Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Log Hjt


  • This topic is locked This topic is locked
124 replies to this topic

#1 MrWutItDew

MrWutItDew

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lafayette
  • Local time:07:50 PM

Posted 20 May 2007 - 12:43 AM

SDFix: Version 1.81

Run by HP_Owner - 07-05-02 - 0:52:18.53

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\HP_Owner\Desktop\VIRUSP~1\SDFix

Safe Mode:
Checking Services:

Name:
Client IP-IPX

ImagePath:
"C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137

Client IP-IPX - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\TASKKILL.EXE - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe - Deleted
C:\Program Files\a.zip - Deleted
C:\Program Files\b.zip - Deleted
C:\Program Files\c.zip - Deleted
C:\Program Files\A.ico - Deleted
C:\Program Files\B.ico - Deleted
C:\Program Files\Setup.exe - Deleted
C:\Program Files\Track_03.exe - Deleted
C:\Program Files\Video.exe - Deleted
C:\Documents and Settings\HP_Owner\Application Data\Install.dat - Deleted
C:\WINDOWS\odbc.INI - Deleted
C:\WINDOWS\system32\install.exe - Deleted
C:\WINDOWS\system32\svchosts.exe - Deleted
C:\WINDOWS\system32\unsvchosts.exe - Deleted



Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\GhostSurf\\GhostSurf.exe"="C:\\Program Files\\GhostSurf\\GhostSurf.exe:*:Disabled:Architecture launch vehicle"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1139729396\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1139729396\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0b\\waol.exe"="C:\\Program Files\\America Online 9.0b\\waol.exe:*:Enabled:America Online 9.0b"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Filetopia3\\Filetopia.exe"="C:\\Program Files\\Filetopia3\\Filetopia.exe:*:Enabled:Filetopia"
"C:\\WINDOWS\\system32\\ntvdm.exe"="C:\\WINDOWS\\system32\\ntvdm.exe:*:Enabled:NTVDM.EXE"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1139729396\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1139729396\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0b\\waol.exe"="C:\\Program Files\\America Online 9.0b\\waol.exe:*:Enabled:America Online 9.0b"


Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\HP_Owner\Desktop\VIRUSP~1\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Documents and Settings\HP_Owner\Application Data\?ssembly\netdde.exe
C:\Program Files\America Online 9.0\aolphx.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\America Online 9.0\RBM.exe
C:\Program Files\America Online 9.0b\aolphx.exe
C:\Program Files\America Online 9.0b\aoltray.exe
C:\Program Files\America Online 9.0b\RBM.exe
C:\Program Files\Common Files\Yazzle1396OinAdmin.exe
C:\Program Files\Common Files\Yazzle1396OinUninstaller.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP581\A0141095.exe
C:\WINDOWS\system32\àppPatch\lsass.exe
C:\WINDOWS\uccspecb.sys
C:\WINDOWS\system32\A79D705817.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11.tmp\root\magnet10\Thumbs.db

Finished


HP_Owner - 07-05-19 1:33:26.15
ComboFix 06.08.30BT - Running from: C:\Program Files

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\HP_Owner\Application Data\SSEMBL~1
C:\QooBox\Purity\Documents and Settings\HP_Owner\Application Data\SSEMBL~1\netdde.exe
C:\QooBox\Purity\Documents and Settings\HP_Owner\Application Data\SSEMBL~1\?ssembly
C:\QooBox\Purity\Documents and Settings\HP_Owner\Application Data\SSEMBL~1\?ssembly\ctxad-552.0000
C:\QooBox\Purity\Documents and Settings\HP_Owner\Application Data\SSEMBL~1\?ssembly\ctxad-552.0001
C:\QooBox\Purity\Program Files\Common Files\FNTS~1
C:\QooBox\Purity\Program Files\Common Files\RACLE~1
C:\QooBox\Purity\WINDOWS\CROSOF~1


((((((((((((((((((((((((((((((( Files Created from 2007-04-19 to 2007-05-19 ))))))))))))))))))))))))))))))))))


2007-05-11 15:25 56 --ahs---- C:\redir.sys
2007-05-11 00:22 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-05-10 23:37 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-05-10 23:16 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-05-10 23:16 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-05-10 23:16 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-05-10 14:42 60,928 --a------ C:\WINDOWS\system32\nhsahlhj.dll
2007-05-06 01:24 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-05-06 01:24 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-05-03 22:42 106,496 --------- C:\WINDOWS\system32\Diomidi.dll
2007-05-03 21:13 90,112 --------- C:\WINDOWS\system32\WinMMFix.dll
2007-05-03 21:13 884,736 --------- C:\WINDOWS\system32\DirectIO.dll
2007-05-03 21:13 540,672 --------- C:\WINDOWS\system32\DSI.dll
2007-05-03 21:13 15,872 --------- C:\WINDOWS\system32\KeyFilter.dll
2007-05-02 00:52 380,416 --a------ C:\WINDOWS\system32\rstrui.exe
2007-05-02 00:24 167 --a------ C:\WINDOWS\system32\6416.bat
2007-05-01 06:59 167 --a------ C:\WINDOWS\system32\1801.bat
2007-04-28 00:45 167 --a------ C:\WINDOWS\system32\3475.bat


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-19 01:35 -------- d-------- C:\Program Files\Common Files
2007-05-16 19:40 -------- d-------- C:\Program Files\SUPERAntiSpyware
2007-05-15 22:54 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-05-11 16:13 -------- d--h----- C:\Program Files\InstallShield Installation Information
2007-05-11 16:13 -------- d-------- C:\Program Files\Digidesign
2007-05-11 15:25 -------- d-------- C:\Program Files\Common Files\PACE Anti-Piracy
2007-05-11 14:35 -------- d-------- C:\Program Files\InterLok
2007-05-11 00:29 -------- d-------- C:\Program Files\Internet Explorer
2007-05-11 00:26 -------- d-------- C:\Program Files\MSXML 6.0
2007-05-11 00:26 -------- d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-10 23:41 -------- d-------- C:\Program Files\MSBuild
2007-05-10 23:38 -------- d-------- C:\Program Files\Reference Assemblies
2007-05-08 23:42 1354 --a------ C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2007-05-06 01:51 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\Wal-Mart Digital Photo Manager
2007-05-02 19:52 -------- d-------- C:\Program Files\Outerinfo
2007-05-02 01:11 -------- d-------- C:\Program Files\HijackThis
2007-05-02 00:23 32768 --a------ C:\WINDOWS\system32\setup9x.exe
2007-05-02 00:22 78360 --a------ C:\Program Files\uy.exe
2007-04-28 00:44 203149 --a------ C:\WINDOWS\system32\ap.exe
2007-04-19 21:39 -------- d-------- C:\Program Files\Filetopia3
2007-04-14 00:39 167 --a------ C:\WINDOWS\system32\4020.bat
2007-04-13 17:54 769 --a------ C:\WINDOWS\smdat32a.sys
2007-04-13 17:43 10 --a------ C:\WINDOWS\smdat32m.sys
2007-04-13 17:43 -------- d-------- C:\Program Files\Altnet
2007-04-12 00:37 167 --a------ C:\WINDOWS\system32\4914.bat
2007-04-05 00:53 167 --a------ C:\WINDOWS\system32\9931.bat
2007-04-01 10:18 167 --a------ C:\WINDOWS\system32\4754.bat
2007-03-31 20:53 -------- d-------- C:\Program Files\Unlocker
2007-03-31 13:52 167 --a------ C:\WINDOWS\system32\1471.bat
2007-03-31 13:30 -------- d-------- C:\Program Files\Cakewalk
2007-03-31 09:15 167 --a------ C:\WINDOWS\system32\8219.bat
2007-03-29 22:15 167 --a------ C:\WINDOWS\system32\4628.bat
2007-03-29 15:54 167 --a------ C:\WINDOWS\system32\4463.bat
2007-03-29 15:39 167 --a------ C:\WINDOWS\system32\4714.bat
2007-03-29 15:24 167 --a------ C:\WINDOWS\system32\8105.bat
2007-03-29 15:09 167 --a------ C:\WINDOWS\system32\3224.bat
2007-03-29 14:54 167 --a------ C:\WINDOWS\system32\7229.bat
2007-03-29 14:39 167 --a------ C:\WINDOWS\system32\7401.bat
2007-03-29 14:24 167 --a------ C:\WINDOWS\system32\1251.bat
2007-03-29 14:09 167 --a------ C:\WINDOWS\system32\4788.bat
2007-03-29 13:54 167 --a------ C:\WINDOWS\system32\7561.bat
2007-03-29 13:39 167 --a------ C:\WINDOWS\system32\8294.bat
2007-03-29 13:24 167 --a------ C:\WINDOWS\system32\8893.bat
2007-03-29 13:09 167 --a------ C:\WINDOWS\system32\2182.bat
2007-03-29 11:06 167 --a------ C:\WINDOWS\system32\7922.bat
2007-03-29 10:51 167 --a------ C:\WINDOWS\system32\2899.bat
2007-03-29 10:36 167 --a------ C:\WINDOWS\system32\5870.bat
2007-03-29 10:21 167 --a------ C:\WINDOWS\system32\3652.bat
2007-03-29 10:06 167 --a------ C:\WINDOWS\system32\1581.bat
2007-03-29 09:51 167 --a------ C:\WINDOWS\system32\7447.bat
2007-03-29 09:36 167 --a------ C:\WINDOWS\system32\8741.bat
2007-03-29 09:21 167 --a------ C:\WINDOWS\system32\4835.bat
2007-03-29 09:06 167 --a------ C:\WINDOWS\system32\3859.bat
2007-03-29 08:51 167 --a------ C:\WINDOWS\system32\8790.bat
2007-03-28 22:53 -------- d-------- C:\Program Files\RegCure
2007-03-28 20:05 167 --a------ C:\WINDOWS\system32\8200.bat
2007-03-28 19:50 167 --a------ C:\WINDOWS\system32\1707.bat
2007-03-28 19:35 167 --a------ C:\WINDOWS\system32\6218.bat
2007-03-28 19:20 167 --a------ C:\WINDOWS\system32\7488.bat
2007-03-28 19:05 167 --a------ C:\WINDOWS\system32\7884.bat
2007-03-28 18:50 167 --a------ C:\WINDOWS\system32\5559.bat
2007-03-28 18:35 167 --a------ C:\WINDOWS\system32\7923.bat
2007-03-28 18:20 167 --a------ C:\WINDOWS\system32\3993.bat
2007-03-28 18:05 167 --a------ C:\WINDOWS\system32\8777.bat
2007-03-28 17:50 167 --a------ C:\WINDOWS\system32\9284.bat
2007-03-28 17:35 167 --a------ C:\WINDOWS\system32\1598.bat
2007-03-28 17:20 167 --a------ C:\WINDOWS\system32\7846.bat
2007-03-28 17:05 167 --a------ C:\WINDOWS\system32\2510.bat
2007-03-28 16:50 167 --a------ C:\WINDOWS\system32\3683.bat
2007-03-28 16:35 167 --a------ C:\WINDOWS\system32\4443.bat
2007-03-28 16:20 167 --a------ C:\WINDOWS\system32\8977.bat
2007-03-28 16:05 167 --a------ C:\WINDOWS\system32\4101.bat
2007-03-28 15:50 167 --a------ C:\WINDOWS\system32\2920.bat
2007-03-28 15:35 167 --a------ C:\WINDOWS\system32\4827.bat
2007-03-28 15:20 167 --a------ C:\WINDOWS\system32\8924.bat
2007-03-28 15:05 167 --a------ C:\WINDOWS\system32\9652.bat
2007-03-28 14:50 167 --a------ C:\WINDOWS\system32\1667.bat
2007-03-28 14:35 167 --a------ C:\WINDOWS\system32\4082.bat
2007-03-28 14:20 167 --a------ C:\WINDOWS\system32\8643.bat
2007-03-28 14:05 167 --a------ C:\WINDOWS\system32\2777.bat
2007-03-28 13:50 167 --a------ C:\WINDOWS\system32\7337.bat
2007-03-28 13:35 167 --a------ C:\WINDOWS\system32\2382.bat
2007-03-28 13:20 167 --a------ C:\WINDOWS\system32\8577.bat
2007-03-28 13:05 167 --a------ C:\WINDOWS\system32\5563.bat
2007-03-28 12:50 167 --a------ C:\WINDOWS\system32\1609.bat
2007-03-28 12:35 167 --a------ C:\WINDOWS\system32\4660.bat
2007-03-28 12:20 167 --a------ C:\WINDOWS\system32\4659.bat
2007-03-28 12:05 167 --a------ C:\WINDOWS\system32\5206.bat
2007-03-28 11:50 167 --a------ C:\WINDOWS\system32\1070.bat
2007-03-28 11:35 167 --a------ C:\WINDOWS\system32\7826.bat
2007-03-28 11:20 167 --a------ C:\WINDOWS\system32\2358.bat
2007-03-28 11:05 167 --a------ C:\WINDOWS\system32\7432.bat
2007-03-28 10:50 167 --a------ C:\WINDOWS\system32\4418.bat
2007-03-28 10:35 167 --a------ C:\WINDOWS\system32\2734.bat
2007-03-28 10:20 167 --a------ C:\WINDOWS\system32\1197.bat
2007-03-28 10:05 167 --a------ C:\WINDOWS\system32\1778.bat
2007-03-28 09:50 167 --a------ C:\WINDOWS\system32\1574.bat
2007-03-28 09:35 167 --a------ C:\WINDOWS\system32\5521.bat
2007-03-28 09:20 167 --a------ C:\WINDOWS\system32\9593.bat
2007-03-28 09:05 167 --a------ C:\WINDOWS\system32\6755.bat
2007-03-28 08:50 167 --a------ C:\WINDOWS\system32\7614.bat
2007-03-28 08:35 167 --a------ C:\WINDOWS\system32\6439.bat
2007-03-28 08:20 167 --a------ C:\WINDOWS\system32\8393.bat
2007-03-28 08:05 167 --a------ C:\WINDOWS\system32\1136.bat
2007-03-28 07:50 167 --a------ C:\WINDOWS\system32\7815.bat
2007-03-28 07:35 167 --a------ C:\WINDOWS\system32\9239.bat
2007-03-28 07:20 167 --a------ C:\WINDOWS\system32\6469.bat
2007-03-28 07:05 167 --a------ C:\WINDOWS\system32\3923.bat
2007-03-28 06:50 167 --a------ C:\WINDOWS\system32\6088.bat
2007-03-28 06:35 167 --a------ C:\WINDOWS\system32\3502.bat
2007-03-28 06:20 167 --a------ C:\WINDOWS\system32\7753.bat
2007-03-28 06:04 167 --a------ C:\WINDOWS\system32\3252.bat
2007-03-28 05:49 167 --a------ C:\WINDOWS\system32\7661.bat
2007-03-28 05:34 167 --a------ C:\WINDOWS\system32\2884.bat
2007-03-28 05:19 167 --a------ C:\WINDOWS\system32\4770.bat
2007-03-28 05:04 167 --a------ C:\WINDOWS\system32\2169.bat
2007-03-28 04:49 167 --a------ C:\WINDOWS\system32\6367.bat
2007-03-28 04:34 167 --a------ C:\WINDOWS\system32\4019.bat
2007-03-28 04:19 167 --a------ C:\WINDOWS\system32\4850.bat
2007-03-28 04:04 167 --a------ C:\WINDOWS\system32\3473.bat
2007-03-28 03:49 167 --a------ C:\WINDOWS\system32\7019.bat
2007-03-28 03:34 167 --a------ C:\WINDOWS\system32\1039.bat
2007-03-28 03:19 167 --a------ C:\WINDOWS\system32\9619.bat
2007-03-28 03:04 167 --a------ C:\WINDOWS\system32\5990.bat
2007-03-28 02:49 167 --a------ C:\WINDOWS\system32\5622.bat
2007-03-28 02:34 167 --a------ C:\WINDOWS\system32\4859.bat
2007-03-28 02:19 167 --a------ C:\WINDOWS\system32\7841.bat
2007-03-28 02:04 167 --a------ C:\WINDOWS\system32\8548.bat
2007-03-28 01:49 167 --a------ C:\WINDOWS\system32\3285.bat
2007-03-28 01:34 167 --a------ C:\WINDOWS\system32\6462.bat
2007-03-28 01:19 167 --a------ C:\WINDOWS\system32\8371.bat
2007-03-28 01:18 -------- d-------- C:\Program Files\PeerGuardian pr14
2007-03-28 01:04 167 --a------ C:\WINDOWS\system32\2327.bat
2007-03-28 00:49 167 --a------ C:\WINDOWS\system32\8057.bat
2007-03-28 00:34 167 --a------ C:\WINDOWS\system32\5998.bat
2007-03-28 00:19 167 --a------ C:\WINDOWS\system32\4962.bat
2007-03-28 00:04 167 --a------ C:\WINDOWS\system32\5253.bat
2007-03-27 23:49 167 --a------ C:\WINDOWS\system32\4236.bat
2007-03-27 23:34 167 --a------ C:\WINDOWS\system32\6753.bat
2007-03-27 23:19 167 --a------ C:\WINDOWS\system32\1088.bat
2007-03-27 23:03 167 --a------ C:\WINDOWS\system32\2975.bat
2007-03-27 22:48 167 --a------ C:\WINDOWS\system32\9128.bat
2007-03-27 22:33 167 --a------ C:\WINDOWS\system32\1754.bat
2007-03-27 22:18 167 --a------ C:\WINDOWS\system32\9315.bat
2007-03-27 22:03 167 --a------ C:\WINDOWS\system32\4091.bat
2007-03-27 21:48 167 --a------ C:\WINDOWS\system32\1389.bat
2007-03-27 21:33 167 --a------ C:\WINDOWS\system32\1679.bat
2007-03-27 21:18 167 --a------ C:\WINDOWS\system32\1120.bat
2007-03-27 21:03 167 --a------ C:\WINDOWS\system32\9704.bat
2007-03-27 20:48 167 --a------ C:\WINDOWS\system32\7563.bat
2007-03-27 20:33 167 --a------ C:\WINDOWS\system32\7004.bat
2007-03-27 20:18 167 --a------ C:\WINDOWS\system32\2514.bat
2007-03-27 20:03 167 --a------ C:\WINDOWS\system32\2657.bat
2007-03-27 19:48 167 --a------ C:\WINDOWS\system32\2204.bat
2007-03-27 19:33 167 --a------ C:\WINDOWS\system32\2495.bat
2007-03-27 19:18 167 --a------ C:\WINDOWS\system32\1931.bat
2007-03-27 19:03 167 --a------ C:\WINDOWS\system32\1514.bat
2007-03-27 18:48 167 --a------ C:\WINDOWS\system32\5000.bat
2007-03-27 18:33 167 --a------ C:\WINDOWS\system32\6412.bat
2007-03-27 18:18 167 --a------ C:\WINDOWS\system32\6703.bat
2007-03-27 18:03 167 --a------ C:\WINDOWS\system32\1073.bat
2007-03-27 17:48 167 --a------ C:\WINDOWS\system32\1267.bat
2007-03-27 17:33 167 --a------ C:\WINDOWS\system32\9435.bat
2007-03-27 17:18 167 --a------ C:\WINDOWS\system32\6136.bat
2007-03-27 17:03 167 --a------ C:\WINDOWS\system32\3834.bat
2007-03-27 16:48 167 --a------ C:\WINDOWS\system32\3471.bat
2007-03-27 16:33 167 --a------ C:\WINDOWS\system32\7754.bat
2007-03-27 16:18 167 --a------ C:\WINDOWS\system32\9906.bat
2007-03-27 16:03 167 --a------ C:\WINDOWS\system32\2547.bat
2007-03-27 15:48 167 --a------ C:\WINDOWS\system32\6724.bat
2007-03-27 15:33 167 --a------ C:\WINDOWS\system32\9497.bat
2007-03-27 15:18 167 --a------ C:\WINDOWS\system32\8012.bat
2007-03-27 15:03 167 --a------ C:\WINDOWS\system32\2555.bat
2007-03-27 14:48 167 --a------ C:\WINDOWS\system32\6706.bat
2007-03-27 14:33 167 --a------ C:\WINDOWS\system32\8817.bat
2007-03-27 14:18 167 --a------ C:\WINDOWS\system32\6873.bat
2007-03-27 14:03 167 --a------ C:\WINDOWS\system32\5750.bat
2007-03-27 13:47 167 --a------ C:\WINDOWS\system32\4265.bat
2007-03-27 13:32 167 --a------ C:\WINDOWS\system32\7809.bat
2007-03-27 13:17 167 --a------ C:\WINDOWS\system32\9691.bat
2007-03-27 13:02 167 --a------ C:\WINDOWS\system32\6319.bat
2007-03-27 12:47 167 --a------ C:\WINDOWS\system32\6892.bat
2007-03-27 12:32 167 --a------ C:\WINDOWS\system32\5916.bat
2007-03-27 12:17 167 --a------ C:\WINDOWS\system32\5560.bat
2007-03-27 12:02 167 --a------ C:\WINDOWS\system32\4023.bat
2007-03-27 11:47 167 --a------ C:\WINDOWS\system32\4070.bat
2007-03-27 11:32 167 --a------ C:\WINDOWS\system32\2533.bat
2007-03-27 11:17 167 --a------ C:\WINDOWS\system32\9850.bat
2007-03-27 11:02 167 --a------ C:\WINDOWS\system32\1201.bat
2007-03-27 10:47 167 --a------ C:\WINDOWS\system32\6274.bat
2007-03-27 10:32 167 --a------ C:\WINDOWS\system32\8685.bat
2007-03-27 10:17 167 --a------ C:\WINDOWS\system32\4757.bat
2007-03-27 10:02 167 --a------ C:\WINDOWS\system32\8501.bat
2007-03-27 09:47 167 --a------ C:\WINDOWS\system32\5134.bat
2007-03-27 09:32 167 --a------ C:\WINDOWS\system32\8659.bat
2007-03-27 09:17 167 --a------ C:\WINDOWS\system32\7965.bat
2007-03-27 09:02 167 --a------ C:\WINDOWS\system32\1629.bat
2007-03-27 08:47 167 --a------ C:\WINDOWS\system32\1007.bat
2007-03-27 08:32 167 --a------ C:\WINDOWS\system32\4333.bat
2007-03-27 08:17 167 --a------ C:\WINDOWS\system32\4955.bat
2007-03-27 08:02 167 --a------ C:\WINDOWS\system32\4665.bat
2007-03-27 07:47 167 --a------ C:\WINDOWS\system32\1154.bat
2007-03-27 07:32 167 --a------ C:\WINDOWS\system32\4230.bat
2007-03-27 07:17 167 --a------ C:\WINDOWS\system32\5154.bat
2007-03-27 07:02 167 --a------ C:\WINDOWS\system32\5812.bat
2007-03-27 06:47 167 --a------ C:\WINDOWS\system32\5707.bat
2007-03-27 06:32 167 --a------ C:\WINDOWS\system32\6540.bat
2007-03-27 05:57 167 --a------ C:\WINDOWS\system32\9011.bat
2007-03-27 05:42 167 --a------ C:\WINDOWS\system32\6254.bat
2007-03-27 05:27 167 --a------ C:\WINDOWS\system32\9251.bat
2007-03-27 05:12 167 --a------ C:\WINDOWS\system32\1372.bat
2007-03-27 04:57 167 --a------ C:\WINDOWS\system32\1121.bat
2007-03-27 04:42 167 --a------ C:\WINDOWS\system32\4066.bat
2007-03-27 04:27 167 --a------ C:\WINDOWS\system32\5690.bat
2007-03-27 04:12 167 --a------ C:\WINDOWS\system32\4753.bat
2007-03-27 03:57 167 --a------ C:\WINDOWS\system32\7835.bat
2007-03-27 03:42 167 --a------ C:\WINDOWS\system32\7051.bat
2007-03-27 03:27 167 --a------ C:\WINDOWS\system32\3744.bat
2007-03-27 03:12 167 --a------ C:\WINDOWS\system32\5139.bat
2007-03-27 02:56 167 --a------ C:\WINDOWS\system32\1205.bat
2007-03-27 02:41 167 --a------ C:\WINDOWS\system32\7689.bat
2007-03-27 02:26 167 --a------ C:\WINDOWS\system32\5598.bat
2007-03-27 02:11 167 --a------ C:\WINDOWS\system32\3454.bat
2007-03-27 01:56 167 --a------ C:\WINDOWS\system32\5121.bat
2007-03-27 01:41 167 --a------ C:\WINDOWS\system32\8608.bat
2007-03-27 01:26 167 --a------ C:\WINDOWS\system32\8346.bat
2007-03-27 01:11 167 --a------ C:\WINDOWS\system32\9868.bat
2007-03-27 00:56 167 --a------ C:\WINDOWS\system32\7457.bat
2007-03-27 00:41 167 --a------ C:\WINDOWS\system32\9438.bat
2007-03-27 00:26 167 --a------ C:\WINDOWS\system32\6564.bat
2007-03-26 23:36 167 --a------ C:\WINDOWS\system32\3226.bat
2007-03-25 22:40 -------- d-------- C:\Program Files\WinRAR
2007-03-24 19:46 -------- d-------- C:\Program Files\Absolute Poker Basic
2007-03-24 15:51 114 --a------ C:\WINDOWS\system32\hhjj.bat
2007-03-23 22:17 128 --a------ C:\WINDOWS\system32\lo.exe
2007-03-23 15:05 -------- d-------- C:\Program Files\Outlook Express
2007-03-23 15:05 -------- d-------- C:\Program Files\Common Files\System
2007-03-23 01:17 29 --a------ C:\Documents and Settings\HP_Owner\Application Data\Dxccwrd.dll
2007-03-23 00:55 -------- d-------- C:\Program Files\MSN Gaming Zone
2007-03-23 00:52 826971 --a------ C:\Documents and Settings\HP_Owner\Application Data\Dxcknwrd.dll
2007-03-23 00:50 93736 --a------ C:\WINDOWS\VTTC.exe
2007-03-23 00:50 41792 --a------ C:\WINDOWS\system32\app.exe
2007-03-23 00:47 147456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-03-23 00:43 201 --a------ C:\WINDOWS\system32\q.bat
2007-03-22 06:04 -------- d-------- C:\Program Files\Movie Maker
2007-03-19 13:30 60928 --a------ C:\WINDOWS\system32\xgayze.dll
2007-03-17 08:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 10:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 10:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 10:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 08:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-28 04:10 2180352 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 03:38 2057600 --a------ C:\WINDOWS\system32\ntkrnlpa.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DigidesignMMERefresh"="C:\\Program Files\\Digidesign\\Drivers\\MMERefresh.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"Srro"="\"C:\\WINDOWS\\system32\\PPPATC~1\\lsass.exe\" -vt yazb"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"NoActiveDesktop"=dword:00000000
"ClassicShell"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000
"EditLevel"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoFileMenu"=dword:00000000
"NoCommonGroups"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/05-D3852.jpg"
"SubscribedURL"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/05-D3852.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,00,00,00,00,00,00,00,00,00,05,00,00,dd,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:02,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,6d,02,00,00,0a,00,00,00,92,02,00,00,e7,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,6c,02,00,00,1c,00,00,00,92,02,00,00,e7,01,\
00,00,01,00,00,40

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\ComPlus Applications\\sasojyg.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00000000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="C:\\Program Files\\NetMeeting\\quqegodod.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00000000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ec,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\3]
"Source"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/25-D4737.jpg"
"SubscribedURL"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/25-D4737.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,6c,02,00,00,f4,01,00,00,91,02,00,00,ea,01,00,00,ee,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,6c,02,00,00,f4,01,00,00,91,02,00,00,ea,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,ba,04,41,c0,b4,74,50,07,48,05,68,de,ba,04,20,6d,\
ba,04,65,87,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\4]
"Source"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/03-D3993.jpg"
"SubscribedURL"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/03-D3993.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,02,00,00,00,0a,00,00,00,69,02,00,00,e6,01,00,00,f0,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,02,00,00,00,0a,00,00,00,69,02,00,00,e6,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,ef,06,41,c0,b4,74,40,c2,af,02,68,de,ef,06,20,6d,\
ef,06,65,87,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\5]
"Source"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/01-D5107.jpg"
"SubscribedURL"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/01-D5107.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,d1,ff,ff,ff,93,01,00,00,66,02,00,00,ea,01,00,00,f2,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,d1,ff,ff,ff,93,01,00,00,66,02,00,00,ea,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,ad,06,41,c0,b4,74,40,c2,af,02,68,de,ad,06,20,6d,\
ad,06,65,87,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\6]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,2c,01,00,00,01,00,00,00,d4,03,00,00,dc,03,00,00,f4,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,2c,01,00,00,00,00,00,00,d4,03,00,00,dd,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,2c,01,00,00,00,00,00,00,d4,03,00,00,dd,03,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{a5780613-492e-4a2a-a7fd-549610edf6cc}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
"backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0B\\aoltray.exe -check"
"item"="America Online 9.0 Tray Icon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
"backup"="C:\\WINDOWS\\pss\\AOL Companion.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AOLCOM~1\\COMPAN~1.EXE /s"
"item"="AOL Companion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
"backup"="C:\\WINDOWS\\pss\\Logitech SetPoint.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\SetPoint\\SetPoint.exe "
"item"="Logitech SetPoint"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^mboty.exe]
"location"="Common Startup"
"item"="mboty"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"backup"="C:\\WINDOWS\\pss\\LimeWire On Startup.lnkStartup"
"location"="Startup"
"item"="LimeWire On Startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ACTX1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="v1201"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ad8rIU3s]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cvn0"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOL Spyware Protection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BellSouthAlertManager.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BellSouthAlertManager"
"hkey"="HKLM"
"command"="C:\\Program Files\\BellSouth\\Alert Manager\\BellSouthAlertManager.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndrff_9"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DigidesignMMERefresh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MMERefresh"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLHostManager"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1139729396\\ee\\AOLHostManager.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ifqd59c0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w1180175.dll,n 002d59be000000031180175"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\k6mmN5IOU]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wfxqhv"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kybrdff_9"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"="\\Program\\"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\masqform.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="masqform"
"hkey"="HKLM"
"command"="C:\\Program Files\\PureEdge\\Viewer 6.0\\masqform.exe -UpdateCurrentUser"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\McRegWiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcregwiz"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcupdate"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MediaLifeService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MediaLifeService"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Logitech\\MediaLife\\MediaLifeService.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mm_tray"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MpfTray"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ms05765249179]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ms05765249179"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mukr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mukrm"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MySpaceIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MySpaceIM"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwnmff_9"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\outlook]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="outlook"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\pinlt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ttdsss"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\psjbadmA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="psjbadmA"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Pure Networks Port Magic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PortAOL"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Spyware Doctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swdoctor"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SurfSideKick 3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ssk"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\tgcmd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hcenter"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Support.com\\BellSouth\\hcenter.exe\" /starthidden /tgcmdwrapper"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TheMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SYSC00"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\tlhksq]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ttdsss"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\w118371b.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w118371b.dll,I2 002d59be0118371b"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\winlog]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winlog"
"hkey"="HKLM"
"command"="winlog.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\winupdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winupdate"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\Scheduled Checkpoint.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\XoftSpySE.job

Completion time: 07-05-19 1:35:22.67
ComboFix.txt
ComboFix2.txt

BC AdBot (Login to Remove)

 


#2 MrWutItDew

MrWutItDew
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lafayette
  • Local time:07:50 PM

Posted 20 May 2007 - 12:44 AM

Logfile of HijackThis v1.99.1
Scan saved at 01:40, on 07-05-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\PPPATC~1\lsass.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1139729396\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1139729396\ee\AOLServiceHost.exe
C:\WINDOWS\?dobe\n?tepad.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://myspace.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {17EBDD17-1680-3721-F049-1AE336E0F8EC} - C:\WINDOWS\system32\nhsahlhj.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Srro] "C:\WINDOWS\system32\PPPATC~1\lsass.exe" -vt yazb
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\HP_Owner\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\HP_Owner\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...302/Coupons.cab
O18 - Protocol: bw+0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - (no file)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Logitech, Inc. - (no file)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Security - (no file)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#3 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:50 AM

Posted 22 May 2007 - 01:59 PM

Please delete your current copy of combofix

Download the latest version of ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#4 MrWutItDew

MrWutItDew
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lafayette
  • Local time:07:50 PM

Posted 29 May 2007 - 12:12 AM

"HP_Owner" - 2007-05-28 0:54:55 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\HP_Owner\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\DOCUME~1\HP_Owner\APPLIC~1\Dxccwrd.dll"
"C:\DOCUME~1\HP_Owner\APPLIC~1\Dxcknwrd.dll"
"C:\Program Files\outerinfo\OiUninstaller.exe"
"C:\Program Files\outerinfo\outerinfo.ico"
"C:\Program Files\outerinfo\Terms.rtf"
"C:\WINDOWS\system32\bund1\ClientBundle1.exe"
"C:\WINDOWS\system32\bund1\temp.txt"
"C:\DOCUME~1\HP_Owner\Desktop\internet.lnk"
"C:\WINDOWS\VTTC.exe"
"C:\Program Files\outerinfo"
"C:\WINDOWS\system32\bund1"


((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-28 ))))))))))))))))))))))))))))))))))


2007-05-19 01:29 110,141,098 --a------ C:\Documents and Settings\HP_Owner\registry.reg
2007-05-19 01:29 110,141,098 --a------ C:\DOCUME~1\HP_Owner\registry.reg
2007-05-11 15:25 56 --ahs---- C:\redir.sys
2007-05-11 15:25 <DIR> d--h----- C:\WINDOWS\page files
2007-05-11 15:25 <DIR> d-------- C:\Program Files\Common Files\PACE Anti-Piracy
2007-05-11 15:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PACE Anti-Piracy
2007-05-11 15:25 <DIR> d-------- C:\Digidesign Databases
2007-05-11 14:35 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-05-11 14:35 <DIR> d-------- C:\Program Files\InterLok
2007-05-11 00:26 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-05-11 00:26 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-11 00:21 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-05-10 23:41 <DIR> d-------- C:\Program Files\MSBuild
2007-05-10 23:38 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-05-10 23:38 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-05-10 23:37 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-05-10 23:37 <DIR> d-------- C:\4127e2872d563c55a13f
2007-05-10 23:16 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-05-10 23:16 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-05-10 23:16 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-05-10 14:42 60,928 --a------ C:\WINDOWS\system32\nhsahlhj.dll
2007-05-10 14:42 <DIR> d-------- C:\WINDOWS\àdobe
2007-05-06 01:24 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-05-06 01:24 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-05-03 22:42 20,992 --------- C:\WINDOWS\system32\drivers\DigiFilter.sys
2007-05-03 22:42 106,496 --------- C:\WINDOWS\system32\Diomidi.dll
2007-05-03 21:13 90,112 --------- C:\WINDOWS\system32\WinMMFix.dll
2007-05-03 21:13 884,736 --------- C:\WINDOWS\system32\DirectIO.dll
2007-05-03 21:13 540,672 --------- C:\WINDOWS\system32\DSI.dll
2007-05-03 21:13 15,872 --------- C:\WINDOWS\system32\KeyFilter.dll
2007-05-02 00:52 380,416 --a------ C:\WINDOWS\system32\rstrui.exe
2007-05-02 00:24 167 --a------ C:\WINDOWS\system32\6416.bat
2007-05-01 06:59 167 --a------ C:\WINDOWS\system32\1801.bat
2007-04-28 00:45 167 --a------ C:\WINDOWS\system32\3475.bat


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-28 05:57:05 -------- d-----w C:\Program Files\SUPERAntiSpyware
2007-05-25 00:14:25 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-18 05:00:43 39 ----a-w C:\WINDOWS\popcinfo.dat
2007-05-11 21:13:41 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-11 21:13:28 -------- d-----w C:\Program Files\Digidesign
2007-05-09 04:42:53 1,354 ----a-w C:\DOCUME~1\HP_Owner\APPLIC~1\wklnhst.dat
2007-05-06 06:51:56 -------- d-----w C:\DOCUME~1\HP_Owner\APPLIC~1\Wal-Mart Digital Photo Manager
2007-05-02 05:23:37 32,768 ----a-w C:\WINDOWS\system32\setup9x.exe
2007-05-02 05:22:55 78,360 ----a-w C:\Program Files\uy.exe
2007-04-28 05:44:57 203,149 ----a-w C:\WINDOWS\system32\ap.exe
2007-04-20 02:39:08 -------- d-----w C:\Program Files\Filetopia3
2007-04-14 05:39:38 167 ----a-w C:\WINDOWS\system32\4020.bat
2007-04-13 22:54:47 769 ----a-w C:\WINDOWS\smdat32a.sys
2007-04-13 22:43:44 10 ----a-w C:\WINDOWS\smdat32m.sys
2007-04-13 22:43:44 -------- d-----w C:\Program Files\Altnet
2007-04-12 05:37:38 167 ----a-w C:\WINDOWS\system32\4914.bat
2007-04-05 05:53:20 167 ----a-w C:\WINDOWS\system32\9931.bat
2007-04-01 15:18:56 167 ----a-w C:\WINDOWS\system32\4754.bat
2007-03-31 18:52:30 167 ----a-w C:\WINDOWS\system32\1471.bat
2007-03-31 18:30:46 -------- d-----w C:\Program Files\Cakewalk
2007-03-31 14:15:54 167 ----a-w C:\WINDOWS\system32\8219.bat
2007-03-30 03:15:55 167 ----a-w C:\WINDOWS\system32\4628.bat
2007-03-29 20:54:24 167 ----a-w C:\WINDOWS\system32\4463.bat
2007-03-29 20:39:23 167 ----a-w C:\WINDOWS\system32\4714.bat
2007-03-29 20:24:22 167 ----a-w C:\WINDOWS\system32\8105.bat
2007-03-29 20:09:21 167 ----a-w C:\WINDOWS\system32\3224.bat
2007-03-29 19:54:20 167 ----a-w C:\WINDOWS\system32\7229.bat
2007-03-29 19:39:19 167 ----a-w C:\WINDOWS\system32\7401.bat
2007-03-29 19:24:18 167 ----a-w C:\WINDOWS\system32\1251.bat
2007-03-29 19:09:17 167 ----a-w C:\WINDOWS\system32\4788.bat
2007-03-29 18:54:16 167 ----a-w C:\WINDOWS\system32\7561.bat
2007-03-29 18:39:15 167 ----a-w C:\WINDOWS\system32\8294.bat
2007-03-29 18:24:14 167 ----a-w C:\WINDOWS\system32\8893.bat
2007-03-29 18:09:13 167 ----a-w C:\WINDOWS\system32\2182.bat
2007-03-29 16:06:18 167 ----a-w C:\WINDOWS\system32\7922.bat
2007-03-29 15:51:17 167 ----a-w C:\WINDOWS\system32\2899.bat
2007-03-29 15:36:16 167 ----a-w C:\WINDOWS\system32\5870.bat
2007-03-29 15:21:15 167 ----a-w C:\WINDOWS\system32\3652.bat
2007-03-29 15:06:14 167 ----a-w C:\WINDOWS\system32\1581.bat
2007-03-29 14:51:14 167 ----a-w C:\WINDOWS\system32\7447.bat
2007-03-29 14:36:13 167 ----a-w C:\WINDOWS\system32\8741.bat
2007-03-29 14:21:12 167 ----a-w C:\WINDOWS\system32\4835.bat
2007-03-29 14:06:11 167 ----a-w C:\WINDOWS\system32\3859.bat
2007-03-29 13:51:12 167 ----a-w C:\WINDOWS\system32\8790.bat
2007-03-29 03:53:45 -------- d-----w C:\Program Files\RegCure
2007-03-29 01:05:48 167 ----a-w C:\WINDOWS\system32\8200.bat
2007-03-29 00:50:46 167 ----a-w C:\WINDOWS\system32\1707.bat
2007-03-29 00:35:45 167 ----a-w C:\WINDOWS\system32\6218.bat
2007-03-29 00:20:44 167 ----a-w C:\WINDOWS\system32\7488.bat
2007-03-29 00:05:44 167 ----a-w C:\WINDOWS\system32\7884.bat
2007-03-28 23:50:42 167 ----a-w C:\WINDOWS\system32\5559.bat
2007-03-28 23:35:42 167 ----a-w C:\WINDOWS\system32\7923.bat
2007-03-28 23:20:41 167 ----a-w C:\WINDOWS\system32\3993.bat
2007-03-28 23:05:40 167 ----a-w C:\WINDOWS\system32\8777.bat
2007-03-28 22:50:39 167 ----a-w C:\WINDOWS\system32\9284.bat
2007-03-28 22:35:38 167 ----a-w C:\WINDOWS\system32\1598.bat
2007-03-28 22:20:37 167 ----a-w C:\WINDOWS\system32\7846.bat
2007-03-28 22:05:37 167 ----a-w C:\WINDOWS\system32\2510.bat
2007-03-28 21:50:36 167 ----a-w C:\WINDOWS\system32\3683.bat
2007-03-28 21:35:35 167 ----a-w C:\WINDOWS\system32\4443.bat
2007-03-28 21:20:34 167 ----a-w C:\WINDOWS\system32\8977.bat
2007-03-28 21:05:33 167 ----a-w C:\WINDOWS\system32\4101.bat
2007-03-28 20:50:32 167 ----a-w C:\WINDOWS\system32\2920.bat
2007-03-28 20:35:31 167 ----a-w C:\WINDOWS\system32\4827.bat
2007-03-28 20:20:31 167 ----a-w C:\WINDOWS\system32\8924.bat
2007-03-28 20:05:30 167 ----a-w C:\WINDOWS\system32\9652.bat
2007-03-28 19:50:28 167 ----a-w C:\WINDOWS\system32\1667.bat
2007-03-28 19:35:27 167 ----a-w C:\WINDOWS\system32\4082.bat
2007-03-28 19:20:26 167 ----a-w C:\WINDOWS\system32\8643.bat
2007-03-28 19:05:26 167 ----a-w C:\WINDOWS\system32\2777.bat
2007-03-28 18:50:25 167 ----a-w C:\WINDOWS\system32\7337.bat
2007-03-28 18:35:24 167 ----a-w C:\WINDOWS\system32\2382.bat
2007-03-28 18:20:23 167 ----a-w C:\WINDOWS\system32\8577.bat
2007-03-28 18:05:23 167 ----a-w C:\WINDOWS\system32\5563.bat
2007-03-28 17:50:22 167 ----a-w C:\WINDOWS\system32\1609.bat
2007-03-28 17:35:21 167 ----a-w C:\WINDOWS\system32\4660.bat
2007-03-28 17:20:20 167 ----a-w C:\WINDOWS\system32\4659.bat
2007-03-28 17:05:19 167 ----a-w C:\WINDOWS\system32\5206.bat
2007-03-28 16:50:19 167 ----a-w C:\WINDOWS\system32\1070.bat
2007-03-28 16:35:18 167 ----a-w C:\WINDOWS\system32\7826.bat
2007-03-28 16:20:17 167 ----a-w C:\WINDOWS\system32\2358.bat
2007-03-28 16:05:16 167 ----a-w C:\WINDOWS\system32\7432.bat
2007-03-28 15:50:16 167 ----a-w C:\WINDOWS\system32\4418.bat
2007-03-28 15:35:15 167 ----a-w C:\WINDOWS\system32\2734.bat
2007-03-28 15:20:14 167 ----a-w C:\WINDOWS\system32\1197.bat
2007-03-28 15:05:13 167 ----a-w C:\WINDOWS\system32\1778.bat
2007-03-28 14:50:13 167 ----a-w C:\WINDOWS\system32\1574.bat
2007-03-28 14:35:12 167 ----a-w C:\WINDOWS\system32\5521.bat
2007-03-28 14:20:11 167 ----a-w C:\WINDOWS\system32\9593.bat
2007-03-28 14:05:09 167 ----a-w C:\WINDOWS\system32\6755.bat
2007-03-28 13:50:08 167 ----a-w C:\WINDOWS\system32\7614.bat
2007-03-28 13:35:06 167 ----a-w C:\WINDOWS\system32\6439.bat
2007-03-28 13:20:05 167 ----a-w C:\WINDOWS\system32\8393.bat
2007-03-28 13:05:04 167 ----a-w C:\WINDOWS\system32\1136.bat
2007-03-28 12:50:04 167 ----a-w C:\WINDOWS\system32\7815.bat
2007-03-28 12:35:03 167 ----a-w C:\WINDOWS\system32\9239.bat
2007-03-28 12:20:02 167 ----a-w C:\WINDOWS\system32\6469.bat
2007-03-28 12:05:01 167 ----a-w C:\WINDOWS\system32\3923.bat
2007-03-28 11:50:01 167 ----a-w C:\WINDOWS\system32\6088.bat
2007-03-28 11:35:00 167 ----a-w C:\WINDOWS\system32\3502.bat
2007-03-28 11:20:00 167 ----a-w C:\WINDOWS\system32\7753.bat
2007-03-28 11:04:58 167 ----a-w C:\WINDOWS\system32\3252.bat
2007-03-28 10:49:58 167 ----a-w C:\WINDOWS\system32\7661.bat
2007-03-28 10:34:57 167 ----a-w C:\WINDOWS\system32\2884.bat
2007-03-28 10:19:54 167 ----a-w C:\WINDOWS\system32\4770.bat
2007-03-28 10:04:51 167 ----a-w C:\WINDOWS\system32\2169.bat
2007-03-28 09:49:50 167 ----a-w C:\WINDOWS\system32\6367.bat
2007-03-28 09:34:50 167 ----a-w C:\WINDOWS\system32\4019.bat
2007-03-28 09:19:49 167 ----a-w C:\WINDOWS\system32\4850.bat
2007-03-28 09:04:48 167 ----a-w C:\WINDOWS\system32\3473.bat
2007-03-28 08:49:48 167 ----a-w C:\WINDOWS\system32\7019.bat
2007-03-28 08:34:47 167 ----a-w C:\WINDOWS\system32\1039.bat
2007-03-28 08:19:46 167 ----a-w C:\WINDOWS\system32\9619.bat
2007-03-28 08:04:45 167 ----a-w C:\WINDOWS\system32\5990.bat
2007-03-28 07:49:45 167 ----a-w C:\WINDOWS\system32\5622.bat
2007-03-28 07:34:44 167 ----a-w C:\WINDOWS\system32\4859.bat
2007-03-28 07:19:43 167 ----a-w C:\WINDOWS\system32\7841.bat
2007-03-28 07:04:42 167 ----a-w C:\WINDOWS\system32\8548.bat
2007-03-28 06:49:42 167 ----a-w C:\WINDOWS\system32\3285.bat
2007-03-28 06:34:40 167 ----a-w C:\WINDOWS\system32\6462.bat
2007-03-28 06:19:40 167 ----a-w C:\WINDOWS\system32\8371.bat
2007-03-28 06:18:00 -------- d-----w C:\Program Files\PeerGuardian pr14
2007-03-28 06:04:39 167 ----a-w C:\WINDOWS\system32\2327.bat
2007-03-28 05:49:38 167 ----a-w C:\WINDOWS\system32\8057.bat
2007-03-28 05:34:37 167 ----a-w C:\WINDOWS\system32\5998.bat
2007-03-28 05:19:35 167 ----a-w C:\WINDOWS\system32\4962.bat
2007-03-28 05:04:23 167 ----a-w C:\WINDOWS\system32\5253.bat
2007-03-28 04:49:10 167 ----a-w C:\WINDOWS\system32\4236.bat
2007-03-28 04:34:03 167 ----a-w C:\WINDOWS\system32\6753.bat
2007-03-28 04:19:01 167 ----a-w C:\WINDOWS\system32\1088.bat
2007-03-28 04:03:55 167 ----a-w C:\WINDOWS\system32\2975.bat
2007-03-28 03:48:43 167 ----a-w C:\WINDOWS\system32\9128.bat
2007-03-28 03:33:40 167 ----a-w C:\WINDOWS\system32\1754.bat
2007-03-28 03:18:38 167 ----a-w C:\WINDOWS\system32\9315.bat
2007-03-28 03:03:37 167 ----a-w C:\WINDOWS\system32\4091.bat
2007-03-28 02:48:37 167 ----a-w C:\WINDOWS\system32\1389.bat
2007-03-28 02:33:36 167 ----a-w C:\WINDOWS\system32\1679.bat
2007-03-28 02:18:35 167 ----a-w C:\WINDOWS\system32\1120.bat
2007-03-28 02:03:34 167 ----a-w C:\WINDOWS\system32\9704.bat
2007-03-28 01:48:34 167 ----a-w C:\WINDOWS\system32\7563.bat
2007-03-28 01:33:33 167 ----a-w C:\WINDOWS\system32\7004.bat
2007-03-28 01:18:32 167 ----a-w C:\WINDOWS\system32\2514.bat
2007-03-28 01:03:31 167 ----a-w C:\WINDOWS\system32\2657.bat
2007-03-28 00:48:31 167 ----a-w C:\WINDOWS\system32\2204.bat
2007-03-28 00:33:30 167 ----a-w C:\WINDOWS\system32\2495.bat
2007-03-28 00:18:29 167 ----a-w C:\WINDOWS\system32\1931.bat
2007-03-28 00:03:28 167 ----a-w C:\WINDOWS\system32\1514.bat
2007-03-27 23:48:28 167 ----a-w C:\WINDOWS\system32\5000.bat
2007-03-27 23:33:27 167 ----a-w C:\WINDOWS\system32\6412.bat
2007-03-27 23:18:26 167 ----a-w C:\WINDOWS\system32\6703.bat
2007-03-27 23:03:25 167 ----a-w C:\WINDOWS\system32\1073.bat
2007-03-27 22:48:24 167 ----a-w C:\WINDOWS\system32\1267.bat
2007-03-27 22:33:25 167 ----a-w C:\WINDOWS\system32\9435.bat
2007-03-27 22:18:23 167 ----a-w C:\WINDOWS\system32\6136.bat
2007-03-27 22:03:22 167 ----a-w C:\WINDOWS\system32\3834.bat
2007-03-27 21:48:21 167 ----a-w C:\WINDOWS\system32\3471.bat
2007-03-27 21:33:12 167 ----a-w C:\WINDOWS\system32\7754.bat
2007-03-27 21:18:08 167 ----a-w C:\WINDOWS\system32\9906.bat
2007-03-27 21:03:07 167 ----a-w C:\WINDOWS\system32\2547.bat
2007-03-27 20:48:06 167 ----a-w C:\WINDOWS\system32\6724.bat
2007-03-27 20:33:05 167 ----a-w C:\WINDOWS\system32\9497.bat
2007-03-27 20:18:04 167 ----a-w C:\WINDOWS\system32\8012.bat
2007-03-27 20:03:04 167 ----a-w C:\WINDOWS\system32\2555.bat
2007-03-27 19:48:03 167 ----a-w C:\WINDOWS\system32\6706.bat
2007-03-27 19:33:01 167 ----a-w C:\WINDOWS\system32\8817.bat
2007-03-27 19:18:01 167 ----a-w C:\WINDOWS\system32\6873.bat
2007-03-27 19:03:00 167 ----a-w C:\WINDOWS\system32\5750.bat
2007-03-27 18:47:59 167 ----a-w C:\WINDOWS\system32\4265.bat
2007-03-27 18:32:59 167 ----a-w C:\WINDOWS\system32\7809.bat
2007-03-27 18:17:58 167 ----a-w C:\WINDOWS\system32\9691.bat
2007-03-27 18:02:57 167 ----a-w C:\WINDOWS\system32\6319.bat
2007-03-27 17:47:56 167 ----a-w C:\WINDOWS\system32\6892.bat
2007-03-27 17:32:55 167 ----a-w C:\WINDOWS\system32\5916.bat
2007-03-27 17:17:55 167 ----a-w C:\WINDOWS\system32\5560.bat
2007-03-27 17:02:54 167 ----a-w C:\WINDOWS\system32\4023.bat
2007-03-27 16:47:53 167 ----a-w C:\WINDOWS\system32\4070.bat
2007-03-27 16:32:52 167 ----a-w C:\WINDOWS\system32\2533.bat
2007-03-27 16:17:51 167 ----a-w C:\WINDOWS\system32\9850.bat
2007-03-27 16:02:51 167 ----a-w C:\WINDOWS\system32\1201.bat
2007-03-27 15:47:50 167 ----a-w C:\WINDOWS\system32\6274.bat
2007-03-27 15:32:49 167 ----a-w C:\WINDOWS\system32\8685.bat
2007-03-27 15:17:48 167 ----a-w C:\WINDOWS\system32\4757.bat
2007-03-27 15:02:48 167 ----a-w C:\WINDOWS\system32\8501.bat
2007-03-27 14:47:47 167 ----a-w C:\WINDOWS\system32\5134.bat
2007-03-27 14:32:46 167 ----a-w C:\WINDOWS\system32\8659.bat
2007-03-27 14:17:43 167 ----a-w C:\WINDOWS\system32\7965.bat
2007-03-27 14:02:40 167 ----a-w C:\WINDOWS\system32\1629.bat
2007-03-27 13:47:30 167 ----a-w C:\WINDOWS\system32\1007.bat
2007-03-27 13:32:30 167 ----a-w C:\WINDOWS\system32\4333.bat
2007-03-27 13:17:29 167 ----a-w C:\WINDOWS\system32\4955.bat
2007-03-27 13:02:28 167 ----a-w C:\WINDOWS\system32\4665.bat
2007-03-27 12:47:25 167 ----a-w C:\WINDOWS\system32\1154.bat
2007-03-27 12:32:24 167 ----a-w C:\WINDOWS\system32\4230.bat
2007-03-27 12:17:21 167 ----a-w C:\WINDOWS\system32\5154.bat
2007-03-27 12:02:18 167 ----a-w C:\WINDOWS\system32\5812.bat
2007-03-27 11:47:18 167 ----a-w C:\WINDOWS\system32\5707.bat
2007-03-27 11:32:17 167 ----a-w C:\WINDOWS\system32\6540.bat
2007-03-27 10:57:22 167 ----a-w C:\WINDOWS\system32\9011.bat
2007-03-27 10:42:21 167 ----a-w C:\WINDOWS\system32\6254.bat
2007-03-27 10:27:20 167 ----a-w C:\WINDOWS\system32\9251.bat
2007-03-27 10:12:20 167 ----a-w C:\WINDOWS\system32\1372.bat
2007-03-27 09:57:17 167 ----a-w C:\WINDOWS\system32\1121.bat
2007-03-27 09:42:16 167 ----a-w C:\WINDOWS\system32\4066.bat
2007-03-27 09:27:12 167 ----a-w C:\WINDOWS\system32\5690.bat
2007-03-27 09:12:10 167 ----a-w C:\WINDOWS\system32\4753.bat
2007-03-27 08:57:09 167 ----a-w C:\WINDOWS\system32\7835.bat
2007-03-27 08:42:06 167 ----a-w C:\WINDOWS\system32\7051.bat
2007-03-27 08:27:02 167 ----a-w C:\WINDOWS\system32\3744.bat
2007-03-27 08:12:01 167 ----a-w C:\WINDOWS\system32\5139.bat
2007-03-27 07:56:59 167 ----a-w C:\WINDOWS\system32\1205.bat
2007-03-27 07:41:59 167 ----a-w C:\WINDOWS\system32\7689.bat
2007-03-27 07:26:57 167 ----a-w C:\WINDOWS\system32\5598.bat
2007-03-27 07:11:57 167 ----a-w C:\WINDOWS\system32\3454.bat
2007-03-27 06:56:56 167 ----a-w C:\WINDOWS\system32\5121.bat
2007-03-27 06:41:55 167 ----a-w C:\WINDOWS\system32\8608.bat
2007-03-27 06:26:54 167 ----a-w C:\WINDOWS\system32\8346.bat
2007-03-27 06:11:55 167 ----a-w C:\WINDOWS\system32\9868.bat
2007-03-27 05:56:54 167 ----a-w C:\WINDOWS\system32\7457.bat
2007-03-27 05:41:52 167 ----a-w C:\WINDOWS\system32\9438.bat
2007-03-27 05:26:51 167 ----a-w C:\WINDOWS\system32\6564.bat
2007-03-27 04:36:59 167 ----a-w C:\WINDOWS\system32\3226.bat
2007-03-24 20:51:50 114 ----a-w C:\WINDOWS\system32\hhjj.bat
2007-03-24 03:17:02 128 ----a-w C:\WINDOWS\system32\lo.exe
2007-03-23 05:50:09 41,792 ----a-w C:\WINDOWS\system32\app.exe
2007-03-23 05:47:46 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-03-23 05:43:27 201 ----a-w C:\WINDOWS\system32\q.bat
2007-03-19 18:30:06 60,928 ----a-w C:\WINDOWS\system32\xgayze.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2005-04-14 04:48:15 56 --sh--r C:\WINDOWS\system32\A79D705817.sys
2005-04-14 04:48:15 1,682 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2004-07-29 21:10:42 2,272 --sha-w C:\WINDOWS\system32\Dap\Secure.bat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{17EBDD17-1680-3721-F049-1AE336E0F8EC}=C:\WINDOWS\system32\nhsahlhj.dll [2007-03-19 13:30]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-03-23 14:34]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-06 16:36]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-12 01:58]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-05 19:50]
"DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2003-06-16 00:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:00]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-03-24 15:45]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 15:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoCommonGroups"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
C:\Program Files\ComPlus Applications\sasojyg.html

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
C:\Program Files\NetMeeting\quqegodod.html

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{a5780613-492e-4a2a-a7fd-549610edf6cc}"="C:\Program Files\VCOM\Recovery Commander\RCHOOK.DLL" [2003-06-12 14:42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^mboty.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTX1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ad8rIU3s]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellSouthAlertManager.exe]
C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DigidesignMMERefresh]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1139729396\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ifqd59c0]
RUNDLL32.EXE w1180175.dll,n 002d59be000000031180175

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\k6mmN5IOU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]
C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLifeService]
"C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ms05765249179]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mukr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pinlt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\psjbadmA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 3]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
"C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlhksq]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w118371b.dll]
RUNDLL32.EXE w118371b.dll,I2 002d59be0118371b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlog]
winlog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]


Contents of the 'Scheduled Tasks' folder
2007-05-25 13:51:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-05-24 08:02:43 C:\WINDOWS\tasks\RegCure.job
2007-05-22 04:25:00 C:\WINDOWS\tasks\Scheduled Checkpoint.job
2007-05-28 04:14:26 C:\WINDOWS\tasks\Symantec NetDetect.job
2007-05-26 08:00:00 C:\WINDOWS\tasks\XoftSpySE.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-28 00:59:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-28 1:01:01 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-28 01:00
C:\ComboFix2.txt ... 2007-05-19 01:35
C:\ComboFix3.txt ... 2007-05-02 01:07

--- E O F ---


























Logfile of HijackThis v1.99.1
Scan saved at 01:06, on 07-05-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1139729396\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1139729396\ee\AOLServiceHost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://myspace.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {17EBDD17-1680-3721-F049-1AE336E0F8EC} - C:\WINDOWS\system32\nhsahlhj.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\HP_Owner\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\HP_Owner\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...302/Coupons.cab
O18 - Protocol: bw+0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - (no file)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Logitech, Inc. - (no file)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Security - (no file)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#5 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:50 AM

Posted 29 May 2007 - 07:19 AM

Copy/paste the following quote box into a new notepad (not wordpad) document. Make sure that wordwrap is turned off.

If exist C:\WINDOWS\temp\search.txt del /q C:\WINDOWS\temp\search.txt
FOR /L %%N IN (1000,1,9999) DO (
If exist C:\WINDOWS\system32\%%N.bat (
echo. >> C:\WINDOWS\temp\search.txt
echo Contents of C:\WINDOWS\system32\%%N.bat >> C:\WINDOWS\temp\search.txt
echo.>> C:\WINDOWS\temp\search.txt
type C:\WINDOWS\system32\%%N.bat >> C:\WINDOWS\temp\search.txt
)
)
echo.>> C:\WINDOWS\temp\search.txt
echo contents of q.bat >> C:\WINDOWS\temp\search.txt
echo.>> C:\WINDOWS\temp\search.txt
type C:\WINDOWS\system32\q.bat >> C:\WINDOWS\temp\search.txt
echo.>> C:\WINDOWS\temp\search.txt
echo contents of hhjj.bat >> C:\WINDOWS\temp\search.txt
echo.>> C:\WINDOWS\temp\search.txt
type C:\WINDOWS\system32\hhjj.bat >> C:\WINDOWS\temp\search.txt
notepad.exe C:\WINDOWS\temp\search.txt
del /q C:\WINDOWS\temp\search.txt


Save it to your Desktop as search.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name: search.bat

Locate search.bat on your Desktop and double-click it. Once it finishes, a notepad window will open, post the contents of that window as a reply to this topic

Note: It will take a while as it's looking through potentially thousands of files, and it may be too big to all fit in one post - you may need several posts to post all of it

#6 MrWutItDew

MrWutItDew
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lafayette
  • Local time:07:50 PM

Posted 29 May 2007 - 10:09 PM

Contents of C:\WINDOWS\system32\1007.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1007.bat

Contents of C:\WINDOWS\system32\1039.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1039.bat

Contents of C:\WINDOWS\system32\1070.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1070.bat

Contents of C:\WINDOWS\system32\1073.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1073.bat

Contents of C:\WINDOWS\system32\1088.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1088.bat

Contents of C:\WINDOWS\system32\1120.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1120.bat

Contents of C:\WINDOWS\system32\1121.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1121.bat

Contents of C:\WINDOWS\system32\1136.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1136.bat

Contents of C:\WINDOWS\system32\1154.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1154.bat

Contents of C:\WINDOWS\system32\1197.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1197.bat

Contents of C:\WINDOWS\system32\1201.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1201.bat

Contents of C:\WINDOWS\system32\1205.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1205.bat

Contents of C:\WINDOWS\system32\1251.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1251.bat

Contents of C:\WINDOWS\system32\1267.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1267.bat

Contents of C:\WINDOWS\system32\1372.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1372.bat

Contents of C:\WINDOWS\system32\1389.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1389.bat

Contents of C:\WINDOWS\system32\1471.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1471.bat

Contents of C:\WINDOWS\system32\1514.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1514.bat

Contents of C:\WINDOWS\system32\1574.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1574.bat

Contents of C:\WINDOWS\system32\1581.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1581.bat

Contents of C:\WINDOWS\system32\1598.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1598.bat

Contents of C:\WINDOWS\system32\1609.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1609.bat

Contents of C:\WINDOWS\system32\1629.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1629.bat

Contents of C:\WINDOWS\system32\1667.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1667.bat

Contents of C:\WINDOWS\system32\1679.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1679.bat

Contents of C:\WINDOWS\system32\1707.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1707.bat

Contents of C:\WINDOWS\system32\1754.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1754.bat

Contents of C:\WINDOWS\system32\1778.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1778.bat

Contents of C:\WINDOWS\system32\1801.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1801.bat

Contents of C:\WINDOWS\system32\1931.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 1931.bat

Contents of C:\WINDOWS\system32\2169.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 2169.bat

Contents of C:\WINDOWS\system32\2182.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 2182.bat

Contents of C:\WINDOWS\system32\2204.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 2204.bat

Contents of C:\WINDOWS\system32\2327.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 2327.bat

Contents of C:\WINDOWS\system32\2358.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 2358.bat

Contents of C:\WINDOWS\system32\2382.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 2382.bat

Contents of C:\WINDOWS\system32\2495.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 2495.bat

Contents of C:\WINDOWS\system32\2510.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 2510.bat

Contents of C:\WINDOWS\system32\2514.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 2514.bat

Contents of C:\WINDOWS\system32\2533.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 2533.bat

Contents of C:\WINDOWS\system32\2547.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 2547.bat

Contents of C:\WINDOWS\system32\2555.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 2555.bat

Contents of C:\WINDOWS\system32\2657.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 2657.bat

Contents of C:\WINDOWS\system32\2734.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 2734.bat

Contents of C:\WINDOWS\system32\2777.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 2777.bat

Contents of C:\WINDOWS\system32\2884.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 2884.bat

Contents of C:\WINDOWS\system32\2899.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 2899.bat

Contents of C:\WINDOWS\system32\2920.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 2920.bat

Contents of C:\WINDOWS\system32\2975.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 2975.bat

Contents of C:\WINDOWS\system32\3224.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 3224.bat

Contents of C:\WINDOWS\system32\3226.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 3226.bat

Contents of C:\WINDOWS\system32\3252.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 3252.bat

Contents of C:\WINDOWS\system32\3285.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 3285.bat

Contents of C:\WINDOWS\system32\3454.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 3454.bat

Contents of C:\WINDOWS\system32\3471.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 3471.bat

Contents of C:\WINDOWS\system32\3473.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 3473.bat

Contents of C:\WINDOWS\system32\3475.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 3475.bat

Contents of C:\WINDOWS\system32\3502.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 3502.bat

Contents of C:\WINDOWS\system32\3652.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 3652.bat

Contents of C:\WINDOWS\system32\3683.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 3683.bat

Contents of C:\WINDOWS\system32\3744.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 3744.bat

Contents of C:\WINDOWS\system32\3834.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 3834.bat

Contents of C:\WINDOWS\system32\3859.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 3859.bat

Contents of C:\WINDOWS\system32\3923.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 3923.bat

Contents of C:\WINDOWS\system32\3993.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 3993.bat

Contents of C:\WINDOWS\system32\4019.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4019.bat

Contents of C:\WINDOWS\system32\4020.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4020.bat

Contents of C:\WINDOWS\system32\4023.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4023.bat

Contents of C:\WINDOWS\system32\4066.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4066.bat

Contents of C:\WINDOWS\system32\4070.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4070.bat

Contents of C:\WINDOWS\system32\4082.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4082.bat

Contents of C:\WINDOWS\system32\4091.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4091.bat

Contents of C:\WINDOWS\system32\4101.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4101.bat

Contents of C:\WINDOWS\system32\4230.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4230.bat

Contents of C:\WINDOWS\system32\4236.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4236.bat

Contents of C:\WINDOWS\system32\4265.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4265.bat

Contents of C:\WINDOWS\system32\4333.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4333.bat

Contents of C:\WINDOWS\system32\4418.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4418.bat

Contents of C:\WINDOWS\system32\4443.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4443.bat

Contents of C:\WINDOWS\system32\4463.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4463.bat

Contents of C:\WINDOWS\system32\4628.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4628.bat

Contents of C:\WINDOWS\system32\4659.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4659.bat

Contents of C:\WINDOWS\system32\4660.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4660.bat

Contents of C:\WINDOWS\system32\4665.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4665.bat

Contents of C:\WINDOWS\system32\4714.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4714.bat

Contents of C:\WINDOWS\system32\4753.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4753.bat

Contents of C:\WINDOWS\system32\4754.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4754.bat

Contents of C:\WINDOWS\system32\4757.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4757.bat

Contents of C:\WINDOWS\system32\4770.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4770.bat

Contents of C:\WINDOWS\system32\4788.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4788.bat

Contents of C:\WINDOWS\system32\4827.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4827.bat

Contents of C:\WINDOWS\system32\4835.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4835.bat

Contents of C:\WINDOWS\system32\4850.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4850.bat

Contents of C:\WINDOWS\system32\4859.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4859.bat

Contents of C:\WINDOWS\system32\4914.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4914.bat

Contents of C:\WINDOWS\system32\4955.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4955.bat

Contents of C:\WINDOWS\system32\4962.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 4962.bat

Contents of C:\WINDOWS\system32\5000.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 5000.bat

Contents of C:\WINDOWS\system32\5121.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 5121.bat

Contents of C:\WINDOWS\system32\5134.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 5134.bat

Contents of C:\WINDOWS\system32\5139.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 5139.bat

Contents of C:\WINDOWS\system32\5154.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 5154.bat

Contents of C:\WINDOWS\system32\5206.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 5206.bat

Contents of C:\WINDOWS\system32\5253.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 5253.bat

Contents of C:\WINDOWS\system32\5521.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 5521.bat

Contents of C:\WINDOWS\system32\5559.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 5559.bat

Contents of C:\WINDOWS\system32\5560.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 5560.bat

Contents of C:\WINDOWS\system32\5563.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 5563.bat

Contents of C:\WINDOWS\system32\5598.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 5598.bat

Contents of C:\WINDOWS\system32\5622.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 5622.bat

Contents of C:\WINDOWS\system32\5690.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 5690.bat

Contents of C:\WINDOWS\system32\5707.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 5707.bat

Contents of C:\WINDOWS\system32\5750.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 5750.bat

Contents of C:\WINDOWS\system32\5812.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 5812.bat

Contents of C:\WINDOWS\system32\5870.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 5870.bat

Contents of C:\WINDOWS\system32\5916.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 5916.bat

Contents of C:\WINDOWS\system32\5990.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 5990.bat

Contents of C:\WINDOWS\system32\5998.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 5998.bat

Contents of C:\WINDOWS\system32\6088.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 6088.bat

Contents of C:\WINDOWS\system32\6136.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 6136.bat

Contents of C:\WINDOWS\system32\6218.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 6218.bat

Contents of C:\WINDOWS\system32\6254.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 6254.bat

Contents of C:\WINDOWS\system32\6274.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 6274.bat

Contents of C:\WINDOWS\system32\6319.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 6319.bat

Contents of C:\WINDOWS\system32\6367.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 6367.bat

Contents of C:\WINDOWS\system32\6412.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 6412.bat

Contents of C:\WINDOWS\system32\6416.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 6416.bat

Contents of C:\WINDOWS\system32\6439.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 6439.bat

Contents of C:\WINDOWS\system32\6462.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 6462.bat

Contents of C:\WINDOWS\system32\6469.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 6469.bat

Contents of C:\WINDOWS\system32\6540.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 6540.bat

Contents of C:\WINDOWS\system32\6564.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 6564.bat

Contents of C:\WINDOWS\system32\6703.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 6703.bat

Contents of C:\WINDOWS\system32\6706.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 6706.bat

Contents of C:\WINDOWS\system32\6724.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 6724.bat

Contents of C:\WINDOWS\system32\6753.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 6753.bat

Contents of C:\WINDOWS\system32\6755.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 6755.bat

Contents of C:\WINDOWS\system32\6873.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 6873.bat

Contents of C:\WINDOWS\system32\6892.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 6892.bat

Contents of C:\WINDOWS\system32\7004.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7004.bat

Contents of C:\WINDOWS\system32\7019.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7019.bat

Contents of C:\WINDOWS\system32\7051.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7051.bat

Contents of C:\WINDOWS\system32\7229.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7229.bat

Contents of C:\WINDOWS\system32\7337.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7337.bat

Contents of C:\WINDOWS\system32\7401.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7401.bat

Contents of C:\WINDOWS\system32\7432.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7432.bat

Contents of C:\WINDOWS\system32\7447.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7447.bat

Contents of C:\WINDOWS\system32\7457.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7457.bat

Contents of C:\WINDOWS\system32\7488.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7488.bat

Contents of C:\WINDOWS\system32\7561.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7561.bat

Contents of C:\WINDOWS\system32\7563.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7563.bat

Contents of C:\WINDOWS\system32\7614.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7614.bat

Contents of C:\WINDOWS\system32\7661.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7661.bat

Contents of C:\WINDOWS\system32\7689.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7689.bat

Contents of C:\WINDOWS\system32\7753.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7753.bat

Contents of C:\WINDOWS\system32\7754.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7754.bat

Contents of C:\WINDOWS\system32\7809.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7809.bat

Contents of C:\WINDOWS\system32\7815.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7815.bat

Contents of C:\WINDOWS\system32\7826.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7826.bat

Contents of C:\WINDOWS\system32\7835.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7835.bat

Contents of C:\WINDOWS\system32\7841.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7841.bat

Contents of C:\WINDOWS\system32\7846.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7846.bat

Contents of C:\WINDOWS\system32\7884.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7884.bat

Contents of C:\WINDOWS\system32\7922.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7922.bat

Contents of C:\WINDOWS\system32\7923.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7923.bat

Contents of C:\WINDOWS\system32\7965.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 7965.bat

Contents of C:\WINDOWS\system32\8012.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 8012.bat

Contents of C:\WINDOWS\system32\8057.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 8057.bat

Contents of C:\WINDOWS\system32\8105.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 8105.bat

Contents of C:\WINDOWS\system32\8200.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 8200.bat

Contents of C:\WINDOWS\system32\8219.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 8219.bat

Contents of C:\WINDOWS\system32\8294.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 8294.bat

Contents of C:\WINDOWS\system32\8346.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 8346.bat

Contents of C:\WINDOWS\system32\8371.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 8371.bat

Contents of C:\WINDOWS\system32\8393.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 8393.bat

Contents of C:\WINDOWS\system32\8501.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 8501.bat

Contents of C:\WINDOWS\system32\8548.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 8548.bat

Contents of C:\WINDOWS\system32\8577.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 8577.bat

Contents of C:\WINDOWS\system32\8608.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 8608.bat

Contents of C:\WINDOWS\system32\8643.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 8643.bat

Contents of C:\WINDOWS\system32\8659.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 8659.bat

Contents of C:\WINDOWS\system32\8685.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 8685.bat

Contents of C:\WINDOWS\system32\8741.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 8741.bat

Contents of C:\WINDOWS\system32\8777.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 8777.bat

Contents of C:\WINDOWS\system32\8790.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 8790.bat

Contents of C:\WINDOWS\system32\8817.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 8817.bat

Contents of C:\WINDOWS\system32\8893.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 8893.bat

Contents of C:\WINDOWS\system32\8924.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 8924.bat

Contents of C:\WINDOWS\system32\8977.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 8977.bat

Contents of C:\WINDOWS\system32\9011.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 9011.bat

Contents of C:\WINDOWS\system32\9128.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 9128.bat

Contents of C:\WINDOWS\system32\9239.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 9239.bat

Contents of C:\WINDOWS\system32\9251.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 9251.bat

Contents of C:\WINDOWS\system32\9284.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 9284.bat

Contents of C:\WINDOWS\system32\9315.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 9315.bat

Contents of C:\WINDOWS\system32\9435.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 9435.bat

Contents of C:\WINDOWS\system32\9438.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 9438.bat

Contents of C:\WINDOWS\system32\9497.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 9497.bat

Contents of C:\WINDOWS\system32\9593.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 9593.bat

Contents of C:\WINDOWS\system32\9619.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 9619.bat

Contents of C:\WINDOWS\system32\9652.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 9652.bat

Contents of C:\WINDOWS\system32\9691.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 9691.bat

Contents of C:\WINDOWS\system32\9704.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 9704.bat

Contents of C:\WINDOWS\system32\9850.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 9850.bat

Contents of C:\WINDOWS\system32\9868.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 9868.bat

Contents of C:\WINDOWS\system32\9906.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 9906.bat

Contents of C:\WINDOWS\system32\9931.bat

@Echo off
:S
Del app.exe
If Exist app.exe Goto S
:T
Del install.exe
If Exist install.exe Goto T
:D
Del setup9x.exe
If Exist setup9x.exe Goto D
Del 9931.bat

contents of q.bat

@Echo off
:A
Del setup9x.exe
If Exist setup9x.exe Goto A
:B
Del app.exe
If Exist app.exe Goto B
:C
Del setup9x.exe
If Exist setup9x.exe Goto C
Del *.exe
del c:\*.exe
del d:\*.exe
del q.bat
contents of hhjj.bat

@Echo off
:H
Del install.exe
If Exist install.exe Goto H
Del *.exe
del c:\*.exe
del d:\*.exe
del hhjj.bat

#7 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:50 AM

Posted 30 May 2007 - 06:17 AM

To assist diagnosis I would like a list of installed programs.
  • Open HijackThis and select Open the Misc Tools section
  • Click on the Open Uninstall Manager…
  • Select the Save List button
  • I suggest that you accept the default name of uninstall_list.txt and save the file to your desktop
  • Close HijackThis
Post back with the uninstall list and a new HijackThis log

#8 MrWutItDew

MrWutItDew
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lafayette
  • Local time:07:50 PM

Posted 30 May 2007 - 06:39 AM

Logfile of HijackThis v1.99.1
Scan saved at 07:33, on 07-05-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1139729396\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1139729396\ee\AOLServiceHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://myspace.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {17EBDD17-1680-3721-F049-1AE336E0F8EC} - C:\WINDOWS\system32\nhsahlhj.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\HP_Owner\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker Basic - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\HP_Owner\Start Menu\Programs\Absolute Poker Basic\Absolute Poker Basic.lnk
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...302/Coupons.cab
O18 - Protocol: bw+0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - (no file)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Logitech, Inc. - (no file)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Security - (no file)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe






4PLAY 4.95 for Windows 95
Ad-aware 6 Personal
Adobe Flash Player ActiveX
Adobe Reader 8
Adobe® Photoshop® Album Starter Edition 3.0
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Explorer
AOL Instant Messenger
AOL Spyware Protection
AOL Toolbar
AOL You've Got Pictures Screensaver
Apple Software Update
ArcSoft Suite
Bejeweled 2 Deluxe
Bejeweled 2 Deluxe 1.0
BellSouth FastAccess DSL Help Center
BellSouth Internet Security - Alert Manager 1.3.20
BellSouth Toolbar 1.0
Cakewalk Guitar Studio 1.0
CC_ccProxyMSI
CC_ccStart
ccCommon
Collab
Cool Edit Pro 2.0
Digidesign D-Fi
Digidesign DINR
Digidesign DV Toolkit
Digidesign Maxim
Digidesign Pro Tools® LE 6.1
Digidesign Shared Plug-Ins
Digidesign SoundReplacer
Digidesign SurroundScope
DivX Player
DivX Pro Trial
DreamStation DXi2
DVD Shrink 3.2
Easy Internet Sign-up
Filetopia Client v3.04d
FL Studio 5
Focusrite d2/d3
Google Earth
Google Toolbar for Internet Explorer
Help and Support Additions
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
HP Deskjet Preloaded Printer Drivers
HP Image Zone 4.2.3
HP Image Zone Plus 4.2.3
HP Organize
HP Photosmart Cameras 4.0
HP PSC & OfficeJet 4.0
HP Software Update
HPIZ423
ICS Viewer 6.0
Intel® Graphics Media Accelerator Driver
IntelliMover Data Transfer Demo
Interlok driver setup x32
Internet Worm Protection
InterVideo DiscLabel
InterVideo WinDVD Creator
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
Kaspersky Online Scanner
KBD
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Logitech Desktop Messenger
Logitech SetPoint
Macromedia Shockwave Player
MailWasher
MediaLife
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MSN
MSRedist
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser
Musicmatch® Jukebox
muvee autoProducer 3.5 magicMoments - HPD
My Wal-Mart Digital Photo Center
Need2Find Bar
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Personal Firewall
Norton Personal Firewall (Symantec Corporation)
Norton Security Center
Norton WMI Update
Norton WMI Update
Outerinfo
PACE System Files
PACE System Files
PACE System Files
PCDJ FX VRM
PConPoint v1.1
Peer Points Manager
Photosmart 320,370,7400,8100,8400 Series
PowerDesk 5.0
Project5 Version 2 Demo
PS2
Pure Networks Port Magic
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealPlayer
Recovery Commander
RegCure 1.0.0.43
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Sonic Express Labeler
Sonic RecordNow!
SPBBC
Spybot - Search & Destroy 1.3
Super DVD Creator 9.20
SUPERAntiSpyware Free Edition
Sygate Personal Firewall
Symantec
SymNet
Ultra soft
Unlocker 1.8.5
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Updates from HP
Viewpoint Media Player
Virtual DJ - Atomix Productions
Virtual Sound Canvas DXi
VocALign Project for the Digidesign Pro Tools LE System
Wal-Mart Digital Photo Manager
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
Yahoo! Anti-Spy
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! Toolbar
Zuma Deluxe 1.0
Zuma Deluxe RA

#9 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:50 AM

Posted 30 May 2007 - 02:38 PM

  • Go to Start > My Computer
  • Go to Tools > Folder Options
  • Click on the View tab
  • Untick the following:
    • Hide extensions for known file types
    • Hide protected operating system files (Recommended)
  • You will get a message warning you about showing protected operating system files, click Yes
  • Make sure this option is selected:
    • Show hidden files and folders
  • Click Apply and then click OK
Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Uncheck and delete everything you find in there. (except for "My current home page")

Go to Start> Control Panel> Add or Remove Programs.

Remove the following program, if it is present.
Outerinfo
Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {17EBDD17-1680-3721-F049-1AE336E0F8EC} - C:\WINDOWS\system32\nhsahlhj.dll

Then close all windows except HijackThis and click Fix Checked

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Copy the contents of the following codebox to a notepad window

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ACTX1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ad8rIU3s]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\defender]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ifqd59c0]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\k6mmN5IOU]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\keyboard]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ms05765249179]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mukr]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\newname]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\outlook]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\pinlt]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\psjbadmA]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SurfSideKick 3]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TheMonitor]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\tlhksq]]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\w118371b.dll]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\winlog]

Save it to the desktop as fix.reg, making sure save as type is set to all files
  • Download Pocket Killbox by Option^Explicit from here
  • Double-click on Killbox.exe to start Pocket Killbox
  • Select the Delete on reboot option
  • Click on All Files
  • Select the text in the below codebox and press Ctrl+C to copy it to the clipboard
    C:\WINDOWS\system32\1007.bat
    C:\WINDOWS\system32\1039.bat
    C:\WINDOWS\system32\1070.bat
    C:\WINDOWS\system32\1073.bat
    C:\WINDOWS\system32\1088.bat
    C:\WINDOWS\system32\1120.bat
    C:\WINDOWS\system32\1121.bat
    C:\WINDOWS\system32\1136.bat
    C:\WINDOWS\system32\1154.bat
    C:\WINDOWS\system32\1197.bat
    C:\WINDOWS\system32\1201.bat
    C:\WINDOWS\system32\1205.bat
    C:\WINDOWS\system32\1251.bat
    C:\WINDOWS\system32\1267.bat
    C:\WINDOWS\system32\1372.bat
    C:\WINDOWS\system32\1389.bat
    C:\WINDOWS\system32\1471.bat
    C:\WINDOWS\system32\1514.bat
    C:\WINDOWS\system32\1574.bat
    C:\WINDOWS\system32\1581.bat
    C:\WINDOWS\system32\1598.bat
    C:\WINDOWS\system32\1609.bat
    C:\WINDOWS\system32\1629.bat
    C:\WINDOWS\system32\1667.bat
    C:\WINDOWS\system32\1679.bat
    C:\WINDOWS\system32\1707.bat
    C:\WINDOWS\system32\1754.bat
    C:\WINDOWS\system32\1778.bat
    C:\WINDOWS\system32\1801.bat
    C:\WINDOWS\system32\1931.bat
    C:\WINDOWS\system32\2169.bat
    C:\WINDOWS\system32\2182.bat
    C:\WINDOWS\system32\2204.bat
    C:\WINDOWS\system32\2327.bat
    C:\WINDOWS\system32\2358.bat
    C:\WINDOWS\system32\2382.bat
    C:\WINDOWS\system32\2495.bat
    C:\WINDOWS\system32\2510.bat
    C:\WINDOWS\system32\2514.bat
    C:\WINDOWS\system32\2533.bat
    C:\WINDOWS\system32\2547.bat
    C:\WINDOWS\system32\2555.bat
    C:\WINDOWS\system32\2657.bat
    C:\WINDOWS\system32\2734.bat
    C:\WINDOWS\system32\2777.bat
    C:\WINDOWS\system32\2884.bat
    C:\WINDOWS\system32\2899.bat
    C:\WINDOWS\system32\2920.bat
    C:\WINDOWS\system32\2975.bat
    C:\WINDOWS\system32\3224.bat
    C:\WINDOWS\system32\3226.bat
    C:\WINDOWS\system32\3252.bat
    C:\WINDOWS\system32\3285.bat
    C:\WINDOWS\system32\3454.bat
    C:\WINDOWS\system32\3471.bat
    C:\WINDOWS\system32\3473.bat
    C:\WINDOWS\system32\3475.bat
    C:\WINDOWS\system32\3502.bat
    C:\WINDOWS\system32\3652.bat
    C:\WINDOWS\system32\3683.bat
    C:\WINDOWS\system32\3744.bat
    C:\WINDOWS\system32\3834.bat
    C:\WINDOWS\system32\3859.bat
    C:\WINDOWS\system32\3923.bat
    C:\WINDOWS\system32\3993.bat
    C:\WINDOWS\system32\4019.bat
    C:\WINDOWS\system32\4020.bat
    C:\WINDOWS\system32\4023.bat
    C:\WINDOWS\system32\4066.bat
    C:\WINDOWS\system32\4070.bat
    C:\WINDOWS\system32\4082.bat
    C:\WINDOWS\system32\4091.bat
    C:\WINDOWS\system32\4101.bat
    C:\WINDOWS\system32\4230.bat
    C:\WINDOWS\system32\4236.bat
    C:\WINDOWS\system32\4265.bat
    C:\WINDOWS\system32\4333.bat
    C:\WINDOWS\system32\4418.bat
    C:\WINDOWS\system32\4443.bat
    C:\WINDOWS\system32\4463.bat
    C:\WINDOWS\system32\4628.bat
    C:\WINDOWS\system32\4659.bat
    C:\WINDOWS\system32\4660.bat
    C:\WINDOWS\system32\4665.bat
    C:\WINDOWS\system32\4714.bat
    C:\WINDOWS\system32\4753.bat
    C:\WINDOWS\system32\4754.bat
    C:\WINDOWS\system32\4757.bat
    C:\WINDOWS\system32\4770.bat
    C:\WINDOWS\system32\4788.bat
    C:\WINDOWS\system32\4827.bat
    C:\WINDOWS\system32\4835.bat
    C:\WINDOWS\system32\4850.bat
    C:\WINDOWS\system32\4859.bat
    C:\WINDOWS\system32\4914.bat
    C:\WINDOWS\system32\4955.bat
    C:\WINDOWS\system32\4962.bat
    C:\WINDOWS\system32\5000.bat
    C:\WINDOWS\system32\5121.bat
    C:\WINDOWS\system32\5134.bat
    C:\WINDOWS\system32\5139.bat
    C:\WINDOWS\system32\5154.bat
    C:\WINDOWS\system32\5206.bat
    C:\WINDOWS\system32\5253.bat
    C:\WINDOWS\system32\5521.bat
    C:\WINDOWS\system32\5559.bat
    C:\WINDOWS\system32\5560.bat
    C:\WINDOWS\system32\5563.bat
    C:\WINDOWS\system32\5598.bat
    C:\WINDOWS\system32\5622.bat
    C:\WINDOWS\system32\5690.bat
    C:\WINDOWS\system32\5707.bat
    C:\WINDOWS\system32\5750.bat
    C:\WINDOWS\system32\5812.bat
    C:\WINDOWS\system32\5870.bat
    C:\WINDOWS\system32\5916.bat
    C:\WINDOWS\system32\5990.bat
    C:\WINDOWS\system32\5998.bat
    C:\WINDOWS\system32\6088.bat
    C:\WINDOWS\system32\6136.bat
    C:\WINDOWS\system32\6218.bat
    C:\WINDOWS\system32\6254.bat
    C:\WINDOWS\system32\6274.bat
    C:\WINDOWS\system32\6319.bat
    C:\WINDOWS\system32\6367.bat
    C:\WINDOWS\system32\6412.bat
    C:\WINDOWS\system32\6416.bat
    C:\WINDOWS\system32\6439.bat
    C:\WINDOWS\system32\6462.bat
    C:\WINDOWS\system32\6469.bat
    C:\WINDOWS\system32\6540.bat
    C:\WINDOWS\system32\6564.bat
    C:\WINDOWS\system32\6703.bat
    C:\WINDOWS\system32\6706.bat
    C:\WINDOWS\system32\6724.bat
    C:\WINDOWS\system32\6753.bat
    C:\WINDOWS\system32\6755.bat
    C:\WINDOWS\system32\6873.bat
    C:\WINDOWS\system32\6892.bat
    C:\WINDOWS\system32\7004.bat
    C:\WINDOWS\system32\7019.bat
    C:\WINDOWS\system32\7051.bat
    C:\WINDOWS\system32\7229.bat
    C:\WINDOWS\system32\7337.bat
    C:\WINDOWS\system32\7401.bat
    C:\WINDOWS\system32\7432.bat
    C:\WINDOWS\system32\7447.bat
    C:\WINDOWS\system32\7457.bat
    C:\WINDOWS\system32\7488.bat
    C:\WINDOWS\system32\7561.bat
    C:\WINDOWS\system32\7563.bat
    C:\WINDOWS\system32\7614.bat
    C:\WINDOWS\system32\7661.bat
    C:\WINDOWS\system32\7689.bat
    C:\WINDOWS\system32\7753.bat
    C:\WINDOWS\system32\7754.bat
    C:\WINDOWS\system32\7809.bat
    C:\WINDOWS\system32\7815.bat
    C:\WINDOWS\system32\7826.bat
    C:\WINDOWS\system32\7835.bat
    C:\WINDOWS\system32\7841.bat
    C:\WINDOWS\system32\7846.bat
    C:\WINDOWS\system32\7884.bat
    C:\WINDOWS\system32\7922.bat
    C:\WINDOWS\system32\7923.bat
    C:\WINDOWS\system32\7965.bat
    C:\WINDOWS\system32\8012.bat
    C:\WINDOWS\system32\8057.bat
    C:\WINDOWS\system32\8105.bat
    C:\WINDOWS\system32\8200.bat
    C:\WINDOWS\system32\8219.bat
    C:\WINDOWS\system32\8294.bat
    C:\WINDOWS\system32\8346.bat
    C:\WINDOWS\system32\8371.bat
    C:\WINDOWS\system32\8393.bat
    C:\WINDOWS\system32\8501.bat
    C:\WINDOWS\system32\8548.bat
    C:\WINDOWS\system32\8577.bat
    C:\WINDOWS\system32\8608.bat
    C:\WINDOWS\system32\8643.bat
    C:\WINDOWS\system32\8659.bat
    C:\WINDOWS\system32\8685.bat
    C:\WINDOWS\system32\8741.bat
    C:\WINDOWS\system32\8777.bat
    C:\WINDOWS\system32\8790.bat
    C:\WINDOWS\system32\8817.bat
    C:\WINDOWS\system32\8893.bat
    C:\WINDOWS\system32\8924.bat
    C:\WINDOWS\system32\8977.bat
    C:\WINDOWS\system32\9011.bat
    C:\WINDOWS\system32\9128.bat
    C:\WINDOWS\system32\9239.bat
    C:\WINDOWS\system32\9251.bat
    C:\WINDOWS\system32\9284.bat
    C:\WINDOWS\system32\9315.bat
    C:\WINDOWS\system32\9435.bat
    C:\WINDOWS\system32\9438.bat
    C:\WINDOWS\system32\9497.bat
    C:\WINDOWS\system32\9593.bat
    C:\WINDOWS\system32\9619.bat
    C:\WINDOWS\system32\9652.bat
    C:\WINDOWS\system32\9691.bat
    C:\WINDOWS\system32\9704.bat
    C:\WINDOWS\system32\9850.bat
    C:\WINDOWS\system32\9868.bat
    C:\WINDOWS\system32\9906.bat
    C:\WINDOWS\system32\9931.bat
    C:\WINDOWS\system32\q.bat
    C:\WINDOWS\system32\hhjj.bat
    C:\WINDOWS\system32\app.exe
    C:\WINDOWS\system32\setup9x.exe
    C:\Program Files\uy.exe
    C:\WINDOWS\smdat32a.sys
    C:\WINDOWS\smdat32m.sys
    C:\WINDOWS\system32\lo.exe
    C:\WINDOWS\system32\app.exe
    C:\WINDOWS\system32\vbzip10.dll
    C:\WINDOWS\system32\xgayze.dll
    C:\Program Files\ComPlus Applications\sasojyg.html
    C:\Program Files\NetMeeting\quqegodod.html
    C:\WINDOWS\system32\nhsahlhj.dll
    C:\Program Files\Common Files\Yazzle1396OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1396OinUninstaller.exe
    C:\WINDOWS\VTTC.exe
    C:\WINDOWS\system32\V1201.EXE
    C:\WINDOWS\system32\CVN0.EXE
    C:\WINDOWS\system32\DFNDRFF_9.EXE
    C:\WINDOWS\system32\w1180175.dll
    C:\WINDOWS\system32\ifqd59c0.dll
    C:\WINDOWS\system32\ifqd59c0.sys
    C:\WINDOWS\system32\WFXQHV.EXE
    C:\WINDOWS\system32\kybrdff_9.exe
    C:\WINDOWS\system32\ms05765249179.exe
    C:\WINDOWS\system32\mukrm.exe
    C:\WINDOWS\system32\nwnmff_9.exe
    C:\WINDOWS\system32\outlook.exe
    C:\WINDOWS\system32\ttdsss.exe
    C:\WINDOWS\system32\psjbadmA.exe
    C:\WINDOWS\system32\Ssk.exe
    C:\WINDOWS\SYSC00.exe
    C:\WINDOWS\system32\w118371b.dll
    C:\WINDOWS\system32\winlog.exe
  • Go back to Pocket Killbox and click File > Paste from clipboard
  • Click on the button in Pocket Killbox that looks like thisPosted Image
  • You will now get the prompt Files will be removed on reboot, Do you want reboot now?
  • Click Yes, this will restart your pc
  • Note: If your PC does not restart automatically, please restart it manually
Use windows explorer to find and delete these folders:

C:\Program Files\Altnet\
C:\Program Files\Outerinfo\

Locate Fix.reg on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt

Then please upload this file:

C:\WINDOWS\system32\rstrui.exe

To either jotti or virustotal

Go here to run an online scannner from Kaspersky.
  • Click on "Kaspersky Online Scanner"
  • A new smaller window will pop up. Press on "Accept". After reading the contents.
  • Now Kaspersky will update the anti-virus database. Let it run.
  • Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
  • Then click on "My Computer", and the scan will start.
  • Once finished, save the log as "KAV.txt" to the desktop.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post back with the jotti/virustotal results, the kaspersky log and a new HijackThis log

#10 MrWutItDew

MrWutItDew
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lafayette
  • Local time:07:50 PM

Posted 30 May 2007 - 10:23 PM

Ok I'm in the process of running it but the scripts but the registries won't merge. It sais cannot import C:\Documents and Settings\HP_Owner\Desktop\fix.reg: The specified file is not a registry script. You can only import binary registry files from within the registry editor and the Kapersly report wont go to the next screen it has the warning label.

#11 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:50 AM

Posted 31 May 2007 - 04:49 AM

For the kaspersky scan are you using internet explorer? If not, try using internet explorer

For fix.reg, try using the attached file

Attached Files

  • Attached File  fix.reg   1.44KB   8 downloads


#12 MrWutItDew

MrWutItDew
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lafayette
  • Local time:07:50 PM

Posted 09 June 2007 - 05:55 PM

I am using internet explorer but it wont let me run it

#13 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:50 AM

Posted 10 June 2007 - 06:42 AM

Try this scan instead
  • Download avz4en.zip here
  • Unzip it to a folder on your desktop
  • Double click on AVZ.exe
  • Click on the webupdate icon Posted Image
  • Click on the start button.
  • Wait for the update to finish
  • You will get a message that says "Automatic update completed successfully. Update has been successfully downloaded and installed"
  • Click OK
  • Under the search parameter tab, change the heuristic analysis mode to "Maximum heuristics level" and tick the box next to "Extended analysis
  • Make sure that the following options are selected
    • Detect API hooks and rootkits
    • Check SPI / LSP settings
    • Search for keyloggers
    • Search for TCP/UDP ports used by trojan horses
  • Make sure the following options are not selected
    • Block user-mode rootkits
    • Block kernel-mode rootkits
    • Automatically correct SPI/LSP errors
    • Perform healing
  • Under the file types tab select all files
  • Under the search range tab, select the following options
    • Check running processes
    • Heuristic system check
  • Make sure that all the Disks listed are selected
  • Click start and wait for the scan to finish
  • When the scan has finished click on the save Posted Image icon
  • Leave the default name of avz_log and save it to your desktop
  • This will put the file avz_log.txt on your desktop, please post the contents of that file


#14 MrWutItDew

MrWutItDew
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lafayette
  • Local time:07:50 PM

Posted 10 June 2007 - 03:43 PM

it will not let the update finish

#15 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:50 AM

Posted 10 June 2007 - 04:50 PM

Try this one instead

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
    Posted Image
    If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users