Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winantispyware


  • This topic is locked This topic is locked
9 replies to this topic

#1 diyer63

diyer63

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Phoenix
  • Local time:05:37 PM

Posted 13 August 2007 - 08:32 PM

Help please!
I have spent over 8 hours trying to follow your instructions for running other software first, but I was only able to complete the Ad-Aware and Spybot cleans. Every time I open IE, things get crazy. I think there are probably more problems than just the WinAntiSpyware problem.
Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:23:05 PM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\ljdsrngk.exe
C:\WINDOWS\system32\pwinkmdt.exe
C:\Program Files\WinAntiSpyware 2006 Free\was6.exe
C:\Program Files\Common Files\WinAntiSpyware 2006 Free\uwasdc.exe
C:\Program Files\Common Files\WinAntiSpyware 2006 Free\uwasers.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\WinAntiSpyware 2006 Free\uwas6cw.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Common Files\??pPatch\j?vaw.exe
C:\DOCUME~1\Christy\MYDOCU~1\SSEMBL~1\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Christy\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\Christy\Application Data\Microsoft\Windows\rayiou.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\eipgfngk.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\WinAntiSpyware 2006 Free\uwasffNT.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Sonic\RecordNow!\RecordNow.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [horymyh] C:\Program Files\MSN\horymyh22011.exe
O4 - HKLM\..\Run: [{2A-A1-15-58-ZN}] C:\windows\system32\ljdsrngk.exe CHD003
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\pwinkmdt.exe CHD003
O4 - HKLM\..\Run: [WinAntiSpyware 2006 Free] "C:\Program Files\WinAntiSpyware 2006 Free\was6.exe" /min
O4 - HKLM\..\Run: [DC6_Check] "C:\Program Files\Common Files\WinAntiSpyware 2006 Free\uwasdc.exe"
O4 - HKLM\..\Run: [ERS_Check] "C:\Program Files\Common Files\WinAntiSpyware 2006 Free\uwasers.exe"
O4 - HKLM\..\Run: [uwas6cw] "C:\Program Files\WinAntiSpyware 2006 Free\uwas6cw.exe" -c
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Pgbghdit] "C:\Program Files\Common Files\??pPatch\j?vaw.exe"
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\Christy\MYDOCU~1\SSEMBL~1\svchost.exe" -vt yazb
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.1\webbuying.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Christy\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Christy\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\ljdsrngk.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\pwinkmdt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107719689773
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebServices/...iveX/ofmctl.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\eipgfngk.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9675 bytes

BC AdBot (Login to Remove)

 


m

#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:37 PM

Posted 14 August 2007 - 02:15 PM

Hello diyer63

Welcome to Bleeping Computer :thumbsup:

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 diyer63

diyer63
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Phoenix
  • Local time:05:37 PM

Posted 15 August 2007 - 12:37 AM

Hi tea,

Here is the combofix log:

ComboFix 07-08-15.3 - "Christy" 2007-08-14 21:48:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.76 [GMT -7:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\ProductCode
C:\DOCUME~1\Christy\APPLIC~1\..\err.log
C:\DOCUME~1\Christy\APPLIC~1\WinAntiSpyware 2006
C:\DOCUME~1\Christy\APPLIC~1\WinAntiSpyware 2006\Logs\update.log
C:\DOCUME~1\Christy\APPLIC~1\WinTouch\fusion.cfg.7571043a3e51cff37da759be4073eb17.32f26fc1cbc72bd442ea78a59edf884c
C:\DOCUME~1\Christy\APPLIC~1\WinTouch\wintouch.cfg
C:\DOCUME~1\Christy\APPLIC~1\WinTouch\WinTouch.exe
C:\DOCUME~1\Christy\APPLIC~1\WinTouch\WTUninstaller.exe
C:\DOCUME~1\Christy\Desktop\WinAntiSpyware 2006.lnk
C:\DOCUME~1\Christy\MYDOCU~1.\ssembl~1
C:\DOCUME~1\Christy\MYDOCU~1.\ssembl~1\?ssembly\
C:\DOCUME~1\Christy\MYDOCU~1.\ssembl~1\svchost.exe
C:\DOCUME~1\Christy\STARTM~1\Programs.\Outerinfo
C:\DOCUME~1\Christy\STARTM~1\Programs.\Outerinfo\Terms.lnk
C:\DOCUME~1\Christy\STARTM~1\Programs.\Outerinfo\Uninstall.lnk
C:\DOCUME~1\Christy\STARTM~1\Programs\Startup.\TA_Start.lnk
C:\Program Files\Common Files\ppatch~1
C:\Program Files\Common Files\ppatch~1\j?vaw.exe
C:\Program Files\Common Files\scurit~1
C:\Program Files\Common Files\WinAntiSpyware 2006 Free
C:\Program Files\Common Files\WinAntiSpyware 2006 Free\uwasdc.exe
C:\Program Files\Common Files\WinAntiSpyware 2006 Free\uwasers.exe
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\WinAntiSpyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\Messenger\lavuq.dll
C:\Program Files\Messenger\lavuq245.dll
C:\Program Files\MSN\horymyh22011.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\svhost
C:\Program Files\svhost\wr-1-0000077.exe
C:\Program Files\winantispyware 2006 free
C:\Program Files\WinAntiSpyware 2006 Free\Activate.dat
C:\Program Files\winantispyware 2006 free\Activate.dat
C:\Program Files\WinAntiSpyware 2006 Free\AsAgents.dll
C:\Program Files\winantispyware 2006 free\AsAgents.dll
C:\Program Files\WinAntiSpyware 2006 Free\AsAgents.xml
C:\Program Files\winantispyware 2006 free\AsAgents.xml
C:\Program Files\winantispyware 2006 free\atl71.dll
C:\Program Files\WinAntiSpyware 2006 Free\atl71.dll
C:\Program Files\WinAntiSpyware 2006 Free\bnlink.dat
C:\Program Files\winantispyware 2006 free\bnlink.dat
C:\Program Files\winantispyware 2006 free\database\appupdate.dat
C:\Program Files\WinAntiSpyware 2006 Free\database\appupdate.dat
C:\Program Files\winantispyware 2006 free\database\AutoProcess.dat
C:\Program Files\WinAntiSpyware 2006 Free\database\AutoProcess.dat
C:\Program Files\winantispyware 2006 free\database\dbupdate.dat
C:\Program Files\WinAntiSpyware 2006 Free\database\dbupdate.dat
C:\Program Files\winantispyware 2006 free\database\enemies.dat
C:\Program Files\WinAntiSpyware 2006 Free\database\enemies.dat
C:\Program Files\winantispyware 2006 free\database\knownfiles.dat
C:\Program Files\WinAntiSpyware 2006 Free\database\knownfiles.dat
C:\Program Files\winantispyware 2006 free\database\monstate.dat
C:\Program Files\WinAntiSpyware 2006 Free\database\monstate.dat
C:\Program Files\winantispyware 2006 free\database\PortSpec.ats
C:\Program Files\WinAntiSpyware 2006 Free\database\PortSpec.ats
C:\Program Files\winantispyware 2006 free\database\quaratine.dat\#post_quarantine
C:\Program Files\WinAntiSpyware 2006 Free\database\quaratine.dat\#post_quarantine
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\0\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\0\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\1\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\1\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\10\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\10\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\11\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\11\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\11\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\11\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\12\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\12\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\13\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\13\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\15\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\15\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\16\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\16\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\17\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\17\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\18\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\18\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\19\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\19\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\2\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\2\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\20\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\20\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\21\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\21\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\22\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\22\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\23\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\23\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\25\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\25\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\26\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\26\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\27\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\27\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\28\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\28\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\28\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\28\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\29\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\29\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\3\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\3\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\30\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\30\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\31\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\31\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\32\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\32\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\33\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\33\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\34\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\34\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\35\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\35\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\36\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\36\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\37\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\37\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\38\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\38\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\4\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\4\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\40\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\40\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\41\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\41\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\42\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\42\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\43\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\43\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\44\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\44\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\45\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\45\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\46\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\46\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\47\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\47\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\47\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\47\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\48\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\48\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\49\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\49\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\5\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\5\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\50\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\50\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\51\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\51\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\52\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\52\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\53\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\53\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\6\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\6\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\7\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\7\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\8\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\8\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#agents\9\#startup
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#agents\9\#startup
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\DirMonitor\c__\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\DirMonitor\c__\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\DirMonitor\c__\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\DirMonitor\c__\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\DirMonitor\C__Documents and Settings_All Users_Start Menu_Programs_Startup\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\DirMonitor\C__Documents and Settings_All Users_Start Menu_Programs_Startup\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\DirMonitor\C__Documents and Settings_All Users_Start Menu_Programs_Startup\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\DirMonitor\C__Documents and Settings_All Users_Start Menu_Programs_Startup\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\DirMonitor\C__Documents and Settings_Christy_Start Menu_Programs_Startup\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\DirMonitor\C__Documents and Settings_Christy_Start Menu_Programs_Startup\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\DirMonitor\C__Documents and Settings_Christy_Start Menu_Programs_Startup\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\DirMonitor\C__Documents and Settings_Christy_Start Menu_Programs_Startup\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_inf_iereset.inf\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_inf_iereset.inf\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_inf_iereset.inf\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_inf_iereset.inf\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_system.ini\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_system.ini\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_system.ini\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_system.ini\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_SYSTEM32_drivers_etc_hosts\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_SYSTEM32_drivers_etc_hosts\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_SYSTEM32_drivers_etc_hosts\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_SYSTEM32_drivers_etc_hosts\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_win.ini\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_win.ini\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_win.ini\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\FileMonitor\C__WINDOWS_win.ini\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr___shellex_contextmenuhandlers\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr___shellex_contextmenuhandlers\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr___shellex_contextmenuhandlers\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr___shellex_contextmenuhandlers\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_comfile_shell_open_command\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_comfile_shell_open_command\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_comfile_shell_open_command\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_comfile_shell_open_command\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_directory_shellex_contextmenuhandlers\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_directory_shellex_contextmenuhandlers\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_directory_shellex_contextmenuhandlers\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_directory_shellex_contextmenuhandlers\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_drive_shellex_contextmenuhandlers\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_drive_shellex_contextmenuhandlers\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_drive_shellex_contextmenuhandlers\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_drive_shellex_contextmenuhandlers\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_exefile_shell_open_command\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_exefile_shell_open_command\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_exefile_shell_open_command\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_exefile_shell_open_command\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_folder_shellex_contextmenuhandlers\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_folder_shellex_contextmenuhandlers\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_folder_shellex_contextmenuhandlers\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_folder_shellex_contextmenuhandlers\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_mime_database_content type\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_mime_database_content type\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_mime_database_content type\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_mime_database_content type\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_protocols\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_protocols\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_protocols\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcr_protocols\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_control panel_don't load\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_control panel_don't load\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_control panel_don't load\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_control panel_don't load\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_control panel_don't load\Christy
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_control panel_don't load\Christy
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_active setup_installed components\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_active setup_installed components\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_active setup_installed components\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_active setup_installed components\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_active setup_installed components\Christy
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_active setup_installed components\Christy
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_explorer bars\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_explorer bars\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_explorer bars\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_explorer bars\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_explorer bars\Christy
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_explorer bars\Christy
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_extensions\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_extensions\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_extensions\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_extensions\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_extensions\Christy
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_extensions\Christy
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_main\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_main\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_main\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_main\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_main\Christy
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_main\Christy
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_menuext\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_menuext\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_menuext\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_menuext\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_menuext\Christy
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_menuext\Christy
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_searchurl\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_searchurl\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_searchurl\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_searchurl\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_searchurl\Christy
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_internet explorer_searchurl\Christy
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows nt_currentversion_windows\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows nt_currentversion_windows\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows nt_currentversion_windows\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows nt_currentversion_windows\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows nt_currentversion_windows\Christy
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows nt_currentversion_windows\Christy
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_explorer_user shell folders\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_explorer_user shell folders\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_explorer_user shell folders\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_explorer_user shell folders\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_explorer_user shell folders\Christy
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_explorer_user shell folders\Christy
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_ext_stats\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_ext_stats\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_ext_stats\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_ext_stats\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_ext_stats\Christy
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_ext_stats\Christy
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_internet settings\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_internet settings\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_internet settings\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_internet settings\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_internet settings\Christy
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_internet settings\Christy
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_internet settings_zonemap_domains\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_internet settings_zonemap_domains\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_internet settings_zonemap_domains\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_internet settings_zonemap_domains\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_internet settings_zonemap_domains\Christy
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_internet settings_zonemap_domains\Christy
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_explorer\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_explorer\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_explorer\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_explorer\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_explorer\Christy
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_explorer\Christy
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_explorer_run\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_explorer_run\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_explorer_run\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_explorer_run\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_explorer_run\Christy
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_explorer_run\Christy
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_system\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_system\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_system\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_system\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_system\Christy
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_policies_system\Christy
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_run\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_run\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_run\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_run\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_run\Christy
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_run\Christy
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_runonce\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_runonce\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_runonce\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_runonce\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_runonce\Christy
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_runonce\Christy
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_runonce_setup\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_runonce_setup\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_runonce_setup\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_runonce_setup\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_runonce_setup\Christy
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_microsoft_windows_currentversion_runonce_setup\Christy
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_mirabilis_icq_agent_apps\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_mirabilis_icq_agent_apps\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_mirabilis_icq_agent_apps\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_mirabilis_icq_agent_apps\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_mirabilis_icq_agent_apps\Christy
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_mirabilis_icq_agent_apps\Christy
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer\Christy
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer\Christy
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer_control panel\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer_control panel\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer_control panel\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer_control panel\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer_control panel\Christy
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer_control panel\Christy
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer_restrictions\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer_restrictions\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer_restrictions\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer_restrictions\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer_restrictions\Christy
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hkcu_software_policies_microsoft_internet explorer_restrictions\Christy
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_active setup_installed components\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_active setup_installed components\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_active setup_installed components\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_active setup_installed components\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_code store database_distribution units\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_code store database_distribution units\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_code store database_distribution units\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_code store database_distribution units\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_abouturls\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_abouturls\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_abouturls\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_abouturls\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_explorer bars\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_explorer bars\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_explorer bars\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_explorer bars\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_extensions\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_extensions\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_extensions\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_extensions\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_main\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_main\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_main\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_main\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_search\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_search\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_search\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_search\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_toolbar\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_toolbar\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_toolbar\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_toolbar\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_urlsearchhooks\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_urlsearchhooks\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_urlsearchhooks\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_internet explorer_urlsearchhooks\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_image file execution options\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_image file execution options\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_image file execution options\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_image file execution options\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_inifilemapping\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_inifilemapping\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_inifilemapping\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_inifilemapping\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_windows\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_windows\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_windows\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_windows\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_winlogon\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_winlogon\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_winlogon\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_winlogon\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_winlogon_notify\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_winlogon_notify\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_winlogon_notify\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_winlogon_notify\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_wow_boot\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_wow_boot\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_wow_boot\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows nt_currentversion_wow_boot\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_explorer_browser helper objects\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_explorer_browser helper objects\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_explorer_browser helper objects\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_explorer_browser helper objects\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_explorer_sharedtaskscheduler\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_explorer_sharedtaskscheduler\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_explorer_sharedtaskscheduler\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_explorer_sharedtaskscheduler\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_explorer_shellexecutehooks\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_explorer_shellexecutehooks\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_explorer_shellexecutehooks\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_explorer_shellexecutehooks\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_internet settings_zonemap_domains\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_internet settings_zonemap_domains\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_internet settings_zonemap_domains\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_internet settings_zonemap_domains\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_policies_explorer\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_policies_explorer\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_policies_explorer\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_policies_explorer\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_policies_explorer_run\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_policies_explorer_run\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_policies_explorer_run\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_policies_explorer_run\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_run\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_run\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_run\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_run\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_runonce\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_runonce\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_runonce\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_runonce\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_runonce_setup\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_runonce_setup\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_runonce_setup\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_runonce_setup\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_runonceex\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_runonceex\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_runonceex\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_runonceex\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_shell extensions_approved\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_shell extensions_approved\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_shell extensions_approved\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_shell extensions_approved\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_shellserviceobjectdelayload\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_shellserviceobjectdelayload\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_shellserviceobjectdelayload\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_shellserviceobjectdelayload\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_url\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_url\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_url\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_url\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_windowsupdate_auto update\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_windowsupdate_auto update\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_windowsupdate_auto update\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_microsoft_windows_currentversion_windowsupdate_auto update\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_policies_microsoft_internet explorer_restrictions\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_policies_microsoft_internet explorer_restrictions\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_policies_microsoft_internet explorer_restrictions\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_software_policies_microsoft_internet explorer_restrictions\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_control_lsa\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_control_lsa\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_control_lsa\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_control_lsa\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_control_session manager\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_control_session manager\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_control_session manager\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_control_session manager\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services\#data
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services\#name
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services_tcpip_parameters_interfaces\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services_tcpip_parameters_interfaces\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services_tcpip_parameters_interfaces\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services_tcpip_parameters_interfaces\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services_winsock2_parameters_protocol_catalog9_catalog_entries\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services_winsock2_parameters_protocol_catalog9_catalog_entries\#data
C:\Program Files\WinAntiSpyware 2006 Free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services_winsock2_parameters_protocol_catalog9_catalog_entries\#name
C:\Program Files\winantispyware 2006 free\database\RTMonitor.dat\#monitors\RegMonitor\hklm_system_currentcontrolset_services_winsock2_parameters_protocol_catalog9_catalog_entries\#name
C:\Program Files\winantispyware 2006 free\database\Summary.dat
C:\Program Files\WinAntiSpyware 2006 Free\database\Summary.dat
C:\Program Files\WinAntiSpyware 2006 Free\database\tasks.dat
C:\Program Files\winantispyware 2006 free\database\tasks.dat
C:\Program Files\WinAntiSpyware 2006 Free\database\TEBase.dat
C:\Program Files\winantispyware 2006 free\database\TEBase.dat
C:\Program Files\winantispyware 2006 free\database\threatnet.dat
C:\Program Files\WinAntiSpyware 2006 Free\database\threatnet.dat
C:\Program Files\winantispyware 2006 free\err.log
C:\Program Files\WinAntiSpyware 2006 Free\err.log
C:\Program Files\winantispyware 2006 free\InstHelp.exe
C:\Program Files\WinAntiSpyware 2006 Free\InstHelp.exe
C:\Program Files\WinAntiSpyware 2006 Free\lapv.dat
C:\Program Files\winantispyware 2006 free\lapv.dat
C:\Program Files\winantispyware 2006 free\license.rtf
C:\Program Files\WinAntiSpyware 2006 Free\license.rtf
C:\Program Files\WinAntiSpyware 2006 Free\manual.url
C:\Program Files\winantispyware 2006 free\manual.url
C:\Program Files\winantispyware 2006 free\mfc71.dll
C:\Program Files\WinAntiSpyware 2006 Free\mfc71.dll
C:\Program Files\winantispyware 2006 free\msvcp71.dll
C:\Program Files\WinAntiSpyware 2006 Free\msvcp71.dll
C:\Program Files\winantispyware 2006 free\msvcr71.dll
C:\Program Files\WinAntiSpyware 2006 Free\msvcr71.dll
C:\Program Files\WinAntiSpyware 2006 Free\pv.dat
C:\Program Files\winantispyware 2006 free\pv.dat
C:\Program Files\winantispyware 2006 free\readme.rtf
C:\Program Files\WinAntiSpyware 2006 Free\readme.rtf
C:\Program Files\WinAntiSpyware 2006 Free\scanlog.xml
C:\Program Files\winantispyware 2006 free\scanlog.xml
C:\Program Files\WinAntiSpyware 2006 Free\shellext.dll
C:\Program Files\winantispyware 2006 free\shellext.dll
C:\Program Files\WinAntiSpyware 2006 Free\shellext.xml
C:\Program Files\winantispyware 2006 free\shellext.xml
C:\Program Files\winantispyware 2006 free\sr.log
C:\Program Files\WinAntiSpyware 2006 Free\sr.log
C:\Program Files\WinAntiSpyware 2006 Free\support.url
C:\Program Files\winantispyware 2006 free\support.url
C:\Program Files\winantispyware 2006 free\unins000.dat
C:\Program Files\WinAntiSpyware 2006 Free\unins000.dat
C:\Program Files\winantispyware 2006 free\unins000.exe
C:\Program Files\WinAntiSpyware 2006 Free\unins000.exe
C:\Program Files\WinAntiSpyware 2006 Free\up.dat
C:\Program Files\winantispyware 2006 free\up.dat
C:\Program Files\winantispyware 2006 free\updater.dat
C:\Program Files\WinAntiSpyware 2006 Free\updater.dat
C:\Program Files\WinAntiSpyware 2006 Free\uwas6chk.dll
C:\Program Files\winantispyware 2006 free\uwas6chk.dll
C:\Program Files\winantispyware 2006 free\uwas6cw.exe
C:\Program Files\WinAntiSpyware 2006 Free\uwas6cw.exe
C:\Program Files\WinAntiSpyware 2006 Free\uwasffNT.exe
C:\Program Files\winantispyware 2006 free\uwasffNT.exe
C:\Program Files\winantispyware 2006 free\vbpv.dat
C:\Program Files\WinAntiSpyware 2006 Free\vbpv.dat
C:\Program Files\winantispyware 2006 free\was6.exe
C:\Program Files\WinAntiSpyware 2006 Free\was6.exe
C:\Program Files\winantispyware 2006 free\WAS6.url
C:\Program Files\WinAntiSpyware 2006 Free\WAS6.url
C:\Program Files\WinAntiSpyware 2006 Free\was6.xml
C:\Program Files\winantispyware 2006 free\was6.xml
C:\Program Files\Windows Media Player\hokewokew4444.dll
C:\Program Files\Windows Media Player\hokewokew83122.dll
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\b104.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\system32\ahgyrhgr.exe
C:\WINDOWS\system32\awtqolj.dll
C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\b02FdUe\b02FdUe1065.exe
C:\WINDOWS\system32\bfcblobo.exe
C:\WINDOWS\system32\bmvkbhdc.exe
C:\WINDOWS\system32\bpcgqfrd.exe
C:\WINDOWS\system32\bpoyorjj.exe
C:\WINDOWS\system32\byxxuur.dll
C:\WINDOWS\SYSTEM32\cqvvvpim.ini
C:\WINDOWS\system32\csmcexwx.dll
C:\WINDOWS\system32\desytcnn.exe
C:\WINDOWS\system32\dqaqkcpn.dll
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\driver\ww88.exe
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\dwdsrngt.exe
C:\WINDOWS\SYSTEM32\dwupwadu.ini
C:\WINDOWS\system32\edemjwql.dll
C:\WINDOWS\system32\efcdecd.dll
C:\WINDOWS\system32\eipgfngk.exe
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\f10WtR\f10WtR1099.exe
C:\WINDOWS\system32\fibkcgmb.exe
C:\WINDOWS\system32\fuokfmtn.dll
C:\WINDOWS\SYSTEM32\huvsbuuv.ini
C:\WINDOWS\system32\jkklmli.dll
C:\WINDOWS\system32\ljjjhgf.dll
C:\WINDOWS\SYSTEM32\lqwjmede.ini
C:\WINDOWS\system32\lssiofas.dll
C:\WINDOWS\system32\lvlgwghx.exe
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\mipvvvqc.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\nfytfrw.dll
C:\WINDOWS\system32\nknwallf.dll
C:\WINDOWS\SYSTEM32\npckqaqd.ini
C:\WINDOWS\system32\nqegoxdu.dll
C:\WINDOWS\SYSTEM32\ntmfkouf.ini
C:\WINDOWS\system32\ocuoayhe.exe
C:\WINDOWS\system32\opnmnon.dll
C:\WINDOWS\system32\pfjnnwve.dll
C:\WINDOWS\system32\pfsicxlm.exe
C:\WINDOWS\system32\pwinkmdt.exe
C:\WINDOWS\system32\qommmmj.dll
C:\WINDOWS\system32\rorwwrae.exe
C:\WINDOWS\SYSTEM32\rqtwa.bak1
C:\WINDOWS\SYSTEM32\rqtwa.bak2
C:\WINDOWS\SYSTEM32\rqtwa.ini
C:\WINDOWS\SYSTEM32\safoissl.ini
C:\WINDOWS\system32\tempchk
C:\WINDOWS\system32\tempchk\w86.exe
C:\WINDOWS\system32\tkvhritm.exe
C:\WINDOWS\system32\udawpuwd.dll
C:\WINDOWS\SYSTEM32\udxogeqn.ini
C:\WINDOWS\system32\V1
C:\WINDOWS\system32\vgidxosx.exe
C:\WINDOWS\system32\vuubsvuh.dll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\win\w7q.exe
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\wnscpit.exe
C:\WINDOWS\system32\X1
C:\WINDOWS\system32\X1\kmhp83122.exe
C:\WINDOWS\system32\X11
C:\WINDOWS\system32\X3
C:\WINDOWS\system32\X3\wr731.exe
C:\WINDOWS\system32\X7
C:\WINDOWS\SYSTEM32\xwxecmsc.ini
C:\WINDOWS\system32\yehns.dll
C:\WINDOWS\system32\Z1
C:\WINDOWS\system32\Z1\vt22011.exe
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\tk58.exe
C:\WINDOWS\TTC-4444.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-07-15 to 2007-08-15 )))))))))))))))))))))))))))))))


2007-08-14 22:20 52,768 --a------ C:\WINDOWS\SYSTEM32\dwdsrngt.exe
2007-08-14 21:39 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-08-14 21:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-13 17:50 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-13 17:37 52,754 --a------ C:\WINDOWS\SYSTEM32\ljdsrngk.exe
2007-08-12 19:06 11,776 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\uwasfsd.sys
2007-08-12 11:48 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-12 11:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-12 11:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-12 10:39 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-08-11 17:52 <DIR> d-------- C:\DOCUME~1\Christy\.housecall6.6
2007-08-09 16:17 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-08-09 16:13 <DIR> d-------- C:\6f43431792e2e7d9d25bd0d97f4272f0
2007-08-09 16:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-08-09 14:48 277,504 --a------ C:\WINDOWS\SYSTEM32\oestore.dll
2007-08-09 14:48 <DIR> d-------- C:\Program Files\Acesoft
2007-08-09 12:52 <DIR> d-------- C:\Junk1
2007-08-09 11:37 <DIR> d-------- C:\DOCUME~1\Christy\APPLIC~1\Viewpoint
2007-08-02 13:44 89,088 --a------ C:\WINDOWS\SYSTEM32\atl71.dll
2007-08-01 22:24 <DIR> d-------- C:\Temp
2007-07-27 15:57 <DIR> d-------- C:\DOCUME~1\Christy\APPLIC~1\U3


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-14 21:57 --------- d-------- C:\Program Files\Messenger
2007-08-09 16:59 24974 --a------ C:\WINDOWS\twain_16.dll
2007-07-12 12:06 --------- d-------- C:\Program Files\MySpace
2007-07-12 12:06 --------- d-------- C:\DOCUME~1\Christy\APPLIC~1\MySpace
2007-05-16 08:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 08:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 08:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 08:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 08:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 08:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 09:05]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 15:29]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-06 09:50]
"svhost"="C:\WINDOWS\svhost.exe" []
"{2A-A1-15-58-ZN}"="c:\windows\system32\dwdsrngt.exe" [2007-08-14 22:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 18:34]
"Pgbghdit"="C:\Program Files\Common Files\??pPatch\j?vaw.exe" []
"Sen"="C:\DOCUME~1\Christy\MYDOCU~1\SSEMBL~1\svchost.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Christy\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 12:04:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1230649B-B980-44A5-B259-9B09EBEA6331}"= C:\Program Files\WinAntiSpyware 2006 Free\shellext.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DadApp]
C:\Program Files\Dell\AccessDirect\dadapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImInstaller_IncrediMail]

C:\DOCUME~1\Christy\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDUiP6000DMon]
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDUiP6000DTskbr]
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

R0 uwasfsd;uwasfsd;C:\WINDOWS\system32\drivers\uwasfsd.sys
R3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\system32\DRIVERS\BCMSM.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-14 22:19:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-14 22:23:08 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-14 22:23

--- E O F ---


. . . and here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:33 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
c:\windows\system32\dwdsrngt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Sonic\RecordNow!\RecordNow.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [{2A-A1-15-58-ZN}] c:\windows\system32\dwdsrngt.exe CHD003
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Pgbghdit] "C:\Program Files\Common Files\??pPatch\j?vaw.exe"
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\Christy\MYDOCU~1\SSEMBL~1\svchost.exe" -vt yazb
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsrngt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107719689773
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebServices/...iveX/ofmctl.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8437 bytes


Thank you for your help!

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:37 PM

Posted 15 August 2007 - 11:09 AM

Hello,

Youch! That was a LOT of garbage. :thumbsup: Still a lot to do.

Your Java is way out of date, which leaves your computer vulnerable.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6u2.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKCU\..\Run: [Pgbghdit] "C:\Program Files\Common Files\??pPatch\j?vaw.exe"
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\Christy\MYDOCU~1\SSEMBL~1\svchost.exe" -vt yazb
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Navigate to and delete the following files/folders, if present:

C:\WINDOWS\svhost.exe<-----this file
C:\Program Files\Common Files\??pPatch <---this folder, if you aren't sure, please ask.
C:\DOCUME~1\Christy\MYDOCU~1\SSEMBL~1 <---this folder, will begin with SSEMBL and may contain other letters after those.

Reboot your computer.

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously, along with a new HijackThis log in your next reply.
How is it running now? :flowers:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 diyer63

diyer63
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Phoenix
  • Local time:05:37 PM

Posted 15 August 2007 - 02:20 PM

Wow teacup61, I really appreciate your help. My kid returns to law school tomorrow with this laptop!

As far as deleting those 3 files/folders that you listed, I was unable to find any of them. By the way, I still have an icon on the desktop that I don't think should be there. It's a yellow triangle (like a yield sign) with an exclamation point in it, and the test says "Click To Find & Fix Errors".

Whenever I reboot, I have to manually end a "Brdr" program.

This one sure did a lot of cleanup! When I closed Dr. Web, I got this message "No operations performed with some objects in list. Exit program?" I did exit. Here is the Dr. Web log:

desrcas.dll;c:\program files\mywaysa\srchasde\1.bin;Adware.MyWay;Incurable.Moved.;
rayiou.exe;C:\Documents and Settings\Christy\Application Data\Microsoft\Windows;Trojan.DownLoader.26460;Deleted.;
GTDownDE_87.ocx;C:\I386;Adware.Gdown;Incurable.Moved.;
WxBug.EXE;C:\Program Files\AIM\Sysfiles;Adware.Aws;Incurable.Moved.;
MiniBugTransporter.dll;C:\Program Files\AWS\WeatherBug;Adware.Aws;Incurable.Moved.;
deSrcAs.dll;C:\Program Files\MyWaySA\SrchAsDe\1.bin;Adware.MyWay;;
WTUninstaller.exe.vir;C:\QooBox\Quarantine\C\DOCUME~1\Christy\APPLIC~1\WinTouch;Trojan.Swizzor;Deleted.;
WTUninstaller.exe;C:\QooBox\Quarantine\C\DOCUME~1\Christy\APPLIC~1\WinTouch.vir;Trojan.Swizzor;Deleted.;
svchost.exe.vir;C:\QooBox\Quarantine\C\DOCUME~1\Christy\MYDOCU~1\SSEMBL~1;Adware.ClickSpring;Incurable.Moved.;
Yazzle1281OinAdmin.exe.vir;C:\QooBox\Quarantine\C\Program Files\Common Files;Adware.ClickSpring;Incurable.Moved.;
JVAWEX~1.VIR;C:\QooBox\Quarantine\C\Program Files\Common Files\PPATCH~1;Trojan.DownLoader.29746;Deleted.;
uwasdc.exe.vir;C:\QooBox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2006 Free;Trojan.DownLoader.13909;Deleted.;
uwasers.exe.vir;C:\QooBox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2006 Free;Trojan.DownLoader.13909;Deleted.;
lavuq.dll.vir;C:\QooBox\Quarantine\C\Program Files\Messenger;Trojan.StartPage.19992;Deleted.;
lavuq245.dll.vir;C:\QooBox\Quarantine\C\Program Files\Messenger;Trojan.StartPage.19992;Deleted.;
wr-1-0000077.exe.vir;C:\QooBox\Quarantine\C\Program Files\svhost;Trojan.DownLoader.26881;Deleted.;
InstHelp.exe.vir;C:\QooBox\Quarantine\C\Program Files\WinAntiSpyware 2006 Free;Trojan.Fakealert;Deleted.;
uwas6chk.dll.vir;C:\QooBox\Quarantine\C\Program Files\WinAntiSpyware 2006 Free;Trojan.StartPage.19988;Deleted.;
uwas6cw.exe.vir;C:\QooBox\Quarantine\C\Program Files\WinAntiSpyware 2006 Free;Trojan.Fakealert;Deleted.;
was6.exe.vir;C:\QooBox\Quarantine\C\Program Files\WinAntiSpyware 2006 Free;Trojan.DownLoader.10963;Deleted.;
hokewokew4444.dll.vir;C:\QooBox\Quarantine\C\Program Files\Windows Media Player;Adware.Ttc;Incurable.Moved.;
hokewokew83122.dll.vir;C:\QooBox\Quarantine\C\Program Files\Windows Media Player;Adware.Websearch;Incurable.Moved.;
b122.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Trojan.MulDrop.8200;Deleted.;
tk58.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Trojan.StartPage.19993;Deleted.;
UWA7P_0001_N91M0809NetInstaller.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\DOWNLO~1;Trojan.DownLoader.10963;Deleted.;
ahgyrhgr.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
awtqolj.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
bfcblobo.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.EzulaAd;Deleted.;
bmvkbhdc.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.DownLoader.26570;Deleted.;
bpcgqfrd.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
bpoyorjj.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
csmcexwx.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
desytcnn.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
dqaqkcpn.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
edemjwql.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
efcdecd.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
eipgfngk.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.EzulaAd;Deleted.;
fibkcgmb.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.DownLoader.26570;Deleted.;
fuokfmtn.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
jkklmli.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
ljjjhgf.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
lssiofas.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
lvlgwghx.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Click.2799;Deleted.;
mipvvvqc.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
nknwallf.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
nqegoxdu.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
ocuoayhe.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.EzulaAd;Deleted.;
opnmnon.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
pfjnnwve.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
pfsicxlm.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
pwinkmdt.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Adware.Hotbot;Incurable.Moved.;
qommmmj.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
rorwwrae.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.DownLoader.26570;Deleted.;
tkvhritm.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.DownLoader.26570;Deleted.;
udawpuwd.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
vgidxosx.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
vuubsvuh.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.Virtumod;Deleted.;
yehns.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Trojan.DownLoader.29746;Deleted.;
b02FdUe1065.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\b02FdUe;Trojan.DownLoader.24715;Deleted.;
f02WtR1065.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\f02WtR;Trojan.DownLoader.24715;Deleted.;
f10WtR1099.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\f10WtR;Trojan.DownLoader.24715;Deleted.;
w7q.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\win;Trojan.DownLoader.26881;Deleted.;
wr731.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\X3;Trojan.DownLoader.26881;Deleted.;
A0048653.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP624;Trojan.MulDrop.8200;Deleted.;
A0048654.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP624;Trojan.Winpop;Deleted.;
A0048655.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP624;Trojan.Winpop;Deleted.;
A0048656.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP624;Trojan.LowZones.267;Deleted.;
A0049646.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP624;Trojan.DownLoader.29746;Deleted.;
A0049647.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP624;Trojan.DownLoader.29746;Deleted.;
A0049658.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP625;Trojan.DownLoader.24772;Deleted.;
A0049659.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP625;Trojan.LowZones.267;Deleted.;
A0049694.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP627;Trojan.Click.1487;Deleted.;
A0049711.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP627;Trojan.Virtumod;Deleted.;
A0049719.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP627;Trojan.EzulaAd;Deleted.;
A0049724.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP627;Trojan.EzulaAd;Deleted.;
A0049780.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP628;Trojan.Winpop;Deleted.;
A0049781.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP628;Trojan.DownLoader.24772;Deleted.;
A0049832.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP628;Adware.ClickSpring;Incurable.Moved.;
A0049890.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP628;Trojan.Click.1487;Deleted.;
A0050475.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP636;Trojan.StartPage.19993;Deleted.;
A0050543.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP638;Trojan.DownLoader.24772;Deleted.;
A0050544.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP638;Trojan.EzulaAd;Deleted.;
A0050551.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP638;Trojan.EzulaAd;Deleted.;
A0050557.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP638;Trojan.StartPage.19993;Deleted.;
A0050565.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP638;Trojan.StartPage.19993;Deleted.;
A0050575.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP638;Trojan.StartPage.19993;Deleted.;
A0050578.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP638;Trojan.DownLoader.24772;Deleted.;
A0050592.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP638;Trojan.StartPage.19993;Deleted.;
A0050598.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP638;Trojan.Swizzor;Deleted.;
A0050612.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP638;Trojan.StartPage.19993;Deleted.;
A0050618.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP638;Trojan.Virtumod;Deleted.;
A0050626.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP638;Trojan.StartPage.19993;Deleted.;
A0050651.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Adware.ClickSpring;Incurable.Moved.;
A0050656.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.MulDrop.8200;Deleted.;
A0050658.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.EzulaAd;Deleted.;
A0050659.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.EzulaAd;Deleted.;
A0050660.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.EzulaAd;Deleted.;
A0050661.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Adware.Hotbot;Incurable.Moved.;
A0050662.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Virtumod;Deleted.;
A0050663.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Virtumod;Deleted.;
A0050664.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Virtumod;Deleted.;
A0050665.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Virtumod;Deleted.;
A0050666.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Virtumod;Deleted.;
A0050667.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Virtumod;Deleted.;
A0050669.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.DownLoader.29746;Deleted.;
A0050670.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.StartPage.19992;Deleted.;
A0050671.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.StartPage.19992;Deleted.;
A0050672.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Adware.Websearch;Incurable.Moved.;
A0050673.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Adware.Ttc;Incurable.Moved.;
A0050675.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Virtumod;Deleted.;
A0050676.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Virtumod;Deleted.;
A0050677.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Virtumod;Deleted.;
A0050678.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Virtumod;Deleted.;
A0050679.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Virtumod;Deleted.;
A0050680.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Virtumod;Deleted.;
A0050681.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Virtumod;Deleted.;
A0050682.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Virtumod;Deleted.;
A0050683.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Virtumod;Deleted.;
A0050684.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Virtumod;Deleted.;
A0050685.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Virtumod;Deleted.;
A0050686.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Virtumod;Deleted.;
A0050687.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Virtumod;Deleted.;
A0050688.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Virtumod;Deleted.;
A0050689.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Virtumod;Deleted.;
A0050690.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Virtumod;Deleted.;
A0050691.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Virtumod;Deleted.;
A0050692.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.DownLoader.26570;Deleted.;
A0050693.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.DownLoader.26570;Deleted.;
A0050694.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Click.2799;Deleted.;
A0050695.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.DownLoader.26570;Deleted.;
A0050696.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.DownLoader.26570;Deleted.;
A0050712.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Fakealert;Deleted.;
A0050718.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.StartPage.19988;Deleted.;
A0050719.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Fakealert;Deleted.;
A0050721.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.DownLoader.10963;Deleted.;
A0050723.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.DownLoader.29746;Deleted.;
A0050724.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.DownLoader.26881;Deleted.;
A0050725.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.DownLoader.26881;Deleted.;
A0050727.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.DownLoader.26881;Deleted.;
A0050729.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.DownLoader.24715;Deleted.;
A0050730.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.DownLoader.24715;Deleted.;
A0050731.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.DownLoader.24715;Deleted.;
A0050732.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.DownLoader.13909;Deleted.;
A0050733.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.DownLoader.13909;Deleted.;
A0050734.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Swizzor;Deleted.;
A0050739.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.StartPage.19993;Deleted.;
A0050752.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Virtumod;Deleted.;
A0050753.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640;Trojan.Virtumod;Deleted.;
A0050959.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP642;Trojan.DownLoader.26460;Deleted.;
A0050960.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP642;Trojan.Swizzor;Deleted.;
GTDownDE_87.ocx;C:\WINDOWS\SYSTEM32;Adware.Gdown;Incurable.Moved.;

And here is the latest HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:33 PM, on 8/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\ljdsrngk.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{2A-A1-15-58-ZN}] C:\windows\system32\ljdsrngk.exe CHD003
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PDUiP6000DTskbr] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
O4 - HKLM\..\Run: [PDUiP6000DMon] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Christy\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\ljdsrngk.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107719689773
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebServices/...iveX/ofmctl.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10786 bytes

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:37 PM

Posted 15 August 2007 - 08:11 PM

Hello,

Can you tell me more about the "Brdr"? Does it give you a path or anything?

Let's see about the triangle :

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 diyer63

diyer63
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Phoenix
  • Local time:05:37 PM

Posted 15 August 2007 - 10:49 PM

Hi again, tea.

On startup, I now get a Microsoft Visual C++ Runtime Library error, with the message "Runtime Error! Program: C:\Program Files\Real\RealPlayer\RealPlay.exe".

I don't have any info on the Brdr. I don't see any other info.

The output from the SmitfraudFix is:

SmitFraudFix v2.212

Scan done at 20:38:10.55, Wed 08/15/2007
Run from C:\Documents and Settings\Christy\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\ljdsrngk.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\pwinkmdt.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\CSCRIPT.EXE

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Christy


C:\Documents and Settings\Christy\Application Data


Start Menu


C:\DOCUME~1\Christy\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Rustock



DNS

Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 68.105.28.11
DNS Server Search Order: 68.105.29.11
DNS Server Search Order: 68.105.28.12

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DA21A9C5-20B3-4A56-B4D9-9B4A3B1DE120}: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DA21A9C5-20B3-4A56-B4D9-9B4A3B1DE120}: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F2C911A3-B5A9-4E98-B215-84E8C940CDE5}: DhcpNameServer=163.244.112.254 10.101.101.254 163.244.112.71
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DA21A9C5-20B3-4A56-B4D9-9B4A3B1DE120}: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12


Scanning for wininet.dll infection


End

And here is the latest HijackThis log if it's still needed:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:01 PM, on 8/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\ljdsrngk.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\pwinkmdt.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{2A-A1-15-58-ZN}] C:\windows\system32\ljdsrngk.exe CHD003
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PDUiP6000DTskbr] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
O4 - HKLM\..\Run: [PDUiP6000DMon] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Christy\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\pwinkmdt.exe CHD003
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\ljdsrngk.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\pwinkmdt.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107719689773
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebServices/...iveX/ofmctl.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11076 bytes


Thanks again. And by the way, all the major problems are now gone. It's just these couple of minor things left.



PS.
The Brdr problem is now gone!
Also, I just ran Spybot again and found a lot of WinAntispywar files again, and cleaned them out.

Edited by diyer63, 15 August 2007 - 11:36 PM.


#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:37 PM

Posted 20 August 2007 - 06:13 PM

Hello,

Is the computer still available? I was out the weekend, but I know you said you were sending it to law school. How is it running?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 diyer63

diyer63
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Phoenix
  • Local time:05:37 PM

Posted 21 August 2007 - 11:30 PM

Teacup,
According to my daughter, everyone seems back to normal and she is reporting no problems.
Thanks again for your help.
diyer63

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:37 PM

Posted 31 August 2007 - 08:41 PM

You're most welcome. :thumbsup:

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users