Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Delete Vundo And Friends


  • This topic is locked This topic is locked
8 replies to this topic

#1 econklin

econklin

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 15 June 2007 - 09:50 PM

Have been besieged with popups for about a week. IE7 launches unpredictably with some kind of ad (my default browser is FireFox). XP-Home, SP2, updates are current.

Mcafee finds nothing. AdAware found stuff early in the week, but it's gone now. SpywareBot finds a lot of VUNDO items: it deletes them, but they come back immediately (if I run another scan without doing anything else). Vundofix found a lot of items and removed them, but SpywareBot still finds it and I still get popups. AVG found a lot of stuff (several Downloaders, none of which were VUNDO) and deleted them; one of the items deleted was j6291937.dll, and Windows now complains that it's missing now when it boots. Stinger found nothing. I'm concerned that SpywareBot seems incapable of eradicating VUNDO. Any advice is appreciated. Hijackthis log follows.

Thanks,
Elizabeth and Edward

Logfile of HijackThis v1.99.1
Scan saved at 4:35:46 PM, on 6/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\winlogon.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SpywareBot\SpywareBot.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hawaiiantel.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4FE6D7E6-E764-4B3F-9AFE-EAF70AE8D087} - C:\WINDOWS\system32\sqgoufay.dll (file missing)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\tihgkvmw.dll
O2 - BHO: (no name) - {99B2CC26-6359-49D5-ABF9-634FBF7F31C2} - C:\WINDOWS\System32\awtss.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [j6291937] rundll32 C:\WINDOWS\System32\j6291937.dll sook
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\jmstimck.dll",realset
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1CE17C82-8DE2-4EF6-ACF9-3A8B21830475} (Courier52 Control) - http://secmail.bankofamerica.com/couriercontrol.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1181169597069
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1181625727625
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinsta...es/vzWebIns.CAB
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by econklin, 15 June 2007 - 09:55 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:35 AM

Posted 16 June 2007 - 12:53 AM

Hello,

I see you are running AdWatch.
I suggest you disable it because it can interfere with the fixes.

To disable AdWatch:

Open AdAware SE.
Go to AdWatch User Interface.
Go to Tools and Preferences.
At the bottom of the screen you will see 2 options Active and Automatic.
Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically
Uncheck both options. You can enable these after resolving your problem

Then uninstall SpywareBot, because it has a questionable reputation. Note: Do not confuse this one with Spybot Search & destroy. That one is ok.

Then, * Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 econklin

econklin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 16 June 2007 - 03:32 PM

Thank you for your help. I disabled AdWatch, but it re-enables itself when I boot. Fortunately it also leaves its window open so I can disable it again. Is this a useful program in your opinion?

Anyway, here is combofix.text:
====================

ComboFix 07-06-13.3 - C:\Documents and Settings\Owner\Desktop\ComboFix.exe
"Owner" - 2007-06-16 10:02:27 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\cjjspnne.dll
C:\WINDOWS\system32\hoceuayj.dll
C:\WINDOWS\system32\jmstimck.dll
C:\WINDOWS\system32\sdcsahkx.dll
C:\WINDOWS\system32\ennpsjjc.ini
C:\WINDOWS\system32\jyauecoh.ini
C:\WINDOWS\system32\kcmitsmj.ini
C:\WINDOWS\system32\xkhascds.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\LOCALS~1\APPLIC~1\Install.dat
C:\DOCUME~1\NETWOR~1\APPLIC~1\Install.dat
C:\DOCUME~1\Owner\APPLIC~1.\.rdr.ini
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\bot.dll
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\install.log
C:\Program Files\35584077
C:\Program Files\35584077\50E25DBF(2).DLL
C:\Program Files\35584077\50E25DBF.DLL
C:\Program Files\Common Files\mbols~1
C:\Program Files\Common Files\mbols~1\s?chost.exe
C:\Program Files\Common Files\System\MS355840.DLL
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\web buying
C:\Program Files\web buying\v1.7.4\wbuninst.exe
C:\Program Files\web buying\v1.7.4\webbuying.exe
C:\Temp\0b9
C:\Temp\0b9\tmpTF.log
C:\WINDOWS\cs_cache.ini
C:\WINDOWS\rau001978.exe
C:\WINDOWS\system32\2_exception.nls
C:\WINDOWS\system32\27
C:\WINDOWS\system32\515188936.exe
C:\WINDOWS\system32\boa.dat
C:\WINDOWS\system32\comi.dll
C:\WINDOWS\system32\config\system~1\applic~1\install.dat
C:\WINDOWS\system32\config\systemprofile\Application Data\.rdr.ini
C:\WINDOWS\system32\cookie.dat
C:\WINDOWS\system32\dlh9jkd1q2.exe
C:\WINDOWS\system32\dlh9jkd1q8.exe
C:\WINDOWS\system32\H5584077.log
C:\WINDOWS\system32\KB95842.log
C:\WINDOWS\system32\pog
C:\WINDOWS\system32\spoolsvv.exe
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\T4
C:\WINDOWS\system32\vexga4m1et4.exe
C:\WINDOWS\system32\winsys64.exe


((((((((((((((((((((((((( Files Created from 2007-05-16 to 2007-06-16 )))))))))))))))))))))))))))))))


2007-06-16 09:54 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-15 15:03 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-15 14:23 <DIR> d-------- C:\VundoFix Backups
2007-06-15 12:59 125,972 --a------ C:\WINDOWS\system32\iouufwvf.dll
2007-06-13 06:10 62,516 --a------ C:\WINDOWS\system32\tihgkvmw.dll
2007-06-12 08:47 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-11 19:25 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-11 14:52 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SpywareBot
2007-06-11 13:21 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-06-11 10:51 786,432 --ah----- C:\DOCUME~1\ADMINI~1.002\NTUSER.DAT
2007-06-11 10:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1.002\APPLIC~1\VERITAS
2007-06-11 09:56 786,432 --ah----- C:\DOCUME~1\ADMINI~1.001\NTUSER.DAT
2007-06-11 09:56 <DIR> d-------- C:\DOCUME~1\ADMINI~1.001\APPLIC~1\VERITAS
2007-06-09 07:49 4,456,448 --a------ C:\DOCUME~1\Owner\ntuser.dat
2007-06-09 07:49 237,568 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
2007-06-07 09:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-06 19:49 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-06-06 19:43 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-06 16:35 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-06-06 16:33 55,316 --a------ C:\WINDOWS\system32\cloqpyyq.dll
2007-06-06 16:28 <DIR> d-------- C:\WINDOWS\LastGood(3)
2007-06-06 16:28 <DIR> d-------- C:\WINDOWS\LastGood(2)
2007-06-06 16:28 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-06 16:28 <DIR> d-------- C:\d58b2422023d2009954b8cc357b2
2007-06-06 16:22 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-06 16:20 <DIR> d-------- C:\WINDOWS\peernet
2007-06-06 16:12 <DIR> d-------- C:\WINDOWS\EHome
2007-06-06 15:53 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1.000\NTUSER.DAT
2007-06-06 15:53 <DIR> d-------- C:\DOCUME~1\ADMINI~1.000\APPLIC~1\VERITAS
2007-06-06 15:38 65,536 --------- C:\WINDOWS\system32\aspimgr.exe
2007-06-06 15:36 57,344 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\qredcbkv.exe
2007-06-06 15:29 <DIR> d-------- C:\WINDOWS\system32\T7
2007-06-06 15:29 <DIR> d-------- C:\WINDOWS\system32\T6
2007-06-06 15:29 <DIR> d-------- C:\WINDOWS\system32\T5QaSQ
2007-06-06 14:46 <DIR> d-------- C:\Program Files\Lavasoft(2)
2007-06-06 12:56 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-06 12:55 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-06-06 12:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-06 12:42 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-06-06 12:36 <DIR> d-------- C:\WINDOWS\Prefetch
2007-06-06 12:10 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-06-06 12:10 9,216 --------- C:\WINDOWS\system32\proxycfg.exe
2007-06-06 12:10 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-06-06 12:10 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-06-06 12:10 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-06-06 12:10 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2007-06-06 12:10 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-06-06 12:10 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-06-06 12:10 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-06-06 12:10 59,392 --------- C:\WINDOWS\system32\logman.exe
2007-06-06 12:10 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-06-06 12:10 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-06-06 12:10 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-06-06 12:10 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-06-06 12:10 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-06-06 12:10 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-06-06 12:10 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2007-06-06 12:10 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2007-06-06 12:10 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-06-06 12:10 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-06-06 12:10 37,376 --------- C:\WINDOWS\system32\drivers\amdk7.sys
2007-06-06 12:10 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-06-06 12:10 36,096 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2007-06-06 12:10 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2007-06-06 12:10 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-06-06 12:10 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-06-06 12:10 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-06-06 12:10 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-06-06 12:10 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-06-06 12:10 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-06-06 12:10 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-06-06 12:10 29,056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys
2007-06-06 12:10 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-06-06 12:10 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2007-06-06 12:10 262,784 --------- C:\WINDOWS\system32\drivers\http.sys
2007-06-06 12:10 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-06-06 12:10 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2007-06-06 12:10 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-06-06 12:10 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-06-06 12:10 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-06-06 12:10 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2007-06-06 12:10 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2007-06-06 12:10 15,488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys
2007-06-06 12:10 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-06-06 12:10 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-06-06 12:10 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-06-06 12:10 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-06-06 12:10 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2007-06-06 12:10 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-06-06 12:10 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-06-06 12:10 128,896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2007-06-06 12:10 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-06-06 12:10 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-06-06 12:10 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-06-06 12:10 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-06-06 12:10 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-06-06 12:10 11,136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys
2007-06-06 12:10 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-06-06 12:10 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2007-06-06 12:10 10,240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-16 18:36:51 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-06-12 00:32:34 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\MSNInstaller
2007-06-12 00:29:31 -------- d-----w C:\Program Files\Design Science
2007-06-09 00:33:55 -------- d-----w C:\Program Files\Microsoft Money
2007-06-07 07:34:34 -------- d-----w C:\Program Files\Messenger
2007-06-07 02:28:15 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
2007-06-07 02:20:28 -------- d-----w C:\Program Files\Movie Maker
2007-06-07 02:05:57 -------- d-----w C:\Program Files\Windows NT
2007-06-07 01:38:40 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2007-06-06 22:42:14 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-06 17:52:16 -------- d-----w C:\Program Files\Google
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 08:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 08:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 08:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 08:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-11 17:34:40 3,499 ----a-w C:\WINDOWS\mozver.dat
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 16:02]
{4FE6D7E6-E764-4B3F-9AFE-EAF70AE8D087}=C:\WINDOWS\system32\sqgoufay.dll []
{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}=C:\WINDOWS\system32\tihgkvmw.dll [2007-06-13 06:10]
{99B2CC26-6359-49D5-ABF9-634FBF7F31C2}=C:\WINDOWS\System32\awtss.dll []
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-06-06 07:52]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-06 07:52]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [2002-05-03 14:06 C:\WINDOWS\system32\nwiz.exe]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-17 20:11]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 18:56]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-05-09 05:01]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-04-05 14:41]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-03-02 19:19]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 20:28]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-18 10:25]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"SpywareBot"="C:\Program Files\SpywareBot\SpywareBot.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-10 23:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 07:51]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe" [2005-05-25 11:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="C:\Eudora\EuShlExt.dll" [2006-08-17 14:57]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 02:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backup=C:\WINDOWS\pss\Verizon Online Support Center.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCActiveMenu]
"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCM]
"C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe


Contents of the 'Scheduled Tasks' folder
2007-06-16 20:16:46 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (NEWNED-Owner).job
2007-06-16 13:00:13 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
2007-06-16 17:49:15 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-16 10:16:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-16 10:20:11 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-16 10:19

--- E O F ---

And here is hijackthis:
==============

Logfile of HijackThis v1.99.1
Scan saved at 10:25:56 AM, on 6/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hawaiiantel.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4FE6D7E6-E764-4B3F-9AFE-EAF70AE8D087} - C:\WINDOWS\system32\sqgoufay.dll (file missing)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\tihgkvmw.dll
O2 - BHO: (no name) - {99B2CC26-6359-49D5-ABF9-634FBF7F31C2} - C:\WINDOWS\System32\awtss.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1CE17C82-8DE2-4EF6-ACF9-3A8B21830475} (Courier52 Control) - http://secmail.bankofamerica.com/couriercontrol.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1181169597069
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1181625727625
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinsta...es/vzWebIns.CAB
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:35 AM

Posted 16 June 2007 - 04:02 PM

Hi,

Thank you for your help. I disabled AdWatch, but it re-enables itself when I boot. Fortunately it also leaves its window open so I can disable it again. Is this a useful program in your opinion?

Adwatch is useful if you know how to work with it. This because it basically monitors registry changes.. this in order to prevent malware to start up with Windows. But, since adwatch mainly monitors registry changes, it doesn't see the difference between malware and not and also legit entries that appear in the registry will be "alerted" by Adwatch. So in this case, you should know which ones to block and which ones to allow.
Adwatch is a tool to prevent malware and since your system is already infected and we need to remove the infections, Adwatch may be a nuisance here. This because, when we want to run certain tools, and delete certain registry entries, Adwatch may see this as a "Hijack attempt" as well and just restores it like it was before (with the malware in it).
That's why we always ask to disable adwatch during cleanup. And in case Adwatch is stubborn here and reenables after startup, it may be better to temporary uninstall Adaware SE pro/plus till we're finished here.

So, in this case, since Adwatch IS stubborn here, uninstall Adaware SE Pro/plus. You can always reinstall it afterwards again when we are done here.

Then reboot after uninstalling.

After reboot,

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\iouufwvf.dll
C:\WINDOWS\system32\tihgkvmw.dll
C:\WINDOWS\system32\cloqpyyq.dll
C:\WINDOWS\system32\aspimgr.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\qredcbkv.exe

Folder::
C:\WINDOWS\system32\T7
C:\WINDOWS\system32\T6
C:\WINDOWS\system32\T5QaSQ
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4FE6D7E6-E764-4B3F-9AFE-EAF70AE8D087}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99B2CC26-6359-49D5-ABF9-634FBF7F31C2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=-
"SpywareBot"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCActiveMenu]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCM]


Save this as ComboFix-Do.txt

Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 econklin

econklin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 16 June 2007 - 04:51 PM

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.


Ok, here you go. I notice lots of entries re SpywareBot, which I uninstalled before the last round. Also, Windows Firewall is asking to block BackWeb-137903.exe. What is that?

ComboFix.txt:
=========

ComboFix 07-06-13.3 - C:\Documents and Settings\Owner\Desktop\ComboFix.exe
"Owner" - 2007-06-16 11:31:41 - Service Pack 2 NTFS
Command switches used :: C:\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1\qredcbkv.exe
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\fp.dat
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Log\2007 Jun 15 - 02_19_41 PM.log
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Log\2007 Jun 15 - 02_19_42 PM.log
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Log\2007 Jun 15 - 02_19_45 PM.log
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Log\2007 Jun 15 - 02_19_46 PM.log
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Log\2007 Jun 15 - 02_30_01 PM.log
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Log\2007 Jun 15 - 02_30_03 PM.log
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Log\2007 Jun 15 - 04_31_30 PM.log
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Log\2007 Jun 15 - 04_31_33 PM.log
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Log\2007 Jun 15 - 08_09_14 AM.log
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Log\2007 Jun 15 - 08_09_25 AM.log
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Log\2007 Jun 15 - 08_09_26 AM.log
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Log\2007 Jun 15 - 11_39_51 AM.log
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Log\2007 Jun 15 - 11_39_52 AM.log
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Log\2007 Jun 15 - 11_40_00 AM.log
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Log\2007 Jun 15 - 12_36_18 PM.log
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Log\2007 Jun 15 - 12_36_21 PM.log
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Log\2007 Jun 15 - 12_36_30 PM.log
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Log\2007 Jun 15 - 12_53_36 PM.log
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Log\2007 Jun 15 - 12_53_40 PM.log
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Log\2007 Jun 16 - 03_00_01 AM.log
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10000.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10000.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10001.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10001.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10002.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10002.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10003.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10003.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10004.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10004.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10005.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10005.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10006.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10006.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10007.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10007.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10008.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10009.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10009.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10010.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10011.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10012.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10012.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10013.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10014.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10014.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10015.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10015.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10016.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10017.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10018.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10018.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10019.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10019.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10020.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10021.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10021.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10022.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10023.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10024.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10024.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10025.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10025.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10026.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10026.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10027.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10027.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10028.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10028.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10029.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10029.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10030.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10030.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10031.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10031.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10032.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10032.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10033.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10033.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10034.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10034.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10035.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10035.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10036.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10036.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10037.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10037.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10038.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10038.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10039.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10039.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10040.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10040.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10041.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10041.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10042.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10042.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10043.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10043.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10044.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10044.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10045.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10045.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10046.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10046.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10047.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-14-53-55\10047.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-18-21\10000.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-18-21\10000.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-18-21\10001.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-18-21\10002.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-18-21\10003.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-18-21\10003.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-18-21\10004.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-18-21\10005.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-18-21\10005.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-18-21\10006.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-18-21\10006.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-18-21\10007.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-18-21\10007.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-18-21\10008.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-18-21\10008.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-37-12\10000.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-37-12\10000.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-37-12\10001.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-37-12\10002.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-37-12\10002.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-37-12\10003.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-37-12\10004.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-37-12\10005.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-37-12\10005.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-37-12\10006.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-37-12\10007.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-37-12\10007.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-37-12\10008.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-37-12\10008.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-37-12\10009.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-37-12\10009.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-37-12\10010.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-15-37-12\10010.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-12-19\10000.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-12-19\10000.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-12-19\10001.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-12-19\10002.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-12-19\10003.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-12-19\10004.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-12-19\10004.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-12-19\10005.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-12-19\10006.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-12-19\10006.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-12-19\10007.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-12-19\10007.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-12-19\10008.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-12-19\10008.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-12-19\10009.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-12-19\10009.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-14-55\10009.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-14-55\10009.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-14-55\10010.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-14-55\10010.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-14-55\10011.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-14-55\10011.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-14-55\10012.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-14-55\10012.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-14-55\10013.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-14-55\10013.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-14-55\10014.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-14-55\10014.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-14-55\10015.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-14-55\10015.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-14-55\10016.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-14-55\10016.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-14-55\10017.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-14-55\10017.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-47-17\10017.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-16-47-17\10017.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-17-55-23\10017.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-17-55-23\10018.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-17-55-23\10018.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-17-55-23\10019.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-17-55-23\10020.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-17-55-23\10021.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-17-55-23\10021.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-17-55-23\10022.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-17-55-23\10023.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-17-55-23\10023.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-18-19-45\10023.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-18-19-45\10023.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-18-19-45\10024.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-18-19-45\10025.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\11-06-2007-18-19-45\10025.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10000.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10000.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10001.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10001.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10002.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10003.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10003.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10004.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10005.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10006.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10006.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10007.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10008.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10008.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10009.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10009.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10010.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10010.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10011.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10011.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10012.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10012.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10013.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10013.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10014.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10014.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10015.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10015.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10016.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\13-06-2007-18-03-06\10016.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\14-06-2007-13-06-51\10016.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\14-06-2007-13-06-51\10017.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\14-06-2007-13-06-51\10017.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\14-06-2007-13-06-51\10018.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\14-06-2007-13-06-51\10018.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\14-06-2007-13-06-51\10019.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\14-06-2007-13-06-51\10020.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\14-06-2007-13-06-51\10020.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10000.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10000.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10001.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10001.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10002.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10002.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10003.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10003.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10004.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10004.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10005.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10006.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10006.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10007.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10008.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10009.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10009.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10010.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10011.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10011.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10012.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10012.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10013.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10013.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10014.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10014.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10015.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10015.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10016.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10016.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10017.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10017.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10018.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10018.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10019.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10019.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10020.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10020.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10021.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10021.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10022.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-37-33\10022.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-42-28\10022.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-42-28\10023.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-42-28\10023.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-42-49\10023.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-42-49\10024.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-42-49\10024.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-43-05\10024.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-43-05\10024.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-43-19\10024.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-43-19\10025.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-12-43-19\10025.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-31-14\10000.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-31-14\10000.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-31-14\10001.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-31-14\10001.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-31-14\10002.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-31-14\10003.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-31-14\10003.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-31-14\10004.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-31-14\10005.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-31-14\10006.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-31-14\10006.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-31-14\10007.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-31-14\10008.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-31-14\10008.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-31-14\10009.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-31-14\10009.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-31-14\10010.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-31-14\10010.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-31-14\10011.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-31-14\10011.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-41-49\10011.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-41-49\10012.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-41-49\10012.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-42-24\10012.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-42-24\10012.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-42-40\10012.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-42-40\10013.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-42-40\10013.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-43-21\10013.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-43-21\10014.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-43-21\10014.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-43-37\10014.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-43-37\10014.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-43-51\10014.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-43-51\10015.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-43-51\10015.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-44-48\10015.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-44-48\10015.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-45-01\10015.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-45-01\10016.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-45-01\10016.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-45-31\10016.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-45-31\10016.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-45-44\10016.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-45-44\10017.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-14-45-44\10017.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-15-33-48\10017.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-15-33-48\10017.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-15-34-22\10017.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-15-34-22\10018.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-15-34-22\10018.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-15-35-01\10018.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-15-35-01\10019.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-15-35-01\10019.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-16-28-01\10019.qit
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Quarantine\15-06-2007-16-28-01\10019.qnf
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Settings\CustomScan.stg
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Settings\IgnoreList.stg
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Settings\ScanInfo.stg
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Settings\ScanResults.stg
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Settings\SelectedFolders.stg
C:\DOCUME~1\Owner\APPLIC~1\SpywareBot\Settings\Settings.stg
C:\VundoFix Backups
C:\VundoFix Backups\awtss.dll.bad
C:\VundoFix Backups\dkvbourf.dll.bad
C:\VundoFix Backups\efcawxy.dll.bad
C:\VundoFix Backups\efcayya.dll.bad
C:\VundoFix Backups\esupaoij.exe.bad
C:\VundoFix Backups\hbexwblf.dll.bad
C:\VundoFix Backups\ingcusje.dll.bad
C:\VundoFix Backups\j6291937.dll.bad
C:\VundoFix Backups\jlvxrmbp.dll.bad
C:\VundoFix Backups\kghxuvip.dll.bad
C:\VundoFix Backups\knaawjik.exe.bad
C:\VundoFix Backups\nygnkxvd.dll.bad
C:\VundoFix Backups\qdfhurwu.dll.bad
C:\VundoFix Backups\sfcecodg.dll.bad
C:\VundoFix Backups\sstwa.bak1.bad
C:\VundoFix Backups\sstwa.bak2.bad
C:\VundoFix Backups\sstwa.ini.bad
C:\VundoFix Backups\sstwa.ini2.bad
C:\VundoFix Backups\sstwa.tmp.bad
C:\WINDOWS\system32\aspimgr.exe
C:\WINDOWS\system32\cloqpyyq.dll
C:\WINDOWS\system32\iouufwvf.dll
C:\WINDOWS\system32\T5QaSQ
C:\WINDOWS\system32\T6
C:\WINDOWS\system32\T7
C:\WINDOWS\system32\T7\wb22.exe
C:\WINDOWS\system32\tihgkvmw.dll


((((((((((((((((((((((((( Files Created from 2007-05-16 to 2007-06-16 )))))))))))))))))))))))))))))))


2007-06-16 09:54 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-15 15:03 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-12 08:47 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-11 19:25 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-11 13:21 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-06-11 10:51 786,432 --ah----- C:\DOCUME~1\ADMINI~1.002\NTUSER.DAT
2007-06-11 10:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1.002\APPLIC~1\VERITAS
2007-06-11 09:56 786,432 --ah----- C:\DOCUME~1\ADMINI~1.001\NTUSER.DAT
2007-06-11 09:56 <DIR> d-------- C:\DOCUME~1\ADMINI~1.001\APPLIC~1\VERITAS
2007-06-09 07:49 4,456,448 --a------ C:\DOCUME~1\Owner\ntuser.dat
2007-06-09 07:49 237,568 --a------ C:\DOCUME~1\LOCALS~1\ntuser.dat
2007-06-06 19:49 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-06-06 19:43 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-06 16:35 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-06-06 16:28 <DIR> d-------- C:\WINDOWS\LastGood(3)
2007-06-06 16:28 <DIR> d-------- C:\WINDOWS\LastGood(2)
2007-06-06 16:28 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-06 16:28 <DIR> d-------- C:\d58b2422023d2009954b8cc357b2
2007-06-06 16:22 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-06 16:20 <DIR> d-------- C:\WINDOWS\peernet
2007-06-06 16:12 <DIR> d-------- C:\WINDOWS\EHome
2007-06-06 15:53 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1.000\NTUSER.DAT
2007-06-06 15:53 <DIR> d-------- C:\DOCUME~1\ADMINI~1.000\APPLIC~1\VERITAS
2007-06-06 14:46 <DIR> d-------- C:\Program Files\Lavasoft(2)
2007-06-06 12:56 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-06 12:55 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-06-06 12:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-06 12:42 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-06-06 12:36 <DIR> d-------- C:\WINDOWS\Prefetch
2007-06-06 12:10 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-06-06 12:10 9,216 --------- C:\WINDOWS\system32\proxycfg.exe
2007-06-06 12:10 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-06-06 12:10 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-06-06 12:10 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-06-06 12:10 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2007-06-06 12:10 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-06-06 12:10 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-06-06 12:10 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-06-06 12:10 59,392 --------- C:\WINDOWS\system32\logman.exe
2007-06-06 12:10 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-06-06 12:10 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-06-06 12:10 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-06-06 12:10 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-06-06 12:10 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-06-06 12:10 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-06-06 12:10 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2007-06-06 12:10 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2007-06-06 12:10 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-06-06 12:10 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-06-06 12:10 37,376 --------- C:\WINDOWS\system32\drivers\amdk7.sys
2007-06-06 12:10 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-06-06 12:10 36,096 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2007-06-06 12:10 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2007-06-06 12:10 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-06-06 12:10 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-06-06 12:10 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-06-06 12:10 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-06-06 12:10 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-06-06 12:10 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-06-06 12:10 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-06-06 12:10 29,056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys
2007-06-06 12:10 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-06-06 12:10 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2007-06-06 12:10 262,784 --------- C:\WINDOWS\system32\drivers\http.sys
2007-06-06 12:10 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-06-06 12:10 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2007-06-06 12:10 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-06-06 12:10 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-06-06 12:10 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-06-06 12:10 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2007-06-06 12:10 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2007-06-06 12:10 15,488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys
2007-06-06 12:10 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-06-06 12:10 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-06-06 12:10 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-06-06 12:10 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-06-06 12:10 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2007-06-06 12:10 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-06-06 12:10 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-06-06 12:10 128,896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2007-06-06 12:10 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-06-06 12:10 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-06-06 12:10 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-06-06 12:10 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-06-06 12:10 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-06-06 12:10 11,136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys
2007-06-06 12:10 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-06-06 12:10 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2007-06-06 12:10 10,240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-06-06 12:10 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-06-06 12:10 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-06-06 12:09 937,984 --------- C:\WINDOWS\system32\winbrand.dll
2007-06-06 12:09 896,512 --------- C:\WINDOWS\system32\wmspdmoe.dll
2007-06-06 12:09 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll
2007-06-06 12:09 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2007-06-06 12:09 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll
2007-06-06 12:09 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2007-06-06 12:09 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2007-06-06 12:09 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2007-06-06 12:09 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-16 18:36:51 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-06-12 00:32:34 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\MSNInstaller
2007-06-12 00:29:31 -------- d-----w C:\Program Files\Design Science
2007-06-09 00:33:55 -------- d-----w C:\Program Files\Microsoft Money
2007-06-07 07:34:34 -------- d-----w C:\Program Files\Messenger
2007-06-07 02:28:15 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
2007-06-07 02:20:28 -------- d-----w C:\Program Files\Movie Maker
2007-06-07 02:05:57 -------- d-----w C:\Program Files\Windows NT
2007-06-07 01:38:40 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2007-06-06 22:42:14 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-06 17:52:16 -------- d-----w C:\Program Files\Google
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 08:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 08:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 08:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 08:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-11 17:34:40 3,499 ----a-w C:\WINDOWS\mozver.dat
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 16:02]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-06-06 07:52]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-06 07:52]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [2002-05-03 14:06 C:\WINDOWS\system32\nwiz.exe]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-17 20:11]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 18:56]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-05-09 05:01]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-04-05 14:41]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-03-02 19:19]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 20:28]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-18 10:25]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-10 23:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 07:51]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="C:\Eudora\EuShlExt.dll" [2006-08-17 14:57]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 02:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backup=C:\WINDOWS\pss\Verizon Online Support Center.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe


Contents of the 'Scheduled Tasks' folder
2007-06-16 21:24:50 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (NEWNED-Owner).job
2007-06-16 13:00:13 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
2007-06-16 17:49:15 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-16 11:36:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-16 11:37:31
C:\ComboFix-Do.txt ... 2007-06-16 11:28
C:\ComboFix-quarantined-files.txt ... 2007-06-16 11:37
C:\ComboFix2.txt ... 2007-06-16 10:20

--- E O F ---

hijackthis:
=======

Logfile of HijackThis v1.99.1
Scan saved at 11:42:25 AM, on 6/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hawaiiantel.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1CE17C82-8DE2-4EF6-ACF9-3A8B21830475} (Courier52 Control) - http://secmail.bankofamerica.com/couriercontrol.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1181169597069
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1181625727625
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinsta...es/vzWebIns.CAB
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:35 AM

Posted 16 June 2007 - 05:25 PM

Hi,

Windows Firewall is asking to block BackWeb-137903.exe. What is that?

This "backweb process" is related with the updates for your HP center as it shows in your HijackThislog:

O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

It's no threat though, but actually this program is not really required to start up with Windows, so you may check and fix above entry in HijackThis.

The rest of your logs look clean again.
Delete next folder: C:\Qoobox

Let me know in your next reply how things are now...
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 econklin

econklin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 18 June 2007 - 11:16 PM

Well, a couple of days have now passed, and we have done normal things with no unwanted popups, so I believe we are fixed now. I can't tell you how much we appreciate your help. As suggested on your messages, we will be making a contribution.

Aloha and Mahalo from Hawaii,
Elizabeth and Edward

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:35 AM

Posted 19 June 2007 - 12:33 AM

Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:35 AM

Posted 22 June 2007 - 01:50 PM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users