Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help With Removal Of Trojan!


  • This topic is locked This topic is locked
27 replies to this topic

#1 becks2307

becks2307

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 03 July 2007 - 06:41 AM

hi i am new here hope this forum helps. Anyway i have found out a hidden file (severe.exe) which is a trojan virus after my bro uses the com and suddenly lots of error message pop out which is very irritating...

i use lots of software to remove it, however, each time it has been remove it comes back in again!! how can i fully remove it without rebooting my com? thx. hope i can get it solved asap. =) cheers!

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 03 July 2007 - 07:41 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum becks2307 :thumbsup:

Please first follow the instructions found in the link below.

Preparation Guide for use before posting a HijackThis Log:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
Posted Image
Posted Image

#3 becks2307

becks2307
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 03 July 2007 - 11:23 AM

My first summary with bitdefender are...

Summary:

C:\Documents and Settings\HP_Owner\Application Data\WinPatrol\vault\severe.exe Suspect BehavesLike:Trojan.ShellStartup
C:\Documents and Settings\HP_Owner\Application Data\WinPatrol\vault\severe.exe Disinfection failed
C:\Documents and Settings\HP_Owner\Application Data\WinPatrol\vault\severe.exe Moved
C:\Documents and Settings\HP_Owner\Application Data\WinPatrol\vault\tfidma.exe Suspect BehavesLike:Trojan.ShellStartup
C:\Documents and Settings\HP_Owner\Application Data\WinPatrol\vault\tfidma.exe Disinfection failed
C:\Documents and Settings\HP_Owner\Application Data\WinPatrol\vault\tfidma.exe Moved
C:\Documents and Settings\xiaoboi\Application Data\WinPatrol\vault\adamrf.exe Suspect BehavesLike:Trojan.ShellStartup
C:\Documents and Settings\xiaoboi\Application Data\WinPatrol\vault\adamrf.exe Disinfection failed
C:\Documents and Settings\xiaoboi\Application Data\WinPatrol\vault\adamrf.exe Moved
C:\Documents and Settings\xiaoboi\Application Data\WinPatrol\vault\severe.exe Suspect BehavesLike:Trojan.ShellStartup
C:\Documents and Settings\xiaoboi\Application Data\WinPatrol\vault\severe.exe Disinfection failed
C:\Documents and Settings\xiaoboi\Application Data\WinPatrol\vault\severe.exe Moved
C:\Documents and Settings\xiaoboi\Application Data\WinPatrol\vault\tfidma.exe Suspect BehavesLike:Trojan.ShellStartup
C:\Documents and Settings\xiaoboi\Application Data\WinPatrol\vault\tfidma.exe Disinfection failed
C:\Documents and Settings\xiaoboi\Application Data\WinPatrol\vault\tfidma.exe Moved
C:\Documents and Settings\xiaoboi\Local Settings\Temporary Internet Files\Content.IE5\JLRNI0K0\35[1].htm Infected Exploit.Html.Codebase.Exec.Gen
C:\Documents and Settings\xiaoboi\Local Settings\Temporary Internet Files\Content.IE5\JLRNI0K0\35[1].htm Disinfection failed
C:\Documents and Settings\xiaoboi\Local Settings\Temporary Internet Files\Content.IE5\JLRNI0K0\35[1].htm Moved
C:\WINDOWS\system32\drivers\adamrf.exe Suspect BehavesLike:Trojan.ShellStartup
C:\WINDOWS\system32\drivers\adamrf.exe Disinfection failed
C:\WINDOWS\system32\drivers\adamrf.exe Moved
C:\WINDOWS\system32\drivers\conime.exe Suspect BehavesLike:Trojan.ShellStartup
C:\WINDOWS\system32\drivers\conime.exe Disinfection failed
C:\WINDOWS\system32\drivers\conime.exe Moved
C:\WINDOWS\system32\severe.exe Suspect BehavesLike:Trojan.ShellStartup
C:\WINDOWS\system32\severe.exe Disinfection failed
C:\WINDOWS\system32\severe.exe Moved
C:\WINDOWS\system32\tfidma.exe Suspect BehavesLike:Trojan.ShellStartup
C:\WINDOWS\system32\tfidma.exe Disinfection failed
C:\WINDOWS\system32\tfidma.exe Moved
C:\WINDOWS\system32\verclsid.dat Suspect BehavesLike:Trojan.ShellStartup
C:\WINDOWS\system32\verclsid.dat Disinfection failed
C:\WINDOWS\system32\verclsid.dat Moved

still finishing up with the rest...pls help

#4 becks2307

becks2307
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 04 July 2007 - 05:01 AM

Logfile of HijackThis v1.99.1
Scan saved at 5:59:48 PM, on 7/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\drivers\conime.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\tfidma.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\Msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\xbbjbdvp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\severe.exe
C:\Documents and Settings\xiaoboi\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWSabout.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\conime.exe
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [adamrf] C:\WINDOWS\system32\tfidma.exe
O4 - HKLM\..\Run: [tfidma] C:\WINDOWS\system32\severe.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0FC64BDC-D14D-4F04-802D-4B9104DF16FB} (SystemCheck Class) - http://www.singnet.com.sg/technical/helpto.../ALTControl.cab
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {2B866353-E598-4403-8E4D-B871AB30DC55} (Speed Class) - http://www.singnet.com.sg/technical/helpto...a/SpeedCtrl.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://axcab.wrs.mcboo.com/website.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA8F9DF6-D06F-46B2-88B0-5FFEA6D035E9}: NameServer = 165.21.100.88,165.21.83.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

this is the log file from hijackthis..anione can help?

#5 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 04 July 2007 - 09:43 AM

Download Avenger from the link below:
http://swandog46.geekstogo.com/avenger.zip
Unzip/extract it to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following bold blue text in the Quote box below:

Files to delete:
C:\WINDOWS\system32\drivers\conime.exe
C:\WINDOWS\system32\tfidma.exe
C:\WINDOWS\system32\xbbjbdvp.exe
C:\WINDOWS\system32\severe.exe

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt into your next reply.

============================

Please download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.


============================

Now go to:
C:\Documents and Settings\xiaoboi\Desktop\hijackthis\HijackThis.exe
Right click on Hijackthis.exe and select 'Rename', rename it to abc.bat
Double click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.
Posted Image
Posted Image

#6 becks2307

becks2307
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 05 July 2007 - 01:42 AM

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bijwvepk

*******************

Script file located at: \??\C:\WINDOWS\system32\fjyfywpa.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\conime.exe deleted successfully.
File C:\WINDOWS\system32\tfidma.exe deleted successfully.
File C:\WINDOWS\system32\xbbjbdvp.exe deleted successfully.
File C:\WINDOWS\system32\severe.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

#7 becks2307

becks2307
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 05 July 2007 - 01:55 AM

i cant get the log file for combo fix

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 05 July 2007 - 06:01 AM

Ok,now go to:
C:\Documents and Settings\xiaoboi\Desktop\hijackthis\HijackThis.exe
Right click on Hijackthis.exe and select 'Rename', rename it to abc.bat
Double click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.
Posted Image
Posted Image

#9 becks2307

becks2307
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 06 July 2007 - 06:44 AM

Logfile of HijackThis v1.99.1
Scan saved at 7:42:51 PM, on 7/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\drivers\conime.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\tfidma.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\uksekujd.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\severe.exe
C:\Documents and Settings\xiaoboi\Desktop\hijackthis\abc.bat

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWSabout.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\conime.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {982B57B9-B166-41FF-A817-B66C23A1AB16} - C:\WINDOWS\system32\gebyx.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {B6C43182-63AE-4F13-9980-714EB0A6CB3F} - C:\WINDOWS\system32\jkkkhhh.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [adamrf] C:\WINDOWS\system32\tfidma.exe
O4 - HKLM\..\Run: [tfidma] C:\WINDOWS\system32\severe.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0FC64BDC-D14D-4F04-802D-4B9104DF16FB} (SystemCheck Class) - http://www.singnet.com.sg/technical/helpto.../ALTControl.cab
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {2B866353-E598-4403-8E4D-B871AB30DC55} (Speed Class) - http://www.singnet.com.sg/technical/helpto...a/SpeedCtrl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://axcab.wrs.mcboo.com/website.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA8F9DF6-D06F-46B2-88B0-5FFEA6D035E9}: NameServer = 165.21.100.88,165.21.83.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: gebyx - C:\WINDOWS\system32\gebyx.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkkkhhh - C:\WINDOWS\SYSTEM32\jkkkhhh.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

this is the new log file..

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 06 July 2007 - 07:59 AM

You’ve got BitDefender and Symantec Security Center installed.
Not a good idea to have more than one antivirus program installed on your computer.
Each program may interpret the actions of the other as viral, therefore giving you false virus warnings about virus-related activities.
It could also lead to system slowdowns and other problems within the operating system,due to the two conflicting with each other.
You should uninstall one or the other as soon as possible,then restart your pc.

If you decide to uninstall Norton,if there’s no uninstaller available in Add\Remove Programs then you’’ll need to download and run the Norton Removal Tool:
http://service1.symantec.com/SUPPORT/tsgen...005033108162039

*Please Note:*
The Norton Removal Tool will remove all Norton/Symantec products from your pc.

=========================

Disable Windows Defender's real-time protection,as it may interfere.
* Open Microsoft Windows Defender. Click Start>All Programs>Windows Defender.
* Click on 'Tools'>'Options'.
* Under 'Real-time protection options', unselect the 'Turn on real-time protection' check box
* Click 'Save'.

Disable WinPatrol as it may interfere.
Right-click the running icon of Winpatrol in the system tray and choose exit. It will automatically restart at next boot.

=========================

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following bold blue text in the Quote box below:

Files to delete:
C:\WINDOWS\system32\drivers\conime.exe
C:\WINDOWS\system32\tfidma.exe
C:\WINDOWS\system32\uksekujd.exe
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\jkkkhhh.dll

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt into your next reply.

=========================

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following [If all are still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWSabout.htm
O2 - BHO: (no name) - {982B57B9-B166-41FF-A817-B66C23A1AB16} - C:\WINDOWS\system32\gebyx.dll
O2 - BHO: (no name) - {B6C43182-63AE-4F13-9980-714EB0A6CB3F} - C:\WINDOWS\system32\jkkkhhh.dll
O4 - HKLM\..\Run: [adamrf] C:\WINDOWS\system32\tfidma.exe
O4 - HKLM\..\Run: [tfidma] C:\WINDOWS\system32\severe.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O20 - Winlogon Notify: gebyx - C:\WINDOWS\system32\gebyx.dll
O20 - Winlogon Notify: jkkkhhh - C:\WINDOWS\SYSTEM32\jkkkhhh.dll

Exit Hijackthis.

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.

=========================

Download Deckard's System Scanner (DSS) and save it to your Desktop.

* Close all other windows before proceeding.
* Double-click on dss.exe and follow the prompts.
* When it has finished, DSS will open two Notepads: main.txt and extra.txt
* Use Save As to save both Notepad files to your Desktop and post them in your next reply.
Posted Image
Posted Image

#11 becks2307

becks2307
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 06 July 2007 - 06:27 PM

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hxvafxtw

*******************

Script file located at: \??\C:\Documents and Settings\jaauvmja.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\conime.exe deleted successfully.
File C:\WINDOWS\system32\tfidma.exe deleted successfully.
File C:\WINDOWS\system32\uksekujd.exe deleted successfully.
File C:\WINDOWS\system32\gebyx.dll deleted successfully.
File C:\WINDOWS\system32\jkkkhhh.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

log file from avenger

#12 becks2307

becks2307
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 06 July 2007 - 10:36 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/07/2007 at 08:40 AM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 01:04:44

Memory items scanned : 647
Memory threats detected : 0
Registry items scanned : 6047
Registry threats detected : 86
File items scanned : 51951
File threats detected : 1155

Adware.Tracking Cookie
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@adinterax[2].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@mediaplex[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@image.masterstats[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@doubleclick[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@linkto.mediafire[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@crackserialkeygen[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@crack.crackfound[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@streamit2.hardwarezone[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@e-2dj6wjkykmd5cdp.stats.esomniture[2].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@track.bestbuy[2].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@hitbox[2].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@area51warez[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@crackfound[2].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@tribalfusion[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@www.googleadservices[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@ads.revsci[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@forums.hardwarezone[2].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@revsci[2].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@adlegend[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@mediafire[2].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@youramateurporn[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@clickaider[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@clickbank[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@adbrite[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@stats.asianbookie[2].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@ad2.pl.mediainter[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@ehg-globalgamingleague.hitbox[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@advertising[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@partypoker[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@server.counter-strike[2].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@ehg-ati.hitbox[2].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@ad.uk.tangozebra[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@overture[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@ad.adnetinteractive[2].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@ehg-groupernetworks.hitbox[2].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@server.cpmstar[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@fastclick[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@ad2.pl.mediainter[2].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@audit.median[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@clicksor[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@tripod[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@streamit.hardwarezone[2].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@adopt.euroclick[2].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@hardwarezone[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@ads.asia1.com[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@adbrite[3].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@jamster.com[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@ad1.clickhype[2].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@www.fullreleases[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@cpvfeed[2].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@crack.crackfound[2].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@e-2dj6wfl4unc5gcp.stats.esomniture[2].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@www.soundtracklyrics[2].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@www.crackfound[2].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@www.mediafire[2].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@specificclick[2].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@ads.ookla[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@ads.adbrite[2].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@toplist[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@3.adbrite[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@4.adbrite[1].txt
C:\Documents and Settings\xiaoboi\Cookies\xiaoboi@adsrevenue[2].txt
C:\Documents and Settings\Guest\Cookies\guest@247realmedia[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[1].txt
C:\Documents and Settings\Guest\Cookies\guest@adbrite[1].txt
C:\Documents and Settings\Guest\Cookies\guest@adtech[2].txt
C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt
C:\Documents and Settings\Guest\Cookies\guest@anad.tacoda[1].txt
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
C:\Documents and Settings\Guest\Cookies\guest@casalemedia[1].txt
C:\Documents and Settings\Guest\Cookies\guest@centrebet.advertserve[1].txt
C:\Documents and Settings\Guest\Cookies\guest@citi.bridgetrack[2].txt
C:\Documents and Settings\Guest\Cookies\guest@data4.perf.overture[1].txt
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfligkdzgdp.stats.esomniture[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ehg-bandwidth.hitbox[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ehg-bskyb.hitbox[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@hitbox[2].txt
C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt
C:\Documents and Settings\Guest\Cookies\guest@partners.adultadworld[1].txt
C:\Documents and Settings\Guest\Cookies\guest@perf.overture[1].txt
C:\Documents and Settings\Guest\Cookies\guest@questionmarket[2].txt
C:\Documents and Settings\Guest\Cookies\guest@realmedia[2].txt
C:\Documents and Settings\Guest\Cookies\guest@revsci[2].txt
C:\Documents and Settings\Guest\Cookies\guest@server.iad.liveperson[1].txt
C:\Documents and Settings\Guest\Cookies\guest@serving-sys[2].txt
C:\Documents and Settings\Guest\Cookies\guest@statcounter[2].txt
C:\Documents and Settings\Guest\Cookies\guest@stats[1].txt
C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[1].txt
C:\Documents and Settings\Guest\Cookies\guest@tripod[1].txt
C:\Documents and Settings\Guest\Cookies\guest@zedo[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@1.marketbanker[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@2o7[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@3.adbrite[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@4.adbrite[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.uk.tangozebra[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.zanox[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adbrite[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adbrite[3].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adinterax[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adopt.euroclick[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adrevolver[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.adbrite[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.addynamix[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.hi5[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.pointroll[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.revsci[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.tripod.lycos[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adsrevenue[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adtech[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adultadworld[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adultfriendfinder[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@as-eu.falkag[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@as.casalemedia[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atdmt[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@brightcove.112.2o7[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bs.serving-sys[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@c5.zedo[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@carasexe[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@casalemedia[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@clickbank[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@clicksor[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cpvfeed[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@doubleclick[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-dig.hitbox[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-friendster.hitbox[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-greendot.hitbox[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-groupernetworks.hitbox[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-iwantoneofthose.hitbox[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-twi.hitbox[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-vintedge.hitbox[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fastclick[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@forums.hardwarezone[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@goclick[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@hardwarezone[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@hitbox[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@image.masterstats[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@imeem.112.2o7[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@imrworldwide[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@jamster.com[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@login.tracking101[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@m1.webstats.motigo[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@mediaplex[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@metacafe.122.2o7[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@microsoftwlmessengermkt.112.2o7[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@overture[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@partypoker[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@precisionclick[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@questionmarket[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@realmedia[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@revsci[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@screensavers[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@server.cpmstar[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@server.iad.liveperson[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@server.iad.liveperson[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@serving-sys[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@sg.hardwarezone[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@specificclick[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@statcounter[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@stats.asianbookie[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@streamit.hardwarezone[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tacoda[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@targetnet[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@track.webgains[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tradedoubler[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@trafficmp[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tripod.lycos[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tripod[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@upspiral[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.3dstats[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.googleadservices[1].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.upspiral[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www2.mystats[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www2.mystats[3].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@xiti[2].txt
C:\Documents and Settings\HP_Owner\Cookies\hp_owner@zedo[2].txt
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@ad.yieldmanager[2].txt
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@belnk[1].txt
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@burstnet[2].txt
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@casalemedia[2].txt
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@dist.belnk[2].txt
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@fastclick[1].txt
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@interclick[1].txt
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@media.fastclick[2].txt
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@server.cpmstar[2].txt
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@tacoda[1].txt
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@trafficmp[2].txt
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@tribalfusion[1].txt
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@winfixer[2].txt
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@www.winfixer[1].txt

Trojan.MalwareWipe
C:\Program Files\MalwareWipe.com\ignorelist.dat
C:\Program Files\MalwareWipe.com\MalwareWipe.com.exe
C:\Program Files\MalwareWipe.com\malwarewipe.ini
C:\Program Files\MalwareWipe.com
HKCR\TypeLib\{7777CB57-9C54-4DD2-8976-0FD7864CF67C}
HKCR\TypeLib\{7777CB57-9C54-4DD2-8976-0FD7864CF67C}\1.0
HKCR\TypeLib\{7777CB57-9C54-4DD2-8976-0FD7864CF67C}\1.0\0
HKCR\TypeLib\{7777CB57-9C54-4DD2-8976-0FD7864CF67C}\1.0\0\win32
HKCR\TypeLib\{7777CB57-9C54-4DD2-8976-0FD7864CF67C}\1.0\FLAGS
HKCR\TypeLib\{7777CB57-9C54-4DD2-8976-0FD7864CF67C}\1.0\HELPDIR
HKCR\Interface\{124051BD-57BA-4614-945E-798AC91581B4}
HKCR\Interface\{124051BD-57BA-4614-945E-798AC91581B4}\ProxyStubClsid
HKCR\Interface\{124051BD-57BA-4614-945E-798AC91581B4}\ProxyStubClsid32
HKCR\Interface\{124051BD-57BA-4614-945E-798AC91581B4}\TypeLib
HKCR\Interface\{124051BD-57BA-4614-945E-798AC91581B4}\TypeLib#Version
HKCR\Interface\{23FD014C-455B-4497-98E9-D66EE36F1DE6}
HKCR\Interface\{23FD014C-455B-4497-98E9-D66EE36F1DE6}\ProxyStubClsid
HKCR\Interface\{23FD014C-455B-4497-98E9-D66EE36F1DE6}\ProxyStubClsid32
HKCR\Interface\{23FD014C-455B-4497-98E9-D66EE36F1DE6}\TypeLib
HKCR\Interface\{23FD014C-455B-4497-98E9-D66EE36F1DE6}\TypeLib#Version
HKCR\Interface\{3872760B-D0D8-41E0-9A73-E6A40E30D5AC}
HKCR\Interface\{3872760B-D0D8-41E0-9A73-E6A40E30D5AC}\ProxyStubClsid
HKCR\Interface\{3872760B-D0D8-41E0-9A73-E6A40E30D5AC}\ProxyStubClsid32
HKCR\Interface\{3872760B-D0D8-41E0-9A73-E6A40E30D5AC}\TypeLib
HKCR\Interface\{3872760B-D0D8-41E0-9A73-E6A40E30D5AC}\TypeLib#Version
HKCR\Interface\{3DBDA661-F6D1-4A43-8EAA-9A95977257F1}
HKCR\Interface\{3DBDA661-F6D1-4A43-8EAA-9A95977257F1}\ProxyStubClsid
HKCR\Interface\{3DBDA661-F6D1-4A43-8EAA-9A95977257F1}\ProxyStubClsid32
HKCR\Interface\{3DBDA661-F6D1-4A43-8EAA-9A95977257F1}\TypeLib
HKCR\Interface\{3DBDA661-F6D1-4A43-8EAA-9A95977257F1}\TypeLib#Version
HKCR\Interface\{525C8F79-9BEF-4F76-A28C-27F1E71BCE5A}
HKCR\Interface\{525C8F79-9BEF-4F76-A28C-27F1E71BCE5A}\ProxyStubClsid
HKCR\Interface\{525C8F79-9BEF-4F76-A28C-27F1E71BCE5A}\ProxyStubClsid32
HKCR\Interface\{525C8F79-9BEF-4F76-A28C-27F1E71BCE5A}\TypeLib
HKCR\Interface\{525C8F79-9BEF-4F76-A28C-27F1E71BCE5A}\TypeLib#Version
HKCR\Interface\{52F3ADB8-D062-4622-94FB-C0374DC4A94E}
HKCR\Interface\{52F3ADB8-D062-4622-94FB-C0374DC4A94E}\ProxyStubClsid
HKCR\Interface\{52F3ADB8-D062-4622-94FB-C0374DC4A94E}\ProxyStubClsid32
HKCR\Interface\{52F3ADB8-D062-4622-94FB-C0374DC4A94E}\TypeLib
HKCR\Interface\{52F3ADB8-D062-4622-94FB-C0374DC4A94E}\TypeLib#Version
HKCR\Interface\{54E16983-0202-43EC-9CAC-5B8F7493BB80}
HKCR\Interface\{54E16983-0202-43EC-9CAC-5B8F7493BB80}\ProxyStubClsid
HKCR\Interface\{54E16983-0202-43EC-9CAC-5B8F7493BB80}\ProxyStubClsid32
HKCR\Interface\{54E16983-0202-43EC-9CAC-5B8F7493BB80}\TypeLib
HKCR\Interface\{54E16983-0202-43EC-9CAC-5B8F7493BB80}\TypeLib#Version
HKCR\Interface\{73A77F6A-C2C9-4F7E-AD8B-3EC0A7877185}
HKCR\Interface\{73A77F6A-C2C9-4F7E-AD8B-3EC0A7877185}\ProxyStubClsid
HKCR\Interface\{73A77F6A-C2C9-4F7E-AD8B-3EC0A7877185}\ProxyStubClsid32
HKCR\Interface\{73A77F6A-C2C9-4F7E-AD8B-3EC0A7877185}\TypeLib
HKCR\Interface\{73A77F6A-C2C9-4F7E-AD8B-3EC0A7877185}\TypeLib#Version
HKCR\Interface\{8EE388CB-A53E-49EA-9E0F-9CCFA1C016B7}
HKCR\Interface\{8EE388CB-A53E-49EA-9E0F-9CCFA1C016B7}\ProxyStubClsid
HKCR\Interface\{8EE388CB-A53E-49EA-9E0F-9CCFA1C016B7}\ProxyStubClsid32
HKCR\Interface\{8EE388CB-A53E-49EA-9E0F-9CCFA1C016B7}\TypeLib
HKCR\Interface\{8EE388CB-A53E-49EA-9E0F-9CCFA1C016B7}\TypeLib#Version
HKCR\Interface\{939CBB64-212B-47C5-B610-38B5811E630A}
HKCR\Interface\{939CBB64-212B-47C5-B610-38B5811E630A}\ProxyStubClsid
HKCR\Interface\{939CBB64-212B-47C5-B610-38B5811E630A}\ProxyStubClsid32
HKCR\Interface\{939CBB64-212B-47C5-B610-38B5811E630A}\TypeLib
HKCR\Interface\{939CBB64-212B-47C5-B610-38B5811E630A}\TypeLib#Version
HKCR\Interface\{BA0017FE-829E-4460-9DEA-B969BA166B85}
HKCR\Interface\{BA0017FE-829E-4460-9DEA-B969BA166B85}\ProxyStubClsid
HKCR\Interface\{BA0017FE-829E-4460-9DEA-B969BA166B85}\ProxyStubClsid32
HKCR\Interface\{BA0017FE-829E-4460-9DEA-B969BA166B85}\TypeLib
HKCR\Interface\{BA0017FE-829E-4460-9DEA-B969BA166B85}\TypeLib#Version
HKCR\Interface\{D56C35E6-720F-451D-A85E-E07317479F3E}
HKCR\Interface\{D56C35E6-720F-451D-A85E-E07317479F3E}\ProxyStubClsid
HKCR\Interface\{D56C35E6-720F-451D-A85E-E07317479F3E}\ProxyStubClsid32
HKCR\Interface\{D56C35E6-720F-451D-A85E-E07317479F3E}\TypeLib
HKCR\Interface\{D56C35E6-720F-451D-A85E-E07317479F3E}\TypeLib#Version
HKCR\Interface\{D8E3D728-0F31-4479-B936-35EED7015282}
HKCR\Interface\{D8E3D728-0F31-4479-B936-35EED7015282}\ProxyStubClsid
HKCR\Interface\{D8E3D728-0F31-4479-B936-35EED7015282}\ProxyStubClsid32
HKCR\Interface\{D8E3D728-0F31-4479-B936-35EED7015282}\TypeLib
HKCR\Interface\{D8E3D728-0F31-4479-B936-35EED7015282}\TypeLib#Version
HKCR\Interface\{E4245BB7-4478-4D78-B9A6-12D3EA5BEFA6}
HKCR\Interface\{E4245BB7-4478-4D78-B9A6-12D3EA5BEFA6}\ProxyStubClsid
HKCR\Interface\{E4245BB7-4478-4D78-B9A6-12D3EA5BEFA6}\ProxyStubClsid32
HKCR\Interface\{E4245BB7-4478-4D78-B9A6-12D3EA5BEFA6}\TypeLib
HKCR\Interface\{E4245BB7-4478-4D78-B9A6-12D3EA5BEFA6}\TypeLib#Version
HKCR\Interface\{E4D111A5-A3D5-4097-BBE6-2EDBC0277D61}
HKCR\Interface\{E4D111A5-A3D5-4097-BBE6-2EDBC0277D61}\ProxyStubClsid
HKCR\Interface\{E4D111A5-A3D5-4097-BBE6-2EDBC0277D61}\ProxyStubClsid32
HKCR\Interface\{E4D111A5-A3D5-4097-BBE6-2EDBC0277D61}\TypeLib
HKCR\Interface\{E4D111A5-A3D5-4097-BBE6-2EDBC0277D61}\TypeLib#Version
HKCR\Interface\{EDF9F7F2-C764-46D6-B5A8-5A87938F9793}
HKCR\Interface\{EDF9F7F2-C764-46D6-B5A8-5A87938F9793}\ProxyStubClsid
HKCR\Interface\{EDF9F7F2-C764-46D6-B5A8-5A87938F9793}\ProxyStubClsid32
HKCR\Interface\{EDF9F7F2-C764-46D6-B5A8-5A87938F9793}\TypeLib
HKCR\Interface\{EDF9F7F2-C764-46D6-B5A8-5A87938F9793}\TypeLib#Version

Malware.SpywareQuake
C:\DOCUMENTS AND SETTINGS\XIAOBOI\LOCAL SETTINGS\TEMP\SA1DD8.EXE

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\COOL.EXE
C:\WINDOWS\SYSTEM32\DRVTAF.DLL
C:\WINDOWS\TEMP\IDD1.TMP.EXE
C:\WINDOWS\TEMP\IDD1003.TMP.EXE
C:\WINDOWS\TEMP\IDD1017.TMP.EXE
C:\WINDOWS\TEMP\IDD1018.TMP.EXE
C:\WINDOWS\TEMP\IDD1019.TMP.EXE
C:\WINDOWS\TEMP\IDD1024.TMP.EXE
C:\WINDOWS\TEMP\IDD1039.TMP.EXE
C:\WINDOWS\TEMP\IDD104E.TMP.EXE
C:\WINDOWS\TEMP\IDD1063.TMP.EXE
C:\WINDOWS\TEMP\IDD1078.TMP.EXE
C:\WINDOWS\TEMP\IDD108D.TMP.EXE
C:\WINDOWS\TEMP\IDD10A2.TMP.EXE
C:\WINDOWS\TEMP\IDD10B7.TMP.EXE
C:\WINDOWS\TEMP\IDD10CC.TMP.EXE
C:\WINDOWS\TEMP\IDD10DA.TMP.EXE
C:\WINDOWS\TEMP\IDD10DE.TMP.EXE
C:\WINDOWS\TEMP\IDD10F1.TMP.EXE
C:\WINDOWS\TEMP\IDD10F3.TMP.EXE
C:\WINDOWS\TEMP\IDD10FD.TMP.EXE
C:\WINDOWS\TEMP\IDD11.TMP.EXE
C:\WINDOWS\TEMP\IDD1108.TMP.EXE
C:\WINDOWS\TEMP\IDD1110.TMP.EXE
C:\WINDOWS\TEMP\IDD111D.TMP.EXE
C:\WINDOWS\TEMP\IDD112F.TMP.EXE
C:\WINDOWS\TEMP\IDD1130.TMP.EXE
C:\WINDOWS\TEMP\IDD1131.TMP.EXE
C:\WINDOWS\TEMP\IDD1142.TMP.EXE
C:\WINDOWS\TEMP\IDD1155.TMP.EXE
C:\WINDOWS\TEMP\IDD1157.TMP.EXE
C:\WINDOWS\TEMP\IDD1169.TMP.EXE
C:\WINDOWS\TEMP\IDD116C.TMP.EXE
C:\WINDOWS\TEMP\IDD116D.TMP.EXE
C:\WINDOWS\TEMP\IDD1172.TMP.EXE
C:\WINDOWS\TEMP\IDD1173.TMP.EXE
C:\WINDOWS\TEMP\IDD117E.TMP.EXE
C:\WINDOWS\TEMP\IDD1192.TMP.EXE
C:\WINDOWS\TEMP\IDD1197.TMP.EXE
C:\WINDOWS\TEMP\IDD119B.TMP.EXE
C:\WINDOWS\TEMP\IDD119C.TMP.EXE
C:\WINDOWS\TEMP\IDD119D.TMP.EXE
C:\WINDOWS\TEMP\IDD119E.TMP.EXE
C:\WINDOWS\TEMP\IDD119F.TMP.EXE
C:\WINDOWS\TEMP\IDD11A0.TMP.EXE
C:\WINDOWS\TEMP\IDD11A1.TMP.EXE
C:\WINDOWS\TEMP\IDD11AC.TMP.EXE
C:\WINDOWS\TEMP\IDD11B6.TMP.EXE
C:\WINDOWS\TEMP\IDD11B9.TMP.EXE
C:\WINDOWS\TEMP\IDD11C0.TMP.EXE
C:\WINDOWS\TEMP\IDD11C2.TMP.EXE
C:\WINDOWS\TEMP\IDD11C3.TMP.EXE
C:\WINDOWS\TEMP\IDD11C4.TMP.EXE
C:\WINDOWS\TEMP\IDD11CB.TMP.EXE
C:\WINDOWS\TEMP\IDD11CC.TMP.EXE
C:\WINDOWS\TEMP\IDD11D0.TMP.EXE
C:\WINDOWS\TEMP\IDD11DA.TMP.EXE
C:\WINDOWS\TEMP\IDD11E2.TMP.EXE
C:\WINDOWS\TEMP\IDD11E3.TMP.EXE
C:\WINDOWS\TEMP\IDD11E4.TMP.EXE
C:\WINDOWS\TEMP\IDD11E5.TMP.EXE
C:\WINDOWS\TEMP\IDD11E6.TMP.EXE
C:\WINDOWS\TEMP\IDD11F7.TMP.EXE
C:\WINDOWS\TEMP\IDD11F9.TMP.EXE
C:\WINDOWS\TEMP\IDD11FA.TMP.EXE
C:\WINDOWS\TEMP\IDD11FB.TMP.EXE
C:\WINDOWS\TEMP\IDD11FC.TMP.EXE
C:\WINDOWS\TEMP\IDD11FD.TMP.EXE
C:\WINDOWS\TEMP\IDD11FE.TMP.EXE
C:\WINDOWS\TEMP\IDD11FF.TMP.EXE
C:\WINDOWS\TEMP\IDD1200.TMP.EXE
C:\WINDOWS\TEMP\IDD1201.TMP.EXE
C:\WINDOWS\TEMP\IDD120C.TMP.EXE
C:\WINDOWS\TEMP\IDD120F.TMP.EXE
C:\WINDOWS\TEMP\IDD1214.TMP.EXE
C:\WINDOWS\TEMP\IDD1215.TMP.EXE
C:\WINDOWS\TEMP\IDD121C.TMP.EXE
C:\WINDOWS\TEMP\IDD1221.TMP.EXE
C:\WINDOWS\TEMP\IDD1228.TMP.EXE
C:\WINDOWS\TEMP\IDD122A.TMP.EXE
C:\WINDOWS\TEMP\IDD1236.TMP.EXE
C:\WINDOWS\TEMP\IDD1244.TMP.EXE
C:\WINDOWS\TEMP\IDD1245.TMP.EXE
C:\WINDOWS\TEMP\IDD124B.TMP.EXE
C:\WINDOWS\TEMP\IDD124C.TMP.EXE
C:\WINDOWS\TEMP\IDD1260.TMP.EXE
C:\WINDOWS\TEMP\IDD1275.TMP.EXE
C:\WINDOWS\TEMP\IDD128A.TMP.EXE
C:\WINDOWS\TEMP\IDD12A3.TMP.EXE
C:\WINDOWS\TEMP\IDD12A7.TMP.EXE
C:\WINDOWS\TEMP\IDD12B2.TMP.EXE
C:\WINDOWS\TEMP\IDD12B3.TMP.EXE
C:\WINDOWS\TEMP\IDD12BE.TMP.EXE
C:\WINDOWS\TEMP\IDD12C3.TMP.EXE
C:\WINDOWS\TEMP\IDD12C5.TMP.EXE
C:\WINDOWS\TEMP\IDD12C8.TMP.EXE
C:\WINDOWS\TEMP\IDD12CA.TMP.EXE
C:\WINDOWS\TEMP\IDD12CB.TMP.EXE
C:\WINDOWS\TEMP\IDD12D2.TMP.EXE
C:\WINDOWS\TEMP\IDD12D3.TMP.EXE
C:\WINDOWS\TEMP\IDD12D4.TMP.EXE
C:\WINDOWS\TEMP\IDD12D5.TMP.EXE
C:\WINDOWS\TEMP\IDD12D6.TMP.EXE
C:\WINDOWS\TEMP\IDD12DE.TMP.EXE
C:\WINDOWS\TEMP\IDD12DF.TMP.EXE
C:\WINDOWS\TEMP\IDD12E0.TMP.EXE
C:\WINDOWS\TEMP\IDD12E3.TMP.EXE
C:\WINDOWS\TEMP\IDD12E9.TMP.EXE
C:\WINDOWS\TEMP\IDD12F3.TMP.EXE
C:\WINDOWS\TEMP\IDD12FB.TMP.EXE
C:\WINDOWS\TEMP\IDD13.TMP.EXE
C:\WINDOWS\TEMP\IDD130A.TMP.EXE
C:\WINDOWS\TEMP\IDD130E.TMP.EXE
C:\WINDOWS\TEMP\IDD131F.TMP.EXE
C:\WINDOWS\TEMP\IDD1320.TMP.EXE
C:\WINDOWS\TEMP\IDD1321.TMP.EXE
C:\WINDOWS\TEMP\IDD132A.TMP.EXE
C:\WINDOWS\TEMP\IDD132D.TMP.EXE
C:\WINDOWS\TEMP\IDD132E.TMP.EXE
C:\WINDOWS\TEMP\IDD1333.TMP.EXE
C:\WINDOWS\TEMP\IDD1334.TMP.EXE
C:\WINDOWS\TEMP\IDD1349.TMP.EXE
C:\WINDOWS\TEMP\IDD135E.TMP.EXE
C:\WINDOWS\TEMP\IDD135F.TMP.EXE
C:\WINDOWS\TEMP\IDD1373.TMP.EXE
C:\WINDOWS\TEMP\IDD1387.TMP.EXE
C:\WINDOWS\TEMP\IDD1388.TMP.EXE
C:\WINDOWS\TEMP\IDD138D.TMP.EXE
C:\WINDOWS\TEMP\IDD1390.TMP.EXE
C:\WINDOWS\TEMP\IDD1391.TMP.EXE
C:\WINDOWS\TEMP\IDD1394.TMP.EXE
C:\WINDOWS\TEMP\IDD1395.TMP.EXE
C:\WINDOWS\TEMP\IDD1396.TMP.EXE
C:\WINDOWS\TEMP\IDD1397.TMP.EXE
C:\WINDOWS\TEMP\IDD1398.TMP.EXE
C:\WINDOWS\TEMP\IDD1399.TMP.EXE
C:\WINDOWS\TEMP\IDD139A.TMP.EXE
C:\WINDOWS\TEMP\IDD139B.TMP.EXE
C:\WINDOWS\TEMP\IDD13A1.TMP.EXE
C:\WINDOWS\TEMP\IDD13A2.TMP.EXE
C:\WINDOWS\TEMP\IDD13A7.TMP.EXE
C:\WINDOWS\TEMP\IDD13AC.TMP.EXE
C:\WINDOWS\TEMP\IDD13B5.TMP.EXE
C:\WINDOWS\TEMP\IDD13C1.TMP.EXE
C:\WINDOWS\TEMP\IDD13C7.TMP.EXE
C:\WINDOWS\TEMP\IDD13E0.TMP.EXE
C:\WINDOWS\TEMP\IDD13E1.TMP.EXE
C:\WINDOWS\TEMP\IDD13E9.TMP.EXE
C:\WINDOWS\TEMP\IDD13EB.TMP.EXE
C:\WINDOWS\TEMP\IDD13F2.TMP.EXE
C:\WINDOWS\TEMP\IDD13F3.TMP.EXE
C:\WINDOWS\TEMP\IDD13F4.TMP.EXE
C:\WINDOWS\TEMP\IDD13F5.TMP.EXE
C:\WINDOWS\TEMP\IDD13FD.TMP.EXE
C:\WINDOWS\TEMP\IDD1400.TMP.EXE
C:\WINDOWS\TEMP\IDD1409.TMP.EXE
C:\WINDOWS\TEMP\IDD140A.TMP.EXE
C:\WINDOWS\TEMP\IDD1410.TMP.EXE
C:\WINDOWS\TEMP\IDD1411.TMP.EXE
C:\WINDOWS\TEMP\IDD1412.TMP.EXE
C:\WINDOWS\TEMP\IDD1413.TMP.EXE
C:\WINDOWS\TEMP\IDD1416.TMP.EXE
C:\WINDOWS\TEMP\IDD1417.TMP.EXE
C:\WINDOWS\TEMP\IDD141B.TMP.EXE
C:\WINDOWS\TEMP\IDD141C.TMP.EXE
C:\WINDOWS\TEMP\IDD141D.TMP.EXE
C:\WINDOWS\TEMP\IDD141E.TMP.EXE
C:\WINDOWS\TEMP\IDD141F.TMP.EXE
C:\WINDOWS\TEMP\IDD1424.TMP.EXE
C:\WINDOWS\TEMP\IDD1426.TMP.EXE
C:\WINDOWS\TEMP\IDD1427.TMP.EXE
C:\WINDOWS\TEMP\IDD142D.TMP.EXE
C:\WINDOWS\TEMP\IDD1433.TMP.EXE
C:\WINDOWS\TEMP\IDD1435.TMP.EXE
C:\WINDOWS\TEMP\IDD1437.TMP.EXE
C:\WINDOWS\TEMP\IDD143B.TMP.EXE
C:\WINDOWS\TEMP\IDD1442.TMP.EXE
C:\WINDOWS\TEMP\IDD1443.TMP.EXE
C:\WINDOWS\TEMP\IDD1444.TMP.EXE
C:\WINDOWS\TEMP\IDD1445.TMP.EXE
C:\WINDOWS\TEMP\IDD1446.TMP.EXE
C:\WINDOWS\TEMP\IDD1447.TMP.EXE
C:\WINDOWS\TEMP\IDD1448.TMP.EXE
C:\WINDOWS\TEMP\IDD1449.TMP.EXE
C:\WINDOWS\TEMP\IDD144A.TMP.EXE
C:\WINDOWS\TEMP\IDD144E.TMP.EXE
C:\WINDOWS\TEMP\IDD1451.TMP.EXE
C:\WINDOWS\TEMP\IDD1452.TMP.EXE
C:\WINDOWS\TEMP\IDD1453.TMP.EXE
C:\WINDOWS\TEMP\IDD1454.TMP.EXE
C:\WINDOWS\TEMP\IDD1456.TMP.EXE
C:\WINDOWS\TEMP\IDD1459.TMP.EXE
C:\WINDOWS\TEMP\IDD1461.TMP.EXE
C:\WINDOWS\TEMP\IDD1468.TMP.EXE
C:\WINDOWS\TEMP\IDD147D.TMP.EXE
C:\WINDOWS\TEMP\IDD147F.TMP.EXE
C:\WINDOWS\TEMP\IDD1480.TMP.EXE
C:\WINDOWS\TEMP\IDD1481.TMP.EXE
C:\WINDOWS\TEMP\IDD1482.TMP.EXE
C:\WINDOWS\TEMP\IDD1487.TMP.EXE
C:\WINDOWS\TEMP\IDD1490.TMP.EXE
C:\WINDOWS\TEMP\IDD1491.TMP.EXE
C:\WINDOWS\TEMP\IDD14A1.TMP.EXE
C:\WINDOWS\TEMP\IDD14A8.TMP.EXE
C:\WINDOWS\TEMP\IDD14AF.TMP.EXE
C:\WINDOWS\TEMP\IDD14B6.TMP.EXE
C:\WINDOWS\TEMP\IDD14B7.TMP.EXE
C:\WINDOWS\TEMP\IDD14BC.TMP.EXE
C:\WINDOWS\TEMP\IDD14BD.TMP.EXE
C:\WINDOWS\TEMP\IDD14BE.TMP.EXE
C:\WINDOWS\TEMP\IDD14BF.TMP.EXE
C:\WINDOWS\TEMP\IDD14C7.TMP.EXE
C:\WINDOWS\TEMP\IDD14D2.TMP.EXE
C:\WINDOWS\TEMP\IDD14E4.TMP.EXE
C:\WINDOWS\TEMP\IDD14E8.TMP.EXE
C:\WINDOWS\TEMP\IDD14E9.TMP.EXE
C:\WINDOWS\TEMP\IDD14F4.TMP.EXE
C:\WINDOWS\TEMP\IDD14FD.TMP.EXE
C:\WINDOWS\TEMP\IDD14FE.TMP.EXE
C:\WINDOWS\TEMP\IDD1502.TMP.EXE
C:\WINDOWS\TEMP\IDD1504.TMP.EXE
C:\WINDOWS\TEMP\IDD1505.TMP.EXE
C:\WINDOWS\TEMP\IDD1506.TMP.EXE
C:\WINDOWS\TEMP\IDD1507.TMP.EXE
C:\WINDOWS\TEMP\IDD1508.TMP.EXE
C:\WINDOWS\TEMP\IDD1509.TMP.EXE
C:\WINDOWS\TEMP\IDD150B.TMP.EXE
C:\WINDOWS\TEMP\IDD1514.TMP.EXE
C:\WINDOWS\TEMP\IDD1529.TMP.EXE
C:\WINDOWS\TEMP\IDD1533.TMP.EXE
C:\WINDOWS\TEMP\IDD153D.TMP.EXE
C:\WINDOWS\TEMP\IDD1540.TMP.EXE
C:\WINDOWS\TEMP\IDD1541.TMP.EXE
C:\WINDOWS\TEMP\IDD1545.TMP.EXE
C:\WINDOWS\TEMP\IDD1546.TMP.EXE
C:\WINDOWS\TEMP\IDD155B.TMP.EXE
C:\WINDOWS\TEMP\IDD1563.TMP.EXE
C:\WINDOWS\TEMP\IDD1573.TMP.EXE
C:\WINDOWS\TEMP\IDD157B.TMP.EXE
C:\WINDOWS\TEMP\IDD157D.TMP.EXE
C:\WINDOWS\TEMP\IDD1580.TMP.EXE
C:\WINDOWS\TEMP\IDD1587.TMP.EXE
C:\WINDOWS\TEMP\IDD158A.TMP.EXE
C:\WINDOWS\TEMP\IDD158B.TMP.EXE
C:\WINDOWS\TEMP\IDD158C.TMP.EXE
C:\WINDOWS\TEMP\IDD1591.TMP.EXE
C:\WINDOWS\TEMP\IDD1592.TMP.EXE
C:\WINDOWS\TEMP\IDD1597.TMP.EXE
C:\WINDOWS\TEMP\IDD1598.TMP.EXE
C:\WINDOWS\TEMP\IDD1599.TMP.EXE
C:\WINDOWS\TEMP\IDD159A.TMP.EXE
C:\WINDOWS\TEMP\IDD159B.TMP.EXE
C:\WINDOWS\TEMP\IDD159E.TMP.EXE
C:\WINDOWS\TEMP\IDD159F.TMP.EXE
C:\WINDOWS\TEMP\IDD15A1.TMP.EXE
C:\WINDOWS\TEMP\IDD15B3.TMP.EXE
C:\WINDOWS\TEMP\IDD15B8.TMP.EXE
C:\WINDOWS\TEMP\IDD15BA.TMP.EXE
C:\WINDOWS\TEMP\IDD15C8.TMP.EXE
C:\WINDOWS\TEMP\IDD15D7.TMP.EXE
C:\WINDOWS\TEMP\IDD15E6.TMP.EXE
C:\WINDOWS\TEMP\IDD15E9.TMP.EXE
C:\WINDOWS\TEMP\IDD15EA.TMP.EXE
C:\WINDOWS\TEMP\IDD15EC.TMP.EXE
C:\WINDOWS\TEMP\IDD15ED.TMP.EXE
C:\WINDOWS\TEMP\IDD15F2.TMP.EXE
C:\WINDOWS\TEMP\IDD1601.TMP.EXE
C:\WINDOWS\TEMP\IDD1602.TMP.EXE
C:\WINDOWS\TEMP\IDD160A.TMP.EXE
C:\WINDOWS\TEMP\IDD160F.TMP.EXE
C:\WINDOWS\TEMP\IDD1611.TMP.EXE
C:\WINDOWS\TEMP\IDD1613.TMP.EXE
C:\WINDOWS\TEMP\IDD1618.TMP.EXE
C:\WINDOWS\TEMP\IDD161B.TMP.EXE
C:\WINDOWS\TEMP\IDD1620.TMP.EXE
C:\WINDOWS\TEMP\IDD162D.TMP.EXE
C:\WINDOWS\TEMP\IDD1633.TMP.EXE
C:\WINDOWS\TEMP\IDD1634.TMP.EXE
C:\WINDOWS\TEMP\IDD163F.TMP.EXE
C:\WINDOWS\TEMP\IDD1643.TMP.EXE
C:\WINDOWS\TEMP\IDD1648.TMP.EXE
C:\WINDOWS\TEMP\IDD164C.TMP.EXE
C:\WINDOWS\TEMP\IDD164E.TMP.EXE
C:\WINDOWS\TEMP\IDD1655.TMP.EXE
C:\WINDOWS\TEMP\IDD1656.TMP.EXE
C:\WINDOWS\TEMP\IDD1657.TMP.EXE
C:\WINDOWS\TEMP\IDD165B.TMP.EXE
C:\WINDOWS\TEMP\IDD165D.TMP.EXE
C:\WINDOWS\TEMP\IDD1660.TMP.EXE
C:\WINDOWS\TEMP\IDD1664.TMP.EXE
C:\WINDOWS\TEMP\IDD1666.TMP.EXE
C:\WINDOWS\TEMP\IDD1669.TMP.EXE
C:\WINDOWS\TEMP\IDD166B.TMP.EXE
C:\WINDOWS\TEMP\IDD166C.TMP.EXE
C:\WINDOWS\TEMP\IDD166D.TMP.EXE
C:\WINDOWS\TEMP\IDD166E.TMP.EXE
C:\WINDOWS\TEMP\IDD166F.TMP.EXE
C:\WINDOWS\TEMP\IDD1675.TMP.EXE
C:\WINDOWS\TEMP\IDD167A.TMP.EXE
C:\WINDOWS\TEMP\IDD167B.TMP.EXE
C:\WINDOWS\TEMP\IDD167D.TMP.EXE
C:\WINDOWS\TEMP\IDD1682.TMP.EXE
C:\WINDOWS\TEMP\IDD1685.TMP.EXE
C:\WINDOWS\TEMP\IDD168D.TMP.EXE
C:\WINDOWS\TEMP\IDD169A.TMP.EXE
C:\WINDOWS\TEMP\IDD169C.TMP.EXE
C:\WINDOWS\TEMP\IDD169D.TMP.EXE
C:\WINDOWS\TEMP\IDD169E.TMP.EXE
C:\WINDOWS\TEMP\IDD169F.TMP.EXE
C:\WINDOWS\TEMP\IDD16A0.TMP.EXE
C:\WINDOWS\TEMP\IDD16A7.TMP.EXE
C:\WINDOWS\TEMP\IDD16A8.TMP.EXE
C:\WINDOWS\TEMP\IDD16B6.TMP.EXE
C:\WINDOWS\TEMP\IDD16B9.TMP.EXE
C:\WINDOWS\TEMP\IDD16BD.TMP.EXE
C:\WINDOWS\TEMP\IDD16C0.TMP.EXE
C:\WINDOWS\TEMP\IDD16C4.TMP.EXE
C:\WINDOWS\TEMP\IDD16C9.TMP.EXE
C:\WINDOWS\TEMP\IDD16CA.TMP.EXE
C:\WINDOWS\TEMP\IDD16D2.TMP.EXE
C:\WINDOWS\TEMP\IDD16D3.TMP.EXE
C:\WINDOWS\TEMP\IDD16D4.TMP.EXE
C:\WINDOWS\TEMP\IDD16D5.TMP.EXE
C:\WINDOWS\TEMP\IDD16D6.TMP.EXE
C:\WINDOWS\TEMP\IDD16D7.TMP.EXE
C:\WINDOWS\TEMP\IDD16E7.TMP.EXE
C:\WINDOWS\TEMP\IDD16E8.TMP.EXE
C:\WINDOWS\TEMP\IDD16E9.TMP.EXE
C:\WINDOWS\TEMP\IDD16EA.TMP.EXE
C:\WINDOWS\TEMP\IDD16EB.TMP.EXE
C:\WINDOWS\TEMP\IDD16EC.TMP.EXE
C:\WINDOWS\TEMP\IDD16ED.TMP.EXE
C:\WINDOWS\TEMP\IDD16FC.TMP.EXE
C:\WINDOWS\TEMP\IDD16FD.TMP.EXE
C:\WINDOWS\TEMP\IDD16FE.TMP.EXE
C:\WINDOWS\TEMP\IDD16FF.TMP.EXE
C:\WINDOWS\TEMP\IDD1700.TMP.EXE
C:\WINDOWS\TEMP\IDD1701.TMP.EXE
C:\WINDOWS\TEMP\IDD1714.TMP.EXE
C:\WINDOWS\TEMP\IDD1715.TMP.EXE
C:\WINDOWS\TEMP\IDD171A.TMP.EXE
C:\WINDOWS\TEMP\IDD171F.TMP.EXE
C:\WINDOWS\TEMP\IDD1720.TMP.EXE
C:\WINDOWS\TEMP\IDD1725.TMP.EXE
C:\WINDOWS\TEMP\IDD172A.TMP.EXE
C:\WINDOWS\TEMP\IDD172E.TMP.EXE
C:\WINDOWS\TEMP\IDD172F.TMP.EXE
C:\WINDOWS\TEMP\IDD1730.TMP.EXE
C:\WINDOWS\TEMP\IDD1739.TMP.EXE
C:\WINDOWS\TEMP\IDD173A.TMP.EXE
C:\WINDOWS\TEMP\IDD173B.TMP.EXE
C:\WINDOWS\TEMP\IDD1740.TMP.EXE
C:\WINDOWS\TEMP\IDD1743.TMP.EXE
C:\WINDOWS\TEMP\IDD1746.TMP.EXE
C:\WINDOWS\TEMP\IDD1755.TMP.EXE
C:\WINDOWS\TEMP\IDD1758.TMP.EXE
C:\WINDOWS\TEMP\IDD1769.TMP.EXE
C:\WINDOWS\TEMP\IDD176A.TMP.EXE
C:\WINDOWS\TEMP\IDD1774.TMP.EXE
C:\WINDOWS\TEMP\IDD1780.TMP.EXE
C:\WINDOWS\TEMP\IDD1784.TMP.EXE
C:\WINDOWS\TEMP\IDD1787.TMP.EXE
C:\WINDOWS\TEMP\IDD1788.TMP.EXE
C:\WINDOWS\TEMP\IDD1789.TMP.EXE
C:\WINDOWS\TEMP\IDD178B.TMP.EXE
C:\WINDOWS\TEMP\IDD1799.TMP.EXE
C:\WINDOWS\TEMP\IDD179A.TMP.EXE
C:\WINDOWS\TEMP\IDD179B.TMP.EXE
C:\WINDOWS\TEMP\IDD179C.TMP.EXE
C:\WINDOWS\TEMP\IDD17A3.TMP.EXE
C:\WINDOWS\TEMP\IDD17B8.TMP.EXE
C:\WINDOWS\TEMP\IDD17CD.TMP.EXE
C:\WINDOWS\TEMP\IDD17CE.TMP.EXE
C:\WINDOWS\TEMP\IDD17E2.TMP.EXE
C:\WINDOWS\TEMP\IDD17F7.TMP.EXE
C:\WINDOWS\TEMP\IDD18.TMP.EXE
C:\WINDOWS\TEMP\IDD181C.TMP.EXE
C:\WINDOWS\TEMP\IDD181E.TMP.EXE
C:\WINDOWS\TEMP\IDD1820.TMP.EXE
C:\WINDOWS\TEMP\IDD1821.TMP.EXE
C:\WINDOWS\TEMP\IDD1822.TMP.EXE
C:\WINDOWS\TEMP\IDD182A.TMP.EXE
C:\WINDOWS\TEMP\IDD182B.TMP.EXE
C:\WINDOWS\TEMP\IDD182C.TMP.EXE
C:\WINDOWS\TEMP\IDD182D.TMP.EXE
C:\WINDOWS\TEMP\IDD182E.TMP.EXE
C:\WINDOWS\TEMP\IDD182F.TMP.EXE
C:\WINDOWS\TEMP\IDD183A.TMP.EXE
C:\WINDOWS\TEMP\IDD184F.TMP.EXE
C:\WINDOWS\TEMP\IDD185C.TMP.EXE
C:\WINDOWS\TEMP\IDD1860.TMP.EXE
C:\WINDOWS\TEMP\IDD1861.TMP.EXE
C:\WINDOWS\TEMP\IDD1868.TMP.EXE
C:\WINDOWS\TEMP\IDD1869.TMP.EXE
C:\WINDOWS\TEMP\IDD1870.TMP.EXE
C:\WINDOWS\TEMP\IDD1877.TMP.EXE
C:\WINDOWS\TEMP\IDD1879.TMP.EXE
C:\WINDOWS\TEMP\IDD187A.TMP.EXE
C:\WINDOWS\TEMP\IDD187C.TMP.EXE
C:\WINDOWS\TEMP\IDD187D.TMP.EXE
C:\WINDOWS\TEMP\IDD187E.TMP.EXE
C:\WINDOWS\TEMP\IDD187F.TMP.EXE
C:\WINDOWS\TEMP\IDD1880.TMP.EXE
C:\WINDOWS\TEMP\IDD1881.TMP.EXE
C:\WINDOWS\TEMP\IDD1882.TMP.EXE
C:\WINDOWS\TEMP\IDD1885.TMP.EXE
C:\WINDOWS\TEMP\IDD1889.TMP.EXE
C:\WINDOWS\TEMP\IDD188B.TMP.EXE
C:\WINDOWS\TEMP\IDD188F.TMP.EXE
C:\WINDOWS\TEMP\IDD1894.TMP.EXE
C:\WINDOWS\TEMP\IDD1895.TMP.EXE
C:\WINDOWS\TEMP\IDD1896.TMP.EXE
C:\WINDOWS\TEMP\IDD1897.TMP.EXE
C:\WINDOWS\TEMP\IDD1899.TMP.EXE
C:\WINDOWS\TEMP\IDD189B.TMP.EXE
C:\WINDOWS\TEMP\IDD189E.TMP.EXE
C:\WINDOWS\TEMP\IDD189F.TMP.EXE
C:\WINDOWS\TEMP\IDD18A0.TMP.EXE
C:\WINDOWS\TEMP\IDD18A1.TMP.EXE
C:\WINDOWS\TEMP\IDD18A3.TMP.EXE
C:\WINDOWS\TEMP\IDD18AB.TMP.EXE
C:\WINDOWS\TEMP\IDD18B4.TMP.EXE
C:\WINDOWS\TEMP\IDD18B7.TMP.EXE
C:\WINDOWS\TEMP\IDD18B8.TMP.EXE
C:\WINDOWS\TEMP\IDD18C3.TMP.EXE
C:\WINDOWS\TEMP\IDD18CC.TMP.EXE
C:\WINDOWS\TEMP\IDD18CD.TMP.EXE
C:\WINDOWS\TEMP\IDD18CF.TMP.EXE
C:\WINDOWS\TEMP\IDD18D5.TMP.EXE
C:\WINDOWS\TEMP\IDD18D6.TMP.EXE
C:\WINDOWS\TEMP\IDD18D8.TMP.EXE
C:\WINDOWS\TEMP\IDD18D9.TMP.EXE
C:\WINDOWS\TEMP\IDD18DA.TMP.EXE
C:\WINDOWS\TEMP\IDD18DB.TMP.EXE
C:\WINDOWS\TEMP\IDD18E1.TMP.EXE
C:\WINDOWS\TEMP\IDD18E3.TMP.EXE
C:\WINDOWS\TEMP\IDD18E5.TMP.EXE
C:\WINDOWS\TEMP\IDD18EB.TMP.EXE
C:\WINDOWS\TEMP\IDD18EC.TMP.EXE
C:\WINDOWS\TEMP\IDD18ED.TMP.EXE
C:\WINDOWS\TEMP\IDD18EF.TMP.EXE
C:\WINDOWS\TEMP\IDD18F0.TMP.EXE
C:\WINDOWS\TEMP\IDD18F2.TMP.EXE
C:\WINDOWS\TEMP\IDD18F8.TMP.EXE
C:\WINDOWS\TEMP\IDD18FA.TMP.EXE
C:\WINDOWS\TEMP\IDD18FD.TMP.EXE
C:\WINDOWS\TEMP\IDD1902.TMP.EXE
C:\WINDOWS\TEMP\IDD1903.TMP.EXE
C:\WINDOWS\TEMP\IDD1904.TMP.EXE
C:\WINDOWS\TEMP\IDD1906.TMP.EXE
C:\WINDOWS\TEMP\IDD1908.TMP.EXE
C:\WINDOWS\TEMP\IDD1913.TMP.EXE
C:\WINDOWS\TEMP\IDD191B.TMP.EXE
C:\WINDOWS\TEMP\IDD191C.TMP.EXE
C:\WINDOWS\TEMP\IDD191E.TMP.EXE
C:\WINDOWS\TEMP\IDD1921.TMP.EXE
C:\WINDOWS\TEMP\IDD1929.TMP.EXE
C:\WINDOWS\TEMP\IDD1932.TMP.EXE
C:\WINDOWS\TEMP\IDD1936.TMP.EXE
C:\WINDOWS\TEMP\IDD1937.TMP.EXE
C:\WINDOWS\TEMP\IDD1938.TMP.EXE
C:\WINDOWS\TEMP\IDD193C.TMP.EXE
C:\WINDOWS\TEMP\IDD1949.TMP.EXE
C:\WINDOWS\TEMP\IDD194B.TMP.EXE
C:\WINDOWS\TEMP\IDD194C.TMP.EXE
C:\WINDOWS\TEMP\IDD1951.TMP.EXE
C:\WINDOWS\TEMP\IDD1954.TMP.EXE
C:\WINDOWS\TEMP\IDD1959.TMP.EXE
C:\WINDOWS\TEMP\IDD1960.TMP.EXE
C:\WINDOWS\TEMP\IDD1962.TMP.EXE
C:\WINDOWS\TEMP\IDD1963.TMP.EXE
C:\WINDOWS\TEMP\IDD1969.TMP.EXE
C:\WINDOWS\TEMP\IDD196A.TMP.EXE
C:\WINDOWS\TEMP\IDD196B.TMP.EXE
C:\WINDOWS\TEMP\IDD196C.TMP.EXE
C:\WINDOWS\TEMP\IDD196D.TMP.EXE
C:\WINDOWS\TEMP\IDD196E.TMP.EXE
C:\WINDOWS\TEMP\IDD1970.TMP.EXE
C:\WINDOWS\TEMP\IDD1971.TMP.EXE
C:\WINDOWS\TEMP\IDD1972.TMP.EXE
C:\WINDOWS\TEMP\IDD1974.TMP.EXE
C:\WINDOWS\TEMP\IDD1975.TMP.EXE
C:\WINDOWS\TEMP\IDD1978.TMP.EXE
C:\WINDOWS\TEMP\IDD1979.TMP.EXE
C:\WINDOWS\TEMP\IDD197C.TMP.EXE
C:\WINDOWS\TEMP\IDD197E.TMP.EXE
C:\WINDOWS\TEMP\IDD1980.TMP.EXE
C:\WINDOWS\TEMP\IDD1982.TMP.EXE
C:\WINDOWS\TEMP\IDD1983.TMP.EXE
C:\WINDOWS\TEMP\IDD1984.TMP.EXE
C:\WINDOWS\TEMP\IDD1985.TMP.EXE
C:\WINDOWS\TEMP\IDD1986.TMP.EXE
C:\WINDOWS\TEMP\IDD1987.TMP.EXE
C:\WINDOWS\TEMP\IDD1988.TMP.EXE
C:\WINDOWS\TEMP\IDD198D.TMP.EXE
C:\WINDOWS\TEMP\IDD1994.TMP.EXE
C:\WINDOWS\TEMP\IDD1995.TMP.EXE
C:\WINDOWS\TEMP\IDD1996.TMP.EXE
C:\WINDOWS\TEMP\IDD1997.TMP.EXE
C:\WINDOWS\TEMP\IDD1998.TMP.EXE
C:\WINDOWS\TEMP\IDD1999.TMP.EXE
C:\WINDOWS\TEMP\IDD199E.TMP.EXE
C:\WINDOWS\TEMP\IDD199F.TMP.EXE
C:\WINDOWS\TEMP\IDD19A3.TMP.EXE
C:\WINDOWS\TEMP\IDD19A5.TMP.EXE
C:\WINDOWS\TEMP\IDD19A7.TMP.EXE
C:\WINDOWS\TEMP\IDD19A8.TMP.EXE
C:\WINDOWS\TEMP\IDD19B1.TMP.EXE
C:\WINDOWS\TEMP\IDD19B2.TMP.EXE
C:\WINDOWS\TEMP\IDD19B4.TMP.EXE
C:\WINDOWS\TEMP\IDD19B5.TMP.EXE
C:\WINDOWS\TEMP\IDD19B6.TMP.EXE
C:\WINDOWS\TEMP\IDD19B8.TMP.EXE
C:\WINDOWS\TEMP\IDD19BA.TMP.EXE
C:\WINDOWS\TEMP\IDD19BD.TMP.EXE
C:\WINDOWS\TEMP\IDD19CD.TMP.EXE
C:\WINDOWS\TEMP\IDD19E2.TMP.EXE
C:\WINDOWS\TEMP\IDD19F7.TMP.EXE
C:\WINDOWS\TEMP\IDD1A0C.TMP.EXE
C:\WINDOWS\TEMP\IDD1A21.TMP.EXE
C:\WINDOWS\TEMP\IDD1A36.TMP.EXE
C:\WINDOWS\TEMP\IDD1A4B.TMP.EXE
C:\WINDOWS\TEMP\IDD1A60.TMP.EXE
C:\WINDOWS\TEMP\IDD1A61.TMP.EXE
C:\WINDOWS\TEMP\IDD1A75.TMP.EXE
C:\WINDOWS\TEMP\IDD1A8A.TMP.EXE
C:\WINDOWS\TEMP\IDD1A9F.TMP.EXE
C:\WINDOWS\TEMP\IDD1AB4.TMP.EXE
C:\WINDOWS\TEMP\IDD1AC9.TMP.EXE
C:\WINDOWS\TEMP\IDD1AD9.TMP.EXE
C:\WINDOWS\TEMP\IDD1ADD.TMP.EXE
C:\WINDOWS\TEMP\IDD1ADE.TMP.EXE
C:\WINDOWS\TEMP\IDD1AE3.TMP.EXE
C:\WINDOWS\TEMP\IDD1AE7.TMP.EXE
C:\WINDOWS\TEMP\IDD1AE8.TMP.EXE
C:\WINDOWS\TEMP\IDD1AF8.TMP.EXE
C:\WINDOWS\TEMP\IDD1AFD.TMP.EXE
C:\WINDOWS\TEMP\IDD1B02.TMP.EXE
C:\WINDOWS\TEMP\IDD1B04.TMP.EXE
C:\WINDOWS\TEMP\IDD1B05.TMP.EXE
C:\WINDOWS\TEMP\IDD1B06.TMP.EXE
C:\WINDOWS\TEMP\IDD1B07.TMP.EXE
C:\WINDOWS\TEMP\IDD1B18.TMP.EXE
C:\WINDOWS\TEMP\IDD1B27.TMP.EXE
C:\WINDOWS\TEMP\IDD1B2D.TMP.EXE
C:\WINDOWS\TEMP\IDD1B32.TMP.EXE
C:\WINDOWS\TEMP\IDD1B34.TMP.EXE
C:\WINDOWS\TEMP\IDD1B3C.TMP.EXE
C:\WINDOWS\TEMP\IDD1B42.TMP.EXE
C:\WINDOWS\TEMP\IDD1B57.TMP.EXE
C:\WINDOWS\TEMP\IDD1B5A.TMP.EXE
C:\WINDOWS\TEMP\IDD1B6C.TMP.EXE
C:\WINDOWS\TEMP\IDD1B81.TMP.EXE
C:\WINDOWS\TEMP\IDD1B96.TMP.EXE
C:\WINDOWS\TEMP\IDD1BAB.TMP.EXE
C:\WINDOWS\TEMP\IDD1BB7.TMP.EXE
C:\WINDOWS\TEMP\IDD1BBA.TMP.EXE
C:\WINDOWS\TEMP\IDD1BBC.TMP.EXE
C:\WINDOWS\TEMP\IDD1BC1.TMP.EXE
C:\WINDOWS\TEMP\IDD1BD6.TMP.EXE
C:\WINDOWS\TEMP\IDD1BE4.TMP.EXE
C:\WINDOWS\TEMP\IDD1BE5.TMP.EXE
C:\WINDOWS\TEMP\IDD1BEE.TMP.EXE
C:\WINDOWS\TEMP\IDD1BF3.TMP.EXE
C:\WINDOWS\TEMP\IDD1BF4.TMP.EXE
C:\WINDOWS\TEMP\IDD1C03.TMP.EXE
C:\WINDOWS\TEMP\IDD1C0E.TMP.EXE
C:\WINDOWS\TEMP\IDD1C0F.TMP.EXE
C:\WINDOWS\TEMP\IDD1C19.TMP.EXE
C:\WINDOWS\TEMP\IDD1C1F.TMP.EXE
C:\WINDOWS\TEMP\IDD1C27.TMP.EXE
C:\WINDOWS\TEMP\IDD1C29.TMP.EXE
C:\WINDOWS\TEMP\IDD1C2A.TMP.EXE
C:\WINDOWS\TEMP\IDD1C32.TMP.EXE
C:\WINDOWS\TEMP\IDD1C33.TMP.EXE
C:\WINDOWS\TEMP\IDD1C3A.TMP.EXE
C:\WINDOWS\TEMP\IDD1C3E.TMP.EXE
C:\WINDOWS\TEMP\IDD1C48.TMP.EXE
C:\WINDOWS\TEMP\IDD1C4A.TMP.EXE
C:\WINDOWS\TEMP\IDD1C4B.TMP.EXE
C:\WINDOWS\TEMP\IDD1C4C.TMP.EXE
C:\WINDOWS\TEMP\IDD1C4D.TMP.EXE
C:\WINDOWS\TEMP\IDD1C4E.TMP.EXE
C:\WINDOWS\TEMP\IDD1C53.TMP.EXE
C:\WINDOWS\TEMP\IDD1C58.TMP.EXE
C:\WINDOWS\TEMP\IDD1C5C.TMP.EXE
C:\WINDOWS\TEMP\IDD1C5D.TMP.EXE
C:\WINDOWS\TEMP\IDD1C63.TMP.EXE
C:\WINDOWS\TEMP\IDD1C68.TMP.EXE
C:\WINDOWS\TEMP\IDD1C6D.TMP.EXE
C:\WINDOWS\TEMP\IDD1C6E.TMP.EXE
C:\WINDOWS\TEMP\IDD1C75.TMP.EXE
C:\WINDOWS\TEMP\IDD1C76.TMP.EXE
C:\WINDOWS\TEMP\IDD1C78.TMP.EXE
C:\WINDOWS\TEMP\IDD1C79.TMP.EXE
C:\WINDOWS\TEMP\IDD1C7D.TMP.EXE
C:\WINDOWS\TEMP\IDD1C7E.TMP.EXE
C:\WINDOWS\TEMP\IDD1C84.TMP.EXE
C:\WINDOWS\TEMP\IDD1C88.TMP.EXE
C:\WINDOWS\TEMP\IDD1C89.TMP.EXE
C:\WINDOWS\TEMP\IDD1C8B.TMP.EXE
C:\WINDOWS\TEMP\IDD1C90.TMP.EXE
C:\WINDOWS\TEMP\IDD1C91.TMP.EXE
C:\WINDOWS\TEMP\IDD1C92.TMP.EXE
C:\WINDOWS\TEMP\IDD1C93.TMP.EXE
C:\WINDOWS\TEMP\IDD1C94.TMP.EXE
C:\WINDOWS\TEMP\IDD1CA5.TMP.EXE
C:\WINDOWS\TEMP\IDD1CA8.TMP.EXE
C:\WINDOWS\TEMP\IDD1CB5.TMP.EXE
C:\WINDOWS\TEMP\IDD1CBD.TMP.EXE
C:\WINDOWS\TEMP\IDD1CBE.TMP.EXE
C:\WINDOWS\TEMP\IDD1CD2.TMP.EXE
C:\WINDOWS\TEMP\IDD1CE7.TMP.EXE
C:\WINDOWS\TEMP\IDD1CFC.TMP.EXE
C:\WINDOWS\TEMP\IDD1D11.TMP.EXE
C:\WINDOWS\TEMP\IDD1D26.TMP.EXE
C:\WINDOWS\TEMP\IDD1D3B.TMP.EXE
C:\WINDOWS\TEMP\IDD1D50.TMP.EXE
C:\WINDOWS\TEMP\IDD1D65.TMP.EXE
C:\WINDOWS\TEMP\IDD1D66.TMP.EXE
C:\WINDOWS\TEMP\IDD1D69.TMP.EXE
C:\WINDOWS\TEMP\IDD1D78.TMP.EXE
C:\WINDOWS\TEMP\IDD1D7A.TMP.EXE
C:\WINDOWS\TEMP\IDD1D7B.TMP.EXE
C:\WINDOWS\TEMP\IDD1D7C.TMP.EXE
C:\WINDOWS\TEMP\IDD1D7D.TMP.EXE
C:\WINDOWS\TEMP\IDD1D7E.TMP.EXE
C:\WINDOWS\TEMP\IDD1D83.TMP.EXE
C:\WINDOWS\TEMP\IDD1D86.TMP.EXE
C:\WINDOWS\TEMP\IDD1D87.TMP.EXE
C:\WINDOWS\TEMP\IDD1D88.TMP.EXE
C:\WINDOWS\TEMP\IDD1D8F.TMP.EXE
C:\WINDOWS\TEMP\IDD1DA9.TMP.EXE
C:\WINDOWS\TEMP\IDD1DB1.TMP.EXE
C:\WINDOWS\TEMP\IDD1DB3.TMP.EXE
C:\WINDOWS\TEMP\IDD1DB7.TMP.EXE
C:\WINDOWS\TEMP\IDD1DBE.TMP.EXE
C:\WINDOWS\TEMP\IDD1DC7.TMP.EXE
C:\WINDOWS\TEMP\IDD1DCA.TMP.EXE
C:\WINDOWS\TEMP\IDD1DCC.TMP.EXE
C:\WINDOWS\TEMP\IDD1DCD.TMP.EXE
C:\WINDOWS\TEMP\IDD1DCE.TMP.EXE
C:\WINDOWS\TEMP\IDD1DD2.TMP.EXE
C:\WINDOWS\TEMP\IDD1DD6.TMP.EXE
C:\WINDOWS\TEMP\IDD1DD9.TMP.EXE
C:\WINDOWS\TEMP\IDD1DDA.TMP.EXE
C:\WINDOWS\TEMP\IDD1DDC.TMP.EXE
C:\WINDOWS\TEMP\IDD1DDD.TMP.EXE
C:\WINDOWS\TEMP\IDD1DDF.TMP.EXE
C:\WINDOWS\TEMP\IDD1DE9.TMP.EXE
C:\WINDOWS\TEMP\IDD1DED.TMP.EXE
C:\WINDOWS\TEMP\IDD1DEF.TMP.EXE
C:\WINDOWS\TEMP\IDD1DF6.TMP.EXE
C:\WINDOWS\TEMP\IDD1DF8.TMP.EXE
C:\WINDOWS\TEMP\IDD1DFC.TMP.EXE
C:\WINDOWS\TEMP\IDD1DFE.TMP.EXE
C:\WINDOWS\TEMP\IDD1E03.TMP.EXE
C:\WINDOWS\TEMP\IDD1E06.TMP.EXE
C:\WINDOWS\TEMP\IDD1E0D.TMP.EXE
C:\WINDOWS\TEMP\IDD1E13.TMP.EXE
C:\WINDOWS\TEMP\IDD1E14.TMP.EXE
C:\WINDOWS\TEMP\IDD1E15.TMP.EXE
C:\WINDOWS\TEMP\IDD1E1A.TMP.EXE
C:\WINDOWS\TEMP\IDD1E1C.TMP.EXE
C:\WINDOWS\TEMP\IDD1E22.TMP.EXE
C:\WINDOWS\TEMP\IDD1E23.TMP.EXE
C:\WINDOWS\TEMP\IDD1E24.TMP.EXE
C:\WINDOWS\TEMP\IDD1E2F.TMP.EXE
C:\WINDOWS\TEMP\IDD1E34.TMP.EXE
C:\WINDOWS\TEMP\IDD1E36.TMP.EXE
C:\WINDOWS\TEMP\IDD1E3D.TMP.EXE
C:\WINDOWS\TEMP\IDD1E40.TMP.EXE
C:\WINDOWS\TEMP\IDD1E41.TMP.EXE
C:\WINDOWS\TEMP\IDD1E43.TMP.EXE
C:\WINDOWS\TEMP\IDD1E48.TMP.EXE
C:\WINDOWS\TEMP\IDD1E51.TMP.EXE
C:\WINDOWS\TEMP\IDD1E56.TMP.EXE
C:\WINDOWS\TEMP\IDD1E5C.TMP.EXE
C:\WINDOWS\TEMP\IDD1E5E.TMP.EXE
C:\WINDOWS\TEMP\IDD1E5F.TMP.EXE
C:\WINDOWS\TEMP\IDD1E60.TMP.EXE
C:\WINDOWS\TEMP\IDD1E65.TMP.EXE
C:\WINDOWS\TEMP\IDD1E6B.TMP.EXE
C:\WINDOWS\TEMP\IDD1E7B.TMP.EXE
C:\WINDOWS\TEMP\IDD1E8A.TMP.EXE
C:\WINDOWS\TEMP\IDD1E8B.TMP.EXE
C:\WINDOWS\TEMP\IDD29.TMP.EXE
C:\WINDOWS\TEMP\IDD3.TMP.EXE
C:\WINDOWS\TEMP\IDD5.TMP.EXE
C:\WINDOWS\TEMP\IDD5B.TMP.EXE
C:\WINDOWS\TEMP\IDD6.TMP.EXE
C:\WINDOWS\TEMP\IDD64.TMP.EXE
C:\WINDOWS\TEMP\IDD7.TMP.EXE
C:\WINDOWS\TEMP\IDD8.TMP.EXE
C:\WINDOWS\TEMP\IDD85.TMP.EXE
C:\WINDOWS\TEMP\IDD9.TMP.EXE
C:\WINDOWS\TEMP\IDDB.TMP.EXE
C:\WINDOWS\TEMP\IDDC59.TMP.EXE
C:\WINDOWS\TEMP\IDDD.TMP.EXE
C:\WINDOWS\TEMP\IDDDDE.TMP.EXE
C:\WINDOWS\TEMP\IDDDE2.TMP.EXE
C:\WINDOWS\TEMP\IDDDE3.TMP.EXE
C:\WINDOWS\TEMP\IDDDEC.TMP.EXE
C:\WINDOWS\TEMP\IDDE.TMP.EXE
C:\WINDOWS\TEMP\IDDE0C.TMP.EXE
C:\WINDOWS\TEMP\IDDE0E.TMP.EXE
C:\WINDOWS\TEMP\IDDE0F.TMP.EXE
C:\WINDOWS\TEMP\IDDE10.TMP.EXE
C:\WINDOWS\TEMP\IDDE11.TMP.EXE
C:\WINDOWS\TEMP\IDDE12.TMP.EXE
C:\WINDOWS\TEMP\IDDE16.TMP.EXE
C:\WINDOWS\TEMP\IDDE1B.TMP.EXE
C:\WINDOWS\TEMP\IDDE1E.TMP.EXE
C:\WINDOWS\TEMP\IDDE2F.TMP.EXE
C:\WINDOWS\TEMP\IDDE37.TMP.EXE
C:\WINDOWS\TEMP\IDDE38.TMP.EXE
C:\WINDOWS\TEMP\IDDE4A.TMP.EXE
C:\WINDOWS\TEMP\IDDE4D.TMP.EXE
C:\WINDOWS\TEMP\IDDE4F.TMP.EXE
C:\WINDOWS\TEMP\IDDE51.TMP.EXE
C:\WINDOWS\TEMP\IDDE55.TMP.EXE
C:\WINDOWS\TEMP\IDDE59.TMP.EXE
C:\WINDOWS\TEMP\IDDE5B.TMP.EXE
C:\WINDOWS\TEMP\IDDE5C.TMP.EXE
C:\WINDOWS\TEMP\IDDE5D.TMP.EXE
C:\WINDOWS\TEMP\IDDE5E.TMP.EXE
C:\WINDOWS\TEMP\IDDE5F.TMP.EXE
C:\WINDOWS\TEMP\IDDE62.TMP.EXE
C:\WINDOWS\TEMP\IDDE69.TMP.EXE
C:\WINDOWS\TEMP\IDDE6B.TMP.EXE
C:\WINDOWS\TEMP\IDDE6C.TMP.EXE
C:\WINDOWS\TEMP\IDDE6F.TMP.EXE
C:\WINDOWS\TEMP\IDDE72.TMP.EXE
C:\WINDOWS\TEMP\IDDE7E.TMP.EXE
C:\WINDOWS\TEMP\IDDE8A.TMP.EXE
C:\WINDOWS\TEMP\IDDE92.TMP.EXE
C:\WINDOWS\TEMP\IDDE9F.TMP.EXE
C:\WINDOWS\TEMP\IDDEA7.TMP.EXE
C:\WINDOWS\TEMP\IDDEB4.TMP.EXE
C:\WINDOWS\TEMP\IDDECC.TMP.EXE
C:\WINDOWS\TEMP\IDDECF.TMP.EXE
C:\WINDOWS\TEMP\IDDEE1.TMP.EXE
C:\WINDOWS\TEMP\IDDEE5.TMP.EXE
C:\WINDOWS\TEMP\IDDEE6.TMP.EXE
C:\WINDOWS\TEMP\IDDEEA.TMP.EXE
C:\WINDOWS\TEMP\IDDEEB.TMP.EXE
C:\WINDOWS\TEMP\IDDEF2.TMP.EXE
C:\WINDOWS\TEMP\IDDEF3.TMP.EXE
C:\WINDOWS\TEMP\IDDEF4.TMP.EXE
C:\WINDOWS\TEMP\IDDEF5.TMP.EXE
C:\WINDOWS\TEMP\IDDEF6.TMP.EXE
C:\WINDOWS\TEMP\IDDEF9.TMP.EXE
C:\WINDOWS\TEMP\IDDEFC.TMP.EXE
C:\WINDOWS\TEMP\IDDEFD.TMP.EXE
C:\WINDOWS\TEMP\IDDF.TMP.EXE
C:\WINDOWS\TEMP\IDDF00.TMP.EXE
C:\WINDOWS\TEMP\IDDF0B.TMP.EXE
C:\WINDOWS\TEMP\IDDF15.TMP.EXE
C:\WINDOWS\TEMP\IDDF2B.TMP.EXE
C:\WINDOWS\TEMP\IDDF30.TMP.EXE
C:\WINDOWS\TEMP\IDDF34.TMP.EXE
C:\WINDOWS\TEMP\IDDF3C.TMP.EXE
C:\WINDOWS\TEMP\IDDF3E.TMP.EXE
C:\WINDOWS\TEMP\IDDF3F.TMP.EXE
C:\WINDOWS\TEMP\IDDF41.TMP.EXE
C:\WINDOWS\TEMP\IDDF5B.TMP.EXE
C:\WINDOWS\TEMP\IDDF64.TMP.EXE
C:\WINDOWS\TEMP\IDDF65.TMP.EXE
C:\WINDOWS\TEMP\IDDF6F.TMP.EXE
C:\WINDOWS\TEMP\IDDF71.TMP.EXE
C:\WINDOWS\TEMP\IDDF73.TMP.EXE
C:\WINDOWS\TEMP\IDDF80.TMP.EXE
C:\WINDOWS\TEMP\IDDF81.TMP.EXE
C:\WINDOWS\TEMP\IDDF87.TMP.EXE
C:\WINDOWS\TEMP\IDDF88.TMP.EXE
C:\WINDOWS\TEMP\IDDF89.TMP.EXE
C:\WINDOWS\TEMP\IDDF8D.TMP.EXE
C:\WINDOWS\TEMP\IDDF93.TMP.EXE
C:\WINDOWS\TEMP\IDDF96.TMP.EXE
C:\WINDOWS\TEMP\IDDF97.TMP.EXE
C:\WINDOWS\TEMP\IDDF98.TMP.EXE
C:\WINDOWS\TEMP\IDDF99.TMP.EXE
C:\WINDOWS\TEMP\IDDF9A.TMP.EXE
C:\WINDOWS\TEMP\IDDF9C.TMP.EXE
C:\WINDOWS\TEMP\IDDF9D.TMP.EXE
C:\WINDOWS\TEMP\IDDF9F.TMP.EXE
C:\WINDOWS\TEMP\IDDFA0.TMP.EXE
C:\WINDOWS\TEMP\IDDFA3.TMP.EXE
C:\WINDOWS\TEMP\IDDFA4.TMP.EXE
C:\WINDOWS\TEMP\IDDFA6.TMP.EXE
C:\WINDOWS\TEMP\IDDFA7.TMP.EXE
C:\WINDOWS\TEMP\IDDFA8.TMP.EXE
C:\WINDOWS\TEMP\IDDFA9.TMP.EXE
C:\WINDOWS\TEMP\IDDFAC.TMP.EXE
C:\WINDOWS\TEMP\IDDFAD.TMP.EXE
C:\WINDOWS\TEMP\IDDFAE.TMP.EXE
C:\WINDOWS\TEMP\IDDFAF.TMP.EXE
C:\WINDOWS\TEMP\IDDFBA.TMP.EXE
C:\WINDOWS\TEMP\IDDFBB.TMP.EXE
C:\WINDOWS\TEMP\IDDFBE.TMP.EXE
C:\WINDOWS\TEMP\IDDFBF.TMP.EXE
C:\WINDOWS\TEMP\IDDFC1.TMP.EXE
C:\WINDOWS\TEMP\IDDFC2.TMP.EXE
C:\WINDOWS\TEMP\IDDFC3.TMP.EXE
C:\WINDOWS\TEMP\IDDFC4.TMP.EXE
C:\WINDOWS\TEMP\IDDFC5.TMP.EXE
C:\WINDOWS\TEMP\IDDFCF.TMP.EXE
C:\WINDOWS\TEMP\IDDFD4.TMP.EXE
C:\WINDOWS\TEMP\IDDFD5.TMP.EXE
C:\WINDOWS\TEMP\IDDFD6.TMP.EXE
C:\WINDOWS\TEMP\IDDFD9.TMP.EXE
C:\WINDOWS\TEMP\IDDFE1.TMP.EXE
C:\WINDOWS\TEMP\IDDFE7.TMP.EXE
C:\WINDOWS\TEMP\IDDFE8.TMP.EXE
C:\WINDOWS\TEMP\IDDFEE.TMP.EXE
C:\WINDOWS\TEMP\MST2612.TMP
C:\WINDOWS\TEMP\WIN20E6.TMP.EXE
C:\WINDOWS\TEMP\WIN2572.TMP
C:\WINDOWS\TEMP\WIN2611.TMP
C:\WINDOWS\TEMP\WIN2617.TMP
C:\WINDOWS\TEMP\WINC08.TMP.EXE
C:\WINDOWS\TEMP\WINC12.TMP.EXE
C:\WINDOWS\TEMP\WINC2F.TMP.EXE
C:\WINDOWS\TEMP\WINC48.TMP.EXE
C:\WINDOWS\TEMP\WINC59.TMP.EXE
C:\WINDOWS\TEMP\WINCCF.TMP.EXE

Trojan.Unknown Origin
C:\WINDOWS\TEMP\IDD17.TMP.EXE
C:\WINDOWS\TEMP\IDD3F.TMP.EXE
C:\WINDOWS\TEMP\IDD40.TMP.EXE
C:\WINDOWS\TEMP\IDD41.TMP.EXE
C:\WINDOWS\TEMP\IDD53.TMP.EXE
C:\WINDOWS\TEMP\IDDA514.TMP.EXE
C:\WINDOWS\TEMP\IDDA515.TMP.EXE
C:\WINDOWS\TEMP\IDDA51A.TMP.EXE
C:\WINDOWS\TEMP\IDDA51B.TMP.EXE
C:\WINDOWS\TEMP\IDDA51E.TMP.EXE
C:\WINDOWS\TEMP\IDDA520.TMP.EXE
C:\WINDOWS\TEMP\IDDA521.TMP.EXE
C:\WINDOWS\TEMP\IDDA523.TMP.EXE
C:\WINDOWS\TEMP\IDDA524.TMP.EXE
C:\WINDOWS\TEMP\IDDA525.TMP.EXE
C:\WINDOWS\TEMP\IDDA526.TMP.EXE
C:\WINDOWS\TEMP\IDDA528.TMP.EXE
C:\WINDOWS\TEMP\IDDA529.TMP.EXE
C:\WINDOWS\TEMP\IDDA52A.TMP.EXE
C:\WINDOWS\TEMP\IDDA52B.TMP.EXE
C:\WINDOWS\TEMP\IDDA52C.TMP.EXE
C:\WINDOWS\TEMP\IDDA52D.TMP.EXE
C:\WINDOWS\TEMP\IDDA52F.TMP.EXE
C:\WINDOWS\TEMP\IDDA530.TMP.EXE
C:\WINDOWS\TEMP\IDDA531.TMP.EXE
C:\WINDOWS\TEMP\IDDA532.TMP.EXE
C:\WINDOWS\TEMP\IDDA533.TMP.EXE
C:\WINDOWS\TEMP\IDDA534.TMP.EXE
C:\WINDOWS\TEMP\IDDA536.TMP.EXE
C:\WINDOWS\TEMP\IDDA537.TMP.EXE
C:\WINDOWS\TEMP\IDDA538.TMP.EXE
C:\WINDOWS\TEMP\IDDA539.TMP.EXE
C:\WINDOWS\TEMP\IDDA53A.TMP.EXE
C:\WINDOWS\TEMP\IDDA53B.TMP.EXE
C:\WINDOWS\TEMP\IDDA53D.TMP.EXE
C:\WINDOWS\TEMP\IDDA53E.TMP.EXE
C:\WINDOWS\TEMP\IDDA53F.TMP.EXE
C:\WINDOWS\TEMP\IDDA540.TMP.EXE
C:\WINDOWS\TEMP\IDDA541.TMP.EXE
C:\WINDOWS\TEMP\IDDA542.TMP.EXE
C:\WINDOWS\TEMP\IDDA543.TMP.EXE
C:\WINDOWS\TEMP\IDDA544.TMP.EXE
C:\WINDOWS\TEMP\IDDA545.TMP.EXE
C:\WINDOWS\TEMP\IDDA546.TMP.EXE
C:\WINDOWS\TEMP\IDDA547.TMP.EXE
C:\WINDOWS\TEMP\IDDA548.TMP.EXE
C:\WINDOWS\TEMP\IDDA549.TMP.EXE
C:\WINDOWS\TEMP\IDDA566.TMP.EXE
C:\WINDOWS\TEMP\IDDA567.TMP.EXE
C:\WINDOWS\TEMP\IDDA57B.TMP.EXE
C:\WINDOWS\TEMP\IDDA590.TMP.EXE
C:\WINDOWS\TEMP\IDDA5A5.TMP.EXE
C:\WINDOWS\TEMP\IDDA5BA.TMP.EXE
C:\WINDOWS\TEMP\IDDA5CF.TMP.EXE
C:\WINDOWS\TEMP\IDDA5E6.TMP.EXE
C:\WINDOWS\TEMP\IDDA5FB.TMP.EXE
C:\WINDOWS\TEMP\IDDA612.TMP.EXE
C:\WINDOWS\TEMP\IDDA627.TMP.EXE
C:\WINDOWS\TEMP\IDDA63C.TMP.EXE
C:\WINDOWS\TEMP\IDDA651.TMP.EXE
C:\WINDOWS\TEMP\IDDA666.TMP.EXE
C:\WINDOWS\TEMP\IDDA67B.TMP.EXE
C:\WINDOWS\TEMP\IDDA690.TMP.EXE
C:\WINDOWS\TEMP\IDDA6A5.TMP.EXE
C:\WINDOWS\TEMP\IDDA6BA.TMP.EXE
C:\WINDOWS\TEMP\IDDA6CF.TMP.EXE
C:\WINDOWS\TEMP\IDDA6E4.TMP.EXE
C:\WINDOWS\TEMP\IDDA6F9.TMP.EXE
C:\WINDOWS\TEMP\IDDA70E.TMP.EXE
C:\WINDOWS\TEMP\IDDA70F.TMP.EXE
C:\WINDOWS\TEMP\IDDA723.TMP.EXE
C:\WINDOWS\TEMP\IDDA73E.TMP.EXE
C:\WINDOWS\TEMP\IDDA73F.TMP.EXE
C:\WINDOWS\TEMP\IDDA741.TMP.EXE
C:\WINDOWS\TEMP\IDDA744.TMP.EXE
C:\WINDOWS\TEMP\IDDA74B.TMP.EXE
C:\WINDOWS\TEMP\IDDA74C.TMP.EXE
C:\WINDOWS\TEMP\IDDA74D.TMP.EXE
C:\WINDOWS\TEMP\IDDA74E.TMP.EXE
C:\WINDOWS\TEMP\IDDA74F.TMP.EXE
C:\WINDOWS\TEMP\IDDA752.TMP.EXE
C:\WINDOWS\TEMP\IDDA753.TMP.EXE
C:\WINDOWS\TEMP\IDDA754.TMP.EXE
C:\WINDOWS\TEMP\IDDA755.TMP.EXE
C:\WINDOWS\TEMP\IDDA756.TMP.EXE
C:\WINDOWS\TEMP\IDDA757.TMP.EXE
C:\WINDOWS\TEMP\IDDA75A.TMP.EXE
C:\WINDOWS\TEMP\IDDA75F.TMP.EXE
C:\WINDOWS\TEMP\IDDA764.TMP.EXE
C:\WINDOWS\TEMP\IDDA769.TMP.EXE
C:\WINDOWS\TEMP\IDDA76B.TMP.EXE
C:\WINDOWS\TEMP\IDDA76C.TMP.EXE
C:\WINDOWS\TEMP\IDDA773.TMP.EXE
C:\WINDOWS\TEMP\IDDA774.TMP.EXE
C:\WINDOWS\TEMP\IDDA77F.TMP.EXE
C:\WINDOWS\TEMP\IDDA781.TMP.EXE
C:\WINDOWS\TEMP\IDDA782.TMP.EXE
C:\WINDOWS\TEMP\IDDA798.TMP.EXE
C:\WINDOWS\TEMP\IDDA79B.TMP.EXE
C:\WINDOWS\TEMP\IDDA7A6.TMP.EXE
C:\WINDOWS\TEMP\IDDA7A8.TMP.EXE

Trojan.Downloader-DRVSAM
C:\WINDOWS\TEMP\MST409E.TMP

Adware.Universa
C:\WINDOWS\TEMP\WINA513.TMP.EXE
C:\WINDOWS\TEMP\WINA514.TMP.EXE
C:\WINDOWS\TEMP\WINA520.TMP.EXE
C:\WINDOWS\TEMP\WINA522.TMP.EXE
C:\WINDOWS\TEMP\WINA545.TMP.EXE
C:\WINDOWS\TEMP\WINA73D.TMP.EXE
C:\WINDOWS\TEMP\WINA740.TMP.EXE
C:\WINDOWS\TEMP\WINA743.TMP.EXE
C:\WINDOWS\TEMP\WINA77E.TMP.EXE
C:\WINDOWS\TEMP\WINA7A5.TMP.EXE

Trace.Known Threat Sources
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\0HAJYNCT\play2[1].jpg
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\VRPLTLH2\footer[1].gif
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\EQET9506\toplines[1].gif
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\0HAJYNCT\init[1].js
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\0HAJYNCT\title[1].js
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\0HAJYNCT\mainbg2[2].gif
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\VRPLTLH2\banner[1].jpg
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\EQET9506\music-video-codes[1].gif
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\XS1XVTLR\music-videos-bg[1].gif
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\0HAJYNCT\redirect[1].js
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\EQET9506\index[1].htm
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\VRPLTLH2\ga275a9[1].js
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\VRPLTLH2\DetectEnvironment[1].js
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\EQET9506\mvc[1].gif
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\VRPLTLH2\style[2].css
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\XS1XVTLR\ga275a9[1].js
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\VRPLTLH2\desc[1].js

log from super anti spyware

#13 becks2307

becks2307
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 06 July 2007 - 10:58 PM

Deckard's System Scanner v20070611.50
Run by xiaoboi on 2007-07-07 at 11:41:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as xiaoboi.exe) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:51:25 AM, on 7/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\tfidma.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\drivers\conime.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\adamrf.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\xiaoboi\Desktop\dss.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\severe.exe
C:\DOCUME~1\xiaoboi\Desktop\HIJACK~1\xiaoboi.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\conime.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [adamrf] C:\WINDOWS\system32\tfidma.exe
O4 - HKLM\..\Run: [tfidma] C:\WINDOWS\system32\severe.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0FC64BDC-D14D-4F04-802D-4B9104DF16FB} (SystemCheck Class) - http://www.singnet.com.sg/technical/helpto.../ALTControl.cab
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {2B866353-E598-4403-8E4D-B871AB30DC55} (Speed Class) - http://www.singnet.com.sg/technical/helpto...a/SpeedCtrl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://axcab.wrs.mcboo.com/website.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA8F9DF6-D06F-46B2-88B0-5FFEA6D035E9}: NameServer = 165.21.100.88,165.21.83.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


-- HijackThis Fixed Entries (C:\DOCUME~1\xiaoboi\Desktop\HIJACK~1\backups\) ----

backup-20070701-002631-472 O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
backup-20070701-002631-917 O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
backup-20070701-002632-322 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
backup-20070701-002632-717 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
backup-20070701-002635-744 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
backup-20070701-002636-100 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
backup-20070701-002638-211 O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
backup-20070701-002640-231 O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
backup-20070701-002642-837 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070701-002643-496 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070701-002645-772 O11 - Options group: [INTERNATIONAL] International*
backup-20070701-002916-314 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20070701-002916-551 O23 - Service: COM+ Messages - Unknown owner - -e,mc-110-12-0000272, (file missing)
backup-20070701-003956-133 O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
backup-20070701-003956-310 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
backup-20070701-003956-330 O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
backup-20070701-003956-400 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20070701-003956-437 O4 - HKCU\..\Run: [asrupdate.exe] C:\WINDOWS\system32\asrupdate.exe
backup-20070701-003956-484 O4 - HKLM\..\Run: [tfidma] C:\WINDOWS\system32\severe.exe
backup-20070701-003956-496 O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
backup-20070701-003956-526 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
backup-20070701-003956-608 O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
backup-20070701-003956-679 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20070701-003956-747 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
backup-20070701-003956-992 O4 - HKLM\..\Run: [adamrf] C:\WINDOWS\system32\tfidma.exe
backup-20070701-003956-999 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
backup-20070701-004046-376 O4 - HKLM\..\Run: [tfidma] C:\WINDOWS\system32\severe.exe
backup-20070701-004046-732 O4 - HKLM\..\Run: [adamrf] C:\WINDOWS\system32\tfidma.exe
backup-20070701-004328-603 O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
backup-20070701-004328-798 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
backup-20070701-004328-876 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu41.exe 61A847B5BBF72816338B2B27128065E9C085320161C4661227A755E9D29064183387384A72E512
backup-20070701-004555-228 O4 - HKLM\..\Run: [adamrf] C:\WINDOWS\system32\tfidma.exe
backup-20070701-004555-950 O4 - HKLM\..\Run: [tfidma] C:\WINDOWS\system32\severe.exe
backup-20070701-005324-195 O4 - HKLM\..\Run: [adamrf] C:\WINDOWS\system32\tfidma.exe
backup-20070701-005324-307 O4 - HKLM\..\Run: [tfidma] C:\WINDOWS\system32\severe.exe
backup-20070701-005412-197 O4 - HKLM\..\Run: [tfidma] C:\WINDOWS\system32\severe.exe
backup-20070701-005412-280 O4 - HKLM\..\Run: [adamrf] C:\WINDOWS\system32\tfidma.exe
backup-20070701-005457-241 O4 - HKLM\..\Run: [tfidma] C:\WINDOWS\system32\severe.exe
backup-20070701-005457-324 O4 - HKLM\..\Run: [adamrf] C:\WINDOWS\system32\tfidma.exe
backup-20070701-032413-182 O4 - HKLM\..\Run: [adamrf] C:\WINDOWS\system32\tfidma.exe
backup-20070701-032413-346 O4 - HKLM\..\Run: [tfidma] C:\WINDOWS\system32\severe.exe
backup-20070701-194901-293 O4 - HKLM\..\Run: [adamrf] C:\WINDOWS\system32\tfidma.exe
backup-20070701-194901-803 O4 - HKLM\..\Run: [tfidma] C:\WINDOWS\system32\severe.exe
backup-20070701-194902-584 O20 - Winlogon Notify: jkkkhhh - C:\WINDOWS\SYSTEM32\jkkkhhh.dll
backup-20070707-073424-109 O2 - BHO: (no name) - {C70A59A2-EDFF-425C-9CC7-B7469A5C2DC0} - C:\WINDOWS\SYSTEM32\GEBYX.DLL (file missing)
backup-20070707-073424-211 O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
backup-20070707-073424-311 O2 - BHO: (no name) - {B6C43182-63AE-4F13-9980-714EB0A6CB3F} - C:\WINDOWS\system32\jkkkhhh.dll (file missing)
backup-20070707-073424-643 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWSabout.htm
backup-20070707-073424-746 O4 - HKLM\..\Run: [tfidma] C:\WINDOWS\system32\severe.exe
backup-20070707-073424-923 O4 - HKLM\..\Run: [adamrf] C:\WINDOWS\system32\tfidma.exe
backup-20070707-073428-285 O20 - Winlogon Notify: gebyx - C:\WINDOWS\system32\gebyx.dll (file missing)
backup-20070707-073429-545 O20 - Winlogon Notify: jkkkhhh - jkkkhhh.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 npkcrypt - c:\program files\wizet\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R2 STEC3 - c:\windows\system32\stec3.sys <Not Verified; AntiCracking; SVKP driver for NT>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Scheduled Tasks -------------------------------------------------------------

2007-07-07 11:33:40 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-06-24 14:21:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-12-08 19:02:52 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2007-06-07 and 2007-07-07 -----------------------------

2007-07-07 07:29:56 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-07-07 07:29:52 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-07-07 07:29:52 0 d-------- C:\Documents and Settings\xiaoboi\Application Data\SUPERAntiSpyware.com
2007-07-07 07:29:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-07 02:22:47 0 d-------- C:\avenger
2007-07-07 02:22:37 96897 ---hs---- C:\WINDOWS\system32\tfidma.exe
2007-07-07 02:22:37 96897 ---hs---- C:\WINDOWS\system32\drivers\conime.exe
2007-07-07 02:21:08 1080 --a------ C:\kiisueat.bat
2007-07-07 02:21:07 60416 --a------ C:\WINDOWS\system32\drivers\qimtvnbe.sys
2007-07-06 19:38:07 66112 --a------ C:\WINDOWS\system32\cxbxdkbl.dll
2007-07-06 19:32:08 128576 --a------ C:\WINDOWS\system32\heaetavm.dll
2007-07-05 14:45:37 66112 --a------ C:\WINDOWS\system32\wpyplxxh.dll
2007-07-05 14:31:28 96897 ---hs---- C:\WINDOWS\system32\severe.exe
2007-07-05 14:31:19 196 --a------ C:\rem.reg
2007-07-05 14:28:15 60416 --a------ C:\WINDOWS\system32\drivers\kvhsqcip.sys
2007-07-05 14:28:15 1080 --a------ C:\bwscefbh.bat
2007-07-04 18:22:48 96897 ---hs---- C:\WINDOWS\system32\verclsid.dat
2007-07-04 18:09:26 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-07-04 17:58:52 128576 --a------ C:\WINDOWS\system32\kjhsxyha.dll
2007-07-04 06:40:33 4672 --a------ C:\WINDOWS\system32\oilqeeph.exe
2007-07-04 06:37:34 66112 --a------ C:\WINDOWS\system32\yinomfoa.dll
2007-07-04 06:35:22 4672 --a------ C:\WINDOWS\system32\lwvmdiys.exe
2007-07-04 04:10:46 927494 ---hs---- C:\WINDOWS\system32\xybeg.bak2
2007-07-03 22:34:33 90702 --a------ C:\Documents and Settings\xiaoboi\x_dtrace_log
2007-07-03 22:02:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-07-03 16:10:26 6369 ---hs---- C:\WINDOWS\system32\xybeg.bak1
2007-07-03 16:05:14 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\WinPatrol
2007-07-01 11:49:58 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-01 11:38:16 38400 ---hs---- C:\WINDOWS\system32\tfidma.dll
2007-07-01 11:19:40 0 d-------- C:\Documents and Settings\xiaoboi\Application Data\WinPatrol
2007-07-01 11:19:37 0 d-------- C:\Program Files\BillP Studios
2007-06-30 10:54:05 0 d-------- C:\Program Files\Lavasoft
2007-06-30 10:36:36 0 d-------- C:\Documents and Settings\xiaoboi\Application Data\Uniblue
2007-06-30 10:36:28 0 d-------- C:\Program Files\Uniblue
2007-06-28 18:25:01 77 --a------ C:\WINDOWS\system32\hx1.bat
2007-06-28 18:25:00 96897 ---hs---- C:\WINDOWS\system32\drivers\adamrf.exe
2007-06-26 17:53:08 0 d-------- C:\Program Files\ASIO4ALL v2
2007-06-26 17:52:58 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2007-06-26 17:52:58 0 d-------- C:\Program Files\VstPlugins
2007-06-26 17:49:49 0 d-------- C:\Program Files\Image-Line


-- Find3M Report ---------------------------------------------------------------

2007-07-07 11:33:20 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-01 11:47:48 0 d-------- C:\Program Files\Spyware Doctor
2007-06-30 22:51:12 72 --a------ C:\WINDOWS\sysInf.dat
2007-06-28 22:23:02 0 d-------- C:\Program Files\Warcraft III
2007-06-28 01:16:07 0 d-------- C:\Program Files\mIRC
2007-06-27 15:53:41 0 d-------- C:\Program Files\MAIET
2007-06-06 18:47:42 3000000 --a------ C:\WINDOWS\system32\wmsetup.exe
2007-06-04 00:17:21 0 d-------- C:\Documents and Settings\xiaoboi\Application Data\Hamachi
2007-06-03 19:05:51 0 d-------- C:\Program Files\SpeedFan
2007-06-02 18:22:56 0 d-------- C:\Program Files\Video Server E
2007-05-12 21:08:10 485412 --a------ C:\Documents and Settings\xiaoboi\Application Data\NMM-MetaData.db
2007-05-11 00:06:12 0 d-------- C:\Program Files\MagicDVDRipper


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{B56A7D7D-6927-48C8-A975-17DF180C71AC} C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HPHUPD06"="c:\\Program Files\\HP\\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\\hphupd06.exe"
"HPHmon06"="C:\\WINDOWS\\system32\\hphmon06.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"WinPatrol"="C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe"
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender8\\bdmcon.exe\""
"BDNewsAgent"="\"C:\\Program Files\\Softwin\\BitDefender8\\bdnagent.exe\""
"adamrf"="C:\\WINDOWS\\system32\\tfidma.exe"
"tfidma"="C:\\WINDOWS\\system32\\severe.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\Msmsgs.exe\" /background"
"FreeRAM XP"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"Steam"="C:\\Program Files\\Valve\\Steam\\\\Steam.exe -silent"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B6C43182-63AE-4F13-9980-714EB0A6CB3F}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safe.exe
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\adam.exe
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.com
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.exe
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\eghost.exe
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icesword.exe
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iparmo.exe
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kabaload.exe
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kregex.exe
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvdetect.exe
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvmonxp.kxp
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvxp.kxp
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\magicset.exe
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmsk.exe
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msconfig.com
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msconfig.exe
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32.exe
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfw.exe
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwliveupdate.exe
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qqdoctor.exe
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ras.exe
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rav.exe
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravmon.exe
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.com
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\runiep.exe
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sreng.exe
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\trojdie.kxp
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wopticlean.exe
debugger REG_SZ C:\WINDOWS\system32\drivers\adamrf.exe

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SchSvr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InterVideo\\SchSvr\\SchSvr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LAUNCH~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PcSync2"
"hkey"="HKCU"
"command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINREMOTE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinRemote"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\InterVideo\\Common\\Bin\\WinRemote.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0



-- Hosts -----------------------------------------------------------------------

127.0.0.1 mmsk.cn
127.0.0.1 ikaka.com
127.0.0.1 safe.qq.com
127.0.0.1 360safe.com
127.0.0.1 www.mmsk.cn
127.0.0.1 www.ikaka.com
127.0.0.1 tool.ikaka.com
127.0.0.1 www.360safe.com
127.0.0.1 zs.kingsoft.com
127.0.0.1 forum.ikaka.com

27 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-07-07 at 11:53:05 ---------

from main.txt

Deckard's System Scanner v20070611.50
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 767.29 MiB / 288.5 MiB
Pagefile Memory (total/avail): 1494.02 MiB / 1045.11 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1941.38 MiB

C: is Fixed (NTFS) - 71.87 GiB total, 38.2 GiB free.
D: is Fixed (FAT32) - 4.45 GiB total, 0.6 GiB free.
E: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
FirewallDisableNotify is set.
AntivirusOverride is set.

Unable to create WMI object; error code: 0x80041002


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\xiaoboi\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CHARLES
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\xiaoboi
LOGONSERVER=\\CHARLES
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Series_60_Theme_Studio\S60_TS_3_0\bin;C:\Program Files\Series_60_Theme_Studio\S60_TS_3_0\jre\bin;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SKINAPP_INSTALL_DIR=C:\Program Files\Series_60_Theme_Studio\S60_TS_3_0
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\xiaoboi\LOCALS~1\Temp
TMP=C:\DOCUME~1\xiaoboi\LOCALS~1\Temp
USERDOMAIN=CHARLES
USERNAME=xiaoboi
USERPROFILE=C:\Documents and Settings\xiaoboi
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

HP_Owner (admin)
xiaoboi (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{89AD2814-AFA2-46AF-AE53-C27196D9FBE6}\setup.exe" REMOVEALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAA4CCCE-78DB-47B0-A651-68270D838BD4}\setup.exe" REMOVEALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{6E06A57A-6728-4CFB-AA9A-5149F9C9ADB3}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BitDefender 8 Free Edition --> MsiExec.exe /I{8BFFDBAB-FD81-4137-A98E-A769C828080C}
CC_ccProxyMSI --> MsiExec.exe /I{A398F2DC-D706-4bb2-AC38-5532CD229D08}
CC_ccStart --> MsiExec.exe /I{52B4D0D5-0C9F-4BEB-BA1B-63117F4025ED}
ccCommon --> MsiExec.exe /I{16ECBF8D-F7B9-4B9A-B1C3-4363734FC8D7}
Counter-Strike --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/10
dBpowerAMP Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
dBpowerAMP Ogg Vorbis Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.dat
ffdshow (remove only) --> "C:\Program Files\ffdshow\uninstall.exe"
FL Studio 7 --> C:\Program Files\Image-Line\FL Studio 7\uninstall.exe
Half-Life® 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
Hamachi 1.0.2.2 --> C:\Program Files\Hamachi\uninstall.exe
Help and Support Additions --> C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 1.99.1 --> C:\Documents and Settings\xiaoboi\Desktop\hijackthis\HijackThis.exe /uninstall
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 4.2 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.2 --> C:\Program Files\HP\Digital Imaging\{5E1494D4-3562-4FFB-B35C-600F80F6934C}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Photo & Imaging 3.5 - HP Devices --> C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 4.0 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
HPIZ402 --> MsiExec.exe /X{8D9768AE-DE42-4A04-A461-2361A58C384D}
IEEE 802.11b WLAN Cardbus Utility and Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{280E1F1D-A269-4DB9-9D94-5FFB62302F75}\WLsetup.exe"
IEEE 802.11b WLAN Utility(USB) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3400B7D-3933-4680-B5B4-A03C0FC8D66F}\setup.exe"
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
InterVideo Home Theater --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7514465-E5F3-48E9-A952-327DAEF33DE6}\setup.exe" REMOVEALL
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iPod for Windows 2005-01-11 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3476E8FA-00F1-48AF-8771-236C84FC7CB8} /l1033
iPod for Windows 2005-11-17 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8338BA06-E527-491B-9400-F51708FEE695} /l1033
iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
KBD --> C:\HP\KBD\KBD.EXE uninstalled
LimeWire 4.9.37 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Magic DVD Ripper V5.0.1 --> "C:\Program Files\MagicDVDRipper\unins000.exe"
Microsoft ActiveSync 3.7 --> "C:\WINDOWS\ISUNINST.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Encarta Encyclopedia Standard - WE 2004 --> MsiExec.exe /I{045A0044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Money --> MsiExec.exe /I{1D643CD2-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money System Pack --> MsiExec.exe /I{8C64E149-54BA-11D6-91B1-00500462BE80}
Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{E4DD8B33-6F9B-41C5-96FF-5DBF27ED23E7}
Nokia PC Connectivity Solution --> MsiExec.exe /I{588AA47B-9115-44D3-B2E5-4F10BC659D6C}
Nokia PC Suite --> MsiExec.exe /I{77296E63-8C19-462B-ABA1-F510750A8C51}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security --> MsiExec.exe /I{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}
Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security --> MsiExec.exe /I{F53B7BC1-0780-4AF0-B309-D7A3025E8D11}
Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Personal Firewall --> MsiExec.exe /I{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}
Norton Personal Firewall (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}.exe /X
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
O2Jam (e-Games) v.3.50 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5CD3E08-6B73-471A-93D1-63C7F32118C1}\Setup.exe" -l0x9
Photosmart 320,370,7400,8100,8400 Series --> C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
PPLive 1.1.0.0 --> C:\PROGRA~1\PPLIVE~1\Setup.exe /remove
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Series 60 Theme Studio --> "C:\Program Files\Series_60_Theme_Studio\S60_TS_3_0\UninstallerData\UninstallSeries 60 Theme Studio3.0.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SmartMovie Converter (for Symbian phones) --> "C:\Program Files\Lonely Cat Games\SmartMovie Converter (for Symbian phones)\IIUninst.exe" C:\Program Files\Lonely Cat Games\SmartMovie Converter (for Symbian phones)\install.log
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 4.0 --> "C:\Program Files\Spyware Doctor\unins000.exe"
Steam™ --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Sytrus --> C:\Program Files\Image-Line\Sytrus\uninstall.exe
TVUPlayer 2.2.1.23 Beta --> C:\Program Files\TVUPlayer\uninst.exe
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Updates from HP --> C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 309731
Video Server E --> C:\Program Files\Video Server E\UnInstall_27712.exe
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17) --> C:\PROGRA~1\DIFX\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_7F91C37896B530901B0665F9EF32E19FF06F5687\nokbtmdm.inf
Windows Live Messenger --> MsiExec.exe /I{FCE50DB8-C610-4C42-BE5C-193F46C6F812}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
WinPatrol --> MsiExec.exe /X{8E0D233D-8B06-47A1-BA22-3A767CCD69E3}
WinPatrol 2007 --> C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Toolbar for Internet Explorer --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- End of Deckard's System Scanner: finished at 2007-07-07 at 11:53:05 ---------


from extra.txt

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 07 July 2007 - 06:45 AM

Download the trial version of Spy Sweeper:
http://www.webroot.com/shoppingcart/tryme....&vcode=DT14

Install it using the Standard Install option.
You will be asked for your e-mail address,it's safe to give it.
If you receive alerts from your firewall,allow all activities for Spy Sweeper.

You will be prompted to check for updated definitions,please do so,this may take several minutes so please be patient.

Once the updates have been installed,click on 'Options' and check/enable 'Full Sweep [Reccommended]'.
Click on 'Sweep',then 'Start Full Sweep' and allow it to fully scan your system.

When the sweep has finished,click 'Select All' and then click 'Quarantine Selected'.
Under the 'Summary' tab, select 'View Session Log'.
Click 'Save to File' and save the log to your desktop.

Exit Spy Sweeper.

Restart your pc,then copy and paste the SpySweeper log into your next reply.

==================================

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should copy/print the following because you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Also post a new Hijackthis log.
Posted Image
Posted Image

#15 becks2307

becks2307
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 07 July 2007 - 01:21 PM

2:06 AM: Removal process completed. Elapsed time 00:00:16
2:06 AM: Quarantining All Traces: fe.lea.lycos.com cookie
2:06 AM: Quarantining All Traces: bravenet cookie
2:06 AM: Quarantining All Traces: angelfire cookie
2:06 AM: Quarantining All Traces: 888 cookie
2:06 AM: Quarantining All Traces: about cookie
2:06 AM: Quarantining All Traces: valuead cookie
2:06 AM: Quarantining All Traces: go.com cookie
2:06 AM: Quarantining All Traces: a cookie
2:06 AM: Quarantining All Traces: adperform
2:06 AM: Quarantining All Traces: systemprocess
2:06 AM: Quarantining All Traces: maxifiles
2:06 AM: Quarantining All Traces: trojan agent winlogonhook
2:06 AM: Quarantining All Traces: virtumonde
2:06 AM: Removal process initiated
1:59 AM: Traces Found: 34
1:59 AM: Full Sweep has completed. Elapsed time 00:25:10
1:59 AM: File Sweep Complete, Elapsed Time: 00:20:11
1:55 AM: Warning: SweepDirectories: Cannot find directory "j:". This directory was not added to the list of paths to be scanned.
1:55 AM: Warning: SweepDirectories: Cannot find directory "i:". This directory was not added to the list of paths to be scanned.
1:55 AM: Warning: SweepDirectories: Cannot find directory "h:". This directory was not added to the list of paths to be scanned.
1:55 AM: Warning: SweepDirectories: Cannot find directory "g:". This directory was not added to the list of paths to be scanned.
1:55 AM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
1:50 AM: Warning: DoTerm :\Device\HarddiskVolume2\WINDOWS\system32\csrss.exe
1:44 AM: C:\Documents and Settings\HP_Owner\Local Settings\Temp\mst13A.tmp (ID = 338686)
1:42 AM: Warning: DoTerm :\Device\HarddiskVolume2\WINDOWS\system32\csrss.exe
1:42 AM: C:\Documents and Settings\HP_Owner\Local Settings\Temp\mst130.tmp (ID = 338686)
1:41 AM: C:\Documents and Settings\HP_Owner\Local Settings\Temp\mst137.tmp (ID = 338686)
1:41 AM: Found Trojan Horse: trojan agent winlogonhook
1:40 AM: Warning: DoTerm :\Device\HarddiskVolume2\WINDOWS\system32\csrss.exe
1:40 AM: C:\Program Files\Common Files\{DC46B956-0BB9-1033-0726-040405130001}\system.dll (ID = 439197)
1:39 AM: C:\Program Files\Common Files\{DC46B956-0BB8-1033-0726-040405130001}\system.dll (ID = 439197)
1:39 AM: Starting File Sweep
1:39 AM: Cookie Sweep Complete, Elapsed Time: 00:00:06
1:39 AM: c:\documents and settings\hp_owner\cookies\hp_owner@www.angelfire[2].txt (ID = 2222)
1:39 AM: c:\documents and settings\hp_owner\cookies\hp_owner@sports.espn.go[1].txt (ID = 2729)
1:39 AM: c:\documents and settings\hp_owner\cookies\hp_owner@soccernet.espn.go[2].txt (ID = 2729)
1:39 AM: c:\documents and settings\hp_owner\cookies\hp_owner@rsi.espn.go[1].txt (ID = 2729)
1:39 AM: c:\documents and settings\hp_owner\cookies\hp_owner@go[1].txt (ID = 2728)
1:39 AM: c:\documents and settings\hp_owner\cookies\hp_owner@fe.lea.lycos[1].txt (ID = 2660)
1:39 AM: Found Spy Cookie: fe.lea.lycos.com cookie
1:39 AM: c:\documents and settings\hp_owner\cookies\hp_owner@espn.go[2].txt (ID = 2729)
1:39 AM: c:\documents and settings\hp_owner\cookies\hp_owner@compnetworking.about[1].txt (ID = 2038)
1:39 AM: c:\documents and settings\hp_owner\cookies\hp_owner@bravenet[1].txt (ID = 2322)
1:39 AM: Found Spy Cookie: bravenet cookie
1:39 AM: c:\documents and settings\hp_owner\cookies\hp_owner@angelfire[2].txt (ID = 2221)
1:39 AM: Found Spy Cookie: angelfire cookie
1:39 AM: c:\documents and settings\hp_owner\cookies\hp_owner@about[2].txt (ID = 2037)
1:39 AM: c:\documents and settings\hp_owner\cookies\hp_owner@888[2].txt (ID = 2019)
1:39 AM: Found Spy Cookie: 888 cookie
1:39 AM: c:\documents and settings\xiaoboi\cookies\xiaoboi@soccernet.espn.go[2].txt (ID = 2729)
1:39 AM: c:\documents and settings\xiaoboi\cookies\xiaoboi@soccernet-akamai.espn.go[2].txt (ID = 2729)
1:39 AM: c:\documents and settings\xiaoboi\cookies\xiaoboi@rsi.espn.go[1].txt (ID = 2729)
1:39 AM: c:\documents and settings\xiaoboi\cookies\xiaoboi@psp.about[1].txt (ID = 2038)
1:39 AM: c:\documents and settings\xiaoboi\cookies\xiaoboi@go[2].txt (ID = 2728)
1:39 AM: c:\documents and settings\xiaoboi\cookies\xiaoboi@espn.go[2].txt (ID = 2729)
1:39 AM: c:\documents and settings\xiaoboi\cookies\xiaoboi@about[2].txt (ID = 2037)
1:39 AM: Found Spy Cookie: about cookie
1:39 AM: c:\documents and settings\guest\cookies\guest@vdn.valuead[1].txt (ID = 3627)
1:39 AM: Found Spy Cookie: valuead cookie
1:39 AM: c:\documents and settings\guest\cookies\guest@soccernet.espn.go[2].txt (ID = 2729)
1:39 AM: c:\documents and settings\guest\cookies\guest@soccernet-att.espn.go[1].txt (ID = 2729)
1:39 AM: c:\documents and settings\guest\cookies\guest@go[2].txt (ID = 2728)
1:39 AM: Found Spy Cookie: go.com cookie
1:39 AM: c:\documents and settings\guest\cookies\guest@a[1].txt (ID = 2027)
1:39 AM: Found Spy Cookie: a cookie
1:39 AM: Starting Cookie Sweep
1:39 AM: Registry Sweep Complete, Elapsed Time:00:00:27
1:39 AM: HKU\WRSS_Profile_S-1-5-21-4073710390-3152640612-263086643-1007\software\microsoft\windows\currentversion\ext\stats\{c004dec2-2623-438e-9ca2-c9043ab28508}\iexplore\ (ID = 1782111)
1:39 AM: HKU\WRSS_Profile_S-1-5-21-4073710390-3152640612-263086643-1007\software\microsoft\windows\currentversion\ext\stats\{c004dec2-2623-438e-9ca2-c9043ab28508}\ (ID = 1782110)
1:39 AM: Found Adware: systemprocess
1:39 AM: HKU\WRSS_Profile_S-1-5-21-4073710390-3152640612-263086643-1007\software\printview\ (ID = 1701420)
1:39 AM: Found Adware: adperform
1:39 AM: HKLM\software\microsoft\aoprndtws\ (ID = 2128500)
1:39 AM: Found Adware: virtumonde
1:39 AM: HKLM\system\controlset001\enum\root\legacy_com+_messages\ (ID = 1895850)
1:39 AM: Found Adware: maxifiles
1:39 AM: Starting Registry Sweep
1:39 AM: Memory Sweep Complete, Elapsed Time: 00:04:18
1:34 AM: Starting Memory Sweep
1:34 AM: Start Full Sweep
1:34 AM: Sweep initiated using definitions version 944
12:54 AM: Your spyware definitions have been updated.
12:50 AM: Access to Hosts file blocked for C:\WINDOWS\SYSTEM32\DRIVERS\CONIME.EXE
12:50 AM: Access to Hosts file blocked for C:\WINDOWS\SYSTEM32\DRIVERS\CONIME.EXE
12:50 AM: Access to Hosts file blocked for C:\WINDOWS\SYSTEM32\DRIVERS\CONIME.EXE
Keylogger: Off
E-mail Attachment: On
12:49 AM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
12:49 AM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
12:49 AM: Shield States
12:49 AM: License Check Status (0): Success
12:49 AM: Spyware Definitions: 923
12:49 AM: Spy Sweeper 5.5.1.3356 started
12:49 AM: Spy Sweeper 5.5.1.3356 started
12:49 AM: | Start of Session, Sunday, July 08, 2007 |
***************
Operation: Code Injection
Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Source: C:\WINDOWS\system32\csrss.exe
12:34 AM: Tamper Detection
12:34 AM: ApplicationMinimized - EXIT
12:34 AM: ApplicationMinimized - ENTER
12:32 AM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
12:27 AM: ApplicationMinimized - EXIT
12:27 AM: ApplicationMinimized - ENTER
12:27 AM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
Keylogger: Off
12:26 AM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
E-mail Attachment: On
12:26 AM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
12:26 AM: Shield States
12:26 AM: Spyware Definitions: 923
12:25 AM: Spy Sweeper 5.5.1.3356 started
12:25 AM: Spy Sweeper 5.5.1.3356 started
12:25 AM: | Start of Session, Sunday, July 08, 2007 |
***************
12:42 AM: Warning: DoTerm :\Device\HarddiskVolume2\WINDOWS\system32\csrss.exe
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
12:37 AM: Shield States
12:37 AM: License Check Status (0): Success
12:37 AM: Spyware Definitions: 923
12:36 AM: Spy Sweeper 5.5.1.3356 started
12:36 AM: Spy Sweeper 5.5.1.3356 started
12:36 AM: | Start of Session, Sunday, July 08, 2007 |
***************

from spysweeper




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users