Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Removal


  • Please log in to reply
15 replies to this topic

#1 meflorence

meflorence

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 02 January 2006 - 05:18 PM

I have read your site and run AdAware, Spybot, and all other programs you recommend. Unfortunately nothing seems to be helping. Here is a copy of the log from Hijack This. Thank you in advance.

Best,

Mike


Logfile of HijackThis v1.99.1
Scan saved at 4:15:58 PM, on 1/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
c:\windows\system32\rlvknlg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\hgylopn.exe
C:\WINDOWS\System32\262B2A2D2C2B34.exe
C:\WINDOWS\System32\ccPasswd.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\WINDOWS\System32\igps.exe
C:\WINDOWS\System32\aupdate.exe
C:\Program Files\snss\snss.exe
C:\Program Files\Uqlfg\Nttoi.exe
C:\Program Files\ErrorSafe\ers.exe
C:\Program Files\Common Files\AOL\1131714025\ee\AOLHostManager.exe
C:\windows\system32\rkdsregm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\pgws.exe
C:\WINDOWS\qzyvhcyA.exe
C:\WINDOWS\SYS99.exe
C:\WINDOWS\ms041913535-187.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1131714025\ee\AOLServiceHost.exe
C:\WINDOWS\System32\j?vaw.exe
C:\Program Files\apsi\wtta.exe
C:\Program Files\FCHelp\FCHelp.exe
C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\AOL\1131714025\ee\AOLServiceHost.exe
C:\Program Files\Common Files\VCClient\VCMain.exe
C:\WINDOWS\helper.exe
C:\WINDOWS\System32\wuauclt.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\System32\java.exe
C:\Program Files\Common Files\AOL\1131714025\ee\AOLServiceHost.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\Searchx.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - _{44729575-2CEF-2265-EE94-5530FAD6DE98} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {44729575-2CEF-2265-EE94-5530FAD6DE98} - C:\WINDOWS\System32\kflruc.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {2BCE6A6A-9F26-4A77-A9A7-A68A6C17068D} - C:\WINDOWS\System32\juluwam.dll
O2 - BHO: (no name) - {44729575-2CEF-2265-EE94-5530FAD6DE98} - C:\WINDOWS\System32\kflruc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6F19F538-7C75-54A0-099C-A8EA71F480CA} - C:\WINDOWS\fsayrxtj.dll (file missing)
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\px0.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\Program Files\QL\qlink32.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: BigMeanGorilla.MadAsHell - {FBD2EBD0-E6DF-456E-B300-A4D10A90C683} - C:\WINDOWS\System32\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Search - {6A437122-0AA1-E5DC-AF13-18466EA39D94} - C:\WINDOWS\fsayrxtj.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131714025\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [hgylopn] C:\WINDOWS\hgylopn.exe
O4 - HKLM\..\Run: [878C8B8E8D8C958E] 262B2A2D2C2B34.exe
O4 - HKLM\..\Run: [66cacef8fb00] C:\WINDOWS\System32\ccPasswd.exe
O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\System32\igps.exe"
O4 - HKLM\..\Run: [Auto Updater] C:\WINDOWS\System32\aupdate.exe
O4 - HKLM\..\Run: [snss Launcher] "C:\Program Files\snss\snss.exe"
O4 - HKLM\..\Run: [Uyktj] C:\Program Files\Uqlfg\Nttoi.exe
O4 - HKLM\..\Run: [ErrorSafe] C:\Program Files\ErrorSafe\ers.exe /scan
O4 - HKLM\..\Run: [{CD-DD-DC-C1-ZN}] C:\windows\system32\rkdsregm.exe CORN001
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\nwinlsaw.exe CORN001
O4 - HKLM\..\Run: [qzyvhcyA] C:\WINDOWS\qzyvhcyA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYS99.exe
O4 - HKLM\..\Run: [ms041913535-187] C:\WINDOWS\ms041913535-187.exe
O4 - HKLM\..\RunOnce: [4nvby0l.exe] C:\WINDOWS\System32\4nvby0l.exe /k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Xzgse] C:\WINDOWS\System32\j?vaw.exe
O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
O4 - HKCU\..\Run: [Notn] "C:\Program Files\apsi\wtta.exe" -vt yazr
O4 - HKCU\..\Run: [FCHelp] "C:\Program Files\FCHelp\FCHelp.exe"
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [omuw] C:\PROGRA~1\COMMON~1\omuw\omuwm.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [opmrket] C:\WINDOWS\opmrket.exe
O4 - HKCU\..\RunOnce: [4nvby0l.exe] C:\WINDOWS\System32\4nvby0l.exe /k
O4 - Startup: eTomi Pro On Startup.lnk = C:\Program Files\eTomiPro\Gui\etomipro.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\nwinlsaw.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/257/installer.exe
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0002.exe
O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} - http://www.exfol.com/v/1/i/eins008.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejewele...aploader_v7.cab
O16 - DPF: {FE6A3E85-0F6C-49AD-8843-68FF44E7EEA9} - http://plugin.secureservicepack.com/secureservicepack.cab
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O21 - SSODL: winmgmt - {55C1DC7E-547E-5EA3-34D2-047C3D1630EB} - C:\WINDOWS\help\newfeat4.hlp
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:25 PM

Posted 09 January 2006 - 07:57 PM

This is gonna be long...so be patient.
Do you know what this is?

O4 - HKCU\..\Run: [FCHelp] "C:\Program Files\FCHelp\FCHelp.exe"



Click on start, settings, control panel and double-click on add/remove programs. From with add/remove program uninstall the following if they exist:

Qlink
Surf Sidekick
ErrorSafe
Viewpoint Manager
Viewpoint Toolbar

Then,

Please Download LSPFix from:

LSP-Fix

Disconnect from the Internet and close all Internet Explorer Windows. Run the program and check the "I know what I'm doing" Button and place all listings of c:\windows\system32\rlls.dll into the remove section by clicking on the button that points to the right. When all instances of this dll are in the Remove section. Press the finish button.

Then Reboot.

To see a tutorial on how to use this program click the link below:

Using LSP-Fix to remove LSP Spyware & Hijackers

When you are done do the following:

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\Searchx.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - _{44729575-2CEF-2265-EE94-5530FAD6DE98} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {44729575-2CEF-2265-EE94-5530FAD6DE98} - C:\WINDOWS\System32\kflruc.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {2BCE6A6A-9F26-4A77-A9A7-A68A6C17068D} - C:\WINDOWS\System32\juluwam.dll
O2 - BHO: (no name) - {44729575-2CEF-2265-EE94-5530FAD6DE98} - C:\WINDOWS\System32\kflruc.dll
O2 - BHO: (no name) - {6F19F538-7C75-54A0-099C-A8EA71F480CA} - C:\WINDOWS\fsayrxtj.dll (file missing)
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\px0.dll
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\Program Files\QL\qlink32.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: BigMeanGorilla.MadAsHell - {FBD2EBD0-E6DF-456E-B300-A4D10A90C683} - C:\WINDOWS\System32\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Search - {6A437122-0AA1-E5DC-AF13-18466EA39D94} - C:\WINDOWS\fsayrxtj.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [hgylopn] C:\WINDOWS\hgylopn.exe
O4 - HKLM\..\Run: [878C8B8E8D8C958E] 262B2A2D2C2B34.exe
O4 - HKLM\..\Run: [66cacef8fb00] C:\WINDOWS\System32\ccPasswd.exe
O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\System32\igps.exe"
O4 - HKLM\..\Run: [Auto Updater] C:\WINDOWS\System32\aupdate.exe
O4 - HKLM\..\Run: [snss Launcher] "C:\Program Files\snss\snss.exe"
O4 - HKLM\..\Run: [Uyktj] C:\Program Files\Uqlfg\Nttoi.exe
O4 - HKLM\..\Run: [ErrorSafe] C:\Program Files\ErrorSafe\ers.exe /scan
O4 - HKLM\..\Run: [{CD-DD-DC-C1-ZN}] C:\windows\system32\rkdsregm.exe CORN001
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\nwinlsaw.exe CORN001
O4 - HKLM\..\Run: [qzyvhcyA] C:\WINDOWS\qzyvhcyA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYS99.exe
O4 - HKLM\..\Run: [ms041913535-187] C:\WINDOWS\ms041913535-187.exe
O4 - HKLM\..\RunOnce: [4nvby0l.exe] C:\WINDOWS\System32\4nvby0l.exe /k
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Xzgse] C:\WINDOWS\System32\j?vaw.exe
O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
O4 - HKCU\..\Run: [Notn] "C:\Program Files\apsi\wtta.exe" -vt yazr
O4 - HKCU\..\Run: [FCHelp] "C:\Program Files\FCHelp\FCHelp.exe"
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [omuw] C:\PROGRA~1\COMMON~1\omuw\omuwm.exe
O4 - HKCU\..\Run: [opmrket] C:\WINDOWS\opmrket.exe
O4 - HKCU\..\RunOnce: [4nvby0l.exe] C:\WINDOWS\System32\4nvby0l.exe /k
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\nwinlsaw.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/257/installer.exe
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0002.exe
O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} - http://www.exfol.com/v/1/i/eins008.exe
O16 - DPF: {FE6A3E85-0F6C-49AD-8843-68FF44E7EEA9} - http://plugin.secureservicepack.com/secureservicepack.cab
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dll

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS\System32\Searchx.htm
C:\WINDOWS\System32\kflruc.dll
C:\WINDOWS\System32\juluwam.dll
C:\WINDOWS\System32\kflruc.dll
C:\WINDOWS\system32\px0.dll
C:\WINDOWS\System32\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.dll
C:\WINDOWS\hgylopn.exe
c:\windows\system32\262B2A2D2C2B34.exe
C:\WINDOWS\System32\ccPasswd.exe
C:\WINDOWS\System32\igps.exe
C:\WINDOWS\System32\aupdate.exe
C:\Program Files\snss\
C:\Program Files\Uqlfg\
C:\Program Files\ErrorSafe\
C:\windows\system32\rkdsregm.exe
C:\WINDOWS\System32\nwinlsaw.exe
C:\WINDOWS\qzyvhcyA.exe
C:\WINDOWS\SYS99.exe
C:\WINDOWS\ms041913535-187.exe
C:\WINDOWS\System32\4nvby0l.exe
C:\Program Files\SurfSideKick 3\
C:\Program Files\sf\
C:\Program Files\apsi\
C:\Program Files\Common Files\VCClient\
C:\PROGRAM FILES\COMMON FILES\omuw\
C:\WINDOWS\opmrket.exe
C:\WINDOWS\System32\4nvby0l.exe
C:\WINDOWS\system32\nwinlsaw.exe
C:\WINDOWS\system32\dwdsregt.exe
C:\Program Files\QL\

Reboot your computer to go back to normal mode.

Finally,

To use RootKit Revealer please make sure you are logged in as an Administrator to the computer.
  • Please download and unzip Rootkit Revealer to your desktop.
  • Please leave the defaults set as they are to:
    • Hide NTFS Metadata Files: this option is on by default
    • Scan Registry: this option is on by default.
  • Launch rootkit revealer on the system and press the Scan button.
    RootkitRevealer scans the system reporting its actions in a status area at the bottom of its window and noting discrepancies in the output list. It may take a long time please disconnect from the internet and leave the PC to be scanned until it is finished.
  • The log can be very large please edit out the items in the following folders in the log : C:\RECYCLER\NPROTECT and C:\System Volume Information, if in the log, before posting it.
  • Please post the balance of the log here in this thread using Add Reply (please double check that it has all been posted as it may be too long for one post)]
Then Download and Save blacklite to your desktop.
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
Double-click blbeta.exe then accept the agreement.
leave [X]scan through windows explorer checked,
click > scan then > next,
You'll see a list of all items found.
Don't choose for rename yet! I want to see the log first, because legit items can also be present there... like "wbemtest.exe"
There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
Copy and paste this log along with the rootkit revealer log and a new hijackthis log.

#3 meflorence

meflorence
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 16 January 2006 - 04:05 PM

Sorry for the delay, here are the logs [btw I've noticed that both NBTREXEC.EXE and SRVASSAM.EXE appear as errors when I try and shut down or log off and you have to [enter] multiple times before it allows Windows to close]

Thanks for everything!!!!!!

ROOTKIT
HKLM\SOFTWARE\Classes\CLSID\{55C1DC7E-547E-5EA3-34D2-047C3D1630EB}\InProcServer32\mark2 1/16/2006 2:15 PM 22 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\CyXQtAymJVE5 1/1/2006 2:25 PM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETBT 4/9/2003 8:44 PM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETDATA 12/1/2005 9:10 AM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\NetBT 1/16/2006 2:05 PM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\NetData 1/16/2006 2:05 PM 0 bytes Hidden from Windows API.
C:\Program Files\Quicorel 1/16/2006 9:31 AM 0 bytes Hidden from Windows API.
C:\Program Files\Quicorel\ace.dll 12/1/2005 9:10 AM 568.00 KB Hidden from Windows API.
C:\Program Files\Quicorel\AI_10-01-2006.log 1/10/2006 11:58 AM 3 bytes Hidden from Windows API.
C:\Program Files\Quicorel\AI_12-01-2006.log 1/12/2006 7:53 PM 3 bytes Hidden from Windows API.
C:\Program Files\Quicorel\AI_13-01-2006.log 1/13/2006 3:26 PM 3 bytes Hidden from Windows API.
C:\Program Files\Quicorel\AI_14-01-2006.log 1/14/2006 6:23 PM 3 bytes Hidden from Windows API.
C:\Program Files\Quicorel\AI_15-01-2006.log 1/15/2006 7:47 PM 3 bytes Hidden from Windows API.
C:\Program Files\Quicorel\AI_16-01-2006.log 1/16/2006 9:31 AM 3 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache 1/2/2006 2:35 PM 0 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00000029_43b9857b_000b0a87 1/2/2006 2:34 PM 21.40 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00000029_43b98de3_0007a120 1/2/2006 2:32 PM 12 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00000099_43b32665_000e1113 12/28/2005 5:57 PM 1.37 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00000099_43b98674_00095f48 1/2/2006 2:00 PM 1018 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00000099_43b98e97_00080de3 1/2/2006 2:35 PM 556 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00000124_43b32666_000e4e1c 12/28/2005 5:57 PM 3 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00000124_43b98675_000514a6 1/2/2006 2:00 PM 301 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00000124_43b98e97_000887f4 1/2/2006 2:35 PM 547 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000001eb_43b3264e_000e8b25 12/28/2005 5:57 PM 1.08 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000001eb_43b98671_0001811f 1/2/2006 2:00 PM 51.12 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000001eb_43b98e70_00021af6 1/2/2006 2:34 PM 17.28 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\0000074d_43b3267f_0003d090 12/28/2005 5:57 PM 240 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\0000074d_43b98692_000b0a87 1/2/2006 2:01 PM 510 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00000bb3_43b3264f_00090f56 12/28/2005 5:57 PM 2.34 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00000bb3_43b98671_0001be28 1/2/2006 2:00 PM 59.49 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00000bb3_43b98e90_000ba1ec 1/2/2006 2:35 PM 17.36 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00000f3e_43b32665_0007270e 12/28/2005 5:57 PM 11.74 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00000f3e_43b98674_00008cfb 1/2/2006 2:00 PM 838 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00000f3e_43b98e97_0006dcb8 1/2/2006 2:35 PM 559 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00001238_43b98722_0009d95a 1/2/2006 2:03 PM 16.85 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000012db_43b3265f_0007a120 12/28/2005 5:57 PM 589 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000012db_43b98672_000e6105 1/2/2006 2:00 PM 301 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000012db_43b98e96_000662b9 1/2/2006 2:35 PM 11.34 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\0000153c_43b32662_000d59f8 12/28/2005 5:57 PM 30 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\0000153c_43b98673_0002b24c 1/2/2006 2:00 PM 724 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\0000153c_43b98e96_00097c2a 1/2/2006 2:35 PM 547 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00001547_43b3267a_000ca2dd 12/28/2005 5:57 PM 474 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00001547_43b98690_000a9075 1/2/2006 2:01 PM 1.68 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00001547_43b98e98_0000a9c2 1/2/2006 2:35 PM 550 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00001649_43b9866e_0003a670 1/2/2006 2:41 PM 148 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00001649_43b98e46_00031240 1/2/2006 2:34 PM 527 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000018be_43b32522_00089544 12/28/2005 5:56 PM 980 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000018be_43b9857d_0009223f 1/2/2006 2:33 PM 63 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000018be_43b98def_000a7cd4 1/2/2006 2:32 PM 42 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00001ad4_43b987dd_000514a6 1/2/2006 2:06 PM 497 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00001e1f_43b98729_000608ca 1/2/2006 2:03 PM 26.09 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000026a6_43b32685_0000b71b 12/28/2005 5:57 PM 174 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000026a6_43b98694_00004ff2 1/2/2006 2:01 PM 1.09 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000026e9_43b3264e_0006acfc 12/28/2005 5:57 PM 1.08 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000026e9_43b98670_000edb17 1/2/2006 2:00 PM 62.06 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000026e9_43b98e4e_00062b17 1/2/2006 2:34 PM 53.27 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00002cd6_43b9866a_00027543 1/2/2006 2:00 PM 1.14 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00002cd6_43b98e44_0006a5e8 1/2/2006 2:34 PM 841 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00002d12_43b3267e_0007a120 12/28/2005 5:57 PM 251 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00002d12_43b98692_0002ef55 1/2/2006 2:01 PM 455 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00002d12_43b98ea5_0000e5d1 1/2/2006 2:35 PM 16.65 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00002ea6_43b32653_0008d24d 12/28/2005 5:57 PM 6.98 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00002ea6_43b98672_00058eb8 1/2/2006 2:00 PM 729 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00002ea6_43b98e95_000e03e3 1/2/2006 2:35 PM 391 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\0000305e_43b32668_00007a12 12/28/2005 5:57 PM 474 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\0000305e_43b98675_000a1663 1/2/2006 2:00 PM 1018 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\0000305e_43b98e97_00097c17 1/2/2006 2:35 PM 547 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\0000323b_43b98894_000d2fd8 1/2/2006 2:09 PM 19.10 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\0000390c_43b32664_0008583b 12/28/2005 5:57 PM 0 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\0000390c_43b98673_000a536c 1/2/2006 2:00 PM 301 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\0000390c_43b98e97_0003c346 1/2/2006 2:35 PM 556 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000039b3_43b3267e_0003d090 12/28/2005 5:57 PM 30 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000039b3_43b98692_0002b24c 1/2/2006 2:01 PM 455 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000039b3_43b98e99_0003c320 1/2/2006 2:35 PM 947 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00003b25_43b98729_0001be28 1/2/2006 2:03 PM 36.13 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00003d6c_43b98669_000d6ce1 1/2/2006 3:52 PM 81 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00003d6c_43b98e41_0001e174 1/2/2006 2:34 PM 36.22 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000041bb_43b3256e_000e4e1c 12/28/2005 5:53 PM 896 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000041bb_43b98670_0002ef55 1/2/2006 2:00 PM 16.80 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000041bb_43b98e48_000c5e6c 1/2/2006 2:34 PM 3 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\0000428b_43b32684_00003d09 12/28/2005 5:57 PM 682 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\0000428b_43b98693_000f1820 1/2/2006 2:01 PM 1.73 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\0000440d_43b32668_0001ab3f 12/28/2005 5:57 PM 30 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\0000440d_43b9867d_000682dc 1/2/2006 2:01 PM 54.73 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\0000440d_43b98e97_0009f629 1/2/2006 2:35 PM 559 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00004509_43b9871e_0008a82d 1/2/2006 3:52 PM 1.01 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00004823_43b9857c_00086b24 1/2/2006 2:32 PM 236 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00004823_43b98dee_000988c4 1/2/2006 2:32 PM 22.77 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\0000491c_43b32669_00098968 12/28/2005 5:57 PM 240 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\0000491c_43b98680_000739f7 1/2/2006 2:01 PM 7.08 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\0000491c_43b98e97_000aea4b 1/2/2006 2:35 PM 553 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00004ae1_43b985b9_000cf2cf 1/2/2006 2:34 PM 6 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00004ae1_43b98e0a_000390d1 1/2/2006 2:33 PM 271 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00004d06_43b3266c_000d9701 12/28/2005 5:57 PM 6.70 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00004d06_43b98684_0006fcee 1/2/2006 2:01 PM 170 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00004d06_43b98e97_000c1b77 1/2/2006 2:35 PM 547 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00004db7_43b3266d_000dd40a 12/28/2005 5:57 PM 20 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00004db7_43b98690_000514a6 1/2/2006 2:01 PM 4.02 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00004db7_43b98e97_000e40c5 1/2/2006 2:35 PM 553 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00004dc8_43b3267f_000d9701 12/28/2005 5:57 PM 1.02 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00004dc8_43b98692_000e9e0e 1/2/2006 2:01 PM 225 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00004e45_43b98894_000551af 1/2/2006 2:09 PM 27.98 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000054de_43b3267e_0000f424 12/28/2005 5:57 PM 1.16 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000054de_43b98691_0001be28 1/2/2006 2:01 PM 2.49 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000054de_43b98e99_00006ca6 1/2/2006 2:35 PM 315 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00005af1_43b32569_000ca2dd 12/28/2005 5:53 PM 452 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00005af1_43b98670_0001be28 1/2/2006 2:00 PM 11.82 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00005af1_43b98e47_000668a6 1/2/2006 2:34 PM 592 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00005d03_43b98694_00045d8b 1/2/2006 2:01 PM 275 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00005f90_43b32557_0006acfc 12/28/2005 5:52 PM 22.77 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00005f90_43b9866d_000e9e0e 1/2/2006 2:32 PM 182 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00005f90_43b98e45_000d15c0 1/2/2006 2:34 PM 570 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000063cb_43b987e1_0008a82d 1/2/2006 2:06 PM 426 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00006443_43b32680_000bebc2 12/28/2005 5:57 PM 3 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00006443_43b98692_000e9e0e 1/2/2006 2:01 PM 251 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000066bb_43b32681_0002dc6c 12/28/2005 5:57 PM 475 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000066bb_43b98693_000c3bb4 1/2/2006 2:01 PM 1.12 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00006784_43b9857f_000de6f3 1/2/2006 2:33 PM 22 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00006784_43b98e07_000ec5a3 1/2/2006 2:33 PM 125 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00006952_43b32556_0008d24d 12/28/2005 5:52 PM 22.77 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00006952_43b9866c_000e9e0e 1/2/2006 2:09 PM 1016 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00006952_43b98e45_0000ed04 1/2/2006 2:34 PM 585 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00006bfc_43b98836_0009223f 1/2/2006 2:34 PM 3.41 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00006df1_43b32568_0006acfc 12/28/2005 5:53 PM 475 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00006df1_43b9866e_000cb5c6 1/2/2006 2:00 PM 564 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00006df1_43b98e47_0003122c 1/2/2006 2:34 PM 1.13 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00006e5d_43b9872e_000b4790 1/2/2006 2:03 PM 44.86 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\0000701f_43b98694_00042082 1/2/2006 2:01 PM 1.13 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000072ae_43b9866a_000e9e0e 1/2/2006 2:33 PM 110 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\000072ae_43b98e45_000072f3 1/2/2006 2:34 PM 712 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\0000767d_43b9870e_0003e379 1/2/2006 2:37 PM 142 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00007a5a_43b98694_000da9ea 1/2/2006 2:01 PM 5.26 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00007e87_43b32663_000ec82e 12/28/2005 5:57 PM 22.77 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00007e87_43b98673_000645d3 1/2/2006 2:00 PM 3.14 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00007e87_43b98e97_00025512 1/2/2006 2:35 PM 553 bytes Hidden from Windows API.
C:\Program Files\Quicorel\Cache\00007f96_43b98837_00027543 1/2/2006 2:34 PM 148.06 KB Hidden from Windows API.
C:\Program

Files\Quicorel\Cache\00007ff5_43b98893_000de6f3 1/2/2006 2:09 PM 50.13 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\dns 1/2/2006 3:52 PM 14.00 KB Hidden from Windows API.
C:\Program Files\Quicorel\Cache\index 1/2/2006 3:52 PM 15.19 KB Hidden from Windows API.
C:\Program Files\Quicorel\data.bin 12/1/2005 9:10 AM 114.94 KB Hidden from Windows API.
C:\Program Files\Quicorel\nbtrexec.exe 12/1/2005 9:10 AM 912.00 KB Hidden from Windows API.
C:\Program Files\Quicorel\tcpddraw.exe 12/1/2005 9:10 AM 164.00 KB Hidden from Windows API.
C:\Program Files\Quicorel\WinGenerics.dll 12/1/2005 9:10 AM 576.00 KB Hidden from Windows API.
C:\WINDOWS\system32\drivers\serstapi.sys 12/1/2005 9:10 AM 12.00 KB Hidden from Windows API.
C:\WINDOWS\system32\srvassam.exe 12/1/2005 9:10 AM 488.00 KB Hidden from Windows API.
D: 0 bytes Error mounting volume



BLACKLITE LOG
01/16/06 14:38:31 [Info]: BlackLight Engine 1.0.30 initialized
01/16/06 14:38:31 [Info]: OS: 5.1 build 2600 (Service Pack 1)
01/16/06 14:38:31 [Note]: 7019 4
01/16/06 14:38:31 [Note]: 7005 0
01/16/06 14:39:02 [Note]: 7006 0
01/16/06 14:39:02 [Note]: 7011 332
01/16/06 14:39:03 [Note]: 7018 400
01/16/06 14:39:03 [Info]: Hidden process: C:\PROGRAM FILES\QUICOREL\NBTREXEC.EXE
01/16/06 14:39:03 [Note]: 7018 412
01/16/06 14:39:03 [Info]: Hidden process: C:\WINDOWS\SYSTEM32\SRVASSAM.EXE
01/16/06 14:39:03 [Note]: FSRAW library version 1.7.1014
01/16/06 14:39:04 [Info]: Hidden file: C:\Program Files\Quicorel\ace.dll
01/16/06 14:39:04 [Note]: 7002 0
01/16/06 14:39:04 [Note]: 7003 1
01/16/06 14:39:04 [Note]: 10002 3
01/16/06 14:39:04 [Info]: Hidden file: C:\Program Files\Quicorel\AI_10-01-2006.log
01/16/06 14:39:04 [Note]: 7002 0
01/16/06 14:39:04 [Note]: 7003 1
01/16/06 14:39:04 [Note]: 10002 3
01/16/06 14:39:04 [Info]: Hidden file: C:\Program Files\Quicorel\AI_12-01-2006.log
01/16/06 14:39:04 [Note]: 7002 0
01/16/06 14:39:04 [Note]: 7003 1
01/16/06 14:39:04 [Note]: 10002 3
01/16/06 14:39:04 [Info]: Hidden file: C:\Program Files\Quicorel\AI_13-01-2006.log
01/16/06 14:39:04 [Note]: 7002 0
01/16/06 14:39:04 [Note]: 7003 1
01/16/06 14:39:04 [Note]: 10002 3
01/16/06 14:39:04 [Info]: Hidden file: C:\Program Files\Quicorel\AI_14-01-2006.log
01/16/06 14:39:04 [Note]: 7002 0
01/16/06 14:39:04 [Note]: 7003 1
01/16/06 14:39:04 [Note]: 10002 3
01/16/06 14:39:04 [Info]: Hidden file: C:\Program Files\Quicorel\AI_15-01-2006.log
01/16/06 14:39:04 [Note]: 7002 0
01/16/06 14:39:04 [Note]: 7003 1
01/16/06 14:39:04 [Note]: 10002 3
01/16/06 14:39:04 [Info]: Hidden file: C:\Program Files\Quicorel\AI_16-01-2006.log
01/16/06 14:39:04 [Note]: 7002 0
01/16/06 14:39:04 [Note]: 7003 1
01/16/06 14:39:04 [Note]: 10002 3
01/16/06 14:39:04 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00000029_43b9857b_000b0a87
01/16/06 14:39:04 [Note]: 7002 0
01/16/06 14:39:04 [Note]: 7003 1
01/16/06 14:39:04 [Note]: 10002 3
01/16/06 14:39:04 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00000029_43b98de3_0007a120
01/16/06 14:39:04 [Note]: 7002 0
01/16/06 14:39:04 [Note]: 7003 1
01/16/06 14:39:04 [Note]: 10002 3
01/16/06 14:39:04 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00000099_43b32665_000e1113
01/16/06 14:39:04 [Note]: 7002 0
01/16/06 14:39:04 [Note]: 7003 1
01/16/06 14:39:04 [Note]: 10002 3
01/16/06 14:39:04 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00000099_43b98674_00095f48
01/16/06 14:39:04 [Note]: 7002 0
01/16/06 14:39:04 [Note]: 7003 1
01/16/06 14:39:04 [Note]: 10002 3
01/16/06 14:39:04 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00000099_43b98e97_00080de3
01/16/06 14:39:04 [Note]: 7002 0
01/16/06 14:39:04 [Note]: 7003 1
01/16/06 14:39:04 [Note]: 10002 3
01/16/06 14:39:04 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00000124_43b32666_000e4e1c
01/16/06 14:39:04 [Note]: 7002 0
01/16/06 14:39:04 [Note]: 7003 1
01/16/06 14:39:04 [Note]: 10002 3
01/16/06 14:39:04 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00000124_43b98675_000514a6
01/16/06 14:39:04 [Note]: 7002 0
01/16/06 14:39:04 [Note]: 7003 1
01/16/06 14:39:04 [Note]: 10002 3
01/16/06 14:39:04 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00000124_43b98e97_000887f4
01/16/06 14:39:04 [Note]: 7002 0
01/16/06 14:39:04 [Note]: 7003 1
01/16/06 14:39:04 [Note]: 10002 3
01/16/06 14:39:04 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000001eb_43b3264e_000e8b25
01/16/06 14:39:04 [Note]: 7002 0
01/16/06 14:39:04 [Note]: 7003 1
01/16/06 14:39:04 [Note]: 10002 3
01/16/06 14:39:04 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000001eb_43b98671_0001811f
01/16/06 14:39:04 [Note]: 7002 0
01/16/06 14:39:04 [Note]: 7003 1
01/16/06 14:39:04 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000001eb_43b98e70_00021af6
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\0000074d_43b3267f_0003d090
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00002ea6_43b98672_00058eb8
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00002ea6_43b98e95_000e03e3
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\0000305e_43b32668_00007a12
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\0000305e_43b98675_000a1663
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\0000305e_43b98e97_00097c17
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\0000323b_43b98894_000d2fd8
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\0000390c_43b32664_0008583b
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\0000390c_43b98673_000a536c
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\0000390c_43b98e97_0003c346
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000039b3_43b3267e_0003d090
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000039b3_43b98692_0002b24c
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000039b3_43b98e99_0003c320
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00003b25_43b98729_0001be28
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00003d6c_43b98669_000d6ce1
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00003d6c_43b98e41_0001e174
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000041bb_43b3256e_000e4e1c
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000041bb_43b98670_0002ef55
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000041bb_43b98e48_000c5e6c
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00004dc8_43b3267f_000d9701
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00004d06_43b98684_0006fcee
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00004e45_43b98894_000551af
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000054de_43b3267e_0000f424
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000054de_43b98691_0001be28
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000054de_43b98e99_00006ca6
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00005af1_43b32569_000ca2dd
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00005af1_43b98670_0001be28
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00005af1_43b98e47_000668a6
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00005d03_43b98694_00045d8b
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\0000153c_43b98673_0002b24c
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\0000153c_43b98e96_00097c2a
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00001547_43b3267a_000ca2dd
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00001547_43b98690_000a9075
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00001547_43b98e98_0000a9c2
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\0000153c_43b32662_000d59f8
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00001649_43b9866e_0003a670
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00001649_43b98e46_00031240
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000018be_43b32522_00089544
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000018be_43b9857d_0009223f
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000018be_43b98def_000a7cd4
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00001ad4_43b987dd_000514a6
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00001e1f_43b98729_000608ca
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\0000428b_43b32684_00003d09
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\0000428b_43b98693_000f1820
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\0000440d_43b32668_0001ab3f
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\0000440d_43b9867d_000682dc
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\0000440d_43b98e97_0009f629
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00004509_43b9871e_0008a82d
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00004823_43b9857c_00086b24
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00004823_43b98dee_000988c4
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:05 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00006784_43b98e07_000ec5a3
01/16/06 14:39:05 [Note]: 7002 0
01/16/06 14:39:05 [Note]: 7003 1
01/16/06 14:39:05 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00006784_43b9857f_000de6f3
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00006952_43b32556_0008d24d
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00006952_43b9866c_000e9e0e
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00006952_43b98e45_0000ed04
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00006bfc_43b98836_0009223f
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00006df1_43b32568_0006acfc
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00006df1_43b9866e_000cb5c6
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00006df1_43b98e47_0003122c
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00006e5d_43b9872e_000b4790
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\0000701f_43b98694_00042082
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\0000074d_43b98692_000b0a87
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00002ea6_43b32653_0008d24d
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00004db7_43b3266d_000dd40a
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000072ae_43b9866a_000e9e0e
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00000bb3_43b3264f_00090f56
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00000bb3_43b98671_0001be28
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00000bb3_43b98e90_000ba1ec
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00000f3e_43b32665_0007270e
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00000f3e_43b98674_00008cfb
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00000f3e_43b98e97_0006dcb8
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00001238_43b98722_0009d95a
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000012db_43b3265f_0007a120
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000012db_43b98672_000e6105
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000012db_43b98e96_000662b9
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000026a6_43b32685_0000b71b
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000026a6_43b98694_00004ff2
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000026e9_43b3264e_0006acfc
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000026e9_43b98670_000edb17
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000026e9_43b98e4e_00062b17
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00002cd6_43b9866a_00027543
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00002cd6_43b98e44_0006a5e8
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00002d12_43b3267e_0007a120
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00002d12_43b98692_0002ef55
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00002d12_43b98ea5_0000e5d1
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000072ae_43b98e45_000072f3
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\0000767d_43b9870e_0003e379
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00007a5a_43b98694_000da9ea
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00007e87_43b32663_000ec82e
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00007e87_43b98673_000645d3
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00007e87_43b98e97_00025512
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00007f96_43b98837_00027543
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00007ff5_43b98893_000de6f3
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00004dc8_43b98692_000e9e0e
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00004db7_43b98690_000514a6
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00004db7_43b98e97_000e40c5
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00004d06_43b98e97_000c1b77
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\dns
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\index
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\0000491c_43b32669_00098968
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\0000491c_43b98680_000739f7
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\0000491c_43b98e97_000aea4b
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00004ae1_43b985b9_000cf2cf
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00004ae1_43b98e0a_000390d1
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00004d06_43b3266c_000d9701
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00005f90_43b32557_0006acfc
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00005f90_43b9866d_000e9e0e
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00005f90_43b98e45_000d15c0
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000063cb_43b987e1_0008a82d
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00006443_43b32680_000bebc2
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\00006443_43b98692_000e9e0e
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000066bb_43b32681_0002dc6c
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\Cache\000066bb_43b98693_000c3bb4
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\data.bin
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\PROGRAM FILES\QUICOREL\NBTREXEC.EXE
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\tcpddraw.exe
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:39:06 [Info]: Hidden file: C:\Program Files\Quicorel\WinGenerics.dll
01/16/06 14:39:06 [Note]: 7002 0
01/16/06 14:39:06 [Note]: 7003 1
01/16/06 14:39:06 [Note]: 10002 3
01/16/06 14:40:07 [Note]: 10002 3
01/16/06 14:40:07 [Note]: 10002 3
01/16/06 14:40:07 [Note]: 10002 3
01/16/06 14:40:07 [Note]: 10002 3
01/16/06 14:40:07 [Note]: 10002 3
01/16/06 14:40:07 [Note]: 10002 3
01/16/06 14:40:07 [Note]: 10002 3
01/16/06 14:40:07 [Note]: 10002 3
01/16/06 14:40:07 [Note]: 10002 3
01/16/06 14:40:07 [Note]: 10002 3
01/16/06 14:40:07 [Note]: 10002 3
01/16/06 14:40:07 [Note]: 10002 3
01/16/06 14:40:07 [Note]: 10002 3
01/16/06 14:40:07 [Note]: 10002 3
01/16/06 14:40:07 [Note]: 10002 3
01/16/06 14:40:07 [Note]: 10002 3
01/16/06 14:40:07 [Note]: 10002 3
01/16/06 14:40:07 [Note]: 10002 3
01/16/06 14:40:07 [Note]: 10002 3
01/16/06 14:40:07 [Note]: 10002 3
01/16/06 14:40:07 [Note]: 10002 3
01/16/06 14:40:07 [Note]: 10002 3
01/16/06 14:40:07 [Note]: 10002 3
01/16/06 14:40:07 [Note]: 10002 3
01/16/06 14:40:07 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:08 [Note]: 10002 3
01/16/06 14:40:09 [Note]: 10002 3
01/16/06 14:40:09 [Note]: 10002 3
01/16/06 14:40:09 [Note]: 10002 3
01/16/06 14:40:09 [Note]: 10002 3
01/16/06 14:40:09 [Note]: 10002 3
01/16/06 14:40:09 [Note]: 10002 3
01/16/06 14:40:09 [Note]: 10002 3
01/16/06 14:40:09 [Note]: 10002 3
01/16/06 14:40:09 [Note]: 10002 3
01/16/06 14:40:09 [Note]: 10002 3
01/16/06 14:40:09 [Note]: 10002 3
01/16/06 14:40:09 [Note]: 10002 3
01/16/06 14:40:09 [Note]: 10002 3
01/16/06 14:40:09 [Note]: 10002 3
01/16/06 14:40:40 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\SRVASSAM.EXE
01/16/06 14:40:40 [Note]: 7002 0
01/16/06 14:40:40 [Note]: 7003 1
01/16/06 14:40:40 [Note]: 10002 1
01/16/06 14:40:46 [Info]: Hidden file: C:\WINDOWS\system32\drivers\serstapi.sys
01/16/06 14:40:46 [Note]: 7002 0
01/16/06 14:40:46 [Note]: 7003 1
01/16/06 14:40:46 [Note]: 10002 1
01/16/06 14:42:19 [Note]: 7007 0


HIJACK THIS LOG



Logfile of HijackThis v1.99.1
Scan saved at 2:43:25 PM, on 1/16/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\AOL\1131714025\ee\AOLHostManager.exe
C:\WINDOWS\System32\java.exe
C:\Program Files\Common Files\AOL\1131714025\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\1131714025\ee\AOLServiceHost.exe
C:\WINDOWS\helper.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\Program Files\QL\qlink32.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\yt.dll
O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} - C:\WINDOWS\System32\sfi2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131714025\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\System32\igps.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..&

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:25 PM

Posted 16 January 2006 - 08:48 PM

Post 1

1. Download WinKRootKitRemover to your desktop.
  • Click the icon to open the program
  • Then, click RUN and then START
  • Save the log it creates to your desktop.
.

2. Download Silent Runners to your desktop.
  • Click on the Silent Runners.vbs icon to open the program
  • Then click OPEN and YES in the next screen.
  • Let the program run its course. It will tell you when it has finished its work
  • This will generate a text file on your desktop called "Startup Programs ...".
  • Save this report for your next reply here.
3. Launch Notepad
  • Copy/paste the content of the codebox below into a new text file.
  • Save it as Options.txt on your Desktop and as type"All Files"

RegSearch Options File

[Search]
winik

[Exclude]

[Options]
Filter=KVDLU


4. Download Registry Search.zip by Bobbi Flekman and Save it to your desktop.
  • Extract it to your desktop.
  • Click on the Registry Search.zip icon on your desktop to open the program.
  • Click regsearch.exe to start the program.
  • Click on "Import" and Select the file "Options.txt" that you created above.
  • Click "OK" and Registry Search will search the Registry and report what it finds.
  • Post the results into your next reply.
5. Please make a reply here in your thread. I need to see the following reports:
  • Log from WinKRootKitRemover
  • Silent Runners Log
  • Registry Search Log
  • New HijackThis log


#5 meflorence

meflorence
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 17 January 2006 - 09:05 PM

I'm having no luck (404 Error) with the link to Registry Search.zip. Any suggestions?

Thanks

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:25 PM

Posted 17 January 2006 - 11:20 PM

I fixed the link...try again.

#7 meflorence

meflorence
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 21 January 2006 - 05:06 PM

WINROOTKITREMOVER LOG


01/21/2006, 15:32:32 - Starting Process
01/21/2006, 15:32:32 - Could not detect the service installed. Nothing else to do!


Silent Runners Log

"Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"AIM" = "C:\Program Files\AIM\aim.exe -cnetwait.odl" ["America Online, Inc."]
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
"Notn" = ""C:\Program Files\apsi\wtta.exe" -vt yazr" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]
"StorageGuard" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
"ccApp" = ""c:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"ccRegVfy" = ""c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"" ["Symantec Corporation"]
"AlcxMonitor" = "ALCXMNTR.EXE" ["Realtek Semiconductor Corp."]
"PS2" = "C:\WINDOWS\system32\ps2.exe" ["Hewlett-Packard Company"]
"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" ["HP"]
"QuickFinder Scheduler" = ""C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"" ["Novell, Inc., c/o Corel Corporation Limited"]
"HP Software Update" = ""C:\Program Files\HP\HP Software Update\HPWuSchd.exe"" ["Hewlett-Packard"]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" ["Sun Microsystems, Inc."]
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" ["Apple Computer, Inc."]
"tgcmd" = ""C:\Program Files\support.com\bin\tgcmd.exe" /server" ["Support.com, Inc."]
"HostManager" = "C:\Program Files\Common Files\AOL\1131714025\ee\AOLHostManager.exe" ["America Online, Inc."]
"lspins" = ""C:\WINDOWS\System32\igps.exe"" [file not found]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = "Yahoo! Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{243B17DE-77C7-46BF-B94B-0B5F309A0E64}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyside.dll" [MS]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\(Default) = "AOL Toolbar Launcher" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll" ["America Online, Inc."]
{8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22}\(Default) = "LinkTracker Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\QL\qlink32.dll" [file not found]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "CNavExtBho Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshellext.dll" ["RealNetworks"]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{CCFE56EE-C7DE-44EE-A160-4553A5A912C9}" = "OmniPass Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Softex\OmniPass\opshelle.dll" ["Softex Incorporated"]
"{955B7B84-5308-419c-8ED8-0B9CA3C56985}" = "America Online"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\aolshare\shell\us\shellext.dll" ["America Online, Inc."]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Kodak\ifscore\KodakShX.dll" ["Eastman Kodak Company"]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"winmgmt" = "{55C1DC7E-547E-5EA3-34D2-047C3D1630EB}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\help\newfeat4.hlp" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
INFECTION WARNING! OPXPGina\DLLName = "C:\Program Files\Softex\OmniPass\opxpgina.dll" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
gqgmytmx\(Default) = "{544a20a2-9d7e-453c-a1ab-33ae46fba637}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\glgkm.dll" [null data]
OPShellE\(Default) = "{CCFE56EE-C7DE-44EE-A160-4553A5A912C9}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Softex\OmniPass\opshelle.dll" ["Softex Incorporated"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
OPShellE\(Default) = "{CCFE56EE-C7DE-44EE-A160-4553A5A912C9}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Softex\OmniPass\opshelle.dll" ["Softex Incorporated"]
QuickFinderMenu\(Default) = "{C0E10002-0028-0003-C0E1-C0E1C0E1C0E1}"
-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Corel\WordPerfect Office 2002\PROGRAMS\PFSE100.DLL" ["Novell, Inc., c/o Corel Corporation Limited"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssbezier.scr" [MS]


Autostart via AUTORUN.INF on local fixed drives:
------------------------------------------------

D:\
INFECTION WARNING! D:\AUTORUN.INF -> "OPEN=Info.exe folder.htt 480 480" ["XSS"]


Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Scan my computer" -> launches: "c:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:
%SystemRoot%\system32\mswsock.dll [MS], 1 - 3


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{DE9C389F-3316-41A7-809B-AA305ED9D922}" = "AOL Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll" ["America Online, Inc."]

"{C109664B-CEB1-420B-B353-D55A561536DD}" = "searchforit" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\sfi2.dll" [empty string]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{DE9C389F-3316-41A7-809B-AA305ED9D922}" = "AOL Toolbar"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll" ["America Online, Inc."]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

"{C109664B-CEB1-420B-B353-D55A561536DD}" = "searchforit" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\sfi2.dll" [empty string]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll" ["Sun Microsystems, Inc."]

{3369AF0D-62E9-4BDA-8103-B4C75499B578}\
"ButtonText" = "AOL Toolbar"
"CLSIDExtension" = "{DE9C389F-3316-41A7-809B-AA305ED9D922}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll" ["America Online, Inc."]

{669B269B-0D4E-41FB-A3D8-FD67CA94F646}\
"ButtonText" = "ComcastHSI"
"Exec" = "http://www.comcast.net/" [file not found]

{8828075D-D097-4055-AA02-2DBFA9D85E8A}\
"ButtonText" = "Support"
"Exec" = "http://www.comcastsupport.com/" [file not found]

{97809617-3937-4F84-B335-9BB05EF1A8D4}\
"ButtonText" = "Help"
"Exec" = "http://online.comcast.net/help/" [file not found]

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{E023F504-0C5A-4750-A1E7-A9046DEA8A21}\
"ButtonText" = "MoneySide"
"CLSIDExtension" = "{DD6687B5-CB43-4211-BFC9-2942CCBDCB3E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyside.dll" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

iPod Service, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
Softex OmniPass Service, omniserv, "C:\Program Files\Softex\OmniPass\Omniserv.exe" [null data]
Symantec Event Manager, ccEvtMgr, ""c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
WAN Miniport (ATW) Service, WANMiniportService, ""C:\WINDOWS\wanmpsvc.exe"" ["America Online, Inc."]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt08\Driver = "hpzsnt08.dll" ["HP"]
hpzsnt09\Driver = "hpzsnt09.dll" ["HP"]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 45 seconds, including 18 seconds for message boxes)


Registry Search Log

REGEDIT4

; Registry Search by Bobbi Flekman 2005
; Version: 1.0.2.4

; Results at 1/21/2006 3:44:40 PM for strings:
; 'winik'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_USERS\S-1-5-21-1928988297-2875605010-672283682-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Documents and Settings\\Owner\\Desktop\\WinKRootKitRemover.exe"="This program will look for WinKRootKit (winik.sys) and attempt to remove it."

; End Of The Log...


HIJACK THIS LOG

Logfile of HijackThis v1.99.1
Scan saved at 3:51:25 PM, on 1/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\Common Files\AOL\1131714025\ee\AOLHostManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1131714025\ee\AOLServiceHost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\helper.exe
C:\WINDOWS\System32\java.exe
C:\Program Files\Common Files\AOL\1131714025\ee\AOLServiceHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\Program Files\QL\qlink32.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\yt.dll
O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} - C:\WINDOWS\System32\sfi2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131714025\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\System32\igps.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Notn] "C:\Program Files\apsi\wtta.exe" -vt yazr
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejewele...aploader_v7.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O21 - SSODL: winmgmt - {55C1DC7E-547E-5EA3-34D2-047C3D1630EB} - C:\WINDOWS\help\newfeat4.hlp
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:25 PM

Posted 21 January 2006 - 11:53 PM

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from :

FixWareout Download Link

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\System32\igps.exe"
O4 - HKCU\..\Run: [Notn] "C:\Program Files\apsi\wtta.exe" -vt yazr

Click Fix Checked. Close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

When back at the desktop delete the following:

C:\WINDOWS\System32\igps.exe
C:\Program Files\apsi\

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log.

#9 meflorence

meflorence
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 26 January 2006 - 05:55 PM

Here are the two logs. However, when back at the desktop, I was unable to locate either igps.exe or \
aspi\.



Report.txt



Fixwareout ver 1.003
Last edited 1/12/2006
Post this report in the forums please

Reg Entries that were deleted

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

Search by size and names...

Misc files

Checking for older varients covered by the Rem3 tool


HIJACK Log

Logfile of HijackThis v1.99.1
Scan saved at 4:46:25 PM, on 1/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1131714025\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1131714025\ee\AOLServiceHost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\AOL\1131714025\ee\AOLServiceHost.exe
C:\WINDOWS\helper.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\Program Files\QL\qlink32.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\yt.dll
O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} - C:\WINDOWS\System32\sfi2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131714025\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejewele...aploader_v7.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O21 - SSODL: winmgmt - {55C1DC7E-547E-5EA3-34D2-047C3D1630EB} - C:\WINDOWS\help\newfeat4.hlp
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:25 PM

Posted 27 January 2006 - 07:02 AM

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.

#11 meflorence

meflorence
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 27 January 2006 - 11:00 AM

I will try and run ASAP. Do you foresee many more steps in this process as I feel like I am taking all your time?

Thanks again.

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:25 PM

Posted 27 January 2006 - 01:50 PM

Dont worry about me...im here with you until your clean.

#13 meflorence

meflorence
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 29 January 2006 - 06:05 PM

HIJACK THIS LOG

Logfile of HijackThis v1.99.1
Scan saved at 4:37:37 PM, on 1/29/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1131714025\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1131714025\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\1131714025\ee\AOLServiceHost.exe
C:\WINDOWS\helper.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\Program Files\QL\qlink32.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn\yt.dll
O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} - C:\WINDOWS\System32\sfi2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131714025\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejewele...aploader_v7.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O21 - SSODL: winmgmt - {55C1DC7E-547E-5EA3-34D2-047C3D1630EB} - C:\WINDOWS\help\newfeat4.hlp
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



LOG.TXT[b]

Log of AproposFix v1.1

************

Running from directory:
C:\Documents and Settings\Owner\Desktop\aproposfix

************



Registry entries found:

[HKEY_LOCAL_MACHINE\Software\CC965tGIgXvI]

[HKEY_LOCAL_MACHINE\Software\CC965tGIgXvI\AU2]
"SU"="http://au.contextplus.net/services/AUServer"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\CyXQtAymJVE5]
@="w9Om5O5VWWVWWXWG5IK\\MQVWWVlYW1rwmx1\\W\\TNO9HcbW8MDQ9MNWN9MNO5KDXNTN"
"Device"="\\\\.\\lanpSrv"
"DriverPath"="C:\\WINDOWS\\System32\\drivers\\serstapi.sys"
"DriverName"="NetData"
"HideUninstallerName"="C:\\Program Files\\Quicorel\\tcpddraw.exe"
"HDll"="C:\\WINDOWS\\System32\\wscxtray.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.GH2"
"InstallationId"="{Xf94c49c-70c4-7e16-418e-7c13c410c50a}"
"PageFiltering"=dword:00000001
"CrMnTmt"=dword:0036ee80
"ClientName"="C:\\Program Files\\Quicorel\\nbtrexec.exe"
"AutoUpdater"="C:\\WINDOWS\\System32\\srvassam.exe"
"Version"="2.0.131"

************

Removing hidden service:
Service NetData removed.

Removing hidden folder:
Deletion of folder Quicorel succeeded!

Deleting files:

Deletion of file C:\WINDOWS\System32\drivers\serstapi.sys succeeded!
Deletion of file C:\WINDOWS\System32\srvassam.exe succeeded!
Deletion of file C:\WINDOWS\System32\wscxtray.dll succeeded!

Backing up files:
Done!

Removing registry entries:

REGEDIT4

[-HKEY_CURRENT_USER\Software\CC965tGIgXvI]
[-HKEY_CURRENT_USER\Software\CyXQtAymJVE5]
[-HKEY_LOCAL_MACHINE\Software\CC965tGIgXvI]
[-HKEY_LOCAL_MACHINE\Software\CyXQtAymJVE5]

Done!

Finished!

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:25 PM

Posted 29 January 2006 - 10:54 PM

Fix this entry in hjt :

O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\Program Files\QL\qlink32.dll (file missing)


Then post a new hjt log and tell me how the computer is running now.

#15 meflorence

meflorence
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 07 February 2006 - 02:56 PM

Removed the 02-BHO and the computer is working GREAT! I forgot to grab a HJT log from their machine but everything appears to be in order. THANKS SO MUCH.
Best, Mike




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users