Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winantispyware Removal Problem


  • This topic is locked This topic is locked
12 replies to this topic

#1 blondie32

blondie32

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 02 November 2007 - 03:49 PM

Hi,
Was hoping to get some help removing this terrible malware.
I have tried the vundofix, vundobegone, and Spybot with no results.
Here is a copy of the hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:56 PM, on 11/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TmljayBHb2xkbWFu\command.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Windows NT\horydyva22011.exe
C:\Program Files\WinAntiSpyware 2007\was7.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Web Buying\v1.8.3\webbuying.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\lqfljh.exe
C:\Documents and Settings\Owner\Application Data\WinTouch\WinTouch.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3e1156ed-0650-43ca-8f4e-619483f15ddb} - C:\WINDOWS\system32\nteyexl.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {F4F02DD3-E052-47C9-8436-58630CA0987C} - C:\WINDOWS\system32\awvvv.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [horydyva] C:\Program Files\Windows NT\horydyva22011.exe
O4 - HKLM\..\Run: [WinAntiSpyware 2007 Free] "C:\Program Files\WinAntiSpyware 2007\was7.exe" /min
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\pwinomdq.exe CHD003
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D2907D4E66914B5C1E9E689DB6FC45715EDF7B0F36BB40E2C2832213329D26033AAC
O4 - HKLM\..\Run: [{B9-96-6E-E7-ZN}] C:\windows\system32\lndsrngp.exe CHD003
O4 - HKLM\..\Run: [uwas7cw] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe" -c
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.3\webbuying.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\lqfljh.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Owner\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\lndsrngp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TmljayBHb2xkbWFu\command.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8345 bytes

Any help is very much appreciated.

Blondie32

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 02 November 2007 - 03:57 PM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt. Post that in your next reply.

Make a list of all the programs installed on your computer:
Open HijackThis
Click the Config... button, then go to the Misc Tools section.
Press Open Uninstall Manager. You'll see a list of programs.
Select Save List... - save it to your Desktop.
The file "uninstall_list.txt" will be created.
Copy and paste the contents of this file to your next reply.

In your reply I would like to see the Combofix log, uninstall list and a brand new HijackThis log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 blondie32

blondie32
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 06 November 2007 - 07:53 AM

Charles,
Here are the 3 items you requested.

ComboFix 07-11-01.1 - Owner 2007-11-05 6:19:29.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Messenger\lavuha.dll
C:\Program Files\Messenger\profsyvy.html
C:\WINDOWS\tk58.exe
.
---- Previous Run -------
.
C:\check_LSA7.txt
C:\Documents and Settings\All Users.WINDOWS\Application Data.\salesmonitor
C:\Documents and Settings\All Users.WINDOWS\Application Data.\winantispyware 2007
C:\Documents and Settings\All Users.WINDOWS\Application Data.\winantispyware 2007\Data\Abbr
C:\Documents and Settings\All Users.WINDOWS\Application Data.\winantispyware 2007\Data\ProductCode
C:\Documents and Settings\All Users.WINDOWS\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users.WINDOWS\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Documents and Settings\Owner\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\Owner\Application Data\WinAntiSpyware 2007\Logs\update.log
C:\Documents and Settings\Owner\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\Owner\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\Owner\Application Data\WinTouch\WTUninstaller.exe
C:\Documents and Settings\Owner\Desktop\WinAntiSpyware 2007.lnk
C:\Documents and Settings\Owner\err.log
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TA_Start.lnk
C:\Program Files\Common Files\rmww
C:\Program Files\Common Files\rmww\rmwwa.exe
C:\Program Files\Common Files\rmww\rmwwa.lck
C:\Program Files\Common Files\rmww\rmwwd\class-barrel
C:\Program Files\Common Files\rmww\rmwwd\rmwwc.dll
C:\Program Files\Common Files\rmww\rmwwd\vocabulary
C:\Program Files\Common Files\rmww\rmwwl.exe
C:\Program Files\Common Files\rmww\rmwwm.exe
C:\Program Files\Common Files\rmww\rmwwm.lck
C:\Program Files\Common Files\rmww\rmwwp.exe
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\Messenger\lavuha.dll
C:\Program Files\Messenger\lavuha75.dll
C:\Program Files\Temporary
C:\Program Files\web buying
C:\Program Files\web buying\v1.8.3\webbuying.exe
C:\Program Files\winantispyware 2007
C:\Program Files\WinAntiSpyware 2007\Activate.dat
C:\Program Files\WinAntiSpyware 2007\appupdate.dat
C:\Program Files\winantispyware 2007\AsAgents.dll
C:\Program Files\winantispyware 2007\AsAgents.xml
C:\Program Files\WinAntiSpyware 2007\atl71.dll
C:\Program Files\winantispyware 2007\AutoProcess.dat
C:\Program Files\WinAntiSpyware 2007\bnlink.dat
C:\Program Files\WinAntiSpyware 2007\database\enemies.dat
C:\Program Files\winantispyware 2007\database\knownfiles.dat
C:\Program Files\WinAntiSpyware 2007\database\TEBase.dat
C:\Program Files\WinAntiSpyware 2007\database\vbpv.dat
C:\Program Files\WinAntiSpyware 2007\dbupdate.dat
C:\Program Files\WinAntiSpyware 2007\fopnl.dll
C:\Program Files\winantispyware 2007\InstHelp.exe
C:\Program Files\WinAntiSpyware 2007\InstUp.exe
C:\Program Files\WinAntiSpyware 2007\lapv.dat
C:\Program Files\WinAntiSpyware 2007\license.rtf
C:\Program Files\winantispyware 2007\manual.pdf
C:\Program Files\winantispyware 2007\manual.url
C:\Program Files\winantispyware 2007\mfc71.dll
C:\Program Files\winantispyware 2007\monstate.dat
C:\Program Files\winantispyware 2007\msvcp71.dll
C:\Program Files\winantispyware 2007\msvcr71.dll
C:\Program Files\WinAntiSpyware 2007\ps.dat
C:\Program Files\WinAntiSpyware 2007\pv.dat
C:\Program Files\winantispyware 2007\quaratine.dat\#post_quarantine
C:\Program Files\WinAntiSpyware 2007\readme.rtf
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\01a8d8bf57584fd9e7c563b5\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\01a8d8bf57584fd9e7c563b5\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\053f6ce83de242ef829243af\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\053f6ce83de242ef829243af\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\09b4a82d36304b8bcc773f86\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\09b4a82d36304b8bcc773f86\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\0acff298e5964a0e6d801286\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\0acff298e5964a0e6d801286\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\0acff298e5964a0e6d801286\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\0b76673af13e48b776026cae\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\0b76673af13e48b776026cae\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\11b8c6432f394e5711553183\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\11b8c6432f394e5711553183\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\126632de7550458bf88011b3\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\126632de7550458bf88011b3\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\180a0719b7f64cc802e45493\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\180a0719b7f64cc802e45493\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\1d513d76e8cc4786c48728ba\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\1d513d76e8cc4786c48728ba\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\1e967c48cc9d4f8b7d42d183\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\1e967c48cc9d4f8b7d42d183\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\1f59d9a13bbc4ca303626297\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\1f59d9a13bbc4ca303626297\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\22aa5b5a8dda4f905301f8b3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\22aa5b5a8dda4f905301f8b3\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\230d2671cf6741cb9353a599\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\230d2671cf6741cb9353a599\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\27e4f08be93841a601acd1a1\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\27e4f08be93841a601acd1a1\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\3953dfa183f840e33abae19c\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\3953dfa183f840e33abae19c\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\3cf73e055ff749f3450c4f93\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\3cf73e055ff749f3450c4f93\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\3e6f3645862c4522d64e5686\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\3e6f3645862c4522d64e5686\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\461164831e024ef7635898b6\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\461164831e024ef7635898b6\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\4ebe6f4074074c54f7498f87\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\4ebe6f4074074c54f7498f87\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\50e6cbc4c8854c17b590f9b3\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\50e6cbc4c8854c17b590f9b3\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\518bfc34acf748f82060fbb4\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\518bfc34acf748f82060fbb4\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\5462016eedc340463c4deb82\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\5462016eedc340463c4deb82\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\5a3c7804f0424410c6766091\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\5a3c7804f0424410c6766091\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\5dffccdbbd594448ef4676a7\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\5dffccdbbd594448ef4676a7\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\5fd9d320f0224209d421c6a6\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\5fd9d320f0224209d421c6a6\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\5fd9d320f0224209d421c6a6\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\702bb8d086fe4b2dae0793bc\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\702bb8d086fe4b2dae0793bc\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\702bb8d086fe4b2dae0793bc\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\750ef519c7b341642b756aa5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\750ef519c7b341642b756aa5\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\7a6dc45c66a5419ccb4da59d\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\7a6dc45c66a5419ccb4da59d\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\7fb1a075f38640f3df9e38b8\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\7fb1a075f38640f3df9e38b8\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\847a1984c2a340a7634059b8\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\847a1984c2a340a7634059b8\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\851242e5dfe742cdb6289d99\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\851242e5dfe742cdb6289d99\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\8a0c53b9166e48ec8d375c90\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\8a0c53b9166e48ec8d375c90\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\8de864a01b3f4d62adb758b6\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\8de864a01b3f4d62adb758b6\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\92f96ac6f16b45cb639739b0\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\92f96ac6f16b45cb639739b0\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\9a24800b398f45aea0465ba8\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\9a24800b398f45aea0465ba8\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\a3034db970544da31cf62f83\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\a3034db970544da31cf62f83\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\a74ebd5627794c0d93bfd38c\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\a74ebd5627794c0d93bfd38c\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\aac51e6feb024f16874523b3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\aac51e6feb024f16874523b3\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\b14d442dc2314c0625b7ae9b\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\b14d442dc2314c0625b7ae9b\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\b194bf60392c4e1c2edfec84\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\b194bf60392c4e1c2edfec84\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\b48228774a8f417efc33cc89\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\b48228774a8f417efc33cc89\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\b4eced818b824240e79a95bd\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\b4eced818b824240e79a95bd\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\b6299d47aca745424bfa03a0\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\b6299d47aca745424bfa03a0\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\cfec01606dd14b88efb75a90\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\cfec01606dd14b88efb75a90\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\d6c2ab7ee56342bebc8dc496\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\d6c2ab7ee56342bebc8dc496\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\dcb9fd24fbc240ff49fe59a0\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\dcb9fd24fbc240ff49fe59a0\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\dff2808fc3314ed365446691\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\dff2808fc3314ed365446691\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\e97f016473c24efdbf60388b\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\e97f016473c24efdbf60388b\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\ebdbe357a5d24121006939a6\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\ebdbe357a5d24121006939a6\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\f937c4c53b194a6cc4721299\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\8e255839047b47a68af4f7b1\f937c4c53b194a6cc4721299\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\5fe9b03346bd4baf8faf22a9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\5fe9b03346bd4baf8faf22a9\5422fd658dfa4a2685c41884\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\5fe9b03346bd4baf8faf22a9\5422fd658dfa4a2685c41884\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\5fe9b03346bd4baf8faf22a9\5422fd658dfa4a2685c41884\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\5fe9b03346bd4baf8faf22a9\9a2c869d003b4d7cde43b392\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\5fe9b03346bd4baf8faf22a9\9a2c869d003b4d7cde43b392\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\5fe9b03346bd4baf8faf22a9\9a2c869d003b4d7cde43b392\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\5fe9b03346bd4baf8faf22a9\dfe50079c87d4e977ab305a2\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\5fe9b03346bd4baf8faf22a9\dfe50079c87d4e977ab305a2\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\5fe9b03346bd4baf8faf22a9\dfe50079c87d4e977ab305a2\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\5fe9b03346bd4baf8faf22a9\f1d0ee538454410a86c0f1b8\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\5fe9b03346bd4baf8faf22a9\f1d0ee538454410a86c0f1b8\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\5fe9b03346bd4baf8faf22a9\f1d0ee538454410a86c0f1b8\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\a9ca489ed0c846b8762cc5af\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\a9ca489ed0c846b8762cc5af\05cd1f69699343568e943cb7\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\a9ca489ed0c846b8762cc5af\05cd1f69699343568e943cb7\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\a9ca489ed0c846b8762cc5af\05cd1f69699343568e943cb7\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\a9ca489ed0c846b8762cc5af\7db092e6ab95439b010da995\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\a9ca489ed0c846b8762cc5af\7db092e6ab95439b010da995\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\a9ca489ed0c846b8762cc5af\7db092e6ab95439b010da995\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\a9ca489ed0c846b8762cc5af\97689ca78b504c84a9f8c185\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\a9ca489ed0c846b8762cc5af\97689ca78b504c84a9f8c185\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\a9ca489ed0c846b8762cc5af\97689ca78b504c84a9f8c185\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\0328103d52b44dee5ddbc6b8\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\0328103d52b44dee5ddbc6b8\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\0328103d52b44dee5ddbc6b8\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\03f8dd2eed8142179d1f338e\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\03f8dd2eed8142179d1f338e\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\03f8dd2eed8142179d1f338e\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\044e321fdaf545dbbe6308ab\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\044e321fdaf545dbbe6308ab\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\044e321fdaf545dbbe6308ab\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\044e321fdaf545dbbe6308ab\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\09e3311f00a24931f3f327bf\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\09e3311f00a24931f3f327bf\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\09e3311f00a24931f3f327bf\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\0a9bd3ba101b4dedbb1198b3\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\0a9bd3ba101b4dedbb1198b3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\0a9bd3ba101b4dedbb1198b3\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\0a9bd3ba101b4dedbb1198b3\Owner
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\0f138bd3032449981c21c6a2\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\0f138bd3032449981c21c6a2\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\0f138bd3032449981c21c6a2\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\0f138bd3032449981c21c6a2\Owner
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\11b5d2fd285c4a00c9051d89\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\11b5d2fd285c4a00c9051d89\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\11b5d2fd285c4a00c9051d89\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\11bb08fb28fe4ec94cf5c290\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\11bb08fb28fe4ec94cf5c290\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\11bb08fb28fe4ec94cf5c290\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\11bb08fb28fe4ec94cf5c290\Owner
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\1378742aedc84593c8ff22b0\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\1378742aedc84593c8ff22b0\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\1378742aedc84593c8ff22b0\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\1378742aedc84593c8ff22b0\Owner
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\18fc25da3b22470d8c496abd\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\18fc25da3b22470d8c496abd\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\18fc25da3b22470d8c496abd\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\18fc25da3b22470d8c496abd\Owner
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\223a5cb4fa0947c64730ada0\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\223a5cb4fa0947c64730ada0\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\223a5cb4fa0947c64730ada0\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\277a74eff52b4395ed099f87\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\277a74eff52b4395ed099f87\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\277a74eff52b4395ed099f87\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\2883907f911d424fb91bb1b6\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\2883907f911d424fb91bb1b6\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\2883907f911d424fb91bb1b6\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\34ac03c77ec74f9d372800a4\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\34ac03c77ec74f9d372800a4\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\34ac03c77ec74f9d372800a4\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\3730c3414bd04d858cfa2aa0\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\3730c3414bd04d858cfa2aa0\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\3730c3414bd04d858cfa2aa0\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\3730c3414bd04d858cfa2aa0\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\3c22b700c29244e2045724bb\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\3c22b700c29244e2045724bb\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\3c22b700c29244e2045724bb\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\3c39be85df3142daea7894a6\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\3c39be85df3142daea7894a6\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\3c39be85df3142daea7894a6\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\3c39be85df3142daea7894a6\Owner
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\3e048ed9aed84ba285cbc5a4\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\3e048ed9aed84ba285cbc5a4\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\3e048ed9aed84ba285cbc5a4\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\4449aed78d654e203fa57897\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\4449aed78d654e203fa57897\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\4449aed78d654e203fa57897\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\4449aed78d654e203fa57897\Owner
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\449ca47ca1a7437715d97887\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\449ca47ca1a7437715d97887\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\449ca47ca1a7437715d97887\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\44bd0997d0904218bf4c2a92\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\44bd0997d0904218bf4c2a92\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\44bd0997d0904218bf4c2a92\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\497df78bf6c44b86bbd60d93\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\497df78bf6c44b86bbd60d93\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\497df78bf6c44b86bbd60d93\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\49b4c2f5cf2141a7065494a7\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\49b4c2f5cf2141a7065494a7\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\49b4c2f5cf2141a7065494a7\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\49b4c2f5cf2141a7065494a7\Owner
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\49fa70327e3f4135a8ae0b81\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\49fa70327e3f4135a8ae0b81\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\49fa70327e3f4135a8ae0b81\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\4aae3722716541316f748bb3\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\4aae3722716541316f748bb3\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\4aae3722716541316f748bb3\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\4aae3722716541316f748bb3\Owner
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\4b12093ba25149f12d11e0bb\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\4b12093ba25149f12d11e0bb\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\4b12093ba25149f12d11e0bb\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\4b12093ba25149f12d11e0bb\Owner
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\5a35e116af9d460554cbec93\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\5a35e116af9d460554cbec93\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\5a35e116af9d460554cbec93\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\5e76987c2d044949ba098bad\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\5e76987c2d044949ba098bad\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\5e76987c2d044949ba098bad\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\67f42db8f091463e7547db96\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\67f42db8f091463e7547db96\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\67f42db8f091463e7547db96\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\689cde6745ee4140e2e36595\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\689cde6745ee4140e2e36595\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\689cde6745ee4140e2e36595\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\71bec49322ec443e23e3b289\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\71bec49322ec443e23e3b289\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\71bec49322ec443e23e3b289\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\74e69030caa249622b80abb0\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\74e69030caa249622b80abb0\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\74e69030caa249622b80abb0\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\7cbe5e2d430947a4bc58f98a\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\7cbe5e2d430947a4bc58f98a\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\7cbe5e2d430947a4bc58f98a\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\7de105fa77be4ac579ac6b95\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\7de105fa77be4ac579ac6b95\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\7de105fa77be4ac579ac6b95\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\7fbd3b8d54c9421944a81589\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\7fbd3b8d54c9421944a81589\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\7fbd3b8d54c9421944a81589\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\84941ce777de4382b6f47faf\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\84941ce777de4382b6f47faf\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\84941ce777de4382b6f47faf\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\84941ce777de4382b6f47faf\Owner
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\8856a0c780264ce2d64f16ab\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\8856a0c780264ce2d64f16ab\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\8856a0c780264ce2d64f16ab\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\885fea048c1a427ad91d0aa2\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\885fea048c1a427ad91d0aa2\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\885fea048c1a427ad91d0aa2\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\8fc24562463b4dfb2b1d80ad\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\8fc24562463b4dfb2b1d80ad\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\8fc24562463b4dfb2b1d80ad\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\98bd94f491fb49fcd8d49cb7\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\98bd94f491fb49fcd8d49cb7\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\98bd94f491fb49fcd8d49cb7\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\98bd94f491fb49fcd8d49cb7\Owner
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\9ae9aa88177b48a419aca1ae\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\9ae9aa88177b48a419aca1ae\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\9ae9aa88177b48a419aca1ae\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\9ae9aa88177b48a419aca1ae\Owner
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\9cb2e215fa684f45691545a0\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\9cb2e215fa684f45691545a0\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\9cb2e215fa684f45691545a0\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\a10923c99640420650346d8c\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\a10923c99640420650346d8c\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\a10923c99640420650346d8c\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\a10923c99640420650346d8c\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\a33952a362c24cb807bbd5ae\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\a33952a362c24cb807bbd5ae\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\a33952a362c24cb807bbd5ae\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\a6ab15c403824914da94e8bb\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\a6ab15c403824914da94e8bb\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\a6ab15c403824914da94e8bb\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\a968f6fe82ff451859eb9790\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\a968f6fe82ff451859eb9790\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\a968f6fe82ff451859eb9790\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\a968f6fe82ff451859eb9790\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\ad16fae1afed4f755c511faf\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\ad16fae1afed4f755c511faf\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\ad16fae1afed4f755c511faf\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\b6272f5c25354b27892a979e\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\b6272f5c25354b27892a979e\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\b6272f5c25354b27892a979e\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\b8888371d97a4bab4d8d838a\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\b8888371d97a4bab4d8d838a\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\b8888371d97a4bab4d8d838a\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\c0ac48288b574ef4d68edbbe\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\c0ac48288b574ef4d68edbbe\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\c0ac48288b574ef4d68edbbe\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\c0ac48288b574ef4d68edbbe\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\c26677d80a554451d326c5a0\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\c26677d80a554451d326c5a0\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\c26677d80a554451d326c5a0\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\c26677d80a554451d326c5a0\Owner
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\c5968d9650474b437155628c\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\c5968d9650474b437155628c\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\c5968d9650474b437155628c\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\c6e6df3e19ec42e041f842b9\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\c6e6df3e19ec42e041f842b9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\c6e6df3e19ec42e041f842b9\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\c6e6df3e19ec42e041f842b9\Owner
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\c8a4c3f06fd849c5fc8653a5\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\c8a4c3f06fd849c5fc8653a5\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\c8a4c3f06fd849c5fc8653a5\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\c8a4c3f06fd849c5fc8653a5\Owner
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\ccb7db682b994c924008a8bc\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\ccb7db682b994c924008a8bc\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\ccb7db682b994c924008a8bc\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\d2e4309ab360473df8e040a5\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\d2e4309ab360473df8e040a5\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\d2e4309ab360473df8e040a5\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\e85442612a814ddd029376be\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\e85442612a814ddd029376be\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\e85442612a814ddd029376be\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\e9d6ec96c4c041e7c0d430b4\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\e9d6ec96c4c041e7c0d430b4\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\e9d6ec96c4c041e7c0d430b4\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\f098b6391dd342a417d85ea2\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\f098b6391dd342a417d85ea2\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\f098b6391dd342a417d85ea2\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\f1d11e84d4304d40aca9c696\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\f1d11e84d4304d40aca9c696\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\f1d11e84d4304d40aca9c696\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\f35358cff62f47b3418cfcbe\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\f35358cff62f47b3418cfcbe\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\f35358cff62f47b3418cfcbe\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\f691aa9c5e6145a9946d5eaf\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\f691aa9c5e6145a9946d5eaf\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\f691aa9c5e6145a9946d5eaf\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\f8952fb54ee24d0a75125d85\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\f8952fb54ee24d0a75125d85\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\f8952fb54ee24d0a75125d85\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\f9baf8a224fb4c17cd43e693\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\f9baf8a224fb4c17cd43e693\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\f9baf8a224fb4c17cd43e693\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\fed9a513f9cc4fcaddf7c086\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\fed9a513f9cc4fcaddf7c086\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\fed9a513f9cc4fcaddf7c086\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\ea22758c7c834035c64b26b0\be4a2e7d9300471193ace5a7\fed9a513f9cc4fcaddf7c086\Owner
C:\Program Files\WinAntiSpyware 2007\scanlog.xml
C:\Program Files\winantispyware 2007\settings.ini
C:\Program Files\WinAntiSpyware 2007\shellext.dll
C:\Program Files\winantispyware 2007\shellext.xml
C:\Program Files\winantispyware 2007\sr.log
C:\Program Files\WinAntiSpyware 2007\Summary.dat
C:\Program Files\winantispyware 2007\support.url
C:\Program Files\WinAntiSpyware 2007\tasks.dat
C:\Program Files\winantispyware 2007\threatnet.dat
C:\Program Files\winantispyware 2007\threatnet.ini
C:\Program Files\WinAntiSpyware 2007\unins000.dat
C:\Program Files\winantispyware 2007\unins000.exe
C:\Program Files\winantispyware 2007\uninstall.ico
C:\Program Files\winantispyware 2007\UnWizard.exe
C:\Program Files\WinAntiSpyware 2007\unwizard.xml
C:\Program Files\winantispyware 2007\up.dat
C:\Program Files\WinAntiSpyware 2007\updater.dat
C:\Program Files\winantispyware 2007\was7.exe
C:\Program Files\WinAntiSpyware 2007\WAS7.url
C:\Program Files\winantispyware 2007\WAS7.xml
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\b103.exe
C:\WINDOWS\b104.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\notedad.exe
C:\WINDOWS\rmww
C:\WINDOWS\rmww\rmww.dat
C:\WINDOWS\rmww\wu
C:\WINDOWS\system32\atmtd.dll.tmp
C:\WINDOWS\system32\D2
C:\WINDOWS\system32\D2\cabwbdll.exe
C:\WINDOWS\system32\drivers\ApiMon.sys
C:\WINDOWS\system32\drivers\fopn.sys
C:\windows\system32\explorer.exe
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\system32\iexplorer.dll .dbt
C:\WINDOWS\system32\mp43.exe
C:\WINDOWS\system32\nteyexl.dll
C:\WINDOWS\system32\pwinomds.exe
C:\WINDOWS\system32\pwinomdt.exe
C:\WINDOWS\system32\stera.exe
C:\WINDOWS\tk58.exe
C:\WINDOWS\TmljayBHb2xkbWFu\asappsrv.dll
C:\WINDOWS\TmljayBHb2xkbWFu\command.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_FOPN
-------\LEGACY_NETWORK_MONITOR
-------\cmdService




((((((((((((((((((((((((( Files Created from 2007-10-05 to 2007-11-05 )))))))))))))))))))))))))))))))
.

2007-11-02 13:12 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-02 12:30 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-02 05:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-10-26 09:47 <DIR> d-------- C:\VundoFix Backups
2007-10-26 09:32 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Yahoo!
2007-10-25 10:38 35,840 -ra------ C:\WINDOWS\mrofinu1000106.exe
2007-10-24 09:46 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-10-24 09:46 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-10-24 09:46 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-10-24 09:46 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-10-24 09:46 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-10-24 09:46 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-05 14:24 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-05-11 17:42 67,968 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2005-07-29 23:24:26 472 --sha-r C:\WINDOWS\TmljayBHb2xkbWFu\nA53uV1JvZU4vqIR.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3e1156ed-0650-43ca-8f4e-619483f15ddb}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEAA3D72-8120-490F-C78A-3046E2516093}]
2007-11-05 06:25 70144 --a------ C:\Program Files\Messenger\lavuha.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4F02DD3-E052-47C9-8436-58630CA0987C}]
C:\WINDOWS\system32\awvvv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 09:36]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 09:31]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 14:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
"Lexmark X73 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe" [2001-05-16 22:01]
"Lexmark X73 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe" [2001-07-11 10:08]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" [2001-08-17 06:00]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 14:49]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 02:28]
"HPHUPD06"="C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-06 20:53]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-06 20:42]
"horydyva"="C:\Program Files\Windows NT\horydyva22011.exe" [2007-08-07 12:30]
"{B9-96-6E-E7-ZN}"="C:\windows\system32\lndsrngp.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 05:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:06]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 14:08]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 10:49]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2005-09-14 12:12:17]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 18:50:52]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Messenger\profsyvy.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4567AB12-B980-44A5-B259-9B09EBEA6331}"= C:\Program Files\WinAntiSpyware 2007\shellext.dll [ ]


.
Contents of the 'Scheduled Tasks' folder
"2007-11-05 11:28:00 C:\WINDOWS\Tasks\HP Usg Daily FY04.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-05 06:24:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-05 6:28:28 - machine was rebooted
.
--- E O F ---
Adobe Reader 7.0.5
AOL Instant Messenger
Cake Mania (remove only)
Comcast High-Speed Internet Install Wizard
Crash Analysis Tool
Dell ResourceCD
HijackThis 2.0.2
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP PSC & OfficeJet 4.7
HP Software Update
Intel® Extreme Graphics Driver
J2SE Runtime Environment 5.0 Update 3
Lexmark X73
LimeWire 4.9.30
Macromedia Flash Player 8
Mahjongg XP Championship 2006 Platinum Edition
Microsoft .NET Framework 1.1
Microsoft AntiSpyware
Microsoft Office XP Media Content
Microsoft Office XP Small Business
MSN
Network Play System (Patching)
Photosmart 320,370,7400,8100,8400 Series
Sound Blaster Live!
Spybot - Search & Destroy
The Sims
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Who Wants To Be A Millionaire
WinAntiSpyware 2007 4.0.193.0
Yahoo! Toolbar
YOU DON'T KNOW JACK Volume 2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:54:33 AM, on 11/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Windows NT\horydyva22011.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 0 - {BA15C101-6668-466F-04A1-479122F99B7D} - C:\Program Files\Messenger\lavuha549.dll
O2 - BHO: (no name) - {CEAA3D72-8120-490F-C78A-3046E2516093} - (no file)
O2 - BHO: (no name) - {F4F02DD3-E052-47C9-8436-58630CA0987C} - C:\WINDOWS\system32\awvvv.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [horydyva] C:\Program Files\Windows NT\horydyva22011.exe
O4 - HKLM\..\Run: [{B9-96-6E-E7-ZN}] C:\windows\system32\lndsrngp.exe CHD003
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Messenger\profsyvy.html

--
End of file - 6376 bytes

Thanks,

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 06 November 2007 - 04:12 PM

Go to this page.
Where it says "Browse to the file you want to submit", copy and paste the filepath below into the box:

C:\Program Files\Messenger\lavuha549.dll

Then click the Send File button below.

Let me know when you've uploaded the file for me.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 blondie32

blondie32
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 13 November 2007 - 09:08 AM

Charles, file has been uploaded. I did get a script error, but think it still u/l.
Thanks,

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 13 November 2007 - 03:40 PM

Hello again,
Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

O2 - BHO: 0 - {BA15C101-6668-466F-04A1-479122F99B7D} - C:\Program Files\Messenger\lavuha549.dll
O2 - BHO: (no name) - {CEAA3D72-8120-490F-C78A-3046E2516093} - (no file)
O2 - BHO: (no name) - {F4F02DD3-E052-47C9-8436-58630CA0987C} - C:\WINDOWS\system32\awvvv.dll (file missing)
O4 - HKLM\..\Run: [horydyva] C:\Program Files\Windows NT\horydyva22011.exe
O4 - HKLM\..\Run: [{B9-96-6E-E7-ZN}] C:\windows\system32\lndsrngp.exe CHD003


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix checked button.

Please reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Set your system to show all files.
Navigate to Start | My Computer | Tools | Folder Options.
Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders".
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Next, please find and delete the following folders (if present):

C:\WINDOWS\TmljayBHb2xkbWFu
C:\Program Files\Windows NT

And these files:

C:\WINDOWS\mrofinu1000106.exe
C:\Program Files\Messenger\lavuha549.dll
C:\windows\system32\lndsrngp.exe CHD003

Reboot into Normal Mode again.

Please run Panda's ActiveScan.
Once you are on the Panda site click the Scan your PC button
A new window will open, click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.
When download is complete, click on Local Disks to start the scan.
When the scan has finished - if anything malicious is found - click the See Report button.
Click Save Report and save the file to your Desktop, so you can post this log in your next reply.

In your reply I would like a new Combofix log and the Panda report.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 blondie32

blondie32
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 16 November 2007 - 10:06 AM

Charles, Here are the two reports you requested. Thanks.
ComboFix 07-11-01.1 - Owner 2007-11-02 6:36:22.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.25 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-02 to 2007-11-02 )))))))))))))))))))))))))))))))
.

2007-11-15 16:40 <DIR> d-------- C:\WINDOWS\PerfInfo
2007-11-13 06:09 35,328 --a------ C:\WINDOWS\system32\hggfecd.dll
2007-11-13 06:06 53,248 --------- C:\WINDOWS\system32\mstscex.dll
2007-11-13 06:06 140 --a------ C:\WINDOWS\system32\UPDCE9~1.bat
2007-11-13 06:02 <DIR> d-------- C:\WINDOWS\system32\rMa01yy
2007-11-13 06:02 <DIR> d-------- C:\Temp\abW9
2007-11-13 06:02 35,328 --a------ C:\WINDOWS\system32\yayaxyx.dll
2007-11-13 06:02 339 --a------ C:\WINDOWS\17PHolmes1000106.exe
2007-11-13 06:02 335 --a------ C:\WINDOWS\17PHolmes572.exe
2007-11-12 13:54 <DIR> d-------- C:\Program Files\Ptpcwjbm
2007-11-12 13:54 <DIR> d-------- C:\Program Files\Efqvbxvd
2007-11-12 13:50 <DIR> d-------- C:\Program Files\zuvydope
2007-11-12 13:50 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
2007-11-12 13:49 125,447 --a------ C:\WINDOWS\system32\vvgeowbv.exe
2007-11-12 13:49 21,504 --a------ C:\WINDOWS\system32\aivskurq.dll
2007-11-12 13:43 35,840 --a------ C:\WINDOWS\mrofinu801.exe
2007-11-12 13:33 400 --a------ C:\WINDOWS\system32\sysservice.dll
2007-11-12 13:32 10,000 --a------ C:\WINDOWS\system32\jkd845jg.dll
2007-11-12 13:32 10,000 --a------ C:\WINDOWS\system32\d4ghggf4g.dll
2007-11-12 13:31 43,008 --a------ C:\WINDOWS\system32\sysservice.exe
2007-11-12 13:28 1 --a------ C:\WINDOWS\system32\rc.dat
2007-11-12 13:28 1 --a------ C:\WINDOWS\system32\ps1.dat
2007-11-12 13:28 1 --a------ C:\WINDOWS\system32\cs.dat
2007-11-12 13:28 1 --a------ C:\WINDOWS\system32\cookie1.dat
2007-11-12 13:06 53,760 --a------ C:\WINDOWS\system32\nortn32.dll
2007-11-06 13:09 <DIR> d-------- C:\WINDOWS\system32\inf
2007-11-06 13:07 10,240 --a------ C:\WINDOWS\system32\winsock2.dll
2007-11-06 11:59 52,736 --a------ C:\WINDOWS\system32\ramtask.dll
2007-11-06 10:45 77,824 --a------ C:\WINDOWS\MicroSoft.pif
2007-11-06 10:45 198 --a------ C:\WINDOWS\MicroSoft.vbs
2007-11-06 10:33 32,768 --a------ C:\WINDOWS\yahooo.exe
2007-11-06 10:32 20,480 --a------ C:\WINDOWS\quit.exe
2007-11-02 13:12 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-02 12:30 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-02 05:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-11-01 22:09 213 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2007-11-01 20:14 27,136 --------- C:\WINDOWS\system32\romtmb.dll
2007-10-26 09:47 <DIR> d-------- C:\VundoFix Backups
2007-10-26 09:32 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Yahoo!
2007-10-24 09:46 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-10-24 09:46 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-10-24 09:46 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-10-24 09:46 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-10-24 09:46 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-10-24 09:46 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 21:32 53,248 ----a-w C:\WINDOWS\system32\windetn2.exe
2007-11-02 14:48 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-11-02 06:21 --------- d-----w C:\Program Files\LexmarkX73
2007-11-02 06:18 --------- d-----w C:\Program Files\AIM
2007-11-02 05:13 18,432 ----a-w C:\WINDOWS\fkwggshm.exe
2007-11-02 04:23 --------- d-----w C:\Program Files\Yahoo!
2007-11-02 04:00 14,868 --sh--w C:\WINDOWS\system32\accdd.bak2
2007-05-11 17:42 67,968 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2003-11-16 00:48 73,728 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ujipwpmr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03E384D6-E1A7-792A-1851-0AC16EF38DE4}]
2003-11-15 16:48 98304 --a------ C:\Program Files\Xancostw\vrvgjhrl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE}]
2007-11-13 06:02 35328 --a------ C:\WINDOWS\system32\yayaxyx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B59A30B-E773-4c5f-BD26-080B7D3AB3F8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3473c604-1dd2-11b2-8ca7-b0d2501c92ba}]
2003-11-15 16:42 73728 --a------ C:\WINDOWS\ovwxsdqd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54C7D1DD-4296-451e-B756-1E94F665B4FF}]
2003-11-15 16:50 9216 --a------ C:\WINDOWS\system32\yatool.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4775221-29B3-41B1-A7E1-A1ED4B1BB431}]
2003-11-15 16:49 321632 --------- C:\WINDOWS\system32\ddcca.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF442538-BE32-4055-A549-2F3B699F55EB}]
2007-11-12 13:49 21504 --a------ C:\WINDOWS\system32\aivskurq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B}]
2007-11-01 20:14 27136 --------- C:\WINDOWS\system32\romtmb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF37362D-4088-4c36-AEF1-C167F9CD3DAD}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 09:36]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 09:31]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 14:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
"Lexmark X73 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe" [2001-05-16 22:01]
"Lexmark X73 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe" [2001-07-11 10:08]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" [2001-08-17 06:00]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 14:49]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 02:28]
"HPHUPD06"="C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-06 20:53]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-06 20:42]
"{B9-96-6E-E7-ZN}"="C:\windows\system32\lndsrngp.exe" []
"horydyva"="C:\Program Files\Windows NT\horydyva22011.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 05:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:06]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 14:08]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 10:49]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Insider"=C:\Program Files\Insider\Insider.exe
"Waoa"="C:\WINDOWS\system32\ICROSO~1\services.exe" -vt yazb
"Xcofg"=C:\WINDOWS\??sembly\notepad.exe
"WinTouch"=C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\WinTouch\WinTouch.exe
"SfKg6w"=C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft\qbdrmc.exe
"rmww"=C:\PROGRA~1\COMMON~1\rmww\rmwwm.exe

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 18:50:52]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4567AB12-B980-44A5-B259-9B09EBEA6331}"= C:\Program Files\WinAntiSpyware 2007\shellext.dll [ ]
"{0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE}"= C:\WINDOWS\system32\yayaxyx.dll [2007-11-13 06:02 35328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"gptrIHYWjPNsp"= {B44B96E8-1EE1-3C42-111F-9A50A3BBCE46} - C:\WINDOWS\system32\sxp.dll [2006-11-12 13:33 14848]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayaxyx]
yayaxyx.dll 2007-11-13 06:02 35328 C:\WINDOWS\system32\yayaxyx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=???????????????


.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 11:28:00 C:\WINDOWS\Tasks\HP Usg Daily FY04.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-02 06:48:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-02 6:52:15 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-01 20:41
C:\ComboFix3.txt ... 2007-11-05 06:28
.
--- E O F ---

Incident Status Location

Virus:Trj/Downloader.MDW Disinfected Operating system
Adware:Adware/CWS.Searchmeup Not disinfected C:\WINDOWS\system32\sxp.dll
Virus:Trj/Downloader.MDW Disinfected Operating system
Adware:adware/eshopper Not disinfected c:\windows\system32\ESHOPEE.exe
Adware:adware/popuper Not disinfected c:\windows\system32\msole32.exe
Potentially unwanted tool:application/activitymon Not disinfected c:\program files\amsys
Adware:adware/activshopper Not disinfected c:\program files\e-zshopper
Adware:adware/sqwire Not disinfected Windows Registry
Adware:adware/adbars Not disinfected Windows Registry
Dialer:dialer.xd Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}
Adware:adware/activesearch Not disinfected Windows Registry
Adware:adware/deskwizz Not disinfected Windows Registry
Adware:adware/404search Not disinfected Windows Registry
Adware:adware/adblaster Not disinfected Windows Registry
Adware:adware/adsincontext Not disinfected Windows Registry
Adware:Adware/BraveSentry Not disinfected C:\Documents and Settings\ie_update3r.exe
Potentially unwanted tool:Application/Win-Touch Not disinfected C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft\qbdrmc.exe
Potentially unwanted tool:Application/Win-Touch Not disinfected C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\lqfljh.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Owner\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Owner\Desktop\ComboFix.exe[nircmd.cfexe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\My Documents\VirtumundoBeGone.exe
Virus:Trj/Xorpix.V Disinfected C:\qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Documents\Settings\partnership.dll.vir
Possible Virus. Not disinfected C:\qoobox\Quarantine\C\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\WinTouch\WinTouch.exe.vir
Potentially unwanted tool:Application/Win-Touch Not disinfected C:\qoobox\Quarantine\C\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\WinTouch\WTUninstaller.exe.vir
Potentially unwanted tool:Application/Win-Touch Not disinfected C:\qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\WinTouch\WTUninstaller.exe.vir
Potentially unwanted tool:Application/Win-Touch Not disinfected C:\qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\WinTouch.vir\WTUninstaller.exe
Adware:Adware/Sqwire Not disinfected C:\qoobox\Quarantine\C\Program Files\Common Files\rmww\rmwwa.exe.vir
Adware:Adware/Sqwire Not disinfected C:\qoobox\Quarantine\C\Program Files\Common Files\rmww\rmwwd\rmwwc.dll.vir
Adware:Adware/Sqwire Not disinfected C:\qoobox\Quarantine\C\Program Files\Common Files\rmww\rmwwl.exe.vir
Adware:Adware/Sqwire Not disinfected C:\qoobox\Quarantine\C\Program Files\Common Files\rmww\rmwwm.exe.vir
Adware:Adware/Sqwire Not disinfected C:\qoobox\Quarantine\C\Program Files\Common Files\rmww\rmwwp.exe.vir
Adware:Adware/PurityScan Not disinfected C:\qoobox\Quarantine\C\Program Files\Common Files\Yazzle1560OinAdmin.exe.vir
Virus:Generic Malware Disinfected C:\qoobox\Quarantine\C\Program Files\Messenger\lavuha.dll.vir
Virus:Generic Malware Disinfected C:\qoobox\Quarantine\C\Program Files\Messenger\lavuha75.dll.vir
Virus:Generic Malware Disinfected C:\qoobox\Quarantine\C\Program Files\p2pnetworks\lavuha.dll.vir
Virus:Trj/WinAble.A Disinfected C:\qoobox\Quarantine\C\Program Files\Temporary\wininstall.exe.vir
Virus:Generic Trojan Disinfected C:\qoobox\Quarantine\C\Program Files\Web Buying\v1.8.3\webbuying.exe.vir
Virus:Trj/Downloader.MDW Disinfected C:\qoobox\Quarantine\C\Program Files\Web Buying\v1.8.5\wbuninst.exe.vir
Virus:Generic Trojan Disinfected C:\qoobox\Quarantine\C\Program Files\Web Buying\v1.8.5\webbuying.exe.vir
Adware:Adware/Maxifiles Not disinfected C:\qoobox\Quarantine\C\Program Files\WinAble\winable.exe.vir
Virus:Generic Malware Disinfected C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\AsAgents.dll.vir
Virus:Generic Malware Disinfected C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\fopnl.dll.vir
Spyware:Application/ErrorProtector Not disinfected C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\InstHelp.exe.vir
Virus:Generic Malware Disinfected C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\InstUp.exe.vir
Virus:Generic Malware Disinfected C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\shellext.dll.vir
Virus:Generic Malware Disinfected C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\UnWizard.exe.vir
Adware:Adware/WinAntiSpyware Not disinfected C:\qoobox\Quarantine\C\Program Files\WinAntiSpyware 2007\was7.exe.vir
Adware:Adware/TTC Not disinfected C:\qoobox\Quarantine\C\Program Files\Windows Media Player\hoke4444.dll.vir
Adware:Adware/TTC Not disinfected C:\qoobox\Quarantine\C\Program Files\Windows Media Player\hoke83122.dll.vir
Virus:Generic Malware Disinfected C:\qoobox\Quarantine\C\WINDOWS\b103.exe.vir
Virus:Generic Trojan Disinfected C:\qoobox\Quarantine\C\WINDOWS\b104.exe.vir
Virus:Trj/Downloader.MDW Disinfected C:\qoobox\Quarantine\C\WINDOWS\b122.exe.vir
Virus:Trj/Downloader.PLQ Disinfected C:\qoobox\Quarantine\C\WINDOWS\b138.exe.vir
Virus:Generic Trojan Disinfected C:\qoobox\Quarantine\C\WINDOWS\NOTEDAD.EXE.vir
Virus:Trj/Downloader.QUJ Disinfected C:\qoobox\Quarantine\C\WINDOWS\svchost.exe.vir
Adware:Adware/DollarRevenue Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\atmtd.dll.vir
Adware:Adware/DollarRevenue Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\atmtd.dll._.vir
Potentially unwanted tool:Application/WinAntivirus Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\FOPN.sys.vir
Virus:Generic Trojan Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\ip6fw.sys.vir
Hacktool:Rootkit/Spammer.AEL Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\runtime2.sys.vir
Virus:W32/Gaobot.OXI.worm Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\f02WtR\f02WtR1065.exe.vir
Adware:Adware/ISearch Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\f1\dnslook11.exe.vir
Adware:Adware/PurityScan Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\gpfcdle.dll.vir
Adware:Adware/TTC Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\h2\jumper83122.exe.vir
Virus:Trj/Lydra.Y Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\inf\scrsys16_071106.dll.vir
Virus:Rootkit/Lanman.BE Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\lanmandrv.sys.vir
Virus:Generic Malware Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\nteyexl.dll.vir
Adware:Adware/WebSearch Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\pgd.dll.vir
Adware:Adware/Zenosearch Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\pwinomds.exe.vir
Adware:Adware/Zenosearch Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\pwinomdt.exe.vir
Virus:Trj/Downloader.RBV Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\r2\revdrive33b.exe.vir
Virus:Generic Malware Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\stera.exe.vir
Adware:Adware/Sqwire Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\tsuninst.exe.vir
Potentially unwanted tool:Application/UltimateCleaner Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\uaiodtpw\uaiodtpw3.exe.vir
Virus:Trj/Downloader.RCJ Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\update224.exe.vir
Virus:Trj/Xorpix.V Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\update228.exe.vir
Virus:Trj/SmallProxy.AD Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\update232.exe.vir
Virus:Trj/SmallProxy.AD Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\update250.exe.vir
Virus:Trj/SmallProxy.AD Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\update251.exe.vir
Virus:Trj/MultiDropper.RDX Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\update252.exe.vir
Virus:Trj/Lydra.Y Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\winsys16_071106.dll.vir
Adware:Adware/BraveSentry Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\_svchost.exe.vir
Adware:Adware/BraveSentry Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir
Adware:Adware/TTC Not disinfected C:\qoobox\Quarantine\C\WINDOWS\tk58.exe.vir
Adware:Adware/CommAd Not disinfected C:\qoobox\Quarantine\C\WINDOWS\TmljayBHb2xkbWFu\asappsrv.dll.vir
Adware:Adware/CommAd Not disinfected C:\qoobox\Quarantine\C\WINDOWS\TmljayBHb2xkbWFu\command.exe.vir
Adware:Adware/TTC Not disinfected C:\qoobox\Quarantine\C\WINDOWS\TTC-4444.exe.vir
Adware:Adware/SearchAid Not disinfected C:\qoobox\Quarantine\C\WINDOWS\uninstall_nmon.vbs.vir
Possible Virus. Not disinfected C:\qoobox\Quarantine\catchme2007-11-05_ 61215.65.zip[WinTouch.exe]
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\efcayvs.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\mljhihe.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\nnnmkll.dll.bad
Adware:Adware/SpyAway Not disinfected C:\WINDOWS\fkwggshm.exe
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\mrofinu801.exe.tmp
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Virus:Trj/Downloader.PNC Disinfected C:\WINDOWS\retadpu1000106.exe.tmp
Virus:Trj/Downloader.PUT Disinfected C:\WINDOWS\system32\capcom\nab22011.exe
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\system32\cfig322\icm33o.exe
Adware:Adware/Suurch Not disinfected C:\WINDOWS\system32\d4ghggf4g.dll
Virus:W32/Whybo.C.worm Disinfected C:\WINDOWS\system32\dllcache\winlogon.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\drivers\kcp.sys
Adware:Adware/ISearch Not disinfected C:\WINDOWS\system32\drvr2\bbc002nws.exe
Adware:Adware/Suurch Not disinfected C:\WINDOWS\system32\jkd845jg.dll
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\mstscex.dll
Virus:Trj/DisableKey.BL Disinfected C:\WINDOWS\system32\npdl.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\oleauth32.dll
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\ramtmb.dll
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\system32\romtmb.dll
Spyware:Spyware/SecureCenter Not disinfected C:\WINDOWS\system32\vvgeowbv.exe
Virus:Trj/Downloader.QKJ Disinfected C:\WINDOWS\system32\wbem\csrss.exe
Virus:W32/Whybo.C.worm Disinfected C:\WINDOWS\system32\winlogon.exe
Virus:Generic Malware Disinfected C:\WINDOWS\tsitra1000106.exe.tmp

#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 17 November 2007 - 05:37 PM

Reboot into Safe Mode and delete the following files:

C:\WINDOWS\system32\sxp.dll
C:\windows\system32\ESHOPEE.exe
c:\windows\system32\msole32.exe
C:\Documents and Settings\ie_update3r.exe
C:\WINDOWS\fkwggshm.exe
C:\WINDOWS\mrofinu801.exe.tmp
C:\WINDOWS\system32\d4ghggf4g.dll
C:\WINDOWS\system32\jkd845jg.dll
C:\WINDOWS\system32\vvgeowbv.exe

Then after rebooting back into Normal Mode I'd like a new HijackThis log and a new Combofix log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 blondie32

blondie32
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 04 December 2007 - 09:48 AM

Todd Dickinson
Interactive Financial

517.540.1314
Fax 517.540.1315
Cell 517.404.2832




--------------------------------------------------------------------------------
Be a better pen pal. Text or chat with friends inside Yahoo! Mail. See how.
Plain Text Attachment [ Scan and Save to Computer ]

Charles,
Here is the two logs you requested. 3 of the files were not found for deletion.

ComboFix 07-11-19.4C - Owner 2007-11-23 5:34:12.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.28 [GMT
-8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions
)))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\DefLib.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services
)))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\SysLibrary


((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23
)))))))))))))))))))))))))))))))
.

2007-11-15 16:40 <DIR> d-------- C:\WINDOWS\PerfInfo
2007-11-13 06:09 35,328 --a------ C:\WINDOWS\system32\hggfecd.dll
2007-11-13 06:06 53,248 --------- C:\WINDOWS\system32\mstscex.dll
2007-11-13 06:06 140 --a------ C:\WINDOWS\system32\UPDCE9~1.bat
2007-11-13 06:02 <DIR> d-------- C:\Temp\abW9
2007-11-12 13:54 <DIR> d-------- C:\Program Files\Ptpcwjbm
2007-11-12 13:54 <DIR> d-------- C:\Program Files\Efqvbxvd
2007-11-12 13:50 <DIR> d-------- C:\Program Files\zuvydope
2007-11-12 13:50 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
2007-11-12 13:50 11 --a------ C:\WINDOWS\system32\din.ip
2007-11-12 13:50 4 --a------ C:\WINDOWS\system32\jpewocmz.ini
2007-11-12 13:49 21,504 --a------ C:\WINDOWS\system32\aivskurq.dll
2007-11-12 13:43 35,840 --a------ C:\WINDOWS\mrofinu801.exe
2007-11-12 13:42 2,528 --a------ C:\WINDOWS\system32\sft.res
2007-11-12 13:34 29 --a------ C:\WINDOWS\system32\duytudhg.tmp
2007-11-12 13:33 400 --a------ C:\WINDOWS\system32\sysservice.dll
2007-11-12 13:31 43,008 --a------ C:\WINDOWS\system32\sysservice.exe
2007-11-12 13:30 1 --a------ C:\WINDOWS\system32\RunOnce.tmp
2007-11-12 13:28 1 --a------ C:\WINDOWS\system32\rc.dat
2007-11-12 13:28 1 --a------ C:\WINDOWS\system32\ps1.dat
2007-11-12 13:28 1 --a------ C:\WINDOWS\system32\cs.dat
2007-11-12 13:28 1 --a------ C:\WINDOWS\system32\cookie1.dat
2007-11-12 13:23 185 --a------ C:\WINDOWS\system32\mywehit.ini
2007-11-12 13:06 53,760 --a------ C:\WINDOWS\system32\nortn32.dll
2007-11-06 11:59 52,736 --a------ C:\WINDOWS\system32\ramtask.dll
2007-11-06 10:45 77,824 --a------ C:\WINDOWS\MicroSoft.pif
2007-11-06 10:45 198 --a------ C:\WINDOWS\MicroSoft.vbs
2007-11-06 10:33 32,768 --a------ C:\WINDOWS\yahooo.exe
2007-11-06 10:32 20,480 --a------ C:\WINDOWS\quit.exe
2007-11-02 12:30 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-02 05:33 <DIR> d-------- C:\Documents and Settings\All
Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-11-01 22:09 213 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2007-11-01 22:03 6 --a------ C:\WINDOWS\system32\lt.res
2007-11-01 20:14 27,136 --------- C:\WINDOWS\system32\romtmb.dll
2007-11-01 19:59 88 --a------ C:\WINDOWS\system32\sznf.ascii
2007-10-26 09:32 <DIR> d-------- C:\Documents and
Settings\LocalService.NT AUTHORITY.000\Application Data\Yahoo!
2007-10-24 09:46 14,848 --a------
C:\WINDOWS\system32\drivers\kbdhid.sys
2007-10-24 09:46 12,160 --a------
C:\WINDOWS\system32\drivers\mouhid.sys
2007-10-24 09:46 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report
))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 14:31 --------- d-----w C:\Program Files\Microsoft
AntiSpyware
2007-11-13 14:02 35,328 ----a-w C:\WINDOWS\system32\yayaxyx.dll
2007-11-12 21:32 53,248 ----a-w C:\WINDOWS\system32\windetn2.exe
2007-11-06 21:07 10,240 ----a-w C:\WINDOWS\system32\winsock2.dll
2007-11-02 06:21 --------- d-----w C:\Program Files\LexmarkX73
2007-11-02 06:18 --------- d-----w C:\Program Files\AIM
2007-11-02 04:23 --------- d-----w C:\Program Files\Yahoo!
2007-11-02 04:00 14,868 --sh--w C:\WINDOWS\system32\accdd.bak2
2007-05-11 17:42 67,968 ----a-w C:\Documents and
Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2003-11-16 00:48 73,728 ----a-w C:\Documents and Settings\All
Users.WINDOWS\Application Data\ujipwpmr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{03E384D6-E1A7-792A-1851-0AC16EF38DE4}]
2003-11-15 16:48 98304 --a------ C:\Program Files\Xancostw\vrvgjhrl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE}]
2007-11-13 06:02 35328 --a------ C:\WINDOWS\system32\yayaxyx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{2B59A30B-E773-4c5f-BD26-080B7D3AB3F8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{3473c604-1dd2-11b2-8ca7-b0d2501c92ba}]
2003-11-15 16:42 73728 --a------ C:\WINDOWS\ovwxsdqd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{54C7D1DD-4296-451e-B756-1E94F665B4FF}]
2003-11-15 16:50 9216 --a------ C:\WINDOWS\system32\yatool.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{A4775221-29B3-41B1-A7E1-A1ED4B1BB431}]
2003-11-15 16:49 321632 --------- C:\WINDOWS\system32\ddcca.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{BF442538-BE32-4055-A549-2F3B699F55EB}]
2007-11-12 13:49 21504 --a------ C:\WINDOWS\system32\aivskurq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B}]
2007-11-01 20:14 27136 --------- C:\WINDOWS\system32\romtmb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{FF37362D-4088-4c36-AEF1-C167F9CD3DAD}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 05:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:06]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 14:08]
"updateMgr"="C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 10:49]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 09:36]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 09:31]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
[2005-07-12 14:35]
"SunJavaUpdateSched"="C:\Program
Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
"Lexmark X73 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe"
[2001-05-16 22:01]
"Lexmark X73 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe"
[2001-07-11 10:08]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe"
[2001-08-17 06:00]
"HP Software Update"="C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe" [2004-09-13 14:49]
"HPDJ Taskbar
Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 02:28]
"HPHUPD06"="C:\Program
Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-06 20:53]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
[2004-05-12 14:18]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-06 20:42]
"{B9-96-6E-E7-ZN}"="C:\windows\system32\lndsrngp.exe" []
"horydyva"="C:\Program Files\Windows NT\horydyva22011.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Insider"="C:\Program Files\Insider\Insider.exe" []
"Waoa"="C:\WINDOWS\system32\ICROSO~1\services.exe" []
"Xcofg"="C:\WINDOWS\??sembly\notepad.exe" []
"WinTouch"="C:\Documents and Settings\LocalService.NT
AUTHORITY.000\Application Data\WinTouch\WinTouch.exe" []
"SfKg6w"="C:\Documents and Settings\LocalService.NT
AUTHORITY.000\Application Data\Microsoft\qbdrmc.exe" [2007-11-12 20:47]
"rmww"="C:\PROGRA~1\COMMON~1\rmww\rmwwm.exe" []

C:\Documents and Settings\All Users.WINDOWS\Start
Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital
Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital
Imaging\bin\hpqthb08.exe [2004-11-04 18:50:52]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4567AB12-B980-44A5-B259-9B09EBEA6331}"= C:\Program
Files\WinAntiSpyware 2007\shellext.dll [ ]
"{0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE}"=
C:\WINDOWS\system32\yayaxyx.dll [2007-11-13 06:02 35328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"gptrIHYWjPNsp"= {B44B96E8-1EE1-3C42-111F-9A50A3BBCE46} -
C:\WINDOWS\system32\sxp.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\yayaxyx]
yayaxyx.dll 2007-11-13 06:02 35328 C:\WINDOWS\system32\yayaxyx.dll


.
Contents of the 'Scheduled Tasks' folder
"2007-11-23 11:28:02 C:\WINDOWS\Tasks\HP Usg Daily FY04.job"
- C:\Program
Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by
Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 06:31:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

? [2784]
? [2948]
? [3848]
? [3520]
? [4292]
? [4436]
? [4500]
? [4696]
? [4712]
? [4768]
? [4796]
? [4908]
? [4928]
? [4960]
? [5004]
? [5084]
? [8676]
? [8880]
? [8508]
? [8376]
? [10420]
? [10428]
? [10460]

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-23 6:35:27 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-19 13:11
C:\ComboFix3.txt ... 2007-11-02 06:52
.
--- E O F ---

Plain Text Attachment [ Scan and Save to Computer ]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:26 AM, on 11/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = :0
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no
file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no
file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no
file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no
file)
O2 - BHO: (no name) - {03E384D6-E1A7-792A-1851-0AC16EF38DE4} -
C:\Program Files\Xancostw\vrvgjhrl.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE} -
C:\WINDOWS\system32\yayaxyx.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no
file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no
file)
O2 - BHO: Editor plugin - {2B59A30B-E773-4c5f-BD26-080B7D3AB3F8} -
ramtask.dll (file missing)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no
file)
O2 - BHO: (no name) - {3473c604-1dd2-11b2-8ca7-b0d2501c92ba} -
C:\WINDOWS\ovwxsdqd.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no
file)
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no
file)
O2 - BHO: Yahoo Toolbar - {54C7D1DD-4296-451e-B756-1E94F665B4FF} -
C:\WINDOWS\system32\yatool.dll
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no
file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no
file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no
file)
O2 - BHO: (no name) - {A4775221-29B3-41B1-A7E1-A1ED4B1BB431} -
C:\WINDOWS\system32\ddcca.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no
file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no
file)
O2 - BHO: aivskurq.msdn_hlp - {BF442538-BE32-4055-A549-2F3B699F55EB} -
C:\WINDOWS\system32\aivskurq.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no
file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no
file)
O2 - BHO: Her - {C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B} -
C:\WINDOWS\system32\romtmb.dll
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no
file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no
file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no
file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no
file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no
file)
O2 - BHO: Flash Module - {FF37362D-4088-4c36-AEF1-C167F9CD3DAD} -
nortn32.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor]
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager]
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program
Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [{B9-96-6E-E7-ZN}] C:\windows\system32\lndsrngp.exe
CHD003
O4 - HKLM\..\Run: [horydyva] C:\Program Files\Windows
NT\horydyva22011.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search
& Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Insider] C:\Program
Files\Insider\Insider.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Waoa]
"C:\WINDOWS\system32\ICROSO~1\services.exe" -vt yazb (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Xcofg] C:\WINDOWS\??sembly\notepad.exe
(User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WinTouch] C:\Documents and
Settings\LocalService.NT AUTHORITY.000\Application Data\WinTouch\WinTouch.exe (User
'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SfKg6w] C:\Documents and
Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft\qbdrmc.exe (User
'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [rmww] C:\PROGRA~1\COMMON~1\rmww\rmwwm.exe
(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Insider] C:\Program
Files\Insider\Insider.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: winsock2.dll
O10 - Unknown file in Winsock LSP: winsock2.dll
O10 - Unknown file in Winsock LSP: winsock2.dll
O10 - Unknown file in Winsock LSP: winsock2.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class)
- http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
- http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: yayaxyx - C:\WINDOWS\SYSTEM32\yayaxyx.dll
O21 - SSODL: gptrIHYWjPNsp - {B44B96E8-1EE1-3C42-111F-9A50A3BBCE46} -
C:\WINDOWS\system32\sxp.dll (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company -
C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company -
C:\WINDOWS\system32\hpboid.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microsoft Inet Service - Unknown owner -
C:\WINDOWS\system32\_svchost.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9104 bytes


Thanks,

#10 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 05 December 2007 - 05:21 PM

The current formatting of your log makes it difficult to read, so open up Notepad.
On top, click Format then uncheck "Word Wrap".
Please post me a new HijackThis and Combofix log now this option has been turned off.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#11 blondie32

blondie32
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 13 December 2007 - 11:00 AM

Hope this helps.

ComboFix 07-11-19.4C - Owner 2007-11-23 5:34:12.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.28 [GMT
-8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions
)))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\DefLib.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services
)))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\SysLibrary


((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23
)))))))))))))))))))))))))))))))
.

2007-11-15 16:40 <DIR> d-------- C:\WINDOWS\PerfInfo
2007-11-13 06:09 35,328 --a------ C:\WINDOWS\system32\hggfecd.dll
2007-11-13 06:06 53,248 --------- C:\WINDOWS\system32\mstscex.dll
2007-11-13 06:06 140 --a------ C:\WINDOWS\system32\UPDCE9~1.bat
2007-11-13 06:02 <DIR> d-------- C:\Temp\abW9
2007-11-12 13:54 <DIR> d-------- C:\Program Files\Ptpcwjbm
2007-11-12 13:54 <DIR> d-------- C:\Program Files\Efqvbxvd
2007-11-12 13:50 <DIR> d-------- C:\Program Files\zuvydope
2007-11-12 13:50 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
2007-11-12 13:50 11 --a------ C:\WINDOWS\system32\din.ip
2007-11-12 13:50 4 --a------ C:\WINDOWS\system32\jpewocmz.ini
2007-11-12 13:49 21,504 --a------ C:\WINDOWS\system32\aivskurq.dll
2007-11-12 13:43 35,840 --a------ C:\WINDOWS\mrofinu801.exe
2007-11-12 13:42 2,528 --a------ C:\WINDOWS\system32\sft.res
2007-11-12 13:34 29 --a------ C:\WINDOWS\system32\duytudhg.tmp
2007-11-12 13:33 400 --a------ C:\WINDOWS\system32\sysservice.dll
2007-11-12 13:31 43,008 --a------ C:\WINDOWS\system32\sysservice.exe
2007-11-12 13:30 1 --a------ C:\WINDOWS\system32\RunOnce.tmp
2007-11-12 13:28 1 --a------ C:\WINDOWS\system32\rc.dat
2007-11-12 13:28 1 --a------ C:\WINDOWS\system32\ps1.dat
2007-11-12 13:28 1 --a------ C:\WINDOWS\system32\cs.dat
2007-11-12 13:28 1 --a------ C:\WINDOWS\system32\cookie1.dat
2007-11-12 13:23 185 --a------ C:\WINDOWS\system32\mywehit.ini
2007-11-12 13:06 53,760 --a------ C:\WINDOWS\system32\nortn32.dll
2007-11-06 11:59 52,736 --a------ C:\WINDOWS\system32\ramtask.dll
2007-11-06 10:45 77,824 --a------ C:\WINDOWS\MicroSoft.pif
2007-11-06 10:45 198 --a------ C:\WINDOWS\MicroSoft.vbs
2007-11-06 10:33 32,768 --a------ C:\WINDOWS\yahooo.exe
2007-11-06 10:32 20,480 --a------ C:\WINDOWS\quit.exe
2007-11-02 12:30 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-02 05:33 <DIR> d-------- C:\Documents and Settings\All
Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-11-01 22:09 213 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2007-11-01 22:03 6 --a------ C:\WINDOWS\system32\lt.res
2007-11-01 20:14 27,136 --------- C:\WINDOWS\system32\romtmb.dll
2007-11-01 19:59 88 --a------ C:\WINDOWS\system32\sznf.ascii
2007-10-26 09:32 <DIR> d-------- C:\Documents and
Settings\LocalService.NT AUTHORITY.000\Application Data\Yahoo!
2007-10-24 09:46 14,848 --a------
C:\WINDOWS\system32\drivers\kbdhid.sys
2007-10-24 09:46 12,160 --a------
C:\WINDOWS\system32\drivers\mouhid.sys
2007-10-24 09:46 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report
))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 14:31 --------- d-----w C:\Program Files\Microsoft
AntiSpyware
2007-11-13 14:02 35,328 ----a-w C:\WINDOWS\system32\yayaxyx.dll
2007-11-12 21:32 53,248 ----a-w C:\WINDOWS\system32\windetn2.exe
2007-11-06 21:07 10,240 ----a-w C:\WINDOWS\system32\winsock2.dll
2007-11-02 06:21 --------- d-----w C:\Program Files\LexmarkX73
2007-11-02 06:18 --------- d-----w C:\Program Files\AIM
2007-11-02 04:23 --------- d-----w C:\Program Files\Yahoo!
2007-11-02 04:00 14,868 --sh--w C:\WINDOWS\system32\accdd.bak2
2007-05-11 17:42 67,968 ----a-w C:\Documents and
Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2003-11-16 00:48 73,728 ----a-w C:\Documents and Settings\All
Users.WINDOWS\Application Data\ujipwpmr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{03E384D6-E1A7-792A-1851-0AC16EF38DE4}]
2003-11-15 16:48 98304 --a------ C:\Program Files\Xancostw\vrvgjhrl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE}]
2007-11-13 06:02 35328 --a------ C:\WINDOWS\system32\yayaxyx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{2B59A30B-E773-4c5f-BD26-080B7D3AB3F8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{3473c604-1dd2-11b2-8ca7-b0d2501c92ba}]
2003-11-15 16:42 73728 --a------ C:\WINDOWS\ovwxsdqd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{54C7D1DD-4296-451e-B756-1E94F665B4FF}]
2003-11-15 16:50 9216 --a------ C:\WINDOWS\system32\yatool.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{A4775221-29B3-41B1-A7E1-A1ED4B1BB431}]
2003-11-15 16:49 321632 --------- C:\WINDOWS\system32\ddcca.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{BF442538-BE32-4055-A549-2F3B699F55EB}]
2007-11-12 13:49 21504 --a------ C:\WINDOWS\system32\aivskurq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B}]
2007-11-01 20:14 27136 --------- C:\WINDOWS\system32\romtmb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{FF37362D-4088-4c36-AEF1-C167F9CD3DAD}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 05:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:06]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 14:08]
"updateMgr"="C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 10:49]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 09:36]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 09:31]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
[2005-07-12 14:35]
"SunJavaUpdateSched"="C:\Program
Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
"Lexmark X73 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe"
[2001-05-16 22:01]
"Lexmark X73 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe"
[2001-07-11 10:08]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe"
[2001-08-17 06:00]
"HP Software Update"="C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe" [2004-09-13 14:49]
"HPDJ Taskbar
Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 02:28]
"HPHUPD06"="C:\Program
Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-06 20:53]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
[2004-05-12 14:18]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-06 20:42]
"{B9-96-6E-E7-ZN}"="C:\windows\system32\lndsrngp.exe" []
"horydyva"="C:\Program Files\Windows NT\horydyva22011.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Insider"="C:\Program Files\Insider\Insider.exe" []
"Waoa"="C:\WINDOWS\system32\ICROSO~1\services.exe" []
"Xcofg"="C:\WINDOWS\??sembly\notepad.exe" []
"WinTouch"="C:\Documents and Settings\LocalService.NT
AUTHORITY.000\Application Data\WinTouch\WinTouch.exe" []
"SfKg6w"="C:\Documents and Settings\LocalService.NT
AUTHORITY.000\Application Data\Microsoft\qbdrmc.exe" [2007-11-12 20:47]
"rmww"="C:\PROGRA~1\COMMON~1\rmww\rmwwm.exe" []

C:\Documents and Settings\All Users.WINDOWS\Start
Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital
Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital
Imaging\bin\hpqthb08.exe [2004-11-04 18:50:52]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4567AB12-B980-44A5-B259-9B09EBEA6331}"= C:\Program
Files\WinAntiSpyware 2007\shellext.dll [ ]
"{0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE}"=
C:\WINDOWS\system32\yayaxyx.dll [2007-11-13 06:02 35328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"gptrIHYWjPNsp"= {B44B96E8-1EE1-3C42-111F-9A50A3BBCE46} -
C:\WINDOWS\system32\sxp.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\yayaxyx]
yayaxyx.dll 2007-11-13 06:02 35328 C:\WINDOWS\system32\yayaxyx.dll


.
Contents of the 'Scheduled Tasks' folder
"2007-11-23 11:28:02 C:\WINDOWS\Tasks\HP Usg Daily FY04.job"
- C:\Program
Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by
Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 06:31:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

? [2784]
? [2948]
? [3848]
? [3520]
? [4292]
? [4436]
? [4500]
? [4696]
? [4712]
? [4768]
? [4796]
? [4908]
? [4928]
? [4960]
? [5004]
? [5084]
? [8676]
? [8880]
? [8508]
? [8376]
? [10420]
? [10428]
? [10460]

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-23 6:35:27 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-19 13:11
C:\ComboFix3.txt ... 2007-11-02 06:52
.
--- E O F ---
ComboFix 07-11-19.4C - Owner 2007-11-23 5:34:12.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.28 [GMT
-8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions
)))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\DefLib.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services
)))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\SysLibrary


((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23
)))))))))))))))))))))))))))))))
.

2007-11-15 16:40 <DIR> d-------- C:\WINDOWS\PerfInfo
2007-11-13 06:09 35,328 --a------ C:\WINDOWS\system32\hggfecd.dll
2007-11-13 06:06 53,248 --------- C:\WINDOWS\system32\mstscex.dll
2007-11-13 06:06 140 --a------ C:\WINDOWS\system32\UPDCE9~1.bat
2007-11-13 06:02 <DIR> d-------- C:\Temp\abW9
2007-11-12 13:54 <DIR> d-------- C:\Program Files\Ptpcwjbm
2007-11-12 13:54 <DIR> d-------- C:\Program Files\Efqvbxvd
2007-11-12 13:50 <DIR> d-------- C:\Program Files\zuvydope
2007-11-12 13:50 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
2007-11-12 13:50 11 --a------ C:\WINDOWS\system32\din.ip
2007-11-12 13:50 4 --a------ C:\WINDOWS\system32\jpewocmz.ini
2007-11-12 13:49 21,504 --a------ C:\WINDOWS\system32\aivskurq.dll
2007-11-12 13:43 35,840 --a------ C:\WINDOWS\mrofinu801.exe
2007-11-12 13:42 2,528 --a------ C:\WINDOWS\system32\sft.res
2007-11-12 13:34 29 --a------ C:\WINDOWS\system32\duytudhg.tmp
2007-11-12 13:33 400 --a------ C:\WINDOWS\system32\sysservice.dll
2007-11-12 13:31 43,008 --a------ C:\WINDOWS\system32\sysservice.exe
2007-11-12 13:30 1 --a------ C:\WINDOWS\system32\RunOnce.tmp
2007-11-12 13:28 1 --a------ C:\WINDOWS\system32\rc.dat
2007-11-12 13:28 1 --a------ C:\WINDOWS\system32\ps1.dat
2007-11-12 13:28 1 --a------ C:\WINDOWS\system32\cs.dat
2007-11-12 13:28 1 --a------ C:\WINDOWS\system32\cookie1.dat
2007-11-12 13:23 185 --a------ C:\WINDOWS\system32\mywehit.ini
2007-11-12 13:06 53,760 --a------ C:\WINDOWS\system32\nortn32.dll
2007-11-06 11:59 52,736 --a------ C:\WINDOWS\system32\ramtask.dll
2007-11-06 10:45 77,824 --a------ C:\WINDOWS\MicroSoft.pif
2007-11-06 10:45 198 --a------ C:\WINDOWS\MicroSoft.vbs
2007-11-06 10:33 32,768 --a------ C:\WINDOWS\yahooo.exe
2007-11-06 10:32 20,480 --a------ C:\WINDOWS\quit.exe
2007-11-02 12:30 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-02 05:33 <DIR> d-------- C:\Documents and Settings\All
Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-11-01 22:09 213 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2007-11-01 22:03 6 --a------ C:\WINDOWS\system32\lt.res
2007-11-01 20:14 27,136 --------- C:\WINDOWS\system32\romtmb.dll
2007-11-01 19:59 88 --a------ C:\WINDOWS\system32\sznf.ascii
2007-10-26 09:32 <DIR> d-------- C:\Documents and
Settings\LocalService.NT AUTHORITY.000\Application Data\Yahoo!
2007-10-24 09:46 14,848 --a------
C:\WINDOWS\system32\drivers\kbdhid.sys
2007-10-24 09:46 12,160 --a------
C:\WINDOWS\system32\drivers\mouhid.sys
2007-10-24 09:46 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report
))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 14:31 --------- d-----w C:\Program Files\Microsoft
AntiSpyware
2007-11-13 14:02 35,328 ----a-w C:\WINDOWS\system32\yayaxyx.dll
2007-11-12 21:32 53,248 ----a-w C:\WINDOWS\system32\windetn2.exe
2007-11-06 21:07 10,240 ----a-w C:\WINDOWS\system32\winsock2.dll
2007-11-02 06:21 --------- d-----w C:\Program Files\LexmarkX73
2007-11-02 06:18 --------- d-----w C:\Program Files\AIM
2007-11-02 04:23 --------- d-----w C:\Program Files\Yahoo!
2007-11-02 04:00 14,868 --sh--w C:\WINDOWS\system32\accdd.bak2
2007-05-11 17:42 67,968 ----a-w C:\Documents and
Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2003-11-16 00:48 73,728 ----a-w C:\Documents and Settings\All
Users.WINDOWS\Application Data\ujipwpmr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{03E384D6-E1A7-792A-1851-0AC16EF38DE4}]
2003-11-15 16:48 98304 --a------ C:\Program Files\Xancostw\vrvgjhrl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE}]
2007-11-13 06:02 35328 --a------ C:\WINDOWS\system32\yayaxyx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{2B59A30B-E773-4c5f-BD26-080B7D3AB3F8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{3473c604-1dd2-11b2-8ca7-b0d2501c92ba}]
2003-11-15 16:42 73728 --a------ C:\WINDOWS\ovwxsdqd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{54C7D1DD-4296-451e-B756-1E94F665B4FF}]
2003-11-15 16:50 9216 --a------ C:\WINDOWS\system32\yatool.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{A4775221-29B3-41B1-A7E1-A1ED4B1BB431}]
2003-11-15 16:49 321632 --------- C:\WINDOWS\system32\ddcca.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{BF442538-BE32-4055-A549-2F3B699F55EB}]
2007-11-12 13:49 21504 --a------ C:\WINDOWS\system32\aivskurq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B}]
2007-11-01 20:14 27136 --------- C:\WINDOWS\system32\romtmb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{FF37362D-4088-4c36-AEF1-C167F9CD3DAD}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 05:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:06]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 14:08]
"updateMgr"="C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 10:49]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 09:36]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 09:31]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
[2005-07-12 14:35]
"SunJavaUpdateSched"="C:\Program
Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
"Lexmark X73 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe"
[2001-05-16 22:01]
"Lexmark X73 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe"
[2001-07-11 10:08]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe"
[2001-08-17 06:00]
"HP Software Update"="C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe" [2004-09-13 14:49]
"HPDJ Taskbar
Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 02:28]
"HPHUPD06"="C:\Program
Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-06 20:53]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
[2004-05-12 14:18]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-06 20:42]
"{B9-96-6E-E7-ZN}"="C:\windows\system32\lndsrngp.exe" []
"horydyva"="C:\Program Files\Windows NT\horydyva22011.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Insider"="C:\Program Files\Insider\Insider.exe" []
"Waoa"="C:\WINDOWS\system32\ICROSO~1\services.exe" []
"Xcofg"="C:\WINDOWS\??sembly\notepad.exe" []
"WinTouch"="C:\Documents and Settings\LocalService.NT
AUTHORITY.000\Application Data\WinTouch\WinTouch.exe" []
"SfKg6w"="C:\Documents and Settings\LocalService.NT
AUTHORITY.000\Application Data\Microsoft\qbdrmc.exe" [2007-11-12 20:47]
"rmww"="C:\PROGRA~1\COMMON~1\rmww\rmwwm.exe" []

C:\Documents and Settings\All Users.WINDOWS\Start
Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital
Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital
Imaging\bin\hpqthb08.exe [2004-11-04 18:50:52]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4567AB12-B980-44A5-B259-9B09EBEA6331}"= C:\Program
Files\WinAntiSpyware 2007\shellext.dll [ ]
"{0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE}"=
C:\WINDOWS\system32\yayaxyx.dll [2007-11-13 06:02 35328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"gptrIHYWjPNsp"= {B44B96E8-1EE1-3C42-111F-9A50A3BBCE46} -
C:\WINDOWS\system32\sxp.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\yayaxyx]
yayaxyx.dll 2007-11-13 06:02 35328 C:\WINDOWS\system32\yayaxyx.dll


.
Contents of the 'Scheduled Tasks' folder
"2007-11-23 11:28:02 C:\WINDOWS\Tasks\HP Usg Daily FY04.job"
- C:\Program
Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by
Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 06:31:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

? [2784]
? [2948]
? [3848]
? [3520]
? [4292]
? [4436]
? [4500]
? [4696]
? [4712]
? [4768]
? [4796]
? [4908]
? [4928]
? [4960]
? [5004]
? [5084]
? [8676]
? [8880]
? [8508]
? [8376]
? [10420]
? [10428]
? [10460]

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-23 6:35:27 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-19 13:11
C:\ComboFix3.txt ... 2007-11-02 06:52
.
--- E O F ---

Plain Text Attachment [ Scan and Save to Computer ]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:26 AM, on 11/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = :0
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no
file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no
file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no
file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no
file)
O2 - BHO: (no name) - {03E384D6-E1A7-792A-1851-0AC16EF38DE4} -
C:\Program Files\Xancostw\vrvgjhrl.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE} -
C:\WINDOWS\system32\yayaxyx.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no
file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no
file)
O2 - BHO: Editor plugin - {2B59A30B-E773-4c5f-BD26-080B7D3AB3F8} -
ramtask.dll (file missing)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no
file)
O2 - BHO: (no name) - {3473c604-1dd2-11b2-8ca7-b0d2501c92ba} -
C:\WINDOWS\ovwxsdqd.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no
file)
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no
file)
O2 - BHO: Yahoo Toolbar - {54C7D1DD-4296-451e-B756-1E94F665B4FF} -
C:\WINDOWS\system32\yatool.dll
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no
file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no
file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no
file)
O2 - BHO: (no name) - {A4775221-29B3-41B1-A7E1-A1ED4B1BB431} -
C:\WINDOWS\system32\ddcca.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no
file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no
file)
O2 - BHO: aivskurq.msdn_hlp - {BF442538-BE32-4055-A549-2F3B699F55EB} -
C:\WINDOWS\system32\aivskurq.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no
file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no
file)
O2 - BHO: Her - {C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B} -
C:\WINDOWS\system32\romtmb.dll
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no
file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no
file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no
file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no
file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no
file)
O2 - BHO: Flash Module - {FF37362D-4088-4c36-AEF1-C167F9CD3DAD} -
nortn32.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor]
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager]
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program
Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [{B9-96-6E-E7-ZN}] C:\windows\system32\lndsrngp.exe
CHD003
O4 - HKLM\..\Run: [horydyva] C:\Program Files\Windows
NT\horydyva22011.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search
& Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Insider] C:\Program
Files\Insider\Insider.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Waoa]
"C:\WINDOWS\system32\ICROSO~1\services.exe" -vt yazb (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Xcofg] C:\WINDOWS\??sembly\notepad.exe
(User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WinTouch] C:\Documents and
Settings\LocalService.NT AUTHORITY.000\Application Data\WinTouch\WinTouch.exe (User
'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SfKg6w] C:\Documents and
Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft\qbdrmc.exe (User
'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [rmww] C:\PROGRA~1\COMMON~1\rmww\rmwwm.exe
(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Insider] C:\Program
Files\Insider\Insider.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: winsock2.dll
O10 - Unknown file in Winsock LSP: winsock2.dll
O10 - Unknown file in Winsock LSP: winsock2.dll
O10 - Unknown file in Winsock LSP: winsock2.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class)
- http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
- http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: yayaxyx - C:\WINDOWS\SYSTEM32\yayaxyx.dll
O21 - SSODL: gptrIHYWjPNsp - {B44B96E8-1EE1-3C42-111F-9A50A3BBCE46} -
C:\WINDOWS\system32\sxp.dll (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company -
C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company -
C:\WINDOWS\system32\hpboid.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microsoft Inet Service - Unknown owner -
C:\WINDOWS\system32\_svchost.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9104 bytes

#12 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 13 December 2007 - 04:35 PM

Hello again,
Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {03E384D6-E1A7-792A-1851-0AC16EF38DE4} - C:\Program Files\Xancostw\vrvgjhrl.dll
O2 - BHO: (no name) - {0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE} - C:\WINDOWS\system32\yayaxyx.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: Editor plugin - {2B59A30B-E773-4c5f-BD26-080B7D3AB3F8} - ramtask.dll (file missing)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {3473c604-1dd2-11b2-8ca7-b0d2501c92ba} - C:\WINDOWS\ovwxsdqd.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {A4775221-29B3-41B1-A7E1-A1ED4B1BB431} - C:\WINDOWS\system32\ddcca.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: aivskurq.msdn_hlp - {BF442538-BE32-4055-A549-2F3B699F55EB} - C:\WINDOWS\system32\aivskurq.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: Her - {C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B} - C:\WINDOWS\system32\romtmb.dll
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: Flash Module - {FF37362D-4088-4c36-AEF1-C167F9CD3DAD} - nortn32.dll (file missing)
O4 - HKLM\..\Run: [{B9-96-6E-E7-ZN}] C:\windows\system32\lndsrngp.exe CHD003
O4 - HKLM\..\Run: [horydyva] C:\Program Files\Windows NT\horydyva22011.exe
O4 - HKUS\S-1-5-18\..\Run: [Waoa] "C:\WINDOWS\system32\ICROSO~1\services.exe" -vt yazb (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Xcofg] C:\WINDOWS\??sembly\notepad.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WinTouch] C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\WinTouch\WinTouch.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SfKg6w] C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft\qbdrmc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [rmww] C:\PROGRA~1\COMMON~1\rmww\rmwwm.exe (User 'SYSTEM')
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: yayaxyx - C:\WINDOWS\SYSTEM32\yayaxyx.dll
O21 - SSODL: gptrIHYWjPNsp - {B44B96E8-1EE1-3C42-111F-9A50A3BBCE46} - C:\WINDOWS\system32\sxp.dll (file missing)
O23 - Service: Microsoft Inet Service - Unknown owner - C:\WINDOWS\system32\_svchost.exe (file missing)


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix checked button.

Open Notepad - don't use any other text editor or the script will fail.
Copy and paste the text in the quote box below into the document:

File::
C:\WINDOWS\system32\hggfecd.dll
C:\WINDOWS\system32\mstscex.dll
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\jpewocmz.ini
C:\WINDOWS\system32\aivskurq.dll
C:\WINDOWS\mrofinu801.exe
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\duytudhg.tmp
C:\WINDOWS\system32\sysservice.dll
C:\WINDOWS\system32\sysservice.exe
C:\WINDOWS\system32\nortn32.dll
C:\WINDOWS\system32\ramtask.dll
C:\WINDOWS\MicroSoft.vbs
C:\WINDOWS\yahooo.exe
C:\WINDOWS\quit.exe
C:\WINDOWS\system32\mywehit.ini
C:\WINDOWS\system32\romtmb.dll
C:\WINDOWS\system32\sznf.ascii
C:\WINDOWS\system32\yayaxyx.dll
C:\WINDOWS\system32\windetn2.exe
C:\WINDOWS\system32\winsock2.dll
C:\WINDOWS\system32\accdd.bak2
C:\Documents and Settings\All Users.WINDOWS\Application Data\ujipwpmr.dll

Folder::
C:\Program Files\Ptpcwjbm
C:\Program Files\Efqvbxvd
C:\Program Files\zuvydope


Save this as txtfile CFScript .
Then drag the CFScript into ComboFix.exe as you see in the screenshot below:

Posted Image

This will start ComboFix again.
A new log will be created, which I would like to see in your reply.

Copy and paste the following text into Notepad:
sc stop "Microsoft Inet Service"
sc delete "Microsoft Inet Service"
Save this as "services.bat". Choose to save as *all files and place it on your Desktop.
Double-click services.bat.

Reboot your computer.

In your reply I'd like the new Combofix log along with a fresh HijackThis log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#13 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 03 January 2008 - 09:25 AM

Due to lack of feedback, this topic is now closed.
If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread.
This applies only to the original topic starter. Everyone else please begin a New Topic.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users