Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winantispyware Blues


  • This topic is locked This topic is locked
11 replies to this topic

#1 zippyzoe

zippyzoe

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 21 June 2007 - 05:31 PM

I read a post by AMATEUR on how to fix this infliction.

I ran the Rogue Remover, Combo Fix, CCleaner, and the AVG scan (the superfecta) and it got rid of the 3 problems that I was having. Only pain it caused is having to reload all the passwords back in. I was back in business in less than an hour.

My orginal problems:

I get the winantispyware box in the lower right hand corner of my screen -- can't close it or delete.

I get popups in IE about every 5 minutes. I turned on the popup blocker to HIGH but I still get a blank page with ---url.cpvfeed.com

Lastly after I ran AdAware and rebooted my desktop went into recover mode --- when I hit the restore desktop button. I receive a Internet Explore Script error.


How did I get it?
Answer: Looking at Jessica Alba pics. Reconnected to a Celebrity Exposed type website.


Here's the logfile after running the applications AMATEUR recommended.
A few squirelly entries - the realtek voice stuff - where did that come from? Skytel.exe


Logfile of HijackThis v1.99.1
Scan saved at 5:23:25 PM, on 6/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Ron\Desktop\Nero-7.9.6.0_eng_update.exe
C:\DOCUME~1\Ron\LOCALS~1\Temp\NER20.tmp\NeroBar.exe
C:\DOCUME~1\Ron\LOCALS~1\Temp\NER20.tmp\Setupx.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Ron\LOCALS~1\Temp\Rar$EX00.078\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [uwas7cw] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe" -c
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1181938138640
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Edited by zippyzoe, 21 June 2007 - 05:35 PM.


BC AdBot (Login to Remove)

 


#2 zippyzoe

zippyzoe
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 21 June 2007 - 09:03 PM

Everything is still working fine. Hope someone can check my Hijacklog so I can delete all the extra software I downloaded.

Patiently waiting,

Zz

#3 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:25 PM

Posted 21 June 2007 - 09:43 PM

Hi and welcome to BC.

It's not a good idea to follow the directions for someone else, but looks like you've been lucky this time.

=====================================

Go to Start>Control Panel>Add/Remove Programs and remove the following program, if there. Don't worry if not:

WinAntiSpyware 2007

Then, using Windows Explorer (right click on Start, click on Explore), navigate to the following folder and delete it.

C:\Program Files\Common Files\WinAntiSpyware 2007

=====================================

Please disable SuperAntiSpyware so that it will not interfere with the fix:

Right-click on the shortcut from the system tray :
choose : View Control Center (preferences/options)
on the General and Startup tab:
uncheck : Start SUPERAntispyware when Windows starts
then click Close to exit.

======================================

Scan with HijackThis and put a checkmark against the following entries:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [uwas7cw] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe" -c
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"


Close all browsers, including this one and click on "fix checked".

=======================================

Restart your computer

=======================================

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "The JSE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6.0 windows-i586-p.exe to install the newest version.

=======================================

You are running HijackThis from a temporary directory. It needs to run from a folder of its own. Please Click on HERE to download a self extractable version of hijackthis Posted Image. Double click on hijackthis.exe to extract hijackthis to folder c:\hijackthis. It will extract it to that folder and open the folder for you. It will also create a shortcut on your desktop to hijackthis.

Scan with HijackThis. Save the log and post it here in your reply in this thread.

========================================

You say that you've ran Combofix and AVG Anti Spyware. Please post the Combofix.txt (it should be in C:\ComboFix.txt) and the AVG Anti Spyware report along with the fresh HijackThis log.

#4 zippyzoe

zippyzoe
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 22 June 2007 - 12:23 PM

Sorry for the delay. I had to get some sleep.

I have a couple of questions. Where do I install the Java update. The installer asks for a directory. I have over 100 files and directories with JAVA in them. I have a screen capture jpeg but Imgplace won't accept it. Should I remove some of these files?

My other question is about this file.

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

I was curious what it was so I googled it. The opinions were to keep it because it is useful. Just curious about your thoughts on deleting it.

Thanks,

Zz

Edited by zippyzoe, 22 June 2007 - 12:57 PM.


#5 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:25 PM

Posted 22 June 2007 - 02:26 PM

Sorry for the delay. I had to get some sleep.


No problem. I too had to get some sleep. :thumbsup:

I have a couple of questions. Where do I install the Java update. The installer asks for a directory. I have over 100 files and directories with JAVA in them. I have a screen capture jpeg but Imgplace won't accept it. Should I remove some of these files?

Please read the instructions again. The default directory is the Programs Files folder (C:\Program Files\Java) You are to remove only the JRE or J2SE entries in the Add/Remove Programs in Control Panel which looks like this, except this is the latest because I removed the older ones.
Posted Image
My other question is about this file.

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

I was curious what it was so I googled it. The opinions were to keep it because it is useful. Just curious about your thoughts on deleting it.


It's the Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers. You don't need it to load at startup. Fixing it with HijackThis will only stop it from loading at the startup. We are going to keep the file so that it will still function when needed.
Thanks,

Edited by amateur, 22 June 2007 - 02:34 PM.


#6 zippyzoe

zippyzoe
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 22 June 2007 - 10:06 PM

Here's the latest Hijackthis Log. Sorry about missing the instructions on the Java. I wasted a lot of time trying to figure out where to put it. Wish I had reread the instructions.

Here you go ===

Logfile of HijackThis v1.99.1
Scan saved at 10:04:16 PM, on 6/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1181938138640
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#7 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:25 PM

Posted 22 June 2007 - 10:16 PM

Hi,
N.P. The log is looking good.

You say that you've ran Combofix and AVG Anti Spyware. Please post the Combofix.txt (it should be in C:\ComboFix.txt) and the AVG Anti Spyware report along with the fresh HijackThis log.


Can you also please post the AVG Anti Spyware report and the Combofix.txt?

#8 zippyzoe

zippyzoe
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 22 June 2007 - 10:18 PM

Here's the combo log. I'll run the AVG log and post it later.


ComboFix 07-06-21.3 - C:\Documents and Settings\Ron\Desktop\ComboFix.exe
"Ron" - 2007-06-21 15:27:38 - Service Pack 2 NTFS [SAFE MODE]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\SalesMonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\WinAntiSpyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\WinAntiSpyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\WinAntiSpyware 2007\Data\ProductCode
C:\DOCUME~1\Ron\APPLIC~1.\macromedia\Flash Player\#SharedObjects\U4MP4MVJ\www.broadcaster.com
C:\DOCUME~1\Ron\APPLIC~1.\macromedia\Flash Player\#SharedObjects\U4MP4MVJ\www.broadcaster.com\played_list.sol
C:\DOCUME~1\Ron\APPLIC~1.\macromedia\Flash Player\#SharedObjects\U4MP4MVJ\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\Ron\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Ron\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\Ron\APPLIC~1.\WinAntiSpyware 2007
C:\DOCUME~1\Ron\APPLIC~1.\WinAntiSpyware 2007\Logs\update.log
C:\DOCUME~1\Ron\Desktop\internet.lnk
C:\DOCUME~1\Ron\MYDOCU~1.\asembl~1
C:\Program Files\Common Files\WinAntiSpyware 2007
C:\Program Files\Common Files\WinAntiSpyware 2007\err.log
C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\inetget2
C:\Program Files\poolsv
C:\Program Files\poolsv\k11u72.exe
C:\Program Files\svhost
C:\Program Files\WinAntiSpyware 2007
C:\Program Files\WinAntiSpyware 2007\Activate.dat
C:\Program Files\WinAntiSpyware 2007\appupdate.dat
C:\Program Files\WinAntiSpyware 2007\AsAgents.dll
C:\Program Files\WinAntiSpyware 2007\AsAgents.xml
C:\Program Files\WinAntiSpyware 2007\atl71.dll
C:\Program Files\WinAntiSpyware 2007\AutoProcess.dat
C:\Program Files\WinAntiSpyware 2007\bnlink.dat
C:\Program Files\WinAntiSpyware 2007\database\enemies.dat
C:\Program Files\WinAntiSpyware 2007\database\knownfiles.dat
C:\Program Files\WinAntiSpyware 2007\database\TEBase.dat
C:\Program Files\WinAntiSpyware 2007\database\vbpv.dat
C:\Program Files\WinAntiSpyware 2007\dbupdate.dat
C:\Program Files\WinAntiSpyware 2007\fopnl.dll
C:\Program Files\WinAntiSpyware 2007\InstUp.exe
C:\Program Files\WinAntiSpyware 2007\lapv.dat
C:\Program Files\WinAntiSpyware 2007\license.rtf
C:\Program Files\WinAntiSpyware 2007\manual.pdf
C:\Program Files\WinAntiSpyware 2007\manual.url
C:\Program Files\WinAntiSpyware 2007\mfc71.dll
C:\Program Files\WinAntiSpyware 2007\monstate.dat
C:\Program Files\WinAntiSpyware 2007\msvcp71.dll
C:\Program Files\WinAntiSpyware 2007\msvcr71.dll
C:\Program Files\WinAntiSpyware 2007\ps.dat
C:\Program Files\WinAntiSpyware 2007\pv.dat
C:\Program Files\WinAntiSpyware 2007\quaratine.dat\#post_quarantine
C:\Program Files\WinAntiSpyware 2007\readme.rtf
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\1aeb2818f4744ad1d11280b6\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\1aeb2818f4744ad1d11280b6\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\1aeb2818f4744ad1d11280b6\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\210b36b970d749d8a5685081\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\210b36b970d749d8a5685081\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\210b36b970d749d8a5685081\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\3e30c9111eeb4b2f92880a89\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\3e30c9111eeb4b2f92880a89\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\3e30c9111eeb4b2f92880a89\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\435a81640afc4aac273b7aae\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\435a81640afc4aac273b7aae\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\435a81640afc4aac273b7aae\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\43e81e850c574a705446e0a1\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\43e81e850c574a705446e0a1\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\43e81e850c574a705446e0a1\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\4feb5a598d764d3d53a311a0\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\4feb5a598d764d3d53a311a0\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\4feb5a598d764d3d53a311a0\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\53553d5241e94c0f013afb85\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\53553d5241e94c0f013afb85\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\53553d5241e94c0f013afb85\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\56ca2ce715d14e4582cf97af\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\56ca2ce715d14e4582cf97af\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\56ca2ce715d14e4582cf97af\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\5cb0f11be5334304ff2cbda6\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\5cb0f11be5334304ff2cbda6\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\5cb0f11be5334304ff2cbda6\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\5cb0f11be5334304ff2cbda6\Ron
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\5dd2313dd01c4560a14cedb8\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\5dd2313dd01c4560a14cedb8\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\5dd2313dd01c4560a14cedb8\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\5fa266868e4b47976377b885\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\5fa266868e4b47976377b885\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\5fa266868e4b47976377b885\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\7d71ef71011f4428e78ea8b2\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\7d71ef71011f4428e78ea8b2\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\7d71ef71011f4428e78ea8b2\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\923b290b22db4dc4c6bdad9c\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\923b290b22db4dc4c6bdad9c\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\923b290b22db4dc4c6bdad9c\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\99cd3befa2a14fa9537928b8\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\99cd3befa2a14fa9537928b8\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\99cd3befa2a14fa9537928b8\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\b394b4c9a8cf4240aa77f9a7\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\b394b4c9a8cf4240aa77f9a7\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\b394b4c9a8cf4240aa77f9a7\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\b394b4c9a8cf4240aa77f9a7\Ron
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\b5f84d56225d4e4a29a0249f\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\b5f84d56225d4e4a29a0249f\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\b5f84d56225d4e4a29a0249f\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\b5f84d56225d4e4a29a0249f\Ron
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\b61f59de33604ca56076588f\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\b61f59de33604ca56076588f\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\b61f59de33604ca56076588f\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\c72d7cc58bee4b2bacf43b8c\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\c72d7cc58bee4b2bacf43b8c\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\c72d7cc58bee4b2bacf43b8c\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\c72d7cc58bee4b2bacf43b8c\Ron
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\e23b4606373e42d3182db8ab\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\e23b4606373e42d3182db8ab\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\e23b4606373e42d3182db8ab\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\ea72e7490bd7482eb51fb9ba\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\ea72e7490bd7482eb51fb9ba\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\ea72e7490bd7482eb51fb9ba\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\edac453ee9d84098bae93986\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\edac453ee9d84098bae93986\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\edac453ee9d84098bae93986\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\edac453ee9d84098bae93986\Ron
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\f549e5cc092e40546c9abdb7\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\f549e5cc092e40546c9abdb7\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\f549e5cc092e40546c9abdb7\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\ff2275a1971747b5ff8cae91\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\ff2275a1971747b5ff8cae91\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\2b60c9c88f6c43f2204a1080\ff2275a1971747b5ff8cae91\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\59c6faaf30214ba8aed64a80\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\59c6faaf30214ba8aed64a80\02f0379157674996f6ee1d9f\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\59c6faaf30214ba8aed64a80\02f0379157674996f6ee1d9f\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\59c6faaf30214ba8aed64a80\02f0379157674996f6ee1d9f\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\59c6faaf30214ba8aed64a80\14c6ef83d52e40ab58620eba\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\59c6faaf30214ba8aed64a80\14c6ef83d52e40ab58620eba\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\59c6faaf30214ba8aed64a80\14c6ef83d52e40ab58620eba\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\59c6faaf30214ba8aed64a80\4f6074e897194de033ef6a8d\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\59c6faaf30214ba8aed64a80\4f6074e897194de033ef6a8d\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\59c6faaf30214ba8aed64a80\4f6074e897194de033ef6a8d\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\8d41dc2f4427430f34d4f28c\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\8d41dc2f4427430f34d4f28c\1cd522028b5043e4d6cfaebe\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\8d41dc2f4427430f34d4f28c\1cd522028b5043e4d6cfaebe\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\8d41dc2f4427430f34d4f28c\1cd522028b5043e4d6cfaebe\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\8d41dc2f4427430f34d4f28c\2d3e2e73a56c497cb69daebd\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\8d41dc2f4427430f34d4f28c\2d3e2e73a56c497cb69daebd\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\8d41dc2f4427430f34d4f28c\2d3e2e73a56c497cb69daebd\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\8d41dc2f4427430f34d4f28c\78c28b92ce154203f08da387\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\8d41dc2f4427430f34d4f28c\78c28b92ce154203f08da387\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\8d41dc2f4427430f34d4f28c\78c28b92ce154203f08da387\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\8d41dc2f4427430f34d4f28c\b5dca310b1db479f34713385\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\8d41dc2f4427430f34d4f28c\b5dca310b1db479f34713385\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\29017384e6de45460e55cc88\8d41dc2f4427430f34d4f28c\b5dca310b1db479f34713385\#name
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\0696269c54e849eb5d6a96a1\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\0696269c54e849eb5d6a96a1\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\0ca2a13c38844bf2bd4fd0b3\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\0ca2a13c38844bf2bd4fd0b3\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\123192120de54def9fb4ff8f\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\123192120de54def9fb4ff8f\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\1996d1e0997945241b4defa3\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\1996d1e0997945241b4defa3\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\1b6096f91e464212d8ef3586\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\1b6096f91e464212d8ef3586\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\1c2da6ca369445a621b135b8\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\1c2da6ca369445a621b135b8\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\1f3cee0861984ba89de63ab8\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\1f3cee0861984ba89de63ab8\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\2018a2ec24034c82dc3c66be\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\2018a2ec24034c82dc3c66be\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\235ac04382f2400f6500b584\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\235ac04382f2400f6500b584\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\2874988e32474e7313ab81af\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\2874988e32474e7313ab81af\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\2fdaee4f3ead4882f00b6f99\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\2fdaee4f3ead4882f00b6f99\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\3c0b667798de4114a5635a82\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\3c0b667798de4114a5635a82\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\3c0b667798de4114a5635a82\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\3f381b4b7921471aa13828b2\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\3f381b4b7921471aa13828b2\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\42838e6a926345ad17992690\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\42838e6a926345ad17992690\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\60322791b1ed4c2fb3222889\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\60322791b1ed4c2fb3222889\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\634101406f1b4b5a45e0729e\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\634101406f1b4b5a45e0729e\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\637351d6906441abc96852b3\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\637351d6906441abc96852b3\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\6ab710442264434d268f84bc\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\6ab710442264434d268f84bc\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\6d31edda5085492a2b420eaf\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\6d31edda5085492a2b420eaf\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\6e45513dfdac468f5d5bfe9f\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\6e45513dfdac468f5d5bfe9f\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\7681f17555534b9a3b84daac\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\7681f17555534b9a3b84daac\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\794ce7f0dfc84694154a528e\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\794ce7f0dfc84694154a528e\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\7a296c57ff8e4cc42374728c\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\7a296c57ff8e4cc42374728c\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\7b7e7cc696ef4aeded994ead\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\7b7e7cc696ef4aeded994ead\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\8b83c2a132884c728c0cfaa3\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\8b83c2a132884c728c0cfaa3\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\91354dce0c194c72ea566a96\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\91354dce0c194c72ea566a96\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\915e7e2c63a34b5189d60b80\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\915e7e2c63a34b5189d60b80\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\9a9217cf379242df1d2ae4a7\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\9a9217cf379242df1d2ae4a7\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\9da5de20855a422177990da4\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\9da5de20855a422177990da4\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\9f56e256e16546b25d06b7bb\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\9f56e256e16546b25d06b7bb\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\a5078ca799e747cbbba75499\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\a5078ca799e747cbbba75499\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\a568f6b88d7e44c3e956dd95\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\a568f6b88d7e44c3e956dd95\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\aa573bf8a87b4028edde58b1\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\aa573bf8a87b4028edde58b1\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\b09f2a773d1d4a1e825beabd\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\b09f2a773d1d4a1e825beabd\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\b345af55dd6347cdfb94bab2\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\b345af55dd6347cdfb94bab2\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\b4426d5a9d59490a96489fb6\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\b4426d5a9d59490a96489fb6\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\b7d41e2028df4b0d6d706890\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\b7d41e2028df4b0d6d706890\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\b7d41e2028df4b0d6d706890\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\ba5ac6ac36924360993e4182\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\ba5ac6ac36924360993e4182\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\baa39ebdb58e4fb34b67069c\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\baa39ebdb58e4fb34b67069c\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\bb2bd6fafbe24f8e4684979b\#data
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\bb2bd6fafbe24f8e4684979b\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\bb2bd6fafbe24f8e4684979b\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\c445316b38e545b4e0c7bf9e\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\c445316b38e545b4e0c7bf9e\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\c73dad612c2041813cb415aa\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\c73dad612c2041813cb415aa\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\d46eee887bac440a2e736c87\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\d46eee887bac440a2e736c87\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\dd34daa381ea422f50e09a90\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\dd34daa381ea422f50e09a90\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\dd54aa08e65e44c48c555fb0\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\dd54aa08e65e44c48c555fb0\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\df36d4df1fde403394a77ca2\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\df36d4df1fde403394a77ca2\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\e55457645691410556183887\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\e55457645691410556183887\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\ea6a34b628f24498326cca87\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\ea6a34b628f24498326cca87\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\ecc71cbd6901437841d9a9bf\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\ecc71cbd6901437841d9a9bf\#startup
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\f2fdacd2fb884b82ed0a7183\#internal
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\f2fdacd2fb884b82ed0a7183\#settings
C:\Program Files\WinAntiSpyware 2007\RTMonitor.dat\8a702d3a18e342f4a1b2b5b2\f2fdacd2fb884b82ed0a7183\#startup
C:\Program Files\WinAntiSpyware 2007\scanlog.xml
C:\Program Files\WinAntiSpyware 2007\settings.ini
C:\Program Files\WinAntiSpyware 2007\shellext.xml
C:\Program Files\WinAntiSpyware 2007\sr.log
C:\Program Files\WinAntiSpyware 2007\Summary.dat
C:\Program Files\WinAntiSpyware 2007\support.url
C:\Program Files\WinAntiSpyware 2007\tasks.dat
C:\Program Files\WinAntiSpyware 2007\threatnet.dat
C:\Program Files\WinAntiSpyware 2007\threatnet.ini
C:\Program Files\WinAntiSpyware 2007\unins000.dat
C:\Program Files\WinAntiSpyware 2007\unins000.exe
C:\Program Files\WinAntiSpyware 2007\uninstall.ico
C:\Program Files\WinAntiSpyware 2007\UnWizard.exe
C:\Program Files\WinAntiSpyware 2007\unwizard.xml
C:\Program Files\WinAntiSpyware 2007\up.dat
C:\Program Files\WinAntiSpyware 2007\updater.dat
C:\Program Files\WinAntiSpyware 2007\was7.exe
C:\Program Files\WinAntiSpyware 2007\WAS7.url
C:\Program Files\WinAntiSpyware 2007\WAS7.xml
C:\Temp\0b9
C:\Temp\0b9\tmpTF.log
C:\Temp\iee
C:\Temp\iee\tmpZTF.log
C:\Temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\o09PrEz
C:\WINDOWS\system32\S2
C:\WINDOWS\system32\S2\mwspasrt83122.exe
C:\WINDOWS\system32\S4
C:\WINDOWS\system32\S7
C:\WINDOWS\system32\S7\wr620.exe
C:\WINDOWS\system32\win
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\core


((((((((((((((((((((((((( Files Created from 2007-05-21 to 2007-06-21 )))))))))))))))))))))))))))))))


2007-06-21 15:25 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-21 15:24 <DIR> d-------- C:\Program Files\RogueRemover
2007-06-21 14:52 69,632 --a------ C:\WINDOWS\system32\asprouni.exe
2007-06-21 14:52 <DIR> d-------- C:\WINDOWS\system32\ASPRO
2007-06-21 12:28 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-21 12:28 <DIR> d-------- C:\WINDOWS\LastGood
2007-06-21 10:20 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-06-21 10:20 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-06-21 10:19 <DIR> d-------- C:\Program Files\Picasa2
2007-06-21 10:19 <DIR> d-------- C:\Program Files\Google
2007-06-21 09:53 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-06-21 09:53 <DIR> d-------- C:\Program Files\XPicture
2007-06-20 22:55 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-20 22:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-20 22:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-20 22:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-06-20 22:53 <DIR> d-------- C:\DOCUME~1\Ron\APPLIC~1\SUPERAntiSpyware.com
2007-06-20 20:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-20 20:17 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-06-20 20:08 <DIR> d-------- C:\VundoFix Backups
2007-06-20 19:19 6,530 ---hs---- C:\WINDOWS\system32\knnmp.bak1
2007-06-20 19:09 <DIR> d-------- C:\Temp
2007-06-20 19:08 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-06-20 19:08 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-06-20 19:08 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-06-20 19:08 18,432 --a------ C:\WINDOWS\system32\drivers\ApiMon.sys
2007-06-20 19:08 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-06-17 06:06 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-06-17 05:57 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-06-17 05:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spadester
2007-06-16 02:00 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-15 14:26 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2007-06-15 14:26 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-06-15 14:25 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-06-15 14:24 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-06-13 23:35 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-13 22:48 <DIR> d--h----- C:\WINDOWS\PIF
2007-06-13 09:59 <DIR> d-------- C:\Program Files\DVD Flick
2007-06-13 09:59 <DIR> d-------- C:\DOCUME~1\Ron\APPLIC~1\DVD Flick
2007-06-13 01:51 <DIR> d-------- C:\BLACK_MARKET
2007-06-13 01:26 <DIR> d-------- C:\DOCUME~1\Ron\APPLIC~1\Ahead
2007-06-13 01:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-06-13 01:24 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-06-13 01:24 <DIR> d-------- C:\Program Files\Nero
2007-06-13 01:24 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-06-13 01:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-06-13 00:18 <DIR> d-------- C:\Program Files\DVD Shrink
2007-06-13 00:00 <DIR> d-------- C:\dvdshrinkgide
2007-06-12 23:47 <DIR> d-------- C:\DOCUME~1\Ron\APPLIC~1\WinRAR
2007-06-12 23:44 <DIR> d-------- C:\fun
2007-06-12 16:06 58,904 --a------ C:\WINDOWS\system32\sysfolderazipcnt.dll
2007-06-12 16:06 58,904 --a------ C:\WINDOWS\system32\azipcontmn.dll
2007-06-12 16:06 <DIR> d-------- C:\Program Files\AlphaZIP
2007-06-11 08:44 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-10 19:32 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-03 15:17 1,688 --a------ C:\WINDOWS\mozver.dat
2007-06-03 15:15 <DIR> d-------- C:\Program Files\uTorrent
2007-06-03 15:15 <DIR> d-------- C:\DOCUME~1\Ron\APPLIC~1\uTorrent
2007-06-03 13:51 <DIR> d--hs---- C:\RECYCLER
2007-06-03 13:39 26,944 --a------ C:\WINDOWS\system32\drivers\purendis.sys
2007-06-03 13:39 25,792 --a------ C:\WINDOWS\system32\drivers\pnarp.sys
2007-06-03 13:39 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-03 13:39 <DIR> d-------- C:\Program Files\Pure Networks
2007-06-03 13:39 <DIR> d-------- C:\Program Files\DIFX
2007-06-03 13:39 <DIR> d-------- C:\Program Files\Common Files\Pure Networks Shared
2007-06-03 13:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pure Networks
2007-06-03 13:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-03 04:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-06-03 04:29 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-03 04:27 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-06-03 04:27 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-06-03 04:27 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-06-02 18:14 <DIR> d--hs---- C:\DOCUME~1\Ron\UserData
2007-06-02 17:30 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-06-02 17:30 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-06-02 17:27 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-02 17:25 <DIR> d-------- C:\Outlook Express
2007-06-02 17:18 57,856 -ra------ C:\WINDOWS\system32\drivers\NVENETFD.sys
2007-06-02 17:18 35,840 -ra------ C:\WINDOWS\system32\nvconrm.dll
2007-06-02 17:18 261,632 -ra------ C:\WINDOWS\system32\drivers\nvsnpu.sys
2007-06-02 17:18 201,728 -ra------ C:\WINDOWS\system32\fdco1ins.dll
2007-06-02 17:18 201,728 -ra------ C:\WINDOWS\system32\fdco1.dll
2007-06-02 17:18 20,480 -ra------ C:\WINDOWS\system32\drivers\nvnetbus.sys
2007-06-02 17:18 110,592 -ra------ C:\WINDOWS\system32\drivers\nvtcp.sys
2007-06-02 17:18 11,264 -ra------ C:\WINDOWS\system32\bdco1ins.dll
2007-06-02 17:18 11,264 -ra------ C:\WINDOWS\system32\bdco1.dll
2007-06-02 17:18 1,160,448 -ra------ C:\WINDOWS\system32\drivers\nvnrm.sys
2007-06-02 17:18 <DIR> d-------- C:\WINDOWS\NV2202024.TMP
2007-06-02 17:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
2007-06-02 17:10 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-06-02 17:03 <DIR> d-------- C:\MCP61
2007-06-02 16:43 81,408 -ra------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2007-06-02 16:39 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-06-02 16:39 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-06-02 16:39 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-06-02 16:39 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-06-02 16:39 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-16 23:19:52 133,168 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-05-16 23:19:50 11,568 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-05-16 14:42:22 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-05-15 14:45:14 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 21:42:50 972,336 ----a-w C:\WINDOWS\UNRecode.exe
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 03:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 20:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-03-21 02:22:04 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-08-16 02:35 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 05:04 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-18 22:12 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 05:43 C:\WINDOWS\Alcmtr.exe]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-11-01 00:04]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe" [2004-02-22 23:44]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"WinAntiSpyware 2007 Free"="C:\Program Files\WinAntiSpyware 2007\was7.exe" []
"uwas7cw"="C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe" []
"Salestart"="C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-20 20:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-23 10:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"combofix"=C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67f5e242-1122-11dc-acd3-806d6172696f}]
AutoRun\command- D:\Setup.EXE


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-21 15:29:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-21 15:30:01 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-21 15:29

--- E O F ---

#9 zippyzoe

zippyzoe
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 22 June 2007 - 10:43 PM

Here's the Infections list after I ran an Ad-aware 2007 scan about 1/2 hour ago. If you want the entire report I can upload it.

Hmmm----more WinAntiSpyware garbage. AVG scan is still going -- about 20 more minutes to go.

Infections ----

1084 WinAntiSpyware Misc 10
[300024229] Root: HKCR Path: clsid\{4567ab12-eded-4675-af10-ba15eddb4d7a}
[300024224] Root: HKCR Path: washellext.wascontextmenu
[300024225] Root: HKCR Path: washellext.wascontextmenu.1
[300024255] Root: HKLM Path: software\winantispyware 2007
[300024256] Root: HKLM Path: system\controlset001\services\apimon
[300024257] Root: HKLM Path: system\currentcontrolset\services\apimon
[400001672] Folder: C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiSpyware 2007

The removals

300024229] Root: HKCR Path: clsid\{4567ab12-eded-4675-af10-ba15eddb4d7a}
[300024224] Root: HKCR Path: washellext.wascontextmenu
[300024225] Root: HKCR Path: washellext.wascontextmenu.1
[300024255] Root: HKLM Path: software\winantispyware 2007
[300024256] Root: HKLM Path: system\controlset001\services\apimon
[400001672] Folder: C:\Documents and Settings\All Users\Start Menu\Programs\WinAntiSpyware 2007

#10 zippyzoe

zippyzoe
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 23 June 2007 - 01:14 AM

2007/06/22 23:18:01
TestEnded
@TestName_02
"infectedfiles">0

Not sure how to capture log. Finally, everything is clean. Thanks for your assistance. The good guys win again.

#11 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:25 PM

Posted 23 June 2007 - 11:31 AM

Hi,

Not sure how to capture log.

No worries, we'll do it again. You might like to print these instructions so that you'll have access to them when you're in Safe Mode.

Finally, everything is clean. Thanks for your assistance. The good guys win again.

You're welcome. That's good but let's make sure by doing the following scans. Nice clean up by Combofix :thumbsup: .......You've run the Combofix in Safe Mode. Any reason?

Please download Ccleaner and save it to your desktop.
Tutorial for CCleaner
During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it. Do not scan with it yet.

===========================
  • Double-click the icon on Desktop to launch AVG
  • On the main Status screen, under Your Computer's Security, click Resident Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
  • Select "Do Not Automatically generate report after every scan"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

============================

Reboot your computer in Safe Mode using the F8 method below.
a. If the computer is running, shut down Windows, and then turn off the power.
b. Wait 30 seconds, and then turn the computer on.
c. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
d. Ensure that the Safe Mode option is selected.
e. Press Enter. The computer then begins to start in Safe mode.

=======================================

From Safe Mode run Ccleaner
  • Click on Options,
  • Select Advanced
  • Now UNCHECK "Only delete files in Windows Temp folders older than 48 hours"
  • Make sure the Cleaner block on the left is selected.
  • Do not use the "Issues" block . It's meant for professionals.
  • Choose the Windows tab.
  • Check everything EXCEPT Advanced part of the Menu.
  • Click on "Analyze". This process could take a while.
  • If you don't want to loose your login passwords to certain sites, click on Options
  • Select cookies and move the ones you want to keep to the "cookies to keep" section, by highlighting and using the arrows in the middle.
  • Choose Run Cleaner.
When CCleaner shows how much has been removed, cleaning is finished. Click Exit.
If you have more than one users, run Ccleaner for every user

========================================

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).
=========================================

Restart in Normal Mode.

=========================================

Go to Start>Control Panel>Add/Remove Programs and remove if Kaspersky online scanner is present prior to downloading the most up-to-date one.

Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Standard
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
  • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop in txt format.
Copy and paste that information from Kapersky in your next post along with the AVG AS report and a fresh HijackThis log.

#12 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:25 PM

Posted 29 June 2007 - 01:12 PM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please PM me with the address of the thread, and we will reopen it for you. This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users