Problem with Spyware

Question

sai50 0 Newbie Poster

16 Years Ago

Hi, I have been hit by the WinAntiSpyware2006, and couple other spywares. I tried using Spybot, Ad-Aware, but while they deleted them once, after i restart or even if i dont, they come back within minutes. Usually they only occur alot when using IE, but lately there are a few popups coming on my firefox aswell.

Edit: I think command.exe and IExplorer.dll are suspicious imo because I never had these processes running when it was normal.

Here is my Hijack this log, help is appreciated, thanks:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:03 PM, on 9/18/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\IA\command.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\System32\awmilphe.dll",forkonce
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunOnce: [SpybotDeletingA1643] command /c del "C:\WINDOWS\system32\pmnlk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4076] cmd /c del "C:\WINDOWS\system32\pmnlk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Cisz] "C:\Documents and Settings\Owner\My Documents\??curity\n?tepad.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [IESet] IExplorer.dll .dbt (User 'Default user')
O4 - Startup: .lnk = C:\WINDOWS\system32\msmapibx32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\virto.html

--
End of file - 4839 bytes

windows-virus

2 Contributors
4 Replies
154 Views
1 Day Discussion Span
Latest Post 16 Years Ago Latest Post by gerbil

All 4 Replies

gerbil 216 Industrious Poster

16 Years Ago

Hello, sai..
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
==Go Start, run, type services.msc -and press Enter. Maximise the window and at foot select Extended tab, scroll to the specific service (cmdService), rclick it, select properties. Write down the exact Service Name. Press Stop if it is highlighted [you may have to set the service to Disable first]. Close Services, now type this line into the run text box and press Enter:
sc delete "exact Service Name" - don't be silly now....
Delete the file:
C:\WINDOWS\IA\command.exe

==Is this your work? O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\virto.html
No? Then use hijackthis to fix it: Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\virto.html

Now delete the file: C:\Program Files\Common Files\virto.html

ComboFix:
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
=I see that you once had a vundo infection.... please change the name of hijackthis.exe to imabunny.exe and make and post a fresh hijackthis log also please...

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

sai50 0 Newbie Poster · Answer 1 · 2007-09-20T04:34:21+00:00

Thanks Gerbil,

I don't see command.exe and thats a good thing :), although I tried to delete virto, I couldn't find it but maybe ComboFix or Spybot already deleted it or something because I searched but could not find the file.

Well, here are the logs:

ComboFix 07-09-18.4 - "Owner" 2007-09-19 17:22:35.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.1.1252.1.1033.18.322 [GMT -5:00]
* Created a new restore point
.


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\Owner\APPLIC~1\WinTouch
C:\DOCUME~1\Owner\APPLIC~1\WinTouch\wintouch.cfg
C:\DOCUME~1\Owner\APPLIC~1\WinTouch\WTUninstaller.exe
C:\DOCUME~1\Owner\APPLIC~1\YMBOLS~1
C:\DOCUME~1\Owner\MYDOCU~1\CURITY~1
C:\DOCUME~1\Owner\MYDOCU~1\CURITY~1\n?tepad.exe
C:\DOCUME~1\Owner\STARTM~1\Programs\Outerinfo
C:\DOCUME~1\Owner\STARTM~1\Programs\Outerinfo\Terms.lnk
C:\DOCUME~1\Owner\STARTM~1\Programs\Outerinfo\Uninstall.lnk
C:\DOCUME~1\Owner\STARTM~1\Programs\Startup\.lnk
C:\Program Files\Common Files\mbols~1
C:\Program Files\Common Files\mbols~1\??mbols\
C:\Program Files\Common Files\mbols~1\msdtc.exe
C:\Program Files\Common Files\ryli.dll
C:\Program Files\Common Files\virto.html
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\WinAntiSpyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\svhost
C:\Program Files\svhost\wr-1-77.exe
C:\Program Files\winantispyware 2007
C:\Program Files\WinAntiSpyware 2007\msvcr71.dll
C:\Program Files\winantispyware 2007\msvcr71.dll
C:\Program Files\winantispyware 2007\ps.dat
C:\Program Files\WinAntiSpyware 2007\ps.dat
C:\Program Files\winantispyware 2007\pv.dat
C:\Program Files\WinAntiSpyware 2007\pv.dat
C:\Program Files\winantispyware 2007\quaratine.dat\#post_quarantine
C:\Program Files\WinAntiSpyware 2007\quaratine.dat\#post_quarantine
C:\Program Files\WinAntiSpyware 2007\readme.rtf
C:\Program Files\winantispyware 2007\readme.rtf
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\2343835e55074fe74a53e690\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\2343835e55074fe74a53e690\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\2ac363cd1a234564e7d1d6b5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\2ac363cd1a234564e7d1d6b5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\2d50e779e42c4c969b1a76aa\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\2d50e779e42c4c969b1a76aa\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\2debce582c344c20efab9ba8\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\2debce582c344c20efab9ba8\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\3061f39933354f258ccad2ae\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\3061f39933354f258ccad2ae\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\374c2f5bdc334b673d5dba9f\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\374c2f5bdc334b673d5dba9f\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\374c2f5bdc334b673d5dba9f\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\374c2f5bdc334b673d5dba9f\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\3b9aa07e071b4590a13034b2\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\3b9aa07e071b4590a13034b2\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\3bc201f7c4b7434770e032b3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\3bc201f7c4b7434770e032b3\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\3e3484bc6b5c46c9a6cb3c83\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\3e3484bc6b5c46c9a6cb3c83\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\3f14439443a24e4e52b21384\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\3f14439443a24e4e52b21384\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\4853e2a98559421bca0f64b5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\4853e2a98559421bca0f64b5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\49407acc61634b166d8a9f80\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\49407acc61634b166d8a9f80\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\49407acc61634b166d8a9f80\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\49407acc61634b166d8a9f80\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\4bb44cf6182e450117db5f8a\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\4bb44cf6182e450117db5f8a\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\4cc8f98e28d345e1f153da97\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\4cc8f98e28d345e1f153da97\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\4cc8f98e28d345e1f153da97\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\4cc8f98e28d345e1f153da97\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\517c323fdf17405c02165ebe\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\517c323fdf17405c02165ebe\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\517c323fdf17405c02165ebe\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\517c323fdf17405c02165ebe\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\528aec7db1cd47c3cb925289\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\528aec7db1cd47c3cb925289\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\53e4e8f581f941bf513ac187\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\53e4e8f581f941bf513ac187\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\53e4e8f581f941bf513ac187\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\53e4e8f581f941bf513ac187\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\5690567af0c14f3768985ca9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\5690567af0c14f3768985ca9\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\5690567af0c14f3768985ca9\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\5690567af0c14f3768985ca9\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\5aa1fc9c2aea45986720bd9c\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\5aa1fc9c2aea45986720bd9c\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\6412097c24804510e73df3b6\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\6412097c24804510e73df3b6\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\6818460d18f646f2fa8203a9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\6818460d18f646f2fa8203a9\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\6a592a1a43154d36afdda581\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\6a592a1a43154d36afdda581\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\6a592a1a43154d36afdda581\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\6a592a1a43154d36afdda581\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\6a592a1a43154d36afdda581\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\6a592a1a43154d36afdda581\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\728c8f9ae84940f65451c3a3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\728c8f9ae84940f65451c3a3\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\767d318a34864b56a10ea1ba\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\767d318a34864b56a10ea1ba\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\767d318a34864b56a10ea1ba\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\767d318a34864b56a10ea1ba\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\80ce1e454d604d83a89682a7\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\80ce1e454d604d83a89682a7\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\856515b40c2c48d3c835e4b6\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\856515b40c2c48d3c835e4b6\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\856515b40c2c48d3c835e4b6\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\856515b40c2c48d3c835e4b6\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\856515b40c2c48d3c835e4b6\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\856515b40c2c48d3c835e4b6\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\902f78dbb93d4415819f048e\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\902f78dbb93d4415819f048e\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\96f5be6954224a6700d9b4a1\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\96f5be6954224a6700d9b4a1\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\96f5be6954224a6700d9b4a1\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\96f5be6954224a6700d9b4a1\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\a737ac33c37048b2330da8a5\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\a737ac33c37048b2330da8a5\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\a798acf551b647d3ab6c6090\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\a798acf551b647d3ab6c6090\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\b04af50db67a4b0a367fca9b\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\b04af50db67a4b0a367fca9b\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\b335f759bcf54c93dea4f5b5\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\b335f759bcf54c93dea4f5b5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\b67a4f3d231e4b37ebd6ab95\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\b67a4f3d231e4b37ebd6ab95\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\bb8f76c6940a4e51793dfb8f\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\bb8f76c6940a4e51793dfb8f\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\be263d7b79c04c891d3ec4a9\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\be263d7b79c04c891d3ec4a9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\be263d7b79c04c891d3ec4a9\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\be263d7b79c04c891d3ec4a9\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\c3b82ea167014cf6ea83749c\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\c3b82ea167014cf6ea83749c\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\c3f9c340e8b74ce79b342da7\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\c3f9c340e8b74ce79b342da7\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\cd893b052f554a992dff7185\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\cd893b052f554a992dff7185\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\cd893b052f554a992dff7185\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\cd893b052f554a992dff7185\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\d9490aab707d48d0b85ea893\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\d9490aab707d48d0b85ea893\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\d9490aab707d48d0b85ea893\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\d9490aab707d48d0b85ea893\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\db134209339a4a712a0521aa\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\db134209339a4a712a0521aa\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\db134209339a4a712a0521aa\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\db134209339a4a712a0521aa\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\dc9d2d26ec114d085db70c98\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\dc9d2d26ec114d085db70c98\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\ed0457e2b780416b8810febc\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\ed0457e2b780416b8810febc\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\f1ffe1a0095a489786e5b8bb\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\f1ffe1a0095a489786e5b8bb\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\f2a61673cfc64d6e9ac314b0\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\f2a61673cfc64d6e9ac314b0\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\f5b215e1a9e147c6f1043fbf\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\f5b215e1a9e147c6f1043fbf\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\f5b215e1a9e147c6f1043fbf\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\f5b215e1a9e147c6f1043fbf\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\f8aeca763147496488c22492\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\f8aeca763147496488c22492\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\f9bcc6c03f77467721a3b2b3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\f9bcc6c03f77467721a3b2b3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\faf19b7f596c4982f261e5aa\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\faf19b7f596c4982f261e5aa\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\fecd3d4a0af740e4e01a8a8e\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\fecd3d4a0af740e4e01a8a8e\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\ff6c2b2490da458c1a5735aa\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\ff6c2b2490da458c1a5735aa\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\ff6c2b2490da458c1a5735aa\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\5f2237faa2f64912c9baec92\ff6c2b2490da458c1a5735aa\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\4244d8e145a24d4e26d84e96\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\4244d8e145a24d4e26d84e96\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\544423e48be343831a8bf1a5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\544423e48be343831a8bf1a5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\544423e48be343831a8bf1a5\f6f20be9e30b4daf9a373dbb\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\544423e48be343831a8bf1a5\f6f20be9e30b4daf9a373dbb\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\544423e48be343831a8bf1a5\f6f20be9e30b4daf9a373dbb\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\544423e48be343831a8bf1a5\f6f20be9e30b4daf9a373dbb\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\544423e48be343831a8bf1a5\f6f20be9e30b4daf9a373dbb\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\544423e48be343831a8bf1a5\f6f20be9e30b4daf9a373dbb\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\0da9627c0ff84a812fefb18c\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\0da9627c0ff84a812fefb18c\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\0da9627c0ff84a812fefb18c\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\0da9627c0ff84a812fefb18c\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\0da9627c0ff84a812fefb18c\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\0da9627c0ff84a812fefb18c\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\0df17fa16dd7484cc7bf27b3\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\0df17fa16dd7484cc7bf27b3\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\0df17fa16dd7484cc7bf27b3\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\0df17fa16dd7484cc7bf27b3\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\0df17fa16dd7484cc7bf27b3\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\0df17fa16dd7484cc7bf27b3\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\15010196dca14ca64e56958d\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\15010196dca14ca64e56958d\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\15010196dca14ca64e56958d\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\15010196dca14ca64e56958d\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\15010196dca14ca64e56958d\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\15010196dca14ca64e56958d\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\15010196dca14ca64e56958d\Owner
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\15010196dca14ca64e56958d\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\15d58589176146dd2384a299\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\15d58589176146dd2384a299\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\15d58589176146dd2384a299\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\15d58589176146dd2384a299\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\15d58589176146dd2384a299\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\15d58589176146dd2384a299\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\165e3bf0b85a4294290f9296\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\165e3bf0b85a4294290f9296\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\165e3bf0b85a4294290f9296\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\165e3bf0b85a4294290f9296\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\165e3bf0b85a4294290f9296\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\165e3bf0b85a4294290f9296\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\165e3bf0b85a4294290f9296\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\165e3bf0b85a4294290f9296\Owner
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\24c4640c808f4488f6d705ac\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\24c4640c808f4488f6d705ac\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\24c4640c808f4488f6d705ac\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\24c4640c808f4488f6d705ac\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\24c4640c808f4488f6d705ac\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\24c4640c808f4488f6d705ac\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\261fe632c56e405ac474b7bc\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\261fe632c56e405ac474b7bc\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\261fe632c56e405ac474b7bc\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\261fe632c56e405ac474b7bc\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\261fe632c56e405ac474b7bc\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\261fe632c56e405ac474b7bc\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\523b934edd7e40262b43949b\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\523b934edd7e40262b43949b\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\523b934edd7e40262b43949b\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\523b934edd7e40262b43949b\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\523b934edd7e40262b43949b\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\523b934edd7e40262b43949b\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\531aa7693e5c4af8f34bca97\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\531aa7693e5c4af8f34bca97\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\531aa7693e5c4af8f34bca97\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\531aa7693e5c4af8f34bca97\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\531aa7693e5c4af8f34bca97\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\531aa7693e5c4af8f34bca97\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\5cf6601a24d649a40df6fba5\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\5cf6601a24d649a40df6fba5\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\5cf6601a24d649a40df6fba5\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\5cf6601a24d649a40df6fba5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\5cf6601a24d649a40df6fba5\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\5cf6601a24d649a40df6fba5\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\67ee2be5576448270496ab95\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\67ee2be5576448270496ab95\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\67ee2be5576448270496ab95\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\67ee2be5576448270496ab95\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\67ee2be5576448270496ab95\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\67ee2be5576448270496ab95\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\67ee2be5576448270496ab95\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\67ee2be5576448270496ab95\Owner
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\6de52ce66d914cd2a4760198\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\6de52ce66d914cd2a4760198\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\6de52ce66d914cd2a4760198\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\6de52ce66d914cd2a4760198\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\6de52ce66d914cd2a4760198\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\6de52ce66d914cd2a4760198\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\71cc2fe2ecf74249283e0e89\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\71cc2fe2ecf74249283e0e89\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\71cc2fe2ecf74249283e0e89\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\71cc2fe2ecf74249283e0e89\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\71cc2fe2ecf74249283e0e89\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\71cc2fe2ecf74249283e0e89\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\71cc2fe2ecf74249283e0e89\Owner
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\71cc2fe2ecf74249283e0e89\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\741948af7f274c1cc4d9a5b7\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\741948af7f274c1cc4d9a5b7\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\741948af7f274c1cc4d9a5b7\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\741948af7f274c1cc4d9a5b7\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\741948af7f274c1cc4d9a5b7\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\741948af7f274c1cc4d9a5b7\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\7dd1ec1d28f04f44a5bb79a0\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\7dd1ec1d28f04f44a5bb79a0\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\7dd1ec1d28f04f44a5bb79a0\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\7dd1ec1d28f04f44a5bb79a0\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\7dd1ec1d28f04f44a5bb79a0\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\7dd1ec1d28f04f44a5bb79a0\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\7e9a1e01d5f34fcdbc280fa5\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\7e9a1e01d5f34fcdbc280fa5\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\7e9a1e01d5f34fcdbc280fa5\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\7e9a1e01d5f34fcdbc280fa5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\7e9a1e01d5f34fcdbc280fa5\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\7e9a1e01d5f34fcdbc280fa5\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\9b3e2cf5516d4d313e1d23a3\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\9b3e2cf5516d4d313e1d23a3\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\9b3e2cf5516d4d313e1d23a3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\9b3e2cf5516d4d313e1d23a3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\9b3e2cf5516d4d313e1d23a3\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\9b3e2cf5516d4d313e1d23a3\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\bf3267c529de428960eef89d\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\bf3267c529de428960eef89d\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\bf3267c529de428960eef89d\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\bf3267c529de428960eef89d\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\bf3267c529de428960eef89d\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\bf3267c529de428960eef89d\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\bf3267c529de428960eef89d\Owner
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\bf3267c529de428960eef89d\Owner
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\df979e6ff8894bed064d96a4\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\df979e6ff8894bed064d96a4\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\df979e6ff8894bed064d96a4\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\df979e6ff8894bed064d96a4\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\df979e6ff8894bed064d96a4\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\df979e6ff8894bed064d96a4\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\e40cdaa48ce44473d24c4782\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\e40cdaa48ce44473d24c4782\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\e40cdaa48ce44473d24c4782\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\e40cdaa48ce44473d24c4782\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\e40cdaa48ce44473d24c4782\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\e40cdaa48ce44473d24c4782\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\edf06a856edd449aaf9d399c\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\edf06a856edd449aaf9d399c\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\edf06a856edd449aaf9d399c\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\edf06a856edd449aaf9d399c\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\edf06a856edd449aaf9d399c\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\edf06a856edd449aaf9d399c\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\edf06a856edd449aaf9d399c\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\64d381d78ccb4597554db59d\772c2717be9d47469d77d0b8\edf06a856edd449aaf9d399c\Owner
C:\Program Files\WinAntiSpyware 2007\scanlog.xml
C:\Program Files\winantispyware 2007\scanlog.xml
C:\Program Files\WinAntiSpyware 2007\settings.ini
C:\Program Files\winantispyware 2007\settings.ini
C:\Program Files\winantispyware 2007\shellext.dll
C:\Program Files\WinAntiSpyware 2007\shellext.dll
C:\Program Files\WinAntiSpyware 2007\shellext.xml
C:\Program Files\winantispyware 2007\shellext.xml
C:\Program Files\WinAntiSpyware 2007\sr.log
C:\Program Files\winantispyware 2007\sr.log
C:\Program Files\winantispyware 2007\Summary.dat
C:\Program Files\WinAntiSpyware 2007\Summary.dat
C:\Program Files\winantispyware 2007\support.url
C:\Program Files\WinAntiSpyware 2007\support.url
C:\Program Files\winantispyware 2007\tasks.dat
C:\Program Files\WinAntiSpyware 2007\tasks.dat
C:\Program Files\winantispyware 2007\threatnet.dat
C:\Program Files\WinAntiSpyware 2007\threatnet.dat
C:\Program Files\WinAntiSpyware 2007\threatnet.ini
C:\Program Files\winantispyware 2007\threatnet.ini
C:\Program Files\winantispyware 2007\unins000.dat
C:\Program Files\WinAntiSpyware 2007\unins000.dat
C:\Program Files\WinAntiSpyware 2007\unins000.exe
C:\Program Files\winantispyware 2007\unins000.exe
C:\Program Files\WinAntiSpyware 2007\uninstall.ico
C:\Program Files\winantispyware 2007\uninstall.ico
C:\Program Files\WinAntiSpyware 2007\UnWizard.exe
C:\Program Files\winantispyware 2007\UnWizard.exe
C:\Program Files\winantispyware 2007\unwizard.xml
C:\Program Files\WinAntiSpyware 2007\unwizard.xml
C:\Program Files\WinAntiSpyware 2007\up.dat
C:\Program Files\winantispyware 2007\up.dat
C:\Program Files\WinAntiSpyware 2007\updater.dat
C:\Program Files\winantispyware 2007\updater.dat
C:\Program Files\winantispyware 2007\was7.exe
C:\Program Files\WinAntiSpyware 2007\was7.exe
C:\Program Files\WinAntiSpyware 2007\WAS7.url
C:\Program Files\winantispyware 2007\WAS7.url
C:\Program Files\WinAntiSpyware 2007\WAS7.xml
C:\Program Files\winantispyware 2007\WAS7.xml
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\U.exe
C:\WINDOWS\b103.exe
C:\WINDOWS\b104.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b143.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\IA
C:\WINDOWS\IA\asappsrv.dll
C:\WINDOWS\IA\command.exe
C:\WINDOWS\IA\KE.vbs
C:\WINDOWS\notedad.exe
C:\WINDOWS\svhost.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\awmilphe.dll
C:\WINDOWS\system32\bmuakoph.ini
C:\WINDOWS\system32\ckhcrreq.exe
C:\WINDOWS\system32\cssrss.exe
C:\WINDOWS\system32\cwhgocho.exe
C:\WINDOWS\system32\drivers\ApiMon.sys
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\drivers\ohciusb.sys
C:\WINDOWS\system32\drivers\ohctusb.sys
C:\WINDOWS\system32\drivers\ohctusb.syt
C:\WINDOWS\system32\ehplimwa.ini
C:\WINDOWS\system32\eikkkdhp.dll
C:\windows\system32\explorer.exe
C:\WINDOWS\system32\explorer.exe
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\f10WtR\f10WtR1099.exe
C:\WINDOWS\system32\gcuabwds.dll
C:\WINDOWS\system32\gjkmp.bak1
C:\WINDOWS\system32\gjkmp.ini
C:\WINDOWS\system32\hpokaumb.dll
C:\WINDOWS\system32\iexplorer.dll                                                              .dbt
C:\WINDOWS\system32\jnfdhcww.dll
C:\WINDOWS\system32\mp43.exe
C:\WINDOWS\system32\msmapibx32.exe
C:\WINDOWS\system32\ndgaukob.dll
C:\WINDOWS\system32\njfmnsfk.dll
C:\WINDOWS\system32\nso12k.sys
C:\WINDOWS\system32\pmkjg.dll
C:\WINDOWS\system32\pmnopnl.dll
C:\WINDOWS\system32\qqstv.ini
C:\WINDOWS\system32\rjhrpylp.exe
C:\WINDOWS\system32\rsmjvyum.dll
C:\WINDOWS\system32\rvsbbowe.exe
C:\WINDOWS\system32\rwelyk.dll
C:\WINDOWS\system32\stera.exe
C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\wnsapisv.exe
C:\WINDOWS\system32\wrayjckl.exe
C:\WINDOWS\system32\wwchdfnj.ini
C:\WINDOWS\system32\yfyhymap.dll
C:\WINDOWS\system32\ygkeddqe.exe
D:\Autorun.inf
G:\Autorun.inf


.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))



-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\DomainService



(((((((((((((((((((((((((   Files Created from 2007-08-19 to 2007-09-19  )))))))))))))))))))))))))))))))
.


2007-09-19 17:26    6,448   --ahs----   C:\WINDOWS\system32\gjkmp.bak1
2007-09-19 17:19    425,480 --a------   C:\sysvipv.exe
2007-09-19 17:16    51,200  --a------   C:\WINDOWS\NirCmd.exe
2007-09-19 05:16    425,480 --a------   C:\syskzdk.exe
2007-09-19 05:16    425,480 --a------   C:\sysdvfn.exe
2007-09-17 21:00    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-17 10:11    <DIR>    d--------   C:\DOCUME~1\LOCALS~1\APPLIC~1\Yahoo!
2007-09-17 10:11    <DIR>    d--------   C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-09-16 16:58    <DIR>    d--------   C:\WINDOWS\qzur
2007-09-16 16:58    <DIR>    d--------   C:\Program Files\Common Files\qzur
2007-09-16 16:48    <DIR>    d--------   C:\Program Files\Words
2007-09-16 16:43    <DIR>    d--------   C:\Program Files\Insider
2007-09-15 21:55    2,004,521   --ahs----   C:\WINDOWS\system32\klnmp.ini2
2007-09-12 21:22    393,224 --a------   C:\sysycqc.exe
2007-09-12 20:53    2,004,498   --ahs----   C:\WINDOWS\system32\klnmp.bak2
2007-09-12 06:58    393,224 --a------   C:\syssbfd.exe
2007-09-11 20:53    2,008,811   --ahs----   C:\WINDOWS\system32\klnmp.bak1
2007-09-11 20:50    <DIR>    d--------   C:\Program Files\WinAble
2007-09-11 20:49    89,088  --a------   C:\WINDOWS\system32\atl71.dll
2007-09-11 20:49    499,712 --a------   C:\WINDOWS\system32\msvcp71.dll
2007-09-11 20:49    348,160 --a------   C:\WINDOWS\system32\msvcr71.dll
2007-09-11 20:49    1,060,864   --a------   C:\WINDOWS\system32\mfc71.dll
2007-09-11 20:47    24,576  --a------   C:\sysigck.exe
2007-09-11 20:47    167,945 --a------   C:\WINDOWS\system32\sysdl132.exe
2007-09-11 20:47    <DIR>    d--h-----   C:\Program Files\sys-addon
2007-09-11 20:47    <DIR>    d--------   C:\WINDOWS\system32\dbl22
2007-09-11 20:47    <DIR>    d--------   C:\WINDOWS\system32\cf2
2007-09-11 20:47    <DIR>    d--------   C:\WINDOWS\system32\capcon
2007-09-11 20:47    <DIR>    d--------   C:\Temp
2007-09-09 22:13    <DIR>    d--------   C:\WINDOWS\pss
2007-09-09 20:29    <DIR>    d--------   C:\DOCUME~1\Owner\APPLIC~1\Google
2007-09-09 19:56    <DIR>    d--------   C:\Program Files\Common Files\xing shared
2007-09-09 19:55    <DIR>    d--------   C:\Program Files\Google
2007-09-09 19:55    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-09-08 22:20    <DIR>    d--------   C:\Program Files\Lavasoft
2007-09-08 22:20    <DIR>    d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-09-08 22:20    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-08 16:12    <DIR>    d--------   C:\DOCUME~1\Owner\APPLIC~1\DivX
2007-09-07 20:10    18,944  --a------   C:\WINDOWS\system32\msmapiax32.exe
2007-09-06 23:17    <DIR>    d--------   C:\Program Files\DivX
2007-09-06 23:14    <DIR>    d--------   C:\Program Files\AC3Filter
2007-09-06 21:57    <DIR>    d--------   C:\DOCUME~1\Owner\APPLIC~1\Azureus
2007-09-06 21:57    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-09-06 21:54    <DIR>    d--------   C:\Program Files\Azureus
2007-09-01 15:33    208,896 --a------   C:\WINDOWS\system32\wmpns.dll
2007-08-31 23:14    <DIR>    d--------   C:\DOCUME~1\Owner\APPLIC~1\AdobeUM
2007-08-31 16:13    <DIR>    d--------   C:\DOCUME~1\Owner\APPLIC~1\Yahoo!
2007-08-31 16:13    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-08-31 16:05    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-08-31 16:02    <DIR>    d---s----   C:\DOCUME~1\Owner\UserData
2007-08-31 15:34    21,760  --a--c---   C:\WINDOWS\system32\dllcache\usbstor.sys
2007-08-31 15:30    <DIR>    dr-h-----   C:\MSOCache
2007-08-31 15:08    1,156   --a------   C:\WINDOWS\mozver.dat
2007-08-31 15:03    0   --a------   C:\WINDOWS\nsreg.dat
2007-08-31 14:49    <DIR>    d--------   C:\DOCUME~1\Owner\APPLIC~1\Leadertech
2007-08-31 14:48    <DIR>    d--------   C:\EPSONREG
2007-08-31 14:47    <DIR>    d--------   C:\DOCUME~1\Owner\APPLIC~1\ArcSoft
2007-08-31 14:46    <DIR>    d--------   C:\Program Files\ArcSoft
2007-08-31 14:45    79,679  --a------   C:\WINDOWS\system32\E_FLMACA.DLL
2007-08-31 14:45    64,000  --a------   C:\WINDOWS\system32\E_FBCBACA.DLL
2007-08-31 14:45    34,304  --a------   C:\WINDOWS\system32\E_FBCHACA.DLL
2007-08-31 14:45    14,208  --a--c---   C:\WINDOWS\system32\dllcache\usbscan.sys
2007-08-31 14:45    14,208  --a------   C:\WINDOWS\system32\drivers\usbscan.sys
2007-08-31 14:44    46,080  --a------   C:\WINDOWS\system32\escimgd.dll
2007-08-31 14:44    29,696  --a------   C:\WINDOWS\system32\escwiad.dll
2007-08-31 14:44    22,016  --a------   C:\WINDOWS\system32\esccmd.dll
2007-08-31 14:44    <DIR>    d--------   C:\Program Files\epson
2007-08-31 14:42    98,304  --a------   C:\WINDOWS\system32\dlxbrzil.dll
2007-08-31 14:10    182,880 --a--c---   C:\WINDOWS\system32\dllcache\iuengine.dll
2007-08-31 14:10    182,880 --a------   C:\WINDOWS\system32\iuengine.dll
2007-08-31 14:10    <DIR>    d--------   C:\WUTemp
2007-08-31 14:08    <DIR>    d--------   C:\WINDOWS\system32\config\SYSTEM~1\WINDOWS
2007-08-31 14:07    <DIR>    d--------   C:\Program Files\Yahoo!
2007-08-31 14:05    57,856  --a------   C:\WINDOWS\system32\drivers\drmk.sys
2007-08-31 14:05    134,272 --a------   C:\WINDOWS\system32\drivers\portcls.sys
2007-08-31 14:04    <DIR>    d--------   C:\DOCUME~1\DEFAUL~1\WINDOWS
2007-08-31 13:14    249 --a------   C:\WINDOWS\system\hpsysdrv.dat
2007-08-31 13:11    <DIR>    d--------   C:\WINDOWS\I386
2007-08-31 12:56    <DIR>    dr-------   C:\DOCUME~1\ALLUSE~1\Documents
2007-08-20 19:26    81,920  --a------   C:\WINDOWS\system32\dpl100.dll
2007-08-20 19:26    196,608 --a------   C:\WINDOWS\system32\dtu100.dll


.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-19 17:16    246 --a------   C:\Program Files\Common Files\ryli
2007-09-15 21:59    3840    --a------   C:\WINDOWS\system32\drivers\OLD3.tmp
2007-09-09 19:59    ---------   d--------   C:\DOCUME~1\Owner\APPLIC~1\Real
2007-09-09 19:56    ---------   d--------   C:\Program Files\Common Files\Real
2007-08-31 14:57    ---------   d--------   C:\Program Files\Easy Internet signup
2007-08-31 14:55    ---------   d--h-----   C:\Program Files\InstallShield Installation Information
2007-08-31 14:55    ---------   d--------   C:\Program Files\Hewlett-Packard
2007-08-31 14:41    ---------   d--------   C:\Program Files\Compaq Instant Support
2007-08-31 14:41    ---------   d--------   C:\Program Files\Common Files\InstallShield
2007-08-31 14:10    3730    -rahs----   C:\WINDOWS\system32\drivers\HP_DW254A-ABA SR1010N NA510_YC_Pres_QMXK418_E42NAheRET3_4_IGamila Giovani Neon series_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.09_T040325_WXH1_L409_M760_J40_7Intel_8Celeron_92.7_1_N10EC8139_P_Z11C1048C_K_A808624C5.MRK
2007-08-15 17:33    524288  --a------   C:\WINDOWS\system32\DivXsm.exe
2007-08-15 17:33    3596288 --a------   C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 17:33    200704  --a------   C:\WINDOWS\system32\ssldivx.dll
2007-08-15 17:33    144704  --a------   C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-08-15 17:33    1044480 --a------   C:\WINDOWS\system32\libdivx.dll
2007-08-15 17:31    593920  --a------   C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 17:31    57344   --a------   C:\WINDOWS\system32\dpv11.dll
2007-08-15 17:31    53248   --a------   C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 17:31    344064  --a------   C:\WINDOWS\system32\dpus11.dll
2007-08-15 17:31    294912  --a------   C:\WINDOWS\system32\dpu11.dll
2007-08-15 17:31    294912  --a------   C:\WINDOWS\system32\dpu10.dll
2007-08-15 17:30    823296  --a------   C:\WINDOWS\system32\divx_xx0c.dll
2007-08-15 17:30    823296  --a------   C:\WINDOWS\system32\divx_xx07.dll
2007-08-15 17:30    802816  --a------   C:\WINDOWS\system32\divx_xx11.dll
2007-08-15 17:30    740442  --a------   C:\WINDOWS\system32\DivX.dll
2007-08-15 17:30    12288   --a------   C:\WINDOWS\system32\DivXWMPExtType.dll
2007-08-07 13:58    8320    --a------   C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56    9344    --a------   C:\WINDOWS\system32\drivers\NSDriver.sys
.


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.


*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CF7C596-C8FF-41d5-88A5-0F1A1A92DDE1}]
2007-09-11 20:47    97280   --a------   C:\Program Files\sys-addon\sys-addon.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9219BCC-A3AE-4D40-91A8-D66F88479630}]
C:\WINDOWS\System32\pmnlk.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2003-08-15 20:49]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cisz"="C:\Documents and Settings\Owner\My Documents\??curity\n?tepad.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlk]
C:\WINDOWS\System32\pmnlk.dll


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\System32\\pmkjg


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\.lnk
backup=C:\WINDOWS\pss\.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=C:\WINDOWS\pss\spamsubtract.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bgp]
"C:\Documents and Settings\Owner\Application Data\?ymbols\j?vaw.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"c:\Program Files\Common Files\Symantec Shared\ccApp.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3800 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB002" /M "Stylus CX3800"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\System32\hphmon05.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IESet]
IExplorer.dll                                                              .dbt


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider]
C:\Program Files\Insider\Insider.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nihotu]
C:\Program Files\WindowsUpdate\nihotu22011.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notn]
"C:\PROGRA~1\COMMON~1\MBOLS~1\msdtc.exe" -vt yazb


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qzur]
C:\PROGRA~1\COMMON~1\qzur\qzurm.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
"C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svhost]
"C:\WINDOWS\svhost.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\System32\jnfdhcww.dll",forkonce


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uwas7cw]
"C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe" -c


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
C:\Program Files\WinAble\winable.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words]
C:\Program Files\Words\Words.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
"C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)
"Messenger"=3 (0x3)
"gusvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"aawservice"=2 (0x2)


S2 ohciusb;Open Host Controller Miniport USB Driver;\??\C:\WINDOWS\System32\drivers\ohciusb.sys


*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
Contents of the 'Scheduled Tasks' folder
"2004-01-27 10:22:58 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-19 17:30:50
Windows 5.1.2600 Service Pack 1 NTFS


scanning hidden processes ...


scanning hidden autostart entries ...


scanning hidden files ...


scan completed successfully
hidden files: 0


**************************************************************************
.
Completion time: 2007-09-19 17:32:38 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-19 17:32
.


and here is the imabunny.exe (hijackthis) log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:28 PM, on 9/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owner\Desktop\imabunny.exe.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: sys-addon - {4CF7C596-C8FF-41d5-88A5-0F1A1A92DDE1} - C:\Program Files\sys-addon\sys-addon.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D9219BCC-A3AE-4D40-91A8-D66F88479630} - C:\WINDOWS\System32\pmnlk.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [Cisz] "C:\Documents and Settings\Owner\My Documents\??curity\n?tepad.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: pmnlk - C:\WINDOWS\System32\pmnlk.dll (file missing)


--
End of file - 4670 bytes

gerbil 216 Industrious Poster · Answer 2 · 2007-09-20T08:37:16+00:00

Hello, sai... quite a list of deletions there... And yes, I noticed those files virto, command.exe and iexplorer.dll.dbt in there...
It is breaking my brain, going thru that list.... please delete C:\combofix.txt.
I do not know what your sys-addon is... - if you did not install this then remove it.
Go CP > add/remove pgms, remove [if they exist]:
sys-addon
insider
.... and then follow thru with the rest of this procedure:
Use hijackthis as before to fix these entries:

O2 - BHO: sys-addon - {4CF7C596-C8FF-41d5-88A5-0F1A1A92DDE1} - C:\Program Files\sys-addon\sys-addon.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {D9219BCC-A3AE-4D40-91A8-D66F88479630} - C:\WINDOWS\System32\pmnlk.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKCU\..\Run: [Cisz] "C:\Documents and Settings\Owner\My Documents\??curity\n?tepad.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O20 - Winlogon Notify: pmnlk - C:\WINDOWS\System32\pmnlk.dll (file missing)

Delete these files and folders:
C:\Program Files\sys-addon\sys-addon.dll
C:\Program Files\sys-addon\
C:\Program Files\insider\insider.exe
C:\Program Files\insider\
If these prove difficult to delete then either do it from safe mode or use this excellent tool:
==This one is a general purpose deleter, Unlocker 1.8.5: http://filehippo.com/download_unlocker/
Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.

==Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4
=Restart your system in Safe Mode.
Double-click VundoFix.exe to start it. Click the Scan for Vundo button.
When the scan completes click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will restart your computer - click OK.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
!!! Check the Vundofix log for any found files that were not deleted - if present rerun Vundofix !!!
Post the contents of C:\vundofix.txt plus a new HijackThis log.

Next please run Combofix again; post both logs plus a fresh hijackthis log.

gerbil 216 Industrious Poster · Answer 3 · 2007-09-20T10:55:22+00:00

Hello again, sai... please temporarily turn off Teatimer in Spybot S&D, and do this fix before you start with the Vundo dl and fix...
Reg keys/batch file text
==Please copy ALL the text between the lines to a notepad [format/wordwrap unchecked] and save as fixkey.reg, as type "all files", to your desktop; dclick it to run... agree.... ; if instead it opens in notepad, rclick fixkey.reg and use Open with, registry editor.
____________________________________________________________________________
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"= -
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= -
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bgp]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IESet]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nihotu]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notn]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qzur]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uwas7cw]

______________________________________________________________________________

Problem with Spyware

Recommended Answers Collapse Answers

All 4 Replies

Recommended Answers