C99B-4CE0-8ACC-D2263E549DDA.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS6E8BFE1D-3271-4871-8587-746827935141.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS6F984ABD-3976-404D-9FFC-39CCAA3CE4EF.tmp"
Wed 28 May 2008     1,179,648 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS700C6C99-2BA8-4C6B-A2A6-F6254F228C18.tmp"
Thu 29 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS70B28E96-D116-4627-8143-110EF6ED56F6.tmp"
Thu 29 May 2008     9,043,968 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS71E45338-1D03-4A78-9536-694596D45C9D.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS716D7FBB-FFDD-4379-A3B0-933913AFAE2A.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS72ED5604-070C-4B7B-A0FF-B102E20CA70F.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS727175A1-6851-46FB-B103-D2D0F33B5510.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS72309794-CF51-4829-9950-3D9ADC168999.tmp"
Thu 29 May 2008       720,896 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS73F7A0EC-5EAA-480A-9E9B-659976BD8068.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS74C37013-12CC-46B3-B1C2-6CDDC1A1E97C.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS74F79027-8CF6-4D73-9AE4-454884EC6A42.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS759CA4D6-ADC2-498F-BA97-F6D85E0F4A59.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS7514725B-222B-44A5-B1BA-893DA68F1BE9.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS756B04BE-F5F6-4F37-8CCF-F5B60AADFA8A.tmp"
Thu 29 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS76A8F3C5-DA42-498F-A0FF-3884CB117B68.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS7792AC84-ED4B-4E73-95FB-25F98280BF22.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS77F6A498-EE31-4FB9-990C-A55057835501.tmp"
Thu 29 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS7AC20427-8651-40B4-A145-FB87D5455117.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS7B7F5FBC-CC12-47BC-B6A3-5150A7B5AF2B.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS7C0D8B99-B0D7-43EF-AC4C-4AE1CC28B4DE.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS7CBCEF06-1B1C-430C-A6F8-52D01266D571.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS7C11AEF7-586C-4C3D-968E-C00C6109D73C.tmp"
Wed 28 May 2008       131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS7D44E99A-F3D0-49B5-932E-5739C60B8595.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS7D11B589-9DD7-4855-8C45-248B0A2004A8.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS7E2F0848-815C-4594-8ADD-DC5030AAF99A.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS7EF86687-0094-4C81-88CE-71EDFEBA9014.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS7E05A80D-09AA-4594-9562-5076FC90E327.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS7F4A2A4E-9F19-4B32-BB58-866535D95E72.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS7F1857B6-E1FE-48FC-990E-C64DF135E179.tmp"
Thu 29 May 2008     1,966,080 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS8032C93D-D492-40A7-8972-8F3E7B2D68AD.tmp"
Thu 29 May 2008       327,680 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS80E32EB3-4D4C-4C5B-A721-050915D6EDEB.tmp"
Thu 29 May 2008     3,145,728 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS81F8D6F4-7737-4264-A218-3667CE77E5CA.tmp"
Wed 28 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS82B07835-8E90-4CFA-9A69-EECDDA829135.tmp"
Thu 29 May 2008             0 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS831E191A-D77E-4877-B083-8415DF51C1AB.tmp"
Wed 28 May 2008     1,900,544 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS84E17D68-B4FF-4F0F-AFD1-C289E4CE04AD.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS863D91BE-28C8-4A49-B673-35D0456E4D6F.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS8731342E-3AA9-4CF3-9097-18D0C4DDBEE5.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS881B1029-DFE2-4F48-8C17-DF0738B65D44.tmp"
Wed 28 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS89D0812C-39E2-442B-ADF6-A340BF049F5A.tmp"
Thu 29 May 2008       262,144 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS89162A0F-0D66-42DA-AAE6-CEC5C7763F01.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS89BE6EC1-9933-419B-AD6C-901216DF6081.tmp"
Wed 28 May 2008     1,572,864 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS8AC06432-EC56-485E-9834-D4C61CFF094F.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS8A75C28D-0F4C-456B-A1BB-A1C9F0A7586A.tmp"
Thu 29 May 2008       131,072 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS8A050568-C5F0-4F45-98DE-17D64DD74F8A.tmp"
Thu 29 May 2008     4,521,984 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy 

Sweeper\Temp\SSMS8BB11D94-1123-4BBD-9DCD-0D22598A9066.tmp"
Thu 29 May 2008        65,536 A..H. --- "C:\Documents and Settings\NetworkService\Application Data\We

jamjam19 0 Light Poster · Answer 5 · 2008-06-01T04:30:11+00:00

thanks crunchie my computer is more stable now but still if i turn it off then turn it back on my task bar or explore.exe keeps dissapearing and coming back. so ya i hope you can help me with that too as soon as you can you can marh this sovled

jamjam19 0 Light Poster · Answer 6 · 2008-06-01T08:47:54+00:00

ComboFix 08-05-29.1 - audition account 2008-05-31 20:31:27.1 - NTFSx86
Running from: C:\Documents and Settings\audition account\Desktop\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\audition account\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\Pamela Rice\Application Data\macromedia\Flash Player\#SharedObjects\3HBA8PMQ\[url]www.broadcaster.com[/url]
C:\Documents and Settings\Pamela Rice\Application Data\macromedia\Flash Player\#SharedObjects\3HBA8PMQ\[url]www.broadcaster.com\played_list.sol[/url]
C:\Documents and Settings\Pamela Rice\Application Data\macromedia\Flash Player\#SharedObjects\3HBA8PMQ\[url]www.broadcaster.com\video_queue.sol[/url]
C:\Documents and Settings\Pamela Rice\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#[url]www.broadcaster.com[/url]
C:\Documents and Settings\Pamela Rice\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#[url]www.broadcaster.com\settings.sol[/url]
C:\Documents and Settings\Pamela Rice\Application Data\SpeedRunner
C:\Documents and Settings\Pamela Rice\Application Data\SpeedRunner\config.cfg
C:\Documents and Settings\Pamela Rice\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\Pamela Rice\Application Data\WinAntiVirus Pro 2006\Logs\update.log
C:\Documents and Settings\Pamela Rice\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log
C:\Documents and Settings\Pamela Rice\Application Data\WinAntiVirus Pro 2006\Logs\winav.log
C:\Documents and Settings\Pamela Rice\Application Data\WinAntiVirus Pro 2006\PGE.dat
C:\Documents and Settings\Pamela Rice\err.log
C:\Documents and Settings\Pamela Rice\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\Pamela Rice\My Documents\SEMBLY~1
C:\Documents and Settings\Pamela Rice\My Documents\SEMBLY~1\??sembly\
C:\Documents and Settings\Pamela Rice\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Pamela Rice\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Pamela Rice\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\Pamela Rice\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Pamela Rice\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Pamela Rice\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Svconr
C:\Program Files\WinBudget
C:\WA6P
C:\WINDOWS\ecurit~1
C:\WINDOWS\system32\28463
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\awtsQHxv.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\ddcCRICr.dll
C:\WINDOWS\system32\eeeOUvut.ini
C:\WINDOWS\system32\eeeOUvut.ini2
C:\WINDOWS\system32\FffLknnn.ini2
C:\WINDOWS\system32\hQWGffii.ini
C:\WINDOWS\system32\KUBJPXyb.ini2
C:\WINDOWS\system32\NTBegMoq.ini
C:\WINDOWS\system32\NTBegMoq.ini2
C:\WINDOWS\system32\ppXxyGgh.ini2
C:\WINDOWS\system32\qoMdDwVO.dll
C:\WINDOWS\system32\qoMgeBTN.dll
C:\WINDOWS\system32\rCIRCcdd.ini
C:\WINDOWS\system32\rCIRCcdd.ini2
C:\WINDOWS\system32\RuuCLkkj.ini2
C:\WINDOWS\system32\sBKRBJlm.ini
C:\WINDOWS\system32\sBKRBJlm.ini2
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\vxHQstwa.ini
C:\WINDOWS\system32\vxHQstwa.ini2
C:\WINDOWS\system32\WINCNMDB.DLL
C:\WINDOWS\tk68.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN
-------\Legacy_NWSAPAGENT
-------\Legacy_POWERMANAGER
-------\Legacy_VSPF
-------\Legacy_VSPF_HK
-------\Service_NwSapAgent
-------\Service_vspf
-------\Service_vspf_hk


(((((((((((((((((((((((((   Files Created from 2008-05-01 to 2008-06-01  )))))))))))))))))))))))))))))))
.

2008-05-31 20:06 . 2008-05-31 20:06 324,864 --a------   C:\WINDOWS\system32\mlJBRKBs.dll
2008-05-31 13:38 . 2008-05-31 13:39 <DIR>    d--------   C:\WINDOWS\ERUNT
2008-05-30 16:43 . 2002-07-28 07:54 126,976 --a------   C:\WINDOWS\autoras.exe
2008-05-30 16:43 . 2002-06-19 17:55 36,864  --a------   C:\WINDOWS\Uninstall.exe
2008-05-30 16:43 . 2008-05-30 16:43 56  --a------   C:\WINDOWS\autmtst.ini
2008-05-30 11:25 . 2003-06-05 21:13 53,248  --a------   C:\WINDOWS\system32\Process.exe
2008-05-29 20:46 . 2008-05-29 20:46 4,230   --a------   C:\WINDOWS\system32\PerfStringBackup.TMP
2008-05-28 13:26 . 2008-05-28 13:26 <DIR>    d--------   C:\Documents and Settings\audition account\Application Data\Webroot
2008-05-28 12:49 . 2008-05-28 12:49 <DIR>    d--------   C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-28 08:17 . 2008-05-28 08:17 <DIR>    d--------   C:\Documents and Settings\LocalService\Application Data\Webroot
2008-05-28 08:16 . 2007-06-21 18:43 160,056 --a------   C:\WINDOWS\system32\drivers\ssidrv.sys
2008-05-28 08:16 . 2007-06-21 18:43 23,864  --a------   C:\WINDOWS\system32\drivers\sskbfd.sys
2008-05-28 08:16 . 2007-06-21 18:43 21,816  --a------   C:\WINDOWS\system32\drivers\sshrmd.sys
2008-05-28 08:16 . 2007-06-21 18:43 20,280  --a------   C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2008-05-28 08:14 . 2008-05-28 08:14 <DIR>    d--------   C:\Program Files\Webroot
2008-05-28 08:14 . 2008-05-28 08:14 <DIR>    d--------   C:\Documents and Settings\Pamela Rice\Application Data\Webroot
2008-05-28 08:14 . 2008-05-28 08:14 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Webroot
2008-05-28 08:14 . 2007-06-21 18:57 1,520,952   --a------   C:\WINDOWS\WRSetup.dll
2008-05-28 07:27 . 2008-05-28 07:27 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-26 20:54 . 2008-05-26 20:54 <DIR>    d--------   C:\Program Files\Pivot Stickfigure Animator
2008-05-25 19:22 . 2008-05-28 03:35 344 --ahs----   C:\WINDOWS\system32\JllVDcfe.ini
2008-05-25 19:06 . 2008-05-25 19:06 27,140  --a------   C:\New Microsoft Office PowerPoint Presentation.pptx
2008-05-25 10:29 . 2008-05-29 21:15 7,945   --a------   C:\WINDOWS\system32\Config.MPF
2008-05-25 10:26 . 2006-03-03 07:07 143,360 --a------   C:\WINDOWS\system32\dunzip32.dll
2008-05-25 10:11 . 2007-11-22 05:44 201,320 --a------   C:\WINDOWS\system32\drivers\mfehidk.sys
2008-05-25 10:11 . 2007-11-22 05:44 79,304  --a------   C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-05-25 10:11 . 2007-12-02 11:51 40,488  --a------   C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-05-25 10:11 . 2007-11-22 05:44 35,240  --a------   C:\WINDOWS\system32\drivers\mfebopk.sys
2008-05-25 10:11 . 2007-11-22 05:44 33,832  --a------   C:\WINDOWS\system32\drivers\mferkdk.sys
2008-05-25 10:10 . 2007-07-13 05:20 113,952 --a------   C:\WINDOWS\system32\drivers\Mpfp.sys
2008-05-25 10:05 . 2008-05-25 10:06 <DIR>    d--------   C:\Program Files\McAfee.com
2008-05-25 10:02 . 2008-05-25 10:11 <DIR>    d--------   C:\Program Files\Common Files\McAfee
2008-05-25 09:59 . 2008-05-25 10:28 <DIR>    d--------   C:\Program Files\McAfee
2008-05-24 16:48 . 2007-09-05 23:22 289,144 --a------   C:\WINDOWS\system32\VCCLSID.exe
2008-05-24 16:48 . 2006-04-27 16:49 288,417 --a------   C:\WINDOWS\system32\SrchSTS.exe
2008-05-24 16:48 . 2008-05-15 22:22 86,528  --a------   C:\WINDOWS\system32\VACFix.exe
2008-05-24 16:48 . 2008-05-18 20:40 82,944  --a------   C:\WINDOWS\system32\IEDFix.exe
2008-05-24 16:48 . 2008-05-18 20:40 82,944  --a------   C:\WINDOWS\system32\404Fix.exe
2008-05-24 16:48 . 2004-07-31 17:50 51,200  --a------   C:\WINDOWS\system32\dumphive.exe
2008-05-24 16:48 . 2007-10-03 23:36 25,600  --a------   C:\WINDOWS\system32\WS2Fix.exe
2008-05-24 15:23 . 2008-05-30 17:24 2,702   --a------   C:\WINDOWS\system32\tmp.reg
2008-05-24 14:49 . 2008-05-24 14:49 <DIR>    d--------   C:\Program Files\Trend Micro
2008-05-24 14:22 . 2008-05-12 13:10 22,528  --a------   C:\WINDOWS\system32\drivers\antispyware.sys
2008-05-24 14:21 . 2008-05-24 14:21 <DIR>    d--------   C:\Documents and Settings\audition account\Application Data\Antispyware
2008-05-24 12:53 . 2008-05-24 12:53 <DIR>    d--------   C:\WINDOWS\system32\QuickTime
2008-05-23 15:58 . 2008-05-23 16:17 <DIR>    d--------   C:\Documents and Settings\audition account\Application Data\ErrorSmart
2008-05-21 16:25 . 2008-05-21 16:25 <DIR>    d--------   C:\Documents and Settings\audition account\Application Data\HPAppData
2008-05-21 15:30 . 2008-05-21 15:30 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-05-21 15:29 . 2008-05-21 15:29 <DIR>    d--------   C:\Documents and Settings\Pamela Rice\Application Data\HPAppData
2008-05-21 15:27 . 2008-05-21 15:27 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-05-21 15:26 . 2008-05-21 15:26 <DIR>    d--------   C:\Program Files\Hewlett-Packard
2008-05-21 15:23 . 2008-05-21 15:36 141,260 --a------   C:\WINDOWS\hpoins14.dat
2008-05-21 15:23 . 2007-06-05 18:07 2,000   ---------   C:\WINDOWS\hpomdl14.dat
2008-05-21 15:15 . 2008-05-31 21:14 54,156  --ah-----   C:\WINDOWS\QTFont.qfn
2008-05-21 15:15 . 2008-05-21 15:15 1,409   --a------   C:\WINDOWS\QTFont.for
2008-05-20 23:25 . 2008-05-20 23:25 4,286   --a------   C:\WINDOWS\system32\Jamster.ico
2008-05-20 20:37 . 2008-05-20 20:37 141,255 ---------   C:\WINDOWS\hpoins14.dat.temp
2008-05-20 20:37 . 2007-06-05 18:07 2,000   ---------   C:\WINDOWS\hpomdl14.dat.temp
2008-05-15 18:28 . 2008-05-18 11:21 <DIR>    d--------   C:\Documents and Settings\audition account\.gimp-2.4
2008-05-15 17:43 . 2008-05-15 17:43 9,662   --a------   C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-05-13 15:03 . 2008-05-15 17:04 <DIR>    d--------   C:\Documents and Settings\Pamela Rice\Application Data\iolo
2008-05-13 03:16 . 2008-05-13 03:16 406 --a------   C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-05-12 21:13 . 2008-05-12 21:13 432 --a------   C:\WINDOWS\system32\iolo.ini
2008-05-12 21:04 . 2008-05-12 21:04 <DIR>    d--------   C:\Documents and Settings\LocalService\Application Data\iolo
2008-05-12 20:46 . 2007-07-25 08:42 126,976 --a------   C:\WINDOWS\system32\iavlsp.dll
2008-05-12 20:34 . 2008-05-12 20:34 74,703  --a------   C:\WINDOWS\system32\mfc45.dll
2008-05-12 20:32 . 2008-05-15 21:02 <DIR>    d--------   C:\Documents and Settings\audition account\Application Data\Uniblue
2008-05-12 20:31 . 2008-05-13 03:16 <DIR>    d--------   C:\Documents and Settings\audition account\Application Data\iolo
2008-05-12 20:31 . 2008-05-15 21:01 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\iolo
2008-05-10 11:03 . 2008-05-10 11:11 <DIR>    d--------   C:\Documents and Settings\Pamela Rice\.frugoo_file_store_32
2008-05-08 20:13 . 2008-05-08 20:13 <DIR>    d--------   C:\Program Files\ePSXe
2008-05-08 18:54 . 2008-05-08 18:54 <DIR>    d--------   C:\Documents and Settings\audition account\Application Data\fltk.org
2008-05-02 15:53 . 2008-05-08 18:32 <DIR>    d--------   C:\Program Files\ActMak

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 18:35    ---------   d-----w C:\Program Files\Blubster
2008-05-31 03:02    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-30 21:43    ---------   d--h--w C:\Program Files\InstallShield Installation Information
2008-05-30 01:51    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-28 09:09    ---------   d-----w C:\Program Files\Common Files\Adobe
2008-05-28 03:20    ---------   d-----w C:\Program Files\HyCam2
2008-05-25 15:29    ---------   d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-24 19:31    ---------   d-----w C:\Program Files\StreamCast
2008-05-24 17:21    ---------   d-----w C:\Documents and Settings\audition account\Application Data\LimeWire
2008-05-22 01:46    269 ----a-w C:\Program Files\Common Files\lavuq599
2008-05-21 20:30    ---------   d-----w C:\Program Files\HP
2008-05-21 20:27    ---------   d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-05-13 12:40    ---------   d-----w C:\Program Files\MixMeister Express 6
2008-05-13 11:59    ---------   d-----w C:\Program Files\WonderlandSecretWorldsTrial_at
2008-05-13 11:59    ---------   d-----w C:\Program Files\Cheat Engine
2008-05-09 11:52    ---------   d-----w C:\Program Files\Tweak-XP Pro 4
2008-05-08 23:34    ---------   d-----w C:\Program Files\Microsoft Bootvis
2008-05-07 08:34    ---------   d-----w C:\Documents and Settings\Pamela Rice\Application Data\HP
2008-05-01 10:36    142 ----a-w C:\Program Files\Common Files\profsyfs.html
2008-04-27 20:19    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Gtek
2008-04-27 20:15    ---------   d-----w C:\Documents and Settings\audition account\Application Data\GTek
2008-04-19 05:31    448,384 ----a-w C:\WINDOWS\system32\drivers\EagleNt.sys
2008-04-09 22:18    737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-07 22:15    ---------   d-----w C:\Program Files\Google
2008-04-04 22:09    ---------   d-----w C:\Documents and Settings\audition account\Application Data\Leadertech
2008-04-04 21:53    ---------   d-----w C:\Documents and Settings\audition account\Application Data\HP
2008-03-20 01:47    718 ----a-w C:\Program Files\xFlaxPROGui$2.class
2008-03-16 22:20    52  ----a-w C:\xmp.bat
2007-06-21 18:33    378 -c--a-w C:\Documents and Settings\Pamela Rice\Application Data\internaldb1942.dat
2007-06-21 17:22    523 -c--a-w C:\Documents and Settings\Pamela Rice\Application Data\internaldb9948.dat
2007-06-21 17:22    177,152 -c--a-w C:\Documents and Settings\Pamela Rice\Application Data\internaldb4827.dat
2007-06-21 17:22    12,288  -c--a-w C:\Documents and Settings\Pamela Rice\Application Data\internaldb5436.dat
2007-06-21 17:22    0   -c--a-w C:\Documents and Settings\Pamela Rice\Application Data\internaldb4604.dat
2006-11-18 22:10    0   -c--a-w C:\Documents and Settings\Pamela Rice\Application Data\internaldb2391.dat
2006-11-16 19:40    0   -c--a-w C:\Documents and Settings\Pamela Rice\Application Data\internaldb153.dat
2006-11-13 00:55    0   -c--a-w C:\Documents and Settings\Pamela Rice\Application Data\internaldb9912.dat
2006-11-13 00:55    0   -c--a-w C:\Documents and Settings\Pamela Rice\Application Data\internaldb3902.dat
2005-12-15 08:07    1,116   -csha-w C:\WINDOWS\system32\sscms.dat
.

(((((((((((((((((((((((((((((((((((((((((((((   AWF   ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w            63,712 2007-03-09 16:09:58  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe

----a-w            39,792 2007-10-11 00:51:56  C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
----a-w            39,792 2008-01-12 02:16:38  C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

----a-w         5,980,160 2007-04-13 14:35:40  C:\Program Files\Blubster\bak\Blubster.exe
----a-w         5,980,160 2007-04-13 15:35:40  C:\Program Files\Blubster\Blubster.exe

-c--a-w           180,269 2006-09-03 02:54:37  C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

-c--a-w            90,112 2005-05-23 14:57:42  C:\Program Files\Common Files\Ulead Systems\Autodetector\bak\monitor.exe

-c--a-w           132,496 2007-07-12 08:00:36  C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe

-c--a-w           132,496 2007-09-25 05:11:35  C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe

-c--a-w           473,928 2005-11-15 17:12:14  C:\Program Files\Microsoft AntiSpyware\bak\gcasServ.exe

-c--a-w             8,192 2006-11-07 19:41:44  C:\Program Files\Musicmatch\Musicmatch Jukebox\bak\mimboot.exe

-c--a-w           110,592 2006-11-07 19:41:44  C:\Program Files\Musicmatch\Musicmatch Jukebox\bak\mm_tray.exe

-c--a-w           282,624 2007-04-27 13:41:54  C:\Program Files\QuickTime\bak\qttask.exe
----a-w           385,024 2008-02-01 03:13:08  C:\Program Files\QuickTime\QTTask.exe

-c--a-w            57,344 2001-07-25 19:04:00  C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE

-c--a-w           290,816 2005-04-18 20:35:10  C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\bak\LYRAHD2TrayApp.exe

-c--a-w            15,360 2004-08-04 05:56:50  C:\WINDOWS\system32\bak\ctfmon.exe
----a-w            15,360 2004-08-04 05:56:50  C:\WINDOWS\system32\ctfmon.exe

-c--a-w            36,864 2000-05-09 15:38:48  C:\WINDOWS\system32\spool\drivers\w32x86\2\bak\printray.exe

.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BB0AD19-01C1-4253-9EA9-20DF16CC4D44}]
            C:\Program Files\Common Files\lavuq599.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E54E68A-D735-4549-A01A-90EA188BD41A}]
            C:\Program Files\Online Services\cefyr821058.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6F19F93-C313-4DDF-9152-E55E6FE37310}]
            C:\WINDOWS\system32\ykvjeev.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BAF86C81-F962-F5B7-1196-A18F0E557CCD}]
            C:\WINDOWS\system32\oxgkd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB8E467B-42C7-49FC-9CAF-F20C5974B415}]
            C:\WINDOWS\system32\jkkLCuuR.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [ ]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Antispyware"="C:\Program Files\AntiSpywareApp\Antispyware.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 22:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 12:10 267048]
"Blubster"="C:\Program Files\Blubster\Blubster.exe" [2007-04-13 10:35 5980160]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 20:34 49152]
"ErrorSmart"="C:\Program Files\ErrorSmart\ErrorSmart.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

C:\Documents and Settings\Pamela Rice\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
"LockTaskbar"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gEWqPHYP]
gEWqPHYP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\smcss]
smcss.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"hpqddsvc"=2 (0x2)
"hpqcxs08"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"606:TCP"= 606:TCP:VoIP On-Hold Server
"84:TCP"= 84:TCP:VRS Recording System Web Control Panel
"81:TCP"= 81:TCP:Axon Web Server
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)

R0 antispyware;antispyware;C:\WINDOWS\system32\DRIVERS\antispyware.sys [2008-05-12 13:10]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-11-25 01:35]
R3 kbdcap;kbdcap;C:\WINDOWS\system32\drivers\kbdcap.sys [2007-11-24 22:03]
S3 6250spi;Elan USB Bridge Service;C:\WINDOWS\system32\Drivers\6250spi.sys [2006-09-19 16:46]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 17:44]
S3 XDva008;XDva008;C:\WINDOWS\system32\XDva008.sys []
S3 XDva026;XDva026;C:\WINDOWS\system32\XDva026.sys []
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-08-17 13:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ    hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2008-05-31 08:00:00 C:\WINDOWS\Tasks\Antispyware Scheduled Scan.job"
- C:\Program Files\AntiSpywareApp\AntiSpyware.exe
- C:\Program Files\AntiSpywareApp
"2008-05-26 22:48:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-31 08:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
"2008-05-25 15:08:03 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-05-25 15:08:02 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-05-31 21:13:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LexBceS.exe
C:\WINDOWS\system32\Lexpps.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-05-31 21:39:10 - machine was rebooted
ComboFix-quarantined-files.txt  2008-06-01 02:38:47

Pre-Run: 8,974,405,632 bytes free
Post-Run: 8,885,854,208 bytes free

334 --- E O F ---   2008-05-18 10:09:55





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40 PM, on 5/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Blubster\Blubster.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {0BB0AD19-01C1-4253-9EA9-20DF16CC4D44} - C:\Program Files\Common Files\lavuq599.dll (file missing)
O2 - BHO: (no name) - {0E54E68A-D735-4549-A01A-90EA188BD41A} - C:\Program Files\Online Services\cefyr821058.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: TChkBHO Class - {B6F19F93-C313-4DDF-9152-E55E6FE37310} - C:\WINDOWS\system32\ykvjeev.dll (file missing)
O2 - BHO: (no name) - {BAF86C81-F962-F5B7-1196-A18F0E557CCD} - C:\WINDOWS\system32\oxgkd.dll (file missing)
O2 - BHO: (no name) - {CB8E467B-42C7-49FC-9CAF-F20C5974B415} - C:\WINDOWS\system32\jkkLCuuR.dll (file missing)
O3 - Toolbar: (no name) - {EA0D26BD-9029-431A-86E0-83152D67828A} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Antispyware] C:\Program Files\AntiSpywareApp\Antispyware.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Pamela Rice\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10801} (FlyLoader Class) - [url]http://www.flyword.com/loaderword_win.cab[/url]
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - [url]http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab[/url]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - [url]http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab[/url]
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - [url]http://www.adobe.com/products/acrobat/nos/gp.cab[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
O20 - Winlogon Notify: gEWqPHYP - gEWqPHYP.dll (file missing)
O20 - Winlogon Notify: smcss - smcss.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 8341 bytes

jamjam19 0 Light Poster · Answer 7 · 2008-06-01T10:41:43+00:00

The current date is: Sat 05/31/2008
The current time is: 23:33:28.22

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\BLUBSTER\BAK

04/13/2007 09:35 AM 5,980,160 Blubster.exe
1 File(s) 5,980,160 bytes

Directory of C:\PROGRA~1\MICROS~2\BAK

11/15/2005 12:12 PM 473,928 gcasServ.exe
1 File(s) 473,928 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

04/27/2007 08:41 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\REGSHAVE\BAK

07/25/2001 02:04 PM 57,344 REGSHAVE.EXE
1 File(s) 57,344 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 12:56 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\WINDOWS\WIRELESS\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~1\BAK

11/07/2006 02:41 PM 8,192 mimboot.exe
11/07/2006 02:41 PM 110,592 mm_tray.exe
2 File(s) 118,784 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 07:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

09/02/2006 09:54 PM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\COMMON~1\ULEADS~1\AUTODE~1\BAK

05/23/2005 09:57 AM 90,112 monitor.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

07/12/2007 03:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

09/25/2007 12:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\THOMSON\LYRAJU~1\LYRAHD~1\BAK

04/18/2005 03:35 PM 290,816 LYRAHD2TrayApp.exe
1 File(s) 290,816 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.2\APPS\BAK

03/09/2007 11:09 AM 63,712 apdproxy.exe
1 File(s) 63,712 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\BAK

05/09/2000 10:38 AM 36,864 printray.exe
1 File(s) 36,864 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

5980160 Apr 13 2007 "C:\Program Files\Blubster\Blubster.exe"
5980160 Apr 13 2007 "C:\Program Files\Blubster\bak\Blubster.exe"
473928 Nov 15 2005 "C:\Program Files\Microsoft AntiSpyware\bak\gcasServ.exe"
385024 Jan 31 2008 "C:\Program Files\QuickTime\QTTask.exe"
282624 Apr 27 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
57344 Jul 25 2001 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
8192 Nov 7 2006 "C:\Program Files\Musicmatch\Musicmatch Jukebox\bak\mimboot.exe"
110592 Nov 7 2006 "C:\Program Files\Musicmatch\Musicmatch Jukebox\bak\mm_tray.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
180269 Sep 2 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
90112 May 23 2005 "C:\Program Files\Common Files\Ulead Systems\Autodetector\bak\monitor.exe"
144784 Feb 22 2008 "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
126976 Sep 24 2007 "C:\Program Files\Java\jdk1.6.0_03\jre\bin\jusched.exe"
139264 Feb 22 2008 "C:\Program Files\Java\jdk1.6.0_05\jre\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
144784 Feb 22 2008 "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
126976 Sep 24 2007 "C:\Program Files\Java\jdk1.6.0_03\jre\bin\jusched.exe"
139264 Feb 22 2008 "C:\Program Files\Java\jdk1.6.0_05\jre\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
290816 Apr 18 2005 "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\bak\LYRAHD2TrayApp.exe"
63712 Mar 9 2007 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe"
36864 May 9 2000 "C:\WINDOWS\system32\spool\drivers\w32x86\PrinTray.exe"
36864 May 9 2000 "C:\WINDOWS\system32\spool\drivers\w32x86\2\bak\printray.exe"

end of report

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 8 · 2008-06-01T11:13:12+00:00

Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders

A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:

C:\Program Files\Blubster\bak\Blubster.exe
C:\Program Files\Microsoft AntiSpyware\bak\gcasServ.exe
C:\Program Files\QuickTime\bak\qttask.exe"
C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE
C:\WINDOWS\system32\bak\ctfmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\bak\mimboot.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\bak\mm_tray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
C:\Program Files\Common Files\Ulead Systems\Autodetector\bak\monitor.exe
C:\Program Files\Java\jdk1.6.0_03\jre\bin\jusched.exe
C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe
C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe
C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe
C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\bak\LYRAHD2TrayApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\2\bak\printray.exe

Next, close and click Yes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

jamjam19 0 Light Poster · Answer 9 · 2008-06-01T11:50:49+00:00

by the way my computer is realy stable and the taskbar is not blinking anymore so after this you can put solved on it thanks ^_^

jamjam19 0 Light Poster · Answer 10 · 2008-06-01T11:55:15+00:00

Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Sun 06/01/2008
The current time is: 0:46:10.02

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\BLUBSTER\BAK

04/13/2007 09:35 AM 5,980,160 Blubster.exe
1 File(s) 5,980,160 bytes

Directory of C:\PROGRA~1\MICROS~2\BAK

11/15/2005 12:12 PM 473,928 gcasServ.exe
1 File(s) 473,928 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

04/27/2007 08:41 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\REGSHAVE\BAK

07/25/2001 02:04 PM 57,344 REGSHAVE.EXE
1 File(s) 57,344 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 12:56 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\WINDOWS\WIRELESS\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~1\BAK

11/07/2006 02:41 PM 8,192 mimboot.exe
11/07/2006 02:41 PM 110,592 mm_tray.exe
2 File(s) 118,784 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 07:51 PM 39,792 Reader_sl.exe
1 File(s) 39,792 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

09/02/2006 09:54 PM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\COMMON~1\ULEADS~1\AUTODE~1\BAK

05/23/2005 09:57 AM 90,112 monitor.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

07/12/2007 03:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

09/25/2007 12:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\THOMSON\LYRAJU~1\LYRAHD~1\BAK

04/18/2005 03:35 PM 290,816 LYRAHD2TrayApp.exe
1 File(s) 290,816 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.2\APPS\BAK

03/09/2007 11:09 AM 63,712 apdproxy.exe
1 File(s) 63,712 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\2\BAK

05/09/2000 10:38 AM 36,864 printray.exe
1 File(s) 36,864 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

5980160 Apr 13 2007 "C:\Program Files\Blubster\Blubster.exe"
5980160 Apr 13 2007 "C:\Program Files\Blubster\bak\Blubster.exe"
473928 Nov 15 2005 "C:\Program Files\Microsoft AntiSpyware\bak\gcasServ.exe"
385024 Jan 31 2008 "C:\Program Files\QuickTime\QTTask.exe"
282624 Apr 27 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
57344 Jul 25 2001 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
8192 Nov 7 2006 "C:\Program Files\Musicmatch\Musicmatch Jukebox\bak\mimboot.exe"
110592 Nov 7 2006 "C:\Program Files\Musicmatch\Musicmatch Jukebox\bak\mm_tray.exe"
39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
180269 Sep 2 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
90112 May 23 2005 "C:\Program Files\Common Files\Ulead Systems\Autodetector\bak\monitor.exe"
144784 Feb 22 2008 "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
126976 Sep 24 2007 "C:\Program Files\Java\jdk1.6.0_03\jre\bin\jusched.exe"
139264 Feb 22 2008 "C:\Program Files\Java\jdk1.6.0_05\jre\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
144784 Feb 22 2008 "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
126976 Sep 24 2007 "C:\Program Files\Java\jdk1.6.0_03\jre\bin\jusched.exe"
139264 Feb 22 2008 "C:\Program Files\Java\jdk1.6.0_05\jre\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
290816 Apr 18 2005 "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\bak\LYRAHD2TrayApp.exe"
63712 Mar 9 2007 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe"
36864 May 9 2000 "C:\WINDOWS\system32\spool\drivers\w32x86\PrinTray.exe"
36864 May 9 2000 "C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe"
36864 May 9 2000 "C:\WINDOWS\system32\spool\drivers\w32x86\2\bak\printray.exe"

end of report

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 11 · 2008-06-01T12:35:42+00:00

Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\Program Files\Blubster\bak
C:\Program Files\Microsoft AntiSpyware\bak
C:\Program Files\QuickTime\bak
C:\Program Files\REGSHAVE\bak
C:\WINDOWS\system32\bak
C:\Program Files\Musicmatch\Musicmatch Jukebox\bak
C:\Program Files\Adobe\Reader 8.0\Reader\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Common Files\Ulead Systems\Autodetector\bak
C:\Program Files\Java\jre1.6.0_02\bin\bak
C:\Program Files\Java\jre1.6.0_03\bin\bak
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\bak
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak
C:\WINDOWS\system32\spool\drivers\w32x86\2\bak

Next, close and click Yes to save the changes.

Once folders.txt is saved, FindAWF does the following:
-It deletes the contents of the bak folders
-Removes the bak folders

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

jamjam19 0 Light Poster · Answer 12 · 2008-06-01T13:47:43+00:00

jamjam19 0 Light Poster

15 Years Ago

srry wrong log...
the good one is below this one

jamjam19 0 Light Poster · Answer 13 · 2008-06-01T13:53:32+00:00

The current date is: Sun 06/01/2008
The current time is: 2:53:05.41

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\WINDOWS\WIRELESS\BAK

0 File(s) 0 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

end of report

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 14 · 2008-06-01T14:24:51+00:00

Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 4 then Enter to reset domain zones

This removes all entries from the domain zones.
When the program returns to the main menu, use the following option:
Press E then Enter to EXIT

==

Reboot when done and post another hijackthis log please.

Let me know how your PC is.

jamjam19 0 Light Poster · Answer 15 · 2008-06-01T14:57:45+00:00

Dude you rock!!!! my computer is acting faster than b4 thank you ^_^ heres the hijack this log for you

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56 AM , on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Blubster\Blubster.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {0BB0AD19-01C1-4253-9EA9-20DF16CC4D44} - C:\Program Files\Common Files\lavuq599.dll (file missing)
O2 - BHO: (no name) - {0E54E68A-D735-4549-A01A-90EA188BD41A} - C:\Program Files\Online Services\cefyr821058.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: TChkBHO Class - {B6F19F93-C313-4DDF-9152-E55E6FE37310} - C:\WINDOWS\system32\ykvjeev.dll (file missing)
O2 - BHO: (no name) - {BAF86C81-F962-F5B7-1196-A18F0E557CCD} - C:\WINDOWS\system32\oxgkd.dll (file missing)
O2 - BHO: (no name) - {CB8E467B-42C7-49FC-9CAF-F20C5974B415} - C:\WINDOWS\system32\jkkLCuuR.dll (file missing)
O3 - Toolbar: (no name) - {EA0D26BD-9029-431A-86E0-83152D67828A} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Antispyware] C:\Program Files\AntiSpywareApp\Antispyware.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Pamela Rice\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\gamelink.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10801} (FlyLoader Class) - http://www.flyword.com/loaderword_win.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: gEWqPHYP - gEWqPHYP.dll (file missing)
O20 - Winlogon Notify: smcss - smcss.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 8460 bytes

jamjam19 0 Light Poster · Answer 16 · 2008-06-01T15:00:07+00:00

also explore.exe isnt crashing thing comming back over and over now every thing just normal... thank you very much rep +1:)

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 17 · 2008-06-01T15:34:52+00:00

Just some orphaned entries to go now.

Can you please do the following.

===============

Scan with HijackThis and then place a check next to all the following, if present:

O2 - BHO: 0 - {0BB0AD19-01C1-4253-9EA9-20DF16CC4D44} - C:\Program Files\Common Files\lavuq599.dll (file missing)
O2 - BHO: (no name) - {0E54E68A-D735-4549-A01A-90EA188BD41A} - C:\Program Files\Online Services\cefyr821058.dll (file missing)
O2 - BHO: TChkBHO Class - {B6F19F93-C313-4DDF-9152-E55E6FE37310} - C:\WINDOWS\system32\ykvjeev.dll (file missing)
O2 - BHO: (no name) - {BAF86C81-F962-F5B7-1196-A18F0E557CCD} - C:\WINDOWS\system32\oxgkd.dll (file missing)
O2 - BHO: (no name) - {CB8E467B-42C7-49FC-9CAF-F20C5974B415} - C:\WINDOWS\system32\jkkLCuuR.dll (file missing)

O3 - Toolbar: (no name) - {EA0D26BD-9029-431A-86E0-83152D67828A} - (no file)

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Pamela Rice\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O20 - Winlogon Notify: gEWqPHYP - gEWqPHYP.dll (file missing)
O20 - Winlogon Notify: smcss - smcss.dll (file missing)

Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Congratulations! Your log looks clean.

===============

Now that your PC is clean you need to follow these easy steps to keeping it this way:

Download CCleaner and install, then run it. It will clear out your temp folders.

Uncheck "Cookies" under "Internet Explorer".
Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
Close when finished.

====

An alternative to Ccleaner is ATF Cleaner.
Download ATF (Atribune Temp File) Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

====

Use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera, which in my opinion, is better still.

====

Use a firewall. It is an essential part of your computers security. There is a link to a good, free firewall in my signature.

====

Install and keep updated, AVG anti-spyware, Ad-Aware SE and Spybot S&D.
Run them all on a regular basis, following the maker's recommendations.

====

Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.

====

Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.

=====

For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.

Go to Start | Run and type msconfig and press enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.

Check the box labelled 'Turn off System restore'.

Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.

Note that all previous restore points will be lost.

===============

If you have any more problems, post back.

-

Happy surfing,

crunchie.

nasty virus

Recommended Answers Collapse Answers

All 22 Replies

Recommended Answers